Fraunhofer-Institut für Produktionsanlagen und Konstruktionstechnik IPK

Filters

8
7
Reset filters

Settings
Now showing 1 - 8 of 8
  • Publication
    Comparison of Ethereum Smart Contract Analysis and Verification Methods
    ( 2024)
    Happersberger, Vincent
    ;
    Jäkel, Frank-Walter
    ;
    Knothe, Thomas
    ;
    Pignolet, Yvonne Anne
    ;
    Schmid, Stefan
    Ethereum allows to publish and use applications known as smart contracts on its public network. Smart contracts can be costly for users if erroneous. Various security vulnerabilities have occurred in the past and have been exploited causing the loss of billions of dollars. Therefore, it is in the developer’s interest to publish smart contracts that serve their intended purpose only. In this work, we study different approaches to verify if Ethereum smart contracts behave as intended and how to detect possible vulnerabilities. To this end, we compare and evaluate, different formal verification tools and tools to automatically detect vulnerabilities. Our empirical comparison of 140 smart contracts with known vulnerabilities shows that different tools vary in their success to identify issues with smart contracts. In general, we find that automated analysis tools often miss vulnerabilities, while formal verifiers based on model checking with Hoare-style source code annotations require high effort and knowledge to discover possible weaknesses. Specifically, some vulnerabilities (e.g., related to bad randomness) are not detected by any of the tools. Formal verifiers perform better than automated analysis tools as they detect more vulnerabilities and are more reliable. One of the automated analysis tools was able to find only three out of 16 Access Control vulnerabilities. On the contrary, formal verifiers have a hundred percent detection rate for selected tests. As a case study with a smart contract without previously known vulnerabilities and for a more in-depth evaluation, we examine a smart contract using a two-phase commit protocol mechanism which is key in many smart contract applications. We use the presented tools to analyze and verify the contract. Thereby we come across different important patterns to detect vulnerabilities e.g. with respect to re-entrancy, and how to annotate a contract to prove that intended the restriction and requirements hold at any time.
  • Publication
    Integrated Model-Based Configuration of Production Systems - Reflection of ISO 19440 and MDA and MDI
    ( 2023)
    Knothe, Thomas
    ;
    Torka, Jan
    ;
    Gering, Patrick
    ;
    Jäkel, Frank-Walter
    Rising business competition leads to complexity because of increased number of product variants and customer-specific processes. Model-based approaches seem to be suitable for handling this kind of flexibility in networked production environments. In this paper, current approaches to the configuration of heterogeneous systems based on standard models are reflected, and an integrated model-based configuration approach using formalized modules is proposed and its application demonstrated.
  • Publication
    The Use of Digital Twins to Overcome Semantic Barriers in Hyperconnected Ecosystems for Industry
    ( 2022)
    Jäkel, Frank-Walter
    ;
    Gering, Patrick
    ;
    Knothe, Thomas
    To establish business networks a match between businesses demands and potential partner information is required. Publicly available information on the Internet about companies, products and services usually don’t follow a common standard. The concept of a digital twin could be used to organise the different information and, in the future, to harmonise the way company data is made available on the web. Every company usually has a web presence, related documents, web pages and a trace on the web, which can be used for an initial structure of the digital twin. Hereby, first services for the correlations between partner companies and requirements can be designed. But it requires the management of legal aspects e.g. the access of bots to the public available information. The paper provides initial ideas and feasibility checks and it propose an evolution of the current heterogeneous content and structure of the data into a well-structured digital twin including content related ontologies to describe the company characteristics.
  • Publication
    Model based Configuration of Platforms for Managing Cross-Organizational (Business) Processes
    ( 2022)
    Knothe, Thomas
    ;
    Gering, Patrick
    ;
    Glodde, Ilona
    ;
    Ahle, Ulrich
    ;
    Böttger, Jonas
    ;
    Döberitz, Niklas
    In this contribution interoperability is considered from the perspective of platforms, which have to manage cross-organisational business processes. A model-based approach for configuring a cloud platform for managing complex processes and their dependencies across different organisations is provided. The approach is applied on using FIWARE, which provides a framework of open source software platform components. The core concept is to extend the open source core data model of FIWARE by using the artefacts of an Enterprise model, describing the dependencies of processes, roles, object data and application interfaces. Based on a given use case the principal configuration was applied and validated.
  • Publication
    Ensure OPC-UA interfaces for digital plug-and-produce
    ( 2020)
    Jäkel, Frank-Walter
    ;
    Wolff, Tobias
    ;
    Happersberger, Vincent
    ;
    Knothe, Thomas
    Experiences in industry has illustrated that ""Open Platform Communications Unified Architecture"" (OPC-UA) as upcoming de-facto standard for Industry 4.0 requires interoperability tests to support a digital plug-and-produce. Existing tools to validate OPC-UA implementations need to be applicable for such validations. Within the German national ""Internet of Things Test"" (IoT-T) project, we developed concepts and software for the validation of interoperability between different cyber physical systems using OPC-UA. The paper focuses on this part of the work and provides insights in the results. The results consists of industrial use cases, requirements, concepts and open source software. It also includes the comparison of the developments in the IoT-T project with the Compliance Test Tools (CTT) provided by the OPC Foundation (OPCF), which checks the conformity of the OPC-UA servers and clients against the OPC-UA specification.
  • Publication
    Learning factory for digitization of enterprises
    ( 2020)
    Rieckmann, Jens Mathis
    ;
    Knothe, Thomas
    The fourth industrial revolution stands for higher flexibility and productivity of companies. This requires intelligent and interconnected production systems with a well-trained staff. This article describes how the necessary qualification processes can be performed. A high degree of individualized products requires more digitized information (e.g. via IoT, sensors, RFIDs) and a flexible form of work. Today's changes in enterprises are focusing on upgrading the technical equipment. Dealing with changing the mental setting of the staff, enabling employees for digitalization and learning to cooperate in a smoother way (social learning) play an important role. Sensitization regarding necessary changes, decentralized decision-making and cooperating are the main goals for a training. Nevertheless, company's employees also need new technical skills to prepare the enterprise for higher levels of digitization. Learning factories include a stepwise evaluation and transformation of a model factory by the participants themselves. Performing group work sessions, participants have to agree on the future organizational structures, regardless of their function or role as worker, manager or administrative employee. In the upper level of production system design, a high level of digitization is the aim and most of the information flow should be automatically handled. In order to give participants a feeling for introducing extended IT support and using standard interfaces, they have to overcome some technological gaps. An example of a training factory is presented, which is focusing on the transformation of these production systems with different production steps.
  • Publication
    Enforcing front-loading in engineering processes through product-process integration
    ( 2012)
    Jochem, Roland
    ;
    Knothe, Thomas
    ;
    Wintrich, Nikolaus
    Front-Loading in product engineering is the art of shifting important decisions about process parameters into the very early design phases. These decisions will have to cover parameters of the product as well as its production. Front-Loading requires the integration of different engineering disciplines like product, process and manufacturing design and their dependencies. These disciplines adopt different modeling approaches and incompatible tools, which increases the effort for Front-Loading. This paper presents an approach for interoperability between models coming from different disciplines in order to facilitate integrated engineering during the first design phases by integrating product and process models and evaluate these. In addition, a contextual modeling approach for reducing model complexity to different stakeholder is introduced. The entire work is explained along an industrial use case in aircraft engineering.