Towards a Flexible and Secure Round-Trip-Engineering Process for Production Systems Engineering with Agile Practices

  • Dietmar WinklerEmail author
  • Felix Rinker
  • Peter Kieseberg
Conference paper
Part of the Lecture Notes in Business Information Processing book series (LNBIP, volume 338)


In Production Systems Engineering (PSE), many projects conceptually follow the plan of traditional waterfall processes with sequential process steps and limited security activities, while engineers actually work in parallel and distributed groups following a Round-Trip-Engineering (RTE) process. Unfortunately, the applied RTE process in PSE is coarse-grained, i.e., often data are exchanged via E-Mail and integrated seldom and inefficiently as the RTE process is not well supported by methods and tools that facilitate efficient and secure data exchange. Thus, there is a need for frequent synchronization in a secure way to enable engineers building on a stable and baseline of engineering data. We build on Scrum, as an established agile engineering process, and security best practices to support flexible and secure RTE processes. In this paper, we introduce and initially evaluate an efficient and secure RTE process for PSE, augmented with agile practices, and discuss the identification and mitigation of security concerns and risks. First results show that the augmented RTE process can provide strong benefits from agile practices for the collaboration of engineers in PSE environments. Security practices can be added but need to be balanced well regarding sufficient mitigation of security risks and extra effort for engineers to ensure an overall benefit to both engineers and the management.


Production Systems Engineering Agile practices Round-Trip Engineering Security 



The financial support by the Austrian Federal Ministry for Digital, Business and Enterprise and the National Foundation for Research, Technology and Development is gratefully acknowledged.


  1. 1.
    Abrahamsson, P., Salo, O., Ronkainen J., Warsta J.: Agile Software Development Methods: Review and Analysis. VTT Publication 478 (2002)Google Scholar
  2. 2.
    Biffl, S., Lüder, A., Gerhard, D. (eds.): Multi-Disciplinary Engineering for Cyber-Physical Production Systems. Springer, Heidelberg (2017). Scholar
  3. 3.
    Biffl, S., Lüder, A., Winkler, D.: Multi-disciplinary engineering for Industrie 4.0: semantic challenges and needs (Chap. 2). In: Biffl, S., Sabou, M. (eds.) Semantic Web Technologies for Intelligent Engineering Applications, pp. 17–51. Springer, Heidelberg (2016). Scholar
  4. 4.
    Drath, R., Lüder, A., Peschke, J., Hundt, L.: AutomationML - the glue for seamless automation engineering. In: Proceedings of the IEEE International Conference on Emerging Technologies and Factory Automation (ETFA), pp. 616–623 (2008)Google Scholar
  5. 5.
    Drath, R. (ed.): Datenaustausch in der Anlagenplanung mit AutomationML Integration von CAEX, PLCopen XML und COLLADA. Springer, Heidelberg (2010). Scholar
  6. 6.
    ElMaraghy, H.A. (ed.): Changeable and Reconfigurable Manufacturing Systems. Springer, London (2009). Scholar
  7. 7.
    Grawrock, G.: Dynamics of a Trusted Platform: A Building Block Approach. Intel Press, Santa Clara (2009)Google Scholar
  8. 8.
    Howard, M., Lipner, S.: The Security Development Lifecycle, vol. 8. Microsoft Press, Redmond (2006)Google Scholar
  9. 9.
    Leffingwell, D.: Scaling Software Agility: Best Practices for Large Enterprises. Pearson Education, London (2007)Google Scholar
  10. 10.
    Lee, E.A.: Cyber physical systems: design challenges. In: Proceedings of the 11th IEEE International Symposium on Object Oriented Real-Time Distributed Computing (ISORC), pp. 363–369. IEEE (20080Google Scholar
  11. 11.
    Medvidovic, N., Egyed, A., Rosenblum, D.S.: Round-trip software engineering using UML: from architecture to design and back. In: Proceedings of the 2nd International Workshop on Object-Oriented Reengineering (WOOR), pp. 1–8 (1999)Google Scholar
  12. 12.
    Michalos, G., Makris, S., Papakostas, P., Mourtzis, D., Chryssolouris, G.: Automotive assembly technologies review: challenges and outlook for a flexible and adaptive approach. J. Manuf. Sci. Technol. 2, 81–91 (2010)CrossRefGoogle Scholar
  13. 13.
    Moser, T., Biffl, S.: Semantic tool interoperability for engineering manufacturing systems. In: Proceedings of the 15th IEEE International Conference on Emerging Technologies and Factory Automation (ETFA) (2010)Google Scholar
  14. 14.
    Petersen, K., Wohlin, C., Baca, D.: The waterfall model in large-scale development. In: Bomarius, F., Oivo, M., Jaring, P., Abrahamsson, P. (eds.) PROFES 2009. LNBIP, vol. 32, pp. 386–400. Springer, Heidelberg (2009). Scholar
  15. 15.
    Pfleeger, C.P., Pfleeger, S.L.: Security in computing. In: Prentice Hall Professional Technical Reference (2002)Google Scholar
  16. 16.
    Schwaber, K., Beedle, M.: Agile Software Development with Scrum, vol. 1. Prentice Hall, Upper Saddle River (2002)zbMATHGoogle Scholar
  17. 17.
    Shameli-Sendi, A., Aghababaei-Barzegar, R., Cheriet, M.: Taxonomy of information security risk assessment (ISRA). Comput. Secur. 57, 14–30 (2016)CrossRefGoogle Scholar
  18. 18.
    Slijepcevic, S., Potkonjak, M., Tsiatsis, V., Zimbeck, S., Srivastava, M.B.: On communication security in wireless ad-hoc sensor networks. In: Proceedings of the 11th IEEE Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises (WET ICE), pp. 139–144 (2002)Google Scholar
  19. 19.
    Trusted Computing Platform Alliance; Building A Foundation of Trust in the PC; Whitepaper (2000)Google Scholar
  20. 20.
    Trusted Computing Platform Alliance; Main Specification 1.1b; Trusted Computing Group 2003Google Scholar
  21. 21.
    Van Bulck, J., Piessens, F., Strackx, R.: Foreshadow: extracting the keys to the intel SGX kingdom with transient out-of-order execution. In: 27th USENIX Security Symposium. USENIX Association (2018)Google Scholar
  22. 22.
    Vyatkin, V.: Software engineering in industrial automation: state-of-the-art review. IEEE Trans. Ind. Inform. 9(3), 1234–1249 (2013)CrossRefGoogle Scholar
  23. 23.
    VDI: IT-security for industrial automation – general model. VDI guideline. VDI/VDE 2182 (2011)Google Scholar
  24. 24.
    Winkler, D., Moser, T., Mordinyi, R., Sunindyo, W., Biffl, S.: Engineering object change management process observation in distributed automation systems projects. In: Proceedings of 18th European System & Software Process Improvement and Innovation (EuroSPI), Industrial Track, pp. 8.25–8.36 (2011)Google Scholar
  25. 25.
    Winkler, D., Ekaputra, F., Biffl, S.: AutomationML review support in multi-disciplinary engineering environments. In: Proceedings of the 21st International Conference on Emerging Technologies and Factory Automation (ETFA). IEEE (2016)Google Scholar
  26. 26.
    Winkler, D., Sabou, M., Biffl, S.: Improving quality assurance in multi-disciplinary engineering environments with semantic technologies (Chap. 8). In: Kounis, L.D. (ed.) Quality Control and Assurance – An Ancient Greek Term ReMastered, pp. 177–200. INTEC Publishing, London (2017)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Dietmar Winkler
    • 1
    • 2
    Email author
  • Felix Rinker
    • 1
    • 2
  • Peter Kieseberg
    • 3
    • 4
  1. 1.Christian Doppler Laboratory for Security and Quality Improvement in the Production System Lifecycle (CDL-SQI), Institute of Information Systems Engineering, Information and Software Engineering GroupTU WienViennaAustria
  2. 2.Institute of Information Systems Engineering, Information and Software Engineering GroupTU WienViennaAustria
  3. 3.Secure Business Austria (SBA) ResearchViennaAustria
  4. 4.University of Applied SciencesSt. PöltenAustria

Personalised recommendations