The SaS Seminars are a permanent series of open seminars of the Division of Software and Systems (SaS) at the Department of Computer and Information Science (IDA), Linköping University. The objective of the seminars is to present outstanding research and ideas/problems relevant for SaS present and future activities. In particular, seminars cover the SaS research areas software engineering, programming models and environments, software and system modeling and simulation, system software, embedded SW/HW systems, computer systems engineering, parallel and distributed computing, realtime systems, system dependability, and software and system verification and testing.

Two kinds of seminars are planned:

• talks by invited speakers not affiliated with SaS,

• internal seminars presenting lab research to whole SaS (and other interested colleagues).

The speakers are expected to give a broad perspective of the presented research, adressing the audience with a general computer science background but possibly with no specific knowledge in the domain of the presented research. The normal length of a presentation is 60 minutes, including discussion.

The SaS seminars are coordinated by Christoph Kessler.

SaS seminars 2023

Verifying the remote SIM provisioning protocol for eSIM

Prof. Tuomas Aura, Aalto University, Finland

Monday, 11 Sept. 2023, 10:15, room Alan Turing, IDA

Abstract:
Remote SIM provisioning (RSP) for consumer devices is the protocol for downloading SIM profiles into a secure element in a mobile device. It is commonly known as eSIM, and it is expected to replace removable SIM cards. The security of the protocol is critical because the profile includes the credentials with which the mobile device will authenticate to the mobile network. We constructed a formal model of the consumer RSP protocol, formalized the expected security properties, and verified them with the ProVerif tool. While the protocol is secure against network attackers, analysis under partial compromise scenarios reveals weaknesses in the protocol design. Based on the findings, we recommend practical solutions for RSP standardization, implementations, and mobile operators to increase the robustness of eSIM security.

Bio:
Tuomas Aura is a professor of computer science and engineering at Aalto University, Finland. He received his M.Sc. in 1996 and D.Sc. in 2000 from Helsinki University of Technology. His doctoral thesis was on authorization and availability in distributed systems. Before joining Aalto University as a professor, he worked with Microsoft Research, Cambridge, UK. He is interested in network and computer security and the security analysis of new technologies, such as cloud and IoT. In addition to academic research, he works on industrial applications and standardization. He is currently heading an Erasmus Mundus master program on Security and Cloud Computing.

The EMV Standard: Break, Fix, Verify & Card Brand Mixup Attacks

Dr. Ralf Sasse, ETH Zürich, Switzerland

Monday, 11 Sept. 2023, 09:15, room Alan Turing, IDA

Abstract:
EMV is the international protocol standard for smartcard payment and is used in over 9 billion cards worldwide. Despite the standard's advertised security, various issues have been previously uncovered, deriving from logical flaws that are hard to spot in EMV's lengthy and complex specification, running over 2,000 pages.
We formalize a comprehensive symbolic model of EMV in Tamarin, a state-of-the-art protocol verifier. We use our model to automatically identify flaws that lead to critical attacks. Criminals can use a victim's Visa contactless card to make payments for amounts that require cardholder verification, without knowledge of the card's PIN. We built a proof-of-concept Android application and successfully demonstrated this attack on real-world payment terminals.

Most EMV transactions require online authorization by the card issuer. In this work we show that it is possible to induce a mismatch between the card brand and the payment network, from the terminal's perspective. The resulting card brand mixup attack has serious security consequences. In particular, it enables criminals to use a victim's Mastercard contactless card to pay for expensive goods without knowing the card's PIN. We extended the Android application and successfully used it to carry out this attack for transactions with both Mastercard debit and credit cards, including a transaction for over 400 USD with a Maestro debit card.

Bio:
Ralf Sasse is a lecturer and Senior Scientist at the department of computer science D-INFK at ETH Zürich. His research focuses on the intersection of information security and formal methods, specifically the automated analysis of security protocols and the development of tools for that purpose. Previously he was a postdoc and senior researcher with David Basin's group, also at ETH Zürich. He received his PhD in computer science from the University of Illinois at Urbana-Champaign in 2012.

Design and Implementation of Architecture-Based Self-Protecting Systems

Charilaos Skandylas, Linnaeus University

Friday, 9 June 2023, 10:15, room Alan Turing, IDA

Abstract:
Today's software landscape features a high degree of complexity, frequent changes in requirements and stakeholder goals, and uncertainty. Therefore, in the corresponding threat landscape cybersecurity attacks are a common occurrence, and their consequences are often severe. Self-adaptive systems have been proposed to mitigate the complexity and frequent degree of change by adapting at run-time to deal with situations not known at design time. They, however, are not immune to attacks, as they themselves suffer from high degrees of complexity and uncertainty. Therefore, suitable software systems that can dynamically defend themselves from adversaries are required. Such systems are called self-protecting systems and aim to identify, analyze and mitigate threats autonomously.
This presentation will discuss approaches with the goal of providing software systems with self-protection capabilities. We aim to enhance the security of architecture-based self-adaptive systems and equip them with self-protection capabilities. Both proactive and reactive self-protection techniques will be discussed. Proactive techniques aim to protect a software system by accurately analyzing its current and future security relevant behavior and steering the system towards the most secure behavior, minimizing the attack surface. Reactive techniques provide self-protection to an architecture based self-adaptive system via effective countermeasure selection at runtime.

Bio:
Charilaos Skandylas is a final-year Ph.D. student at Linnaeus University, Sweden. He received his bachelor and master degree in Computer Science from Aristotle University, Greece. His research interests include software architecture, software security, self-adaptive systems, and formal methods.

Taming heterogenous ecosystems of SE tools for system lifecycle management digitalization

Prof. Juan Llorens, Univ. Carlos III Madrid and CTO The REUSE Company

Thursday, 1 June 2023, 10:15, room Donald Knuth, IDA

Abstract:
The market demands technologies to orchestrate the integration of information, methods and processes when developing all kinds of complex systems (hardware, hybrid, software). The need of interoperability between an unlimited number of existing systems engineering tools (requirements management, MBSE tools, simulation tools, risks management, RAMS management, MS Office, etc.) is a must, as modern development methodologies rely on information flow, model-based development, and universal traceability.
This talk will present a reusable approach for reaching this goal. Due to intellectual property rights, the presentation will be concentrating on showing results rather than on the technology behind, but it can serve as a nice debate seed for the audience.

Bio:
Juan Llorens is Professor at the Computer Science and Engineering Department of the Carlos III University of Madrid, Spain, and CTO of The REUSE Company.
Dr. Llorens is the leader of the KR (Knowledge Reuse) group within the University, where he teaches different software and systems engineering subjects. Since 2008, based on a corporate agreement between the university and The REUSE Company (TRC), Dr. Llorens can defend TRC's CTO role within his professorship. His current research involves the integration of semantic and systems engineering technologies for the digitalization of the system life cycle. Dr. Llorens is full member of INCOSE (International Council on Systems Engineering), as well as past president of INCOSE Spain (AEIS). He built the INCOSE Knowledge Management and Ontologies working group, and he is member of the Requirements working group. He holds a CSEP (Certified Systems Engineering Professional) accreditation and a ESEP (Expert Systems Engineering Professional).

Automated Graph Generation for the Assurance of Software-intensive Cyber-Physical Systems

Prof. Daniel Varro, SaS/PELAB, Linköping University

Monday, 13 March 2023, 09:15, room John von Neumann, IDA

Abstract:
When engineering critical software-intensive cyber-physical systems, many validation scenarios depend on the systematic generation of domain-specific graph models. For instance, tool qualification necessitated by safety standards would require a large set of consistent (well-formed or malformed) instance models specific to a domain. System testing of autonomous vehicles also frequently relies upon the automated synthesis of realistic test contexts and abstract test scenarios. My talk will focus on how automated synthesis of consistent, realistic and diverse graph models can help in the assurance of such cyber-physical systems. The talk will cover recent research results including conceptual foundations as well as efficient supporting software tools.

Bio:
Dániel Varró is a professor of software engineering at Linköping University and an adjunct professor at McGill University as well as at Budapest University of Technology and Economics. He was a research chair of the MTA Lendület Cyber-Physical Systems Research Group. He has co-authored over 200 scientific papers which received seven Distinguished Paper Awards, and three Most Influential Paper Awards. He serves on the editorial board of the Software and Systems Modeling journal and he is vice chair of the MODELS steering committee. He served as program committee co-chair of FASE 2013, ICMT 2014, SLE 2016 and MODELS 2021 conferences. He is a co-founder of the VIATRA model query and transformation framework, and IncQuery Labs, a technology-intensive Hungarian company.

Large-scale and research-based development of education with learning analytics and AI
- Towards a teaching and learning ecosystem: A success story from Finland

Dr. Mikko-Jussi Laakso, associate prof., University of Turku, Finland

Thursday 2 March 2023, 14:00 (sharp), room John von Neumann

Abstract:
The Research Institute for Learning Analytics (formerly Centre for Learning Analytics) at the University of Turku, Finland, received the UNESCO KingHamad Bin Isa Al-Khalifa Prize for the use of ICT in Education in 2021. The centre aims to advance the utilization of education technology and learning analytics for the entire span of the Finnish education system. The centre is a multidisciplinary research unit and main research areas are eAssessment, blended learning, mathematics and programming education, gamification, digital pedagogies, learning analytics, machine Learning and AI in Education. It works in tight collaboration with Finnish schools and institutions, Finnish education authorities to utilize research-based methods in teaching and learning in Finland, and serves as a national hub in its research field.
The presentation starts with a short introduction to the topics, followed by a presentation of the "From teachers to teachers" initiative. After that, the Finnish success stories are presented. The final part of the presentation focuses on the principles of developing a research-based and data-inspired teaching and learning ecosystem at a large scale.

Bio:
Associate professor Mikko-Jussi Laakso (PhD) is the Director of the Turku Research Institute for Learning Analytics at the University of Turku, Finland. His main research interests are Learning analytics, Computer Assisted Learning, Mathematics and Programming Education, Gamification, Learning Design, Learning at Scale, Learning Difficulties and Lossess, Knowledge management, Machine Learning and AI in Education. He has 20 years of experience from university and research-based development of education through educational technology solutions. The institute is developing the UNESCO awarded #1 digital learning platform in Finland: ViLLE - the collaborative education tool. The unit is developing a unique nation-wide ecosystem of teaching and learning to tackle education system disruptions with the teachers, the education field authors, and researchers.

Self-adaptive cobotic systems with Context-Oriented Motion Grammars

Prof. Uwe Assmann, Technische Universität Dresden

Wednesday 11 january 2023, 15:15 in Ada Lovelace

Abstract:
In industrial applications, humans and robots should safely collaborate with each other. This requirement initiates the new field of cobotics, in which all applications are human-robot collaborations that should be certified on safety and other critical conditions. To this end, formal methods such as grammars, automata, or petrinets have be used in the past, but can they also be beneficial for cobotics?
We present a new approach for self-adaptive cobotic systems based on an extension of attributed grammars called context-oriented motion grammars (COMG). This approach generalizes the well-known motion grammars, but additionally separates the concerns of sensorics and actuatorics. On the one hand, COMG use a context grammar parsing complex events of the world around the robot (for instance, human activities), and, on the other hand, a second reactive grammar for cobotic reactions. In this way, sensorics and actuatorics are separated like in the human nerval system, and with the two coupled attributed grammars, complex events and reactions can be formulated and, subsequently, automatically transformed to robotic control code, even for distributed platforms. We show a demo for a generic cobotic use case, the cleanup of messy scenes. Overall, the approach has the potential to provide substantial software reuse in complex cobotic applications in industry and beyond.

Links:

• CeTI Excellence Cluster
• Youtube video of cleanup scenario
• Documentation of CeTI cobotic framework
• Relational RAGS for cobotics

Previous SaS Seminars

Previous SaS Seminars

• 2021-22
• 2020
• 2019
• 2018
• 2017
• 2016
• 2015
• 2014
• 2013
• 2012
• 2011
• 2010
• 2009
• 2008
• 2007
• 2006
• 2005
• 2004
• 2003
• 2002
• 2001

Page responsible: Christoph Kessler
Last updated: 2023-09-06