SDQ-Institutsseminar

The feedback cycles of the MODA framework are ideal for systematically controlling these adjustments. However, their effective use requires that descriptive models can be derived from runtime data. Established approaches to model derivation, however, were primarily designed for other domains and applications. Against this background, this work develops an automated pipeline to extract descriptive models from raw data and systematically evaluates the suitability of various modeling approaches for the domain of cyber-physical systems. A central element of the solution approach is the integration of the analysis results into a standardized metamodel based on the Structured Metrics Metamodel in order to give the raw data a semantic structure and ensure interoperability for downstream MDD tools. To objectively evaluate the results, a dedicated evaluation framework was developed that compares the various approaches using quantitative metrics and qualitative expert feedback. The evaluation confirms that the automated derivation of statistical parameters, segmentations, and discrete system states delivers robust results. In contrast, limitations were identified in the generation of complex process models using process mining, as the conversion of continuous physical signals into discrete logic remains a challenge. Overall, the work demonstrates as a proof of concept how the gap between collected runtime data and formal models can be closed, thus providing a technological basis for MODA feedback cycles in CPS development.

This thesis presents a reproducible profiling framework for a MQTT-to-Kafka pipeline that combines benchmarking with white-box instrumentation of internal components. The framework models atomic Entry Level System Calls (ELSCs) and composes them into configurable workload classes, enabling automated and systematic performance experiments. The implementation is based on EMQX with integrated Kafka bridging and distributed tracing across protocol boundaries. Evaluation following a Goal-Question-Metric approach demonstrates that the framework supports reproducible experiments, preserves trace continuity across services, and enables identification of internal bottlenecks while maintaining controlled instrumentation overhead.

Vitruvius OCL fills this gap by extending OCL with qualified cross-metamodel navigation syntax and a native correspondence operator that treats Vitruvius correspondence models as a first-class abstraction. VitruvOCL provides static type safety, native correspondence navigation, and true n-ary constraints within a purely declarative framework.

Fixing them automatically is not. Frameworks such as STRIDE and LINDDUN use Data Flow Diagrams (DFDs) to expose threats at an early stage in the development lifecycle. But once a violation is detected, software architects must still manually determine and apply the appropriate countermeasures, which is both a time-consuming and error-prone process. This thesis addresses the repair side of the problem. The central research question is which discrete optimisation method is best suited to automate this task. To answer it without presupposing an outcome, we design a comparative survey of three candidate methods: Branch and Bound, Integer Linear Programming (ILP), and Evolutionary Algorithms. These are evaluated against four criteria: optimality, runtime performance, extensibility, and reproducibility. The survey establishes ILP as the only method satisfying all four, primarily because its declarative problem formulation separates constraint specification from solving. This separation proves essential when mitigation strategies must be extended or customised. Building on this result, we implement an ILP-based automated mitigation approach integrated into the ARCoViA framework. The approach operates on DFDs that are annotated with label-based confidentiality constraints. It then enumerates candidate mitigation strategies across the full space of label additions and deletions, node insertions and removals, as well as flow deletions. These strategies, along with their mutual dependencies and contradictions, are encoded into a Boolean ILP problem. The solver yields a minimal-cost repair, which is then applied to produce a repaired DFD automatically. The main engineering challenge is generating a complete and correct set of candidate mitigations and encoding their dependencies and contradictions without omissions. The prior SAT-based approach, which this work extends, is limited to purely additive label changes and struggles to express richer constraint structures in CNF form. The present approach removes both restrictions. We evaluate it against four goals: effectiveness, extensibility, cost, and scalability, using DFD models from the MicroSecEnD benchmark. The approach eliminates all detected violations, produces repairs that are approximately 73\% less invasive than a human baseline, and scales acceptably across all studied dimensions of model complexity.

Die Ergebnisse verdeutlichen, dass die Wahl des Embedding-Modells den signifikantesten Einfluss auf die Retrievalqualität ausübt. Als besonders effektiv erweist sich die Dereferenzierung interner Verknüpfungen, während die Wahl des Serialisierungsansatzes nur eine marginale Rolle spielt. Die Untersuchung belegt die prinzipielle Eignung embedding-basierter Verfahren für MDSE-Daten und liefert konkrete Handlungsempfehlungen für die Konfiguration effizienter Retrieval-Architekturen.

This thesis presents a model-driven approach for generating digital twin code components directly from formal descriptions of in-vehicle components. Central to the approach is the generation of a stable core domain model that represents the vehicle state. Connections to physical hardware are abstracted via a generic interface and the COVESA Interface Exchange Framework (IFEX) as a standardized contract layer. By implementing the communication patterns once generically, the approach eliminates the need for manual integration code for individual components or new requirements.

This centralized state representation further enables a simplified off-board cloud twin instance to be fully synchronized with the on-board twin. This architecture generically supports remote control and monitoring of any vehicle function, regardless of whether that functionality was originally designed for online connectivity. The approach is validated by implementing a prototypical code generation pipeline, deploying it on distributed virtual machines, and connecting mock ECUs using different Interface Definition Languages (gRPC, SOME/IP). The evaluation demonstrates that changing underlying communication protocols requires only a model update without modifying domain code.