Biblio

Typical transactions in cross-company Industry 4.0 supply chains require a dynamically evaluable form of trustworthiness. Therefore, specific requirements on the parties involved, down to the machine level, for automatically verifiable operations shall facilitate the realization of the economic advantages of future flexible process chains in production. The core of the paper is a modular and extensible model for the assessment of trustworthiness in industrial IoT based on the Industrial Internet Security Framework of the Industrial Internet Consortium, which among other things defines five trustworthiness key characteristics of NIST. This is the starting point for a flexible model, which contains features as discussed in ISO/IEC JTC 1/AG 7 N51 or trustworthiness profiles as used in regulatory requirements. Specific minimum and maximum requirement parameters define the range of trustworthy operation. An automated calculation of trustworthiness in a dynamic environment based on an initial trust metric is presented. The evaluation can be device-based, connection-based, behaviour-based and context-based and thus become part of measurable, trustworthy, monitorable Industry 4.0 scenarios. Finally, the dynamic evaluation of automatable trust models of industrial components is illustrated based on the Multi-Vendor-Industry of the Horizon 2020 project SecureIoT. (grant agreement number 779899).

Testing a software product line such as Linux implies building the source with different configurations. Manual approaches to generate configurations that enable code of interest are doomed to fail due to the high amount of variation points distributed over the feature model, the build system and the source code. Research has proposed various approaches to generate covering configurations, but the algorithms show many drawbacks related to run-time, exhaustiveness and the amount of generated configurations. Hence, analyzing an entire Linux source can yield more than 30 thousand configurations and thereby exceeds the limited budget and resources for build testing. In this paper, we present an approach to fill the gap between a systematic generation of configurations and the necessity to fully build software in order to test it. By merging previously generated configurations, we reduce the number of necessary builds and enable global variability-aware testing. We reduce the problem of merging configurations to finding maximum cliques in a graph. We evaluate the approach on the Linux kernel, compare the results to common practices in industry, and show that our implementation scales even when facing graphs with millions of edges.

In a software project as large and as rapidly evolving as the Linux kernel, automated testing systems are an integral component to the development process. Extensive build and regression tests can catch potential problems in changes before they appear in a stable release. Current systems, however, do not systematically incorporate the configuration system Kconfig. In this work, we present an approach to identify relationships between configuration options. These relationships allow us to find source files which might be affected by a change to a configuration option and hence require retesting. Our findings show that the majority of configuration options only affects few files, while very few options influence almost all files in the code base. We further observe that developers sometimes value usability over clean dependency modelling, leading to counterintuitive outliers in our results.