Quality EnginEEring laura Bassi laB

annual report2014/15

QE LaB operates with the ambition to create novel methods and tools with both scientific and practical impact. A crucial success factor to achieve this goal is the creation of dedicated environments in both directions. On the scientific side, a backbone within the development of tool prototypes is the embedding into an evaluation framework. In the best case the evaluation framework consists of a method toolbox and a network of domain experts enabling scientifically profound derivation and evaluation of requirements. On the technology transfer side, a crucial point is the transition from research prototypes to products targeted for industrial use. This may lead both to feature extensions (features which are not interesting from the research point of view, but indispensable from the practical point of view), and feature reduction (features which are exciting for researchers, but outside scope to be implemented within a certain budget and reaching a certain quality state).

Within the second phase of QE LaB we made enormous progress in establishing such environments. For instance, we developed a scientific method to evaluate collaborative tools based on the principles of Design Science. This comprises the elicitation of collaborative work scenarios and evaluation sessions with domain experts.

In the past project year we have not only been able to publish a high number of papers (among them eight journal publications), but also have been involved in manifold events and activities according to our mission. Most notably, we organized the GChACM Workshop Software Engineering Live 2015, QE LaB Praxisforum, and ran the first year of the Quality and Security Program (QSP) Tirol, fostering the interconnection of research, practice and education.

As every year, I would like to express my deep gratitude to our supportive environment, in particular the Rector´s team of the University of Innsbruck. My warmest thanks go to the members of the QE and QE LaB team for your dedication, excellence and team spirit. I particularly would like to thank you for your professionalism in preparing and presenting demos of our methods and tools.

Innsbruck, November 2015

Head of Quality Engineering Laura Bassi Lab,

University of Innsbruck

Prof. Dr. ruth Breu

4

5table of COntEnt

6

13

14

30

32

36

39

40

42

tEam

inDustry PartnEr s

rEsEarCh

DissEminatiOn anD PuBliC PrEsEnCE

tEaChing

EvEnts

QE l aB BusinEss sErviCEs gmBh

nOn-sCiEntifiC mEDia anD PrEss rEPOrts

Quality EnginEEring rEsEarCh grOuP

6

team

7

Ruth Breu can draw upon several years of practical experience in software engineering as a consultant for softwaretechnology as well as comprehensive scientific qualifications.

She has been a full professor and head of the Quality Engineering research group at the Innsbruck University since 2002 and was an instrumental force in establishing the University‘s Institute of Computer Science. Previous to accepting the chair at Innsbruck University, Ruth Breu was working as a freelance consultant for renowned companies in the financial services and telecommunications industry, for several years. She passed her degrees in Computer Science at the Universities of Passau and Technische Universität München.

Her research interests include the areas of software engineering processes, requirements engineering, quality management, model engineering and security engineering.

Contact: ruth.breu@uibk.ac.at

univ. Prof. Dr. ruth Breu

8

senior researchers

michael.felderer@uibk.ac.at basel.katt@uibk.ac.atmatthias.farwick@uibk.ac.at

Dr. michael felderer Dr. Basel KattDr. matthias farwick

thomas.trojer@uibk.ac.at

Dr. thomas trojer

Expertise:

» Information Security » Electronic Healthcare » Software Quality Management » Model Driven Software Development

Expertise:

» Software Testing » Software Processes » Security Testing » Requirements Engineering » Empirical Software Engineering

Expertise:

» Enterprise Architecture Management » IT-Architecture Management » Domain-specific Languages

Expertise:

» Security Engineering » Electronic Healthcare » Model Engineering » IT-Architecture Management

9

Junior researchers

boban.celebic@uibk.ac.at florian.haeser@uibk.ac.at

Boban Celebic, msc florian häser, msc

Expertise:

» Requirements Engineering » Testing » Model Engineering

Expertise:

» Software Visualisation » Requirements Engineering » Software Traceability

matthias.gander@uibk.ac.at

matthias gander, Dipl.-ing.

Expertise:

» Security Engineering » Requirements Engineering » Software Engineering

michael.brunner@uibk.ac.at

michael Brunner, msc

Expertise:

» Security Management » Requirements Engineering » Software Development

1 0

clemens.sauerwein@uibk.ac.at

Clemens sauerwein, Dipl.-ing.

Expertise:

» Information Security » Software Engineering » Information Systems

philipp.kalb@uibk.ac.at

Philipp Kalb, msc

Expertise:

» Model Engineering » Model Repositories » Model Evolution » Software Quality Management

christian.sillaber@uibk.ac.at

mag. iur. Christian sillaber, msc msc

Expertise:

» Governance Risk and Compliance Management

» Information Systems Security » Quality Assurance in IS Security

martin.haeusler@uibk.ac.at

martin häusler, msc

Expertise:

» Model Engineering » IT Infrastructure Management » Software Engineering

and Software Testing

1 1

non-scientific staff

Working students

andrea.jungmann@uibk.ac.at boris.puschitz@uibk.ac.at

andrea Jungmann mag. Boris Puschitz

Secretary Project Management

florian auerflorian.auer@uibk.ac.at

ilona.zaremba@uibk.ac.atgabriele.strasser@uibk.ac.at

ilona Zaremba, mBsgabriele strasser

Event Management

alexandra Jägeralexandra.jaeger@uibk.ac.at

Project Management

thomas.schrettl@uibk.ac.at

thomas schrettl

System Administration

matthias hörtnaglmatthias.hoertnagl@uibk.ac.at

12

http://www.av-comparatives.org http://www.ith-icoserve.com

http://porscheinformatik.at http://www.swisslife.de

http://www.infi neon.de

industry Partners

13

14

research

One of the most important drivers of innovation in IT is the collaboration of actors and systems across domains and platforms. Arising scenarios e.g. in health care and transportation demonstrate that the new generation of collaborative IT applications has the potential to restructure markets, create new business models and to organise human collaboration more efficiently.

In recent years many international activities in industry and academia have focused on the development of standards, technologies and frameworks for realising inter-organisational applications. Only a minority of approaches so far consider the quality of these systems. This contrasts with tremendous challenges concerning the management, design and operation of these systems. On the one side collaborative systems are agile, dynamically evolving systems, on the other side quality attributes like functional correctness, security and privacy of processed information play a major role during management, design and operation. In this context the goal of QE LaB is to develop well-founded concepts, methods and tools for the management, design and operation of high quality collaborative systems. QE LaB has achieved an important step of innovation through the novel paradigm of Living Models.

1 5

living models

In the Living Models sub-project we develop foundations and concepts for model-based collaborative quality management. On the one hand we drive forward the establishment of Quality Engineering as the discipline of end-to-end quality management of software intensive systems. On the other hand we develop innovative infrastructures for very large models,

» integrating model-based data in heterogeneous environments » providing concepts for model versioning » supporting workflow-aware model elements » providing new concepts for model querying and model visualization.

With MoVE, the Model Versioning and Evolution Engine, we have conceptualized and implemented a model repository referring not only the challenge of software engineering data integration stemming from manifold sources, but also the collaboration aspects. MoVE provides methods to achieve traceability in heterogeneous environments by applying the concepts of meta-modelling and interlinkage. In addition, MoVE is able to support change-driven engineering through a built-in state-based workflow concept. The MoVE workflow language is able to control different levels of quality processes, including automated and manual task execution and orchestration.

Contact: Philipp Kalb, MSc (philipp.kalb@uibk.ac.at)

http://move.q-e.at

1 6

txture

In the Living IT Landscapes work package (WP2) we develop methods to establish knowledge about the IT architectures in large organizations. This involves the flexible modeling of information about various aspects of the organizations‘ IT, e.g. about characteristics of an underlying server infrastructure, the way it supports software and business functions as well as dependencies to services, processes, external components and also people.

Grouping these information assets within one unified, enterprise specific model enables types of analysis that are beneficial to the long term success of an IT landscape. Typical types of analysis elicit the degree of impact in case of hardware failures, risks by evaluating critical dependencies, the implementation of security requirements or mismatches between service level agreements.

Central to the analysis of an IT landscape model is its visualization to users in order to make use of the documentation. In our research we evaluate different types of visualizations, like graphs, treemaps, tables or textual ones. Using the right degree of abstraction and simplification of visualized IT knowledge is paramount to its comprehensibility, but challenging to implement.

Also, the right methods need to be selected to document specific parts of an IT landscape. In our research we analyse manual documentation via text based and form based editors as well as automated imports from existing data sources, like Configuration Management Databases (CMDB) and network monitors. Thus we target the support for both business oriented and more technology oriented stakeholders as well as leverage already documented data.

All of our research work is reflected by Txture, a flexible meta-modeling and IT landscape documentation framework.

Contact: Dr. Matthias Farwick (matthias.farwick@uibk.ac.at) Dr. Thomas Trojer (thomas.trojer@uibk.ac.at) Martin Häusler, MSc (martin.haeusler@uibk.ac.at)

www.txture.tools

17

risk-Based testing

Risk-based testing utilizes risk information in all phases of the test process and has a high potential to improve established test processes. In this area, we developed and empirically evaluated the following methodologies to support the introduction, optimization and validation of risk-based testing:

» a taxonomy of risk-based testing aligned with the phases of the test process providing a framework to understand, categorize, assess, and compare approaches to support their selection and tailoring for specifi c purposes

» a methodology to step-wise introduction of risk-based testing in existing test processes

» a multiple case study on risk-based testing in industry to describe and analyse the actual state of risk-based testing for application in other organizations

» a customized risk assessment approach for our project partner Swiss Life enabling risk-based testing

» analysis of risk-based testing in the context of small and medium-sized enterprises

Contact: Dr. Michael Felderer (michael.felderer@uibk.ac.at)

18

requirements speed reviews

Together with our project partner Porsche Informatik we created, implemented and evaluated a novel requirements review method called Speed Reviews based on the idea of speed dating. In Speed Reviews a peer-review under specifi c constraints and limited by a time factor is performed by pairs of persons, i.e., product owners in the context of Porsche Informatik, which rotate and provide each other with feedback on specifi c requirements. In a case study we found that Speed Reviews

» can be performed with reasonable effort

» lead to more structured, understandable and readable requirements

Contact: Dr. Michael Felderer (michael.felderer@uibk.ac.at)

19

aDamant - Efficient it

security and Compliance

ADAMANT is an open source tool for the effi cient management of security and compliance requirements. It empowers organizations to utilize a continuous approach to ensure compliance with security standards and best practices. ADAMANT was developed as part of the EU-project PoSecCo together with industry-leading partners such as IBM, SAP, Deloitte, Atos and Thales to ensure compliance with heterogeneous high-level security requirements within complex and evolving IT landscapes and is further developed within QE LaB.

ADAMANT integrates various data sources for enterprise and IT architecture models to keep the resulting security model in accordance with the actual enterprise. Additionally, by means of customizable rulesets, ADAMANT automatically adopts changes detected within the connected models and ensures security requirements are always up-to-date. Multiple ways to automatically monitor the fulfi lment of security requirements enable real-time compliance reports for auditors and guarantee timely reaction in case of non-compliance. By means of a continuous and collaborative approach ADAMANT integrates key stakeholders from different domains and even from different organizations to ensure that all knowledgeable stakeholders are kept in the loop and participate in IT security management activities. Arbitrary security standards are supported by a powerful template engine that allows enterprises to use custom templates or predefi ned industry standards (e.g., BSI IT Baseline Protection Catalogue) as foundation for their own security requirement defi nitions.

Contact: Michael Brunner, MSc (michael.brunner@uibk.ac.at) Mag. iur. Christian Sillaber, MSc MSc (christian.sillaber@uibk.ac.at)

http://adamant.q-e.at

20

Crowdsourcing the malware threat

In recent years, distribution of malware has switched from classical channels, such as e-mail, vulnerable services, or macros in software, to a new channel, websites. This is not quite surprising as e-mail clients were improved, macros in software mostly deactivated and nowadays all computers and routers are outfitted at least with a basic firewall, shielding vulnerable services. One major entry point left out- that severely reduces a user’s security - is the browser. Browsers have become the central application for any kind of computation, games, office work, money transactions, and of course social interaction (e.g., Facebook). Therefore, it is essential to increase the security awareness of users and in the long term extrapolate guidelines to decrease risk of malware infections. Unfortunately detecting malware samples by hand (i.e. keyword-based searches on search engines) is monkish labour.

In the collaboration with our partner AV-Comparatives we are tackling this issue by treading new steps in the area of crowdsourcing-based security engineering. Our approach harvests so called crowd intelligence in the area of web-based malware to derive several beneficial results, i.e. get first-hand malware statistics, derive risk-profiles in form of probability models, increase security awareness of individual users, and, hence in the long term extrapolate guidelines to decrease risk of malware infections. To facilitate this endeavour we developed a light-weight monitoring tool, dubbed Croft, which gathers freely given data from heterogeneous user groups in a crowdsourcing fashion. As seen in Figure 1 the whole process is structured in four major steps, collection of data on client side, storing of data on the cloud, false-positive reduction, and statistical analysis.

In step 1, after an alert on the client has been detected data is transmitted to the backend. In step 2 and 3 data is transmitted to the cloud-based backend to filterer out false-positives. Lastly step 4 classifies users on data they provided and for each such group (and employed AV scanner) statistics are created. This leads to, malware statistics (e.g. origin thereof), antivirus test statistics (e.g. speed and reliability), and user-based risk assessment models (i.e. probability of a user to encounter malware).

Contact: Matthias Gander, Dipl.-Ing. (matthias.gander@uibk.ac.at) Clemens Sauerwein, Dipl.-Ing. (clemens.sauerwein@uibk.ac.at)

21

GS1 Sync Booklet

associated Project:

Product Data Quality

This project is conducted in the context of the product database GS1 sync, a novel product knowledge base for standardized food product data hosted by GS1 Austria. This knowledge base is driven by the EU-regulation 1169/2011 and will provide a valuable source of information for producers and consumers. It is evident that the quality of the product data is of crucial importance. GS1 Austria has already established an extensive collaborative quality assurance process. The goal of our collaboration is to enhance the degree of automation within this quality assurance process. As a fi rst step we have defi ned a product classifi cation and an automated process that maps the products to the classifi cation according to the product‘s data. A clustering of products into groups helps greatly to improve data quality enabling product classifi cation-specifi c checks and comparisons. Building on this classifi cation, we have defi ned rules to detect missing or incorrect data. These rules have been implemented as a software service, which is currently used by GS1 supporting their quality assurance process. As a next step we plan to integrate our prototype tighter with GS1‘s workfl ow as well as further improve and expand the defi ned rules, building on GS1‘s feedback.

Contact: Alexandra Jäger (alexandra.jaeger@uibk.ac.at)

GS1 Sync Artikeldaten

einfach und effizient austauschen

Nützen Sie GS1 Sync für

Ihr Unternehmen!

22

Publications

scientific Journals and Book Chapters

» Felderer, M. et al. (2014) Evolution of Security Engineering Artifacts: A State of the Art Survey. International Journal on Secure Software Engineering, 5(4), pp. 48-97, IGI Global

» Felderer, M. and Ramler, R. (2015) Risk orientation in software testing processes of small and medium enterprises: an exploratory and comparative study. Software Quality Journal, pp. 1-30, Springer

» Felderer, M. and Zech, P. and Breu, R. and Büchler, M. and Pretschner, A. (2015) Model-Based Security Testing: Taxonomy and Systematic Classification. Journal of Software: Testing, Verification and Reliability, 25 (4), Wiley

» Felderer, M. and Fourneret, E. (2015) A systematic classification of security regression testing approaches. International Journal on Software Tools for Technology Transfer, 17(3), pp. 305-319, Springer

» Felderer, M. and Katt, B. (2015) A process for mastering security evolution in the development lifecycle. International Journal on Software Tools for Technology Transfer, 17(3), pp. 245-250, Springer

» Felderer, M. and Beer, A. (2015) Using Defect Taxonomies for Testing Requirements. IEEE Software, 32(3), pp. 94-101, IEEE

» Felderer, M. and Herrmann, A. (2015) Manual test case derivation from UML activity diagrams and state machines: A controlled experiment. Information and Software Technology, 61, pp. 1-15, Elsevier

» Trojer, T. and Farwick, M. and Häusler, M. and Breu, R. (2015). Living Modeling of IT Architectures : Challenges and Solutions. In R. De Nicola, Rocco and Hennicker (Ed.), Software, Services, and Systems (Vol. 8950, pp. 458–474). Springer

habilitation

Dr. Michael Felderer completed his habilitation with a colloquium on “Risk-Based Decision Support for Improving Requirements-Based Testing in Industry” on November 3rd, 2015.

23

Completed:

» Thomas Trojer: Access Control Policy Administration supporting User-defined Privacy Preferences (25.09.2015)

running:

» Michael Brunner: A method for certification of safety-critical living systems

» Matthias Gander: Analysis of IT-landscape anomalies through machine learning and complex event processing

» Florian Häser: Model-Based Integration Testing

» Martin Häusler: Scalable Model Repository Infrastructures

» Philipp Kalb: Model Evolution

» Clemens Sauerwein: Real-Time Security Risk Management

» Christian Sillaber: Data Quality Management in Information Systems Security Documentation

ruth Breu:

» The Tyrolean Science Award 2015

» Board Member of FWF, the Austrian Science Fund

» Member of Steering Committee of ACM/IEEE International Conference on Model-Driven Engineering Languages and Systems MODELS

» Member of Editorial Board of the Software and Systems Modeling Journal (Springer SoSym), www.sosym.org

» Member of NIS Platform of the European Commission

» Mitglied Querschnittsfachausschuss Modellierung der Gesellschaft für Informatik e. V. (GI)

» Member of Jury of Heinz-Zemanek-Preis of OCG

» Head of Institute of Computer Science

» Member of Jury, Jubiläumsfond Universität Innsbruck

» Reviewer EU FP 7 Project MIDAS

» Member of Jury of AdventureX 2015, Standortagentur Tirol

» The Tyrolean Science Award 2015

michael felderer:

» The Tyrolean Development Grant 2015

» Guest Editor for the International Journal on Software Tools for Technology Transfer (STTT)

» Editorial Board Member Transactions on Foundations for Mastering Change (FoMaC)

PhD theses awards and functions

24

25

the tyrolean state science award

On October 12th, 2015, Prof. Dr. Ruth Breu has been awarded with The Tyrolean State Science Award 2015. The award is dedicated as acknowledgement for outstanding accomplishments in the scientific field and honors the complete work as well as outstanding individual performance in research and science. The award was presented by Landesrat Prof. Dr. Bernhard Tilg at the ceremony in Landhaus.

At the same time, Dr. Michael Felderer has been awarded with The Tyrolean Development Grant 2015.

Photos on the left page:

Left: Prof. Dr. Bernhard Tilg and the awarded: Prof. Dr. Ruth Breu and Dr. Michael Felderer (at the Awards Ceremony)

Upper right: Prof. Dr. Bernhard Tilg and Prof. Dr. Ruth Breu

Lower right: Prof. Dr. Bernhard Tilg and Dr. Michael Felderer

26

» Felderer, M. and Haisjackl, C. and Pekar, V. and Breu, R. (2014) A Risk Assessment Framework for Software Testing. The 6th International Symposium On Leveraging Applications of Formal Methods, Verification and Validation (ISoLA 2014), pp. 292-308, Springer

» Kalb, P. and Breu, R. (2014) Tool Support for Collaborative Software Quality Management. The Demonstrations Track of the 17th Intl. Conference on Model-Driven Engineering Languages and Systems (MODELS 2014), Article No. 4, CEUR

» Farwick, M. and Schweda, C.M. and Breu, R. and Hanschke, I. (2015) A Situational Method for Semi-automated Enterprise Architecture Documentation (SoSyM Astract). The 18th International Conference on Model Driven Engineering Languages and Systems, (MODELS 2015), IEEE (Best Paper Award)

» Felderer, M. and Beer, A. (2015) Mutual knowledge transfer between industry and academia to improve testing with defect taxonomies. Multikonferenz Software Engineering & Management 2015 (SE 2015), pp. 238-242, GI

» Felderer, M. and Beer, A. (2015) Requirements-based testing with defect taxonomies. Multikonferenz Software Engineering & Management 2015 (SE 2015), pp. 108-109, GI

» Felderer, M. and Haisjackl, C. and Pekar, V. and Breu, R. (2015) An Exploratory Study on Risk Estimation in Risk-Based Testing Approaches. Software Quality Days 2015 (SWQD 2015), pp. 32-43, Springer

» Adorf, H.-M. and Felderer, M. and Varendorff, M. and Breu, R. (2015) A Bayesian Prediction Model for Risk-Based Test Selection. The 41th EUROMICRO Conference on Software Engineering and Advanced Applications (SEAA 2015), pp. 374-381, IEEE

» Keckeis, J and Dolezel M. and Felderer, M. (2015) Towards a Concept for Enterprise Systems Landscape Testing. ERP Future 2014, Springer (in press)

» Mohacsi, S. and Felderer, M. and Beer, A. (2015) Estimating the Cost and Benefit of Model-Based Testing: A Decision Support Procedure

for the Application of Model-Based Testing in Industry. The 41th EUROMICRO Conference on Software Engineering and Advanced Applications (SEAA 2015), pp. 382-389, IEEE

» Gander, M. and Sauerwein, C. and Breu, R. (2015) Assessing Real-time Malware Threats. The Information Assurance Workshop at the 2015 IEEE International Conference on Software Quality, Reliability & Security (QRS 2015)

» Pekar, V. and Felderer, M. and Breu, R. and Ebner, M. and Winkler, A. (2015) Improving the Requirement Engineering Process with Speed-Reviews: An Industrial Case Study. Software Quality Days 2015 (SWQD 2015), pp. 3-19, Springer

» Sillaber, Ch. and Breu, R. (2015) Using Business Process Model Awareness to improve Stakeholder Participation in Information Systems Security Risk Management Processes. Wirtschaftsinformatik 2015, pp. 1177-1190

» Sillaber, Ch. and Breu, R. (2015) Identifying Blind Spots in IS Security Risk Management

accepted Papersat Conferences and Workshops

27

Processes Using Qualitative Model Analysis. Third International Conference on Human Aspects of Information Security, Privacy, and Trust, (HAS 2015), held as part of HCI International 2015, pp. 252-259, Springer

» Sillaber, Ch. and Breu, R. (2015) Using Stakeholder Knowledge for Data Quality Assessment in IS Security Risk Management Processes. The ACM SIGMIS 2015 Conference on Computers and People Research (CPR 2015), pp. 153-159, ACM

» Pekar, V. and Felderer, M. and Breu, R. and Nickl, F. and Roßik, C. and Schwarcz, F. (2016) Integrating a lightweight risk assessment approach into an industrial development process. Software Quality Days 2016 (SWQD 2016), Springer (in press)

Journal of Software and Systems Modeling 2015 Best Paper Award

28

international Conferences:

» ACM/IEEE 18th International Conference on Model Driven Engineering Languages and Systems (MODELS 2015)

» 41th Euromicro Conference on Software Engineering and Advanced Applications (SEAA 2015)

» 12th IEEE International Conference on Services Computing (SCC 2015)

» The Eleventh International Conference on Autonomic and Autonomous Systems (ICAS 2015)

» The 12th International Conference on Mobile Web and Intelligent Information Systems (MobiWis 2015)

Workshops and D-a-Ch Conferences:

» ERP Future 2014 Research Conference (ERP 2014)

» 3rd Workshop on View-Based, Aspect-Oriented and Orthographic Software Modelling (VAO 2015)

» Software Quality Days 2015 (SWQD 2015)

» Health Informatics meets eHealth (eHealth2015)

» First International Workshop on Process Engineering (IWPE 2015)

» 3rd International Workshop on Risk Assessment and Risk-Driven Testing 2015

» 13. Anwenderkonferenz für Softwarequalität, Test und Innovation (ASQT 2015)

» Software & Systems Engineerings Essentials (SEE 2015)

» 12. Internationale Tagung Wirtschaftsinformatik (WI 2015)

ruth Breu

PC memberships

29

international Conferences:

» 41st Euromicro Conference on Software Engineering and Advanced Applications (SEAA 2015)

» 23rd International Conference on Requirements Engineering 2015, Industry Committee (RE 2015)

» 16th International Conference on Product-Focused Software Process Improvement (PROFES 2015)

» 9th International Symposium on Empirical Software Engineering and Measurement (ESEM 2015)

» 41st International Conference on Current Trends in Theory and Practice of Computer Science (SOFSEM 2015)

» EuroSTAR Software Testing Conference (EuroSTAR 2015)

» The Seventh International Conference on Advances in System Testing and Validation Lifecycle (VALID 2015)

» 8th IEEE International Conference on Software Testing, Verification and Validation (ICST 2015)

» 48th Annual Hawaii International Conference on System Sciences (HICSS 2015)

» OOP Software meets Business (OOP 2015)

Workshops and D-a-Ch Conferences:

» ERP Future 2015 Research Conference (ERP 2015)

» 6th International Workshop on Security Testing (SECTEST 2015)

» 10th International Workshop on Testing: Academic and Industrial Conference - Practice and Research Techniques (TAIC PART 2015)

» 2nd International Workshop on Requirements Engineering and Testing (RET 2015)

» 3rd International Workshop on Risk Assessment and Risk-driven Testing (RISK 2015)

michael felderer

30

Presentations at Conferences and Workshops:

» C. Sillaber: Measuring and improving the quality of business security requirements in Information Systems Security Risk Management Processes, Young Security Researchers Day 2014, Graz, Austria, 2014/10/10

» M. Felderer: An Exploratory Study on Risk Estimation in Risk-Based Testing Approaches, Software Quality Days 2015, Vienna, Austria, 2015/01/21

» M. Felderer and M. Ebner: Improving the Requirement Engineering Process with Speed-Reviews: An Industrial Case Study, Software Quality Days 2015, Vienna, Austria, 2015/01/21

» M. Felderer and A. Beer: Requirements-based testing with defect taxonomies, Multikonferenz Software Engineering & Management 2015, Dresden, 2015/03/20

» M. Felderer and A. Beer: Mutual Knowledge Transfer Between Academia and Industry to Improve Testing with Defect Taxonomies, Software Engineering 2015, Dresden, Deutschland, 2015/03/20

» M. Felderer: Current State and Challenges for Model-Based Security Testing, 6th International Workshop on Security Testing (SECTEST 2015), 2015/04/13

» M. Felderer: A Bayesian Prediction Model for Risk-Based Testing, 41th Euromicro Conference on Software Engineering and Advanced Applications (SEAA 2014), Funchal, Portugal, 2015/08/27

» M. Felderer: Estimating the Cost and Benefit of Model-Based Testing: A Decision Support Procedure for the Application of Model-Based Testing in Industry. 41th Euromicro Conference on Software Engineering and Advanced Applications (SEAA 2014), Funchal, Portugal, 2015/08/27

» M. Gander and C. Sauerwein and R. Breu: Assessing Real-time Malware Threats, Workshop on Information Assurance at the 2015 IEEE International Conference on Software Quality, Reliability & Security (QRS 2015), Vancouver, Canada, 2015/08/03

» F. Häser and R. Breu: Non-Intrusive Documentation-Driven Integration Testing, International Conference on Software Testing 2015, Graz, Austria, 2015/04/15

» C. Sillaber: Identifying Blind Spots in IS Security Risk Management Processes Using Qualitative Model Analysis, 17th International Conference on Human-Computer Interaction (HCI 2015), Los Angeles, USA, 2015/08

» C. Sillaber: Using Stakeholder Knowledge for Data Quality Assessment in IS Security Risk Management Processes, ACM SIGMIS Conference on Computers and People Research CPR 2015), Long Beach, USA, 2015/06

» C. Sillaber: Using Business Process Model Awareness to improve Stakeholder Participation in Information Systems Security Risk Management Processes. Internationale Tagung Wirtschaftsinformatik (WI 2015), Osnabrück, Germany 2015/03

Dissemination and Public Presence

31

invited scientific talks:

» M. Farwick and R. Breu: Lebendige EA Modelle – Wissen im IT-Management kooperativ entwickeln, Enterprise Architecture Conference 2014, Berlin, Germany, 2014/11/03

» M. Farwick and C. M. Schweda and R. Breu and I. Hanschke: A Situational Method for Semi-automated Enterprise Architecture Documentation, 18th International Conference on Model Driven Engineering Languages and Systems (Models 2015), Ottawa, Canada, 2015/09/30

» M. Felderer: Using Defect Taxonomies to Improve Testing and Reviewing of Requirements, Chalmers University of Technology, Göteborg, Schweden, 2015/02/20

» M. Felderer: Current State and Challenges for Model-Based Security Testing, 6th International Workshop on Security Testing (SECTEST 2015), Graz, Austria, 2015/04/13

Presentations at Business related Events:

» R. Breu, M. Brunner: Security Risk Workflows – Konzepte für die organisierte Suche nach der Nadel im Hauhaufen, OWASP German Chapter Stammtisch, Munich, Germany, 2015/04/21

» R. Breu: Podiumsdiscussion at IT-Day 2015, Innsbruck, Austria, 2015/05/07

» M. Felderer: No Risk, No Test: Erfolgreiche Einführung und Umsetzung von Risikobasiertem Testen, Software Engineering Live Workshop 2015 (SE Live 2015), Achenkirch, Austria, 2015/04/24

» Ch. Sillaber: Experimente zur IT-Sicherheit, inday Teachers 2015, Innsbruck, Austria, 2015/03/24

» Ch. Sillaber, M. Brunner: Challenges for Next Generation IT-Compliance Management Systems, IG:IS Interessensgemeinschaft Informationssicherheit, Innsbruck, Austria, 2015/06/18

32

Our mission in teaching is to educate professionals with both foundational and application oriented skills.

teaching

ruth Breu:

» Entwurf von Softwaresystemen, WS 2014/15, Lecture

» Softwareentwicklung und Projektmanagement, SS 2015, Lecture

» Softwareentwicklung und Projektmanagement, SS 2015, Proseminar

» PhD Course Advanced Quality Engineering Proseminar, WS 2014/15

» Introduction into Computer Science for Economists, WS 2014/15, Lecture

michael felderer:

» Advanced Software Quality, WS 2014/15, Lecture

» Software Qualität, WS 2014/15, Lecture

» Software Qualität, WS 2014/15, Proseminar

» Advanced Software Engineering, SS 2015, Lecture

» Advanced Software Engineering, SS 2015, Proseminar

matthias farwick, thomas trojer:

» Domain-specific Language Engineering, SS 2015, Proseminar

Christian sillaber:

» Entwurf von Softwaresystemen, WS 2014/15, Proseminar

» Entwurf von Softwaresystemen, WS 2015/16, Proseminar

» Entwurf von Softwaresystemen, WS 2015/16, Lecture

» Softwareentwicklung und Projektmanagement, SS 2015, Proseminar

florian häser:

» Entwurf von Softwaresystemen, WS 2014/15, Proseminar

» Softwareentwicklung und Projektmanagement, SS 2015, Proseminar

33

Bachelor theses:

» Evaluierung einer Plattform für Wissensmanagement in einer IT Abteilung (Martin Haslinger, completed)

» Plattform-unabhängige mobile Web-Anwendung für Festivalbesucher (Matthias Wanner)

» Attacks in a box (Mirko Bez und Simon Targa, completed) » Einführung und Evaluierung einer Cross-Device-

Testing Plattform (David Fasching, completed) » Visualisierung von Anforderungen und Trace Links

(Alexander Blaas and Natalie Mair, completed) » Implementierung eines Multi-Device Interfaces zur Zeiterfassung

für Microsoft Dynamics NAV (Alex Untertrifaller, completed) » Effiziente Session-Verwaltung für einen Streamingdienst

(Mathias Mahlknecht, completed) » Management und Routing eines Indoor-Lokalisierungssystems

(Thomas Berthold, completed) » Konzeption und Entwicklung eines Kundeninformationsystems

(Samuel Carraro and Werner Kapferer, completed) » Implementierung eines Management Tools für

Metamodellinks in MoVE (Fabian Jeschko, completed) » Implementierung eines Metrik Frameworks für

MoVE (Daniel Eppacher, completed) » Automatisierte Dokumentation von IT-Architekturen auf

Basis von heterogenen Datenquellen (Felix Kostenzer, David Riedl, Matthias Lechner, completed)

» Mobiler Arztbrief und mobiler Leistungsnachweis (Christian Lechner und Thilo Gorfer, completed)

» Implementierung von Vulnerabilitätsanalysen in einer Workflow-Engine (Nikolaus Rauch, completed)

master theses:

» State of Practice of Software Quality Processes in Software Houses (Florian Auer, completed)

» The Usage of Quality Models in Risk-Based Testing (Harald Foidl, completed) » Risk-Based Testing in a Health-Care Environment

(Harald Hirschvogl, completed) » Automatic Deployment Environment for GRC (Alexander Graf, ongoing) » Design and Implementation of a Generic and Highly Extensible

Sensor-Driven Eventing and Notification Framework for IBM WebSphere (Patrizia Gufler, ongoing)

» Continuous Integration in a Banking Environment (Christian Bitschnau, ongoing)

» Attacks in a box (Mirko Bez, Simon Targa, ongoing) » Integration of testing concepts into the RE

framework reqT (Cornelia Lezuo, ongoing) » Agile Development Processes in SME (Sonja Thaler, ongoing) » Uncovering Malware Remnants after Automated Malware

Cleansing for Android (Christoph Leitner, ongoing) » Crowdsourcing the Malware Threat: A Case Study on

Crowdsourcing Capabilities in the Information Security Domain (Clemens Sauerwein, ongoing)

» A scalable property-based Filesystem based on Fuse (Richard Weinberger, ongoing)

The Master Thesis of QE student Harald Foidl entitled „The Usage of Quality Models in Risk-based Testing“ supervised by Dr. Michael Felderer received the DASMA Zukunftspreis 2015. The price was handed over to Mr. Foidl during MetriKon 2015 in Cologne. The DASMA Zukunftspreis is awarded once per year to excellent thesis in the area of software metrics and effort estimation.

Bachelor and master theses

34

it award for Bachelor students of theinstitute of Computer science

The „IT Award of the City of Innsbruck“ is annually honoured by the City of Innsbruck under the auspices of the Tyrolean Chamber of Commerce to Bachelor students of Computer Science for outstanding project work within the course „Software Development and Project Management“. At this year‘s competition, the award was dedicated to solutions mobile materialising location based services.

The award was dedicated to the project Echo. Echo is a social network which targets in what is really important for users: to obtain on time and in a particular location the relevant information.

With this application it is possible to write so-called Shouts (short messages) that are visible to everyone else in the vicinity. Sharing, commenting and rating increases or decreases the range of the shouts. This local relevance guarantees that the information fl ow is reduced to the essentials.

Awarded team: Daniel Egger, Arno Breitfuss, Mike Koch, Patrick Lackinger, Björn Meusburger and Jannik Siebert

Jury members: Dr. Andreas Doblander (ARZ Allgemeines Rechenzentrum), DI Paul Wessiack (World Direct) and Dr. Rainer Mayr (TIWAG)

„talente Entdecken“

Echo © Daniel Egger

The awarded team with jury and the organiser

35

The Quality and Security Program Tirol - QSP Tirol - is an initiative created by the Quality Engineering Research Group

to foster application-oriented education in the area of software engineering, information security and IT management at the University of Innsbruck.

QSP Tirol offers series of events such as QSP Labs, QSP Talks and QSP Teaching supported by renown experts and is dedicated for students enrolled in Tyrolean Universities.

The initiative is sponsored by the companies: ARZ Allgemeines Rechenzentrum GmbH, Barracuda Networks, EGGER and mils electronic.

The Program was officialy initiated on 27.11.2014 and since that time the broad sellection of interesting labs and talks leaded by outstanding experts has been offerred to students.

The following labs were held in a time period: November 2014-November 2015:

27.11.2014 Vyacheslav Zakorzhevsky (Kaspersky Lab) Financial Malware and Corresponding Distribution Methods

28.11.2014 Martin Beißer (sepp.med gmbh) Modellbasiertes Testdesign - Testfälle automatisch generieren

12.12.2014 Richard Weinberger, David Gstir (sigma star gmbh) Reverse Engineering Network Appliances

09.-10.01.2015 Harry M. Sneed (SoRing Kft, Budapest) Analyzing and Testing Software Requirement Documents

16.01.2015 Dr. Helmut Gratl (ARZ Allgemeines Rechenzentrum GmbH) Sicherheitsarchitektur(en) im Enterprise Umfeld

27.02.2015 Inge Hanschke (Lean42 GmbH) EA Best Practices

06.03.2015 Christian Kovatsch (ARZ Allgemeines Rechenzentrum GmbH) Schwachstellen in Browser und Mobile Devices

13.03.2015 Dr. Helmut Gratl (ARZ Allgemeines Rechenzentrum GmbH) Sicherheitsüberprüfungen (Theorie und Best Practice) im professionellem Umfeld

20.-21.03.2015 Martin Ortner and Gregor Koenig (Barracuda Networks) Secure Internet Communication

17.-18.04.2015 Torsten Gründer (Gründer Consulting) IT-Outsourcing Management

24.04.2015 Hannes Tschofenig (ARM Limited)

08.05.2015 Internet of Things (IoT)22.05.201529.05.2015 26.06.2015 Tobias Simon (itestra GmbH) Software-Qualität im Wandel der Zeit

23.10.2015 Richard Weinberger (sigma star) Introduction to Linux kernel development

06.11.2015 David Gstir (sigma star) Introduction to cryptography

13.11.2015 Michael Gredler, Christian Pubmerger Cybercrime verhindern - Schwachstellen und Angriffe erkennen

27-28.11.2015 Harry Sneed (SoRing Kft, Budapest) Software Reengineering

03-04.12.2015 Victor Sergeev (Kaspersky Lab) Malware analysis & Reverse engineering

11.12.2015 Matthias Forster, Matthias Schmidt (Bayerisches Landeskriminalamt) Zentrale Ansprechstelle Cybercrime - ZAC

the Quality and security Program tirol

36

Events

The following talks were given within the QSP initiative so far:

27.11.2014 Stefan Ortloff (Kaspersky Lab) A Retrospective View On Banking Malware

27.11.2015 Rainer Böhme (Wilhelms-Universität Münster Kryptographische Währungen als Zahlungsmittel: Prinzipien, Potenziale und Probleme am Beispiel Bitcoin

28.01.2015 Hannes Tschofenig (ARM Limited) Securing the Internet of Things

29.04.2015 Václav Pech (JetBrains) JetBrains MPS - Speaking your language

18.06.2015 Ing. Michael Brunner, MSc (Institut für Informatik, Universität Innsbruck) Mag. Christian Sillaber, MSc (Institut für Informatik, Universität Innsbruck) Herausforderungen für Next Generation IT Compliance Management Systeme

15.10.2015 Ing. Christian Pumberger, MBA, katmakon, KG Aufbau IT-Krisenmanagement in Unternehmen

03.12.2015 Serge Egelman, University of California, Berkeley Making Privacy Decisions in Ubiquitous Computing Environments

QE laB Praxis forum

The QE Lab Praxis Forum was held on November 12th, 2014. The following four presentations given at the forum referred to the latest projects and developments in the work of the QE LaB team:

» Dr. Michael Felderer (QE Lab) No Risk, No Test: Effektives Testen durch Risikoorientierung

» Viktor Pekar (QE LaB), Martin Ebner (Porsche Informatik) Requirement Speed-Reviews bei Porsche Informatik

» Dr. Matthias Farwick, (QE LaB), Dr. Thomas Trojer (QE LaB) Lebendige IT Modelle - Wissen im IT-Management kooperativ

» Michael Brunner (QE LaB), Christian Sillaber (QE LaB) Wer schreibt, der bleibt – Qualität in der Dokumentation von Sicherheitsanforderungen

37

april 23rd-24th, 2015, achenkirch

Organisers: Ruth Breu, Wolfgang Glock, Friederike Nickl,Thomas Matzner, Oliver Wiegert

» Local Organisation: Ilona Zaremba » http://se-live.org

The 7th edition of the workshop Software Engineering Live took a place on 23rd and 24th of April 2015. In Achenkirch at the Achensee, the software engineering professionals from Germany and Austria met together to discuss the latest trends of the development of complex software systems. This year’s networking meetings focused on the sustainability of software systems and the central topics of this workshop were:

» Agile Documentation » Agility and Performance Migration » Testability of Software Architectures » Risk Assessment in Test Processes

http://se-live.org/se_live_2015/ The participants of SE Live 2015 Workshop

german Chapter of the aCm Workshop

software Engineering live 2015

38

„Talente Entdecken“ is an initiative of the Austrian Federal Ministry for Transport, Innovation and Technology fostering interest of young adults in natural science and technical professions.

Every year QE LaB offers fi ve positions for high school students during four weeks of summer holidays. They have a chance to conduct practical programming as well as literature research.

This year “Talente Entdecken” focused on quality characteristics for mobile applications. The students have learned tools and techniques for collaborative research and conducted a study. They shared their experience by publishing the fi ndings of their research in a Wikipedia article.

The team was supervised by MSc Florian Häser.

Silvia Hubmann, the student conducting „Talente Entdecken“ 2014 was awarded by FFG with the Award of Excellence for the report summarising her research during the intership. She was supervised by Mag. M.Sc. M.Sc. Christian Sillaber, QE Lab PhD student.

„talente Entdecken“

Klaus Pseiner (FFG), Silvia Hubmann and Christian Sillaberat the Award Presenation in Vienna

Florian Häser, the young researchers and Prof. Dr. Ruth Breu at the closing of this year „Talente Entdecken“

https://de.wikipedia.org/wiki/Softwarequalit%C3%A4t#Software_f.C3.BCr_mobile_Ger.C3.A4te

39

zukunft forschung 01/1542 Foto: iconimage – Fotolia.com (bearbeitet v. Stefan Gerstorfer)

GRÜNDUNGEN

IT-TRENDS GESCHÄFTLICH NUTZBAR MACHEN

Der Quality-Intelligence-Ansatz der QE LaB Business Services GmbH bereitet durch eine

hohe Qualität der IT-Landschaft den Boden für Innovationen.

Trends wie Internet of Things oder Industrie 4.0 sind nur dann effi-zient nutzbar, wenn die IT-Land-

schaft eines Unternehmens eine hohe Qualität aufweist. Entgegen einer weit verbreiteten Ansicht treibt IT-Qualitäts-management demnach Innovationen und geschäftlichen Erfolg erst voran. „Unter-nehmen müssen überlegen, ob und wie sie IT-Trends für das eigene Geschäft nutzen können. Die Voraussetzungen von IT-Seite können wir mit unserem Quality-Intelligence-Ansatz schaffen“, sagt Ruth Breu, Leiterin des Bereichs Quality Engineering am Institut für In-formatik der Universität Innsbruck sowie Gesellschafterin von QE LaB Business Services (QE LaB BS). Die IT-Abteilung

kann ihren Beitrag zur Geschäftsentwick-lung dann leis ten, wenn sie den Zustand der Systeme genau kennt. In Zeiten von heterogenen, fragmentierten und hoch-dynamischen IT-Landschaften ist das eine große Herausforderung. Durch die automatisierte Erfassung des IT-Betriebs können die Experten von QE LaB BS mit ihren Methoden und Tools einen solchen Überblick in Echtzeit schon jetzt liefern.

Erfolgsfaktor QualitätIn Kooperation mit der Forschungsgrup-pe Quality Engineering an der Univer-sität Innsbruck und Industriepartnern entwickeln sie innovative Werkzeuge, die IT-Architekten bei der Analyse komple-xer Infrastrukturen unterstützen. „Unse-

re Vision ist es, dass IT-Architekten durch die Strukturen ihrer IT-Systeme navigie-ren wie Reisende durch eine interaktive Landkarte und dabei Abhängigkeiten analysieren können,“ erläutern Matthias Farwick und Thomas Trojer, Consultants bei QE LaB BS: Mit dem txture-Werk-zeug, das die dynamische Visualisierung von IT-Landschaften und individuelle Auswertungen erlaubt, ist ein großes Stück dieser Vision bereits realisiert.

Gefährliche Kettenreaktionen in IT-Landschaften, wie etwa bei Zwischenfäl-len einer großen Bank, als Software-Up-dates das gesamte Online-Banking lahm-legten, können durch automatisierte und individuelle Analysemöglichkeiten ver-mieden werden. cast

QUALITY INTELLIGENCE ist

ein umfassender Ansatz für das

Qualitätsmanagement von IT-

Landschaften. Er basiert auf zwei

Prinzipien:

1. Die Qualitätsziele sind am

Geschäft ausgerichtet (Business-IT-

Alignment).

2. Die genaue Kenntnis des Quali-

tätszustands der IT-Infrastruktur na-

hezu in Echtzeit ist Voraussetzung

für die technische Umsetzung.

QE LAB BUSINESS SERVICES

GMBH ist ist ein Spin-off der

Forschungsgruppe Quality Engi-

neering am Institut für Informatik

der Universität Innsbruck. Seit der

Gründung 2012 führt die Firma

Projekte in den Bereichen Quality

und Security Engineering mit

namhaften Kunden wie dem Allge-

meinen Rechenzentrum, Hilti, ÖBB

und Bachmann electronic durch.

Die Unternehmensgründung wur-

de durch das CAST gefördert.

Info: www.qe-lab.com

http://www.uibk.ac.at/forschung/magazin/14/seite42-44.pdfhttp://www.qe-lab.com

QE laB Business services gmbh

QE LaB Business Services GmbH complements our research activities by services and products for the continuous quality management of collaborative systems.

4 0

non-scientific media

and Press reports

» 20 Jahre Internet in Tirol: Chancen und Risiken, Tiroler Tageszeitung, September 2014

» App-Berechtigungen: Was darf die App? Radio Tirol, Hallo Tirol, November 2014

» IT-Trends geschäftlich nutzbar machen, zukunft forschung - Magazin für Wissenschaft und Forschung der Universität Innsbruck, January 2015

» Praxis im Hörsaal – QSP Tirol, uniwia, March, 2015

» Neue Plattform: Informatik Austria, HEUREKA, Der Falter, Wien, March 2015

» ORF Interview am IT-Day, ORF - Landesstudio Tirol, Innsbruck, May 2015

„Neue Plattform: Informatik Austria“, HEUREKA, Der Falter: https://www.falter.at/heureka/ausgabe/informatik-austria-315/

41

„Praxis im Hörsaal“, uniwia: http://informatik.uibk.ac.at/wp-content/uploads/2015/04/01032015_WIA_PraxisimH%C3%B6rsaal_QSP.pdf

42

The Quality Engineering research group (QE) is a research group at the Institute of Computer Science at the University of Innsbruck. Together with her team Ruth Breu develops innovative methods and tools for increasing quality and cost efficiency in IT using model-based techniques.

Model-based techniques will be increasingly used in management, development and operation of IT systems. The tasks of developers will therefore increasingly shift from technology-based coding to business oriented analysis. This is the only way to control the IT systems of the future, which are characterized by distribution, interconnectedness and cross-system business processes.

The goal of QE‘s research is to develop sound and practical solutions and to unlock application scenarios.

QE‘s research topics include model-driven quality assurance, workflow management and planning of IT landscapes. In addition, QE has achieved an internationally leading position in the areas of security engineering and security management, in the past few years.

QE was established in 2002 and currently has around 30 staff. In addition to worldwide cooperation with research partners, QE is mostly involved in projects in cooperation with industry partners.

models at work – The focus of QE‘s research is on profound practical solutions and new application scenarios of models.

Quality Engineering

research group

43

Security Engineering of Distributed SystemsBusiness processes increasingly run on open, mobile systems. IT security has therefore become a core requirement. We are driving innovative security engineering to enable ample use of collaborative systems and new technologies. In particular we work in the following areas: » conceptual design of service-oriented security

systems that are critical for security » web service-based technologies » Identity and rights management

Projects: » MOBSTECO: Model-Based Security Testing of Clouds

FWF Project, 2013-2016

IT-Management & Security ManagementGuidelines and a well-structured organisation are essential so that information technology can support business processes effectively and in a secure way. We focus on the following areas: » planning and management of IT landscapes » security and risk analysis » IT processes

Projects: » EN-ACT: Energy-aware Computing

Interreg IV Project in Colloboration wth Free University of Bolzano, 2012-2015

Business Process & WorkflowSmooth running of day-to-day business processes is unthinkable nowadays without excellent IT support. This is why we focus on the following areas: » modelling and evaluation of business processes » workflow management systems » agile process life cycle

Projects: » Nautilus: The Process of Process Modeling

FWF Project (Barbara Weber), 2011-2015 » ModErAre: Modeling Error Analysis and Resolution

FWF Project (Barbara Weber), 2014-2016 » The Modeling Mind: Behavior Patterns in Process Modeling

FWF Project (Barbara Weber), 2014-2017

Software EngineeringIn our core discipline, traditional software engineering, we focus on the following areas: » software development processes » model-based quality assurance » model-driven software development

Projects: » Product Quality

Collaboration Project with GS1 Austria and MPREIS, 2014-2017

research areas of the Quality Engineering group

1 2

3 4

Quality EnginEEring laura Bassi laB

Prof. Dr. Ruth BreuInstitute of Computer ScienceICT-Building, 3S05, University of InnsbruckTechnikerstrasse 21a, 6020 InnsbruckTel: +43 (0)512-507-53203Fax: +43 (0)512-507-53029Mail: ruth.breu@uibk.ac.at

Web: http://qe-lab.at

If you have questions or require more information about QE LaB, please contact us.

Contact us

Quality EnginEEring laura Bassi laB

© 2015 QE LaB, All rights reserved.Contact: Prof. Dr. Ruth Breu, Institute of Computer ScienceICT-Building, 3S05, University of InnsbruckTechnikerstrasse 21a, 6020 InnsbruckTel: +43 (0)512-507-53203Fax: +43 (0)512-507-53029Mail: ruth.breu@uibk.ac.at

Web: http://qe-lab.at