Software Institute | The center of excellence for teaching, research, and development of software part of USI, Lugano.

Seminars

In February 2019, the Software Institute started its SI Seminar Series. Every Thursday afternoon, a researcher of the Institute will publicly give a short talk on a software engineering argument of her choice. Examples include, but are not limited to, novel interesting papers, seminal papers, personal research overview, discussion of preliminary research ideas, tutorials, and small experiments.

On our YouTube playlist you can watch some of the past seminars. Below you can find more details on the next seminar, the upcoming seminars, and an archive of the past speakers.

Everyone is welcome to attend the seminars organized by the Software Institute.

Next Speaker: Srdjan Krstic

Date: May 22, 2025 @ 16:30
Location: D0.02
Proactive Real-Time First-order Enforcement

Correctness and regulatory compliance of today’s software are crucial for our safety and security. Runtime enforcement addresses this challenge by constructing systems, called enforcers, that observe and actively control the behavior of other systems by modifying their actions to ensure policy compliance. The enforcer’s capabilities, i.e., what they can control on the target system, determine which policies are enforceable.
Specifically, policies require enforcer decisions based on the past or present system behavior (so-called provisions), or additionally on future behavior (so-called obligations). To enforce obligations, enforcers cannot merely react to system actions, but rather proactively act. If the policy imposes time constraints on the target system, the enforcement is considered real-time.
In this talk, I will present a proactive real-time enforcement algorithm for an expressive policy language, called metric first-order temporal logic. Given a policy, the algorithm is sound (i.e., modified behavior always complies with the policy) and transparent (i.e., if the behavior is already policy-compliant, then it is not modified). We implement this algorithm in a tool called WhyEnf and carry out a case study on enforcing GDPR-related policies. Our tool can enforce all policies from the study in real-time with modest overhead. Our work thus provides the first tool-supported approach that can proactively enforce expressive first-order policies in real time.

Biography

Srđan Krstić is a senior researcher at ETH Zurich focusing on formal methods for security and privacy. He holds a PhD in Computer Science from Politecnico di Milano, where he worked on runtime verification for software engineering.
He has published numerous papers on topics such as runtime verification, model-driven security, user-controlled privacy, and GDPR enforcement. Srđan is currently focused on runtime enforcement techniques to ensure compliance with privacy policies. He has collaborated with various experts in the field and contributed to advancing the understanding and implementation of privacy requirements in IT systems. His most cited paper introduces a taxonomy of runtime verification, which is a popular starting point for researchers to introduce themselves to the field and get a broad overview.

Archive

  • Edoardo Riggio - The SUNBURST Wake-Up Call: Why CI/CD Security Matters Now More Than Ever (May 8, 2025)
  • Nargiz Humbatova - Real Faults in Deep Learning Fault Benchmarks: How Real Are They? (April 17, 2025)
  • Giuseppe Crupi - Cost-Efficient Software Automation with Cooperative Small Language Models (April 10, 2025)
  • Joe Gibbs Politz & Robby Findler - Double Talk: (1) Teaching JITs/incremental compilers + (2) Esterel in Racket (April 4, 2025)
  • Marco Paganoni - Reasoning about Substitutability at the Level of JVM Bytecode (April 3, 2025)
  • Tommi Mikkonen & Kari Systä - LiquidAI: Orchestrating Cloud-Edge Continuum with Isomorphic Software (March 20, 2025)
  • Andrea Mocci - Eternal Sunshine of the Spotless Macros (March 13, 2025)
  • Masoud Jamshidiyan Tehrani - Adversarial Attacks on Deep Learning-Based Perception in Autonomous Vehicles: Designing and Evaluating System-Level Failures (March 6, 2025)
  • Dominik Winterer - Formal Methods Engineering (FME): Towards More Mature Formal Methods (February 27, 2025)
  • Angelo Gargantini - A formal approach to software engineering for the Validation and Verification of safety critical systems (January 28, 2025)
  • Alessio Gambi - Beyond Scenario-based Testing of Single Ego Vehicles (January 27, 2025)
  • Akshatha Shenoy - Verification of Concurrency Properties for JVM based Programming Languages (December 5, 2024)
  • Rosalia Tufano - Deep Learning-based Code Reviews: A Paradigm Shift or a Double-Edged Sword? (November 28, 2024)
  • Gianmarco De Vita - Topographical Deep Learning Testing (November 21, 2024)
  • Jesper Findahl - From Pandas to Polars: Achieving 50x Speedups and Scaling Beyond Memory Limits (November 14, 2024)
  • Cesare Pautasso - Unethical Software Engineering in 8 Easy Dark Patterns (November 7, 2024)
  • Samuele Pasini - Evaluating and Improving the Robustness of Security Attack Detectors Generated by LLMs (October 24, 2024)
  • Mathieu Nassif - On-Demand Documentation via Code Examples (October 17, 2024)
  • Luca Chiodini - What Does It Mean To Learn? (October 10, 2024)
  • Hassan Atwi - Transparent Transaction Ordering in Blockchain-based Collaborative Processes (October 3, 2024)
  • Jinhan Kim - When Simple is Better than Complex: Coverage and Mutation for DL Testing (September 26, 2024)
  • Guadalupe Ortiz - Context Aware Collaborative IoT Services in a Smart World (July 22, 2024)
  • Domenico Bianculli - Signal-based temporal properties for cyber-physical systems: specification, monitoring, and diagnostics (June 13, 2024)
  • Tahereh Zohdinasab - Exposing and Explaining Misbehaviours of Deep Learning Systems – A Summary (May 23, 2024)
  • Paolo Falcarin - Software Systems Compliance with the AI Act (May 21, 2024)
  • Joey Bevilacqua - Assessing the Understanding of Expressions: A Qualitative Study of Notional-Machine-Based Exam Questions (May 16, 2024)
  • Stefano Campanella - Developers Developers Developers (May 2, 2024)
  • Alberto Martín López - Neuro-Symbolic AI for Developing, Testing and Consuming Web APIs: An AMBIZIONE Project Proposal (April 25, 2024)
  • Alessandro Giagnorio - Customizing deep learning models for code completion tasks (April 11, 2024)
  • Francesco Bresciani - Abusing GitLab CI/CD to build a data engineering pipeline (March 14, 2024)
  • Andréa Doreste - Adversarial Testing with Reinforcement Learning: A Case Study on Autonomous Driving (March 7, 2024)
  • Carlo Ghezzi - Rethinking software engineering research and education in the light of digital humanism (February 29, 2024)
  • Diana Carolina Muñoz Hurtado - Exploring Security Practices in OpenAPIs (December 7, 2023)
  • Carmen Armenti - Data Sonification - A Survey (November 30, 2023)
  • Mauricio Aniche - Effective developer testing: lessons I learned over time (November 23, 2023)
  • Antonio Mastropaolo - Evaluating Code Summarization Techniques: A New Metric and an Empirical Characterization (November 16, 2023)
  • Michele Lanza - Bibliometrics, the Great Beyond of Science? (November 9, 2023)
  • Carlo Alberto Furia - Don't Jam the LHC: A causal analysis of Code Jam data (October 26, 2023)
  • Rosalia Tufano - Code Review Automation: Strengths and Weaknesses of the State of the Art (October 12, 2023)
  • Agnese Zamboni & Matthias Hauswirth - 'Program Your Own Castle' - Developing a Self-Guided Tutorial for the Hour of Code (October 5, 2023)
  • Roberto Pietrantuono - Causal reasoning for software quality engineering (June 15, 2023)
  • Vincenzo Orrei - Contribution-based Firing of Developers? (May 25, 2023)
  • Patric Genfer - On the Understandability of Security Tactics for Microservice APIs (May 16, 2023)
  • Marco Paganoni - ByteBack: Deductive Functional Verification of Bytecode programs (May 11, 2023)
  • Marco Raglianti - Research Code as Infrastructure (RCaI) (May 4, 2023)
  • Souhaila Serbout - What about Web APIs versioning? (April 27, 2023)
  • Paolo Tonella - Mind, consciousness and ChatGPT: can ChatGPT impute unobservable mental states to others? (April 6, 2023)
  • Alberto Bacchelli - Exploring the Dual Nature of Code Review: Implications for Investigative Methods and Tool Development (March 30, 2023)
  • Gabriele Bavota - On Reviewers' Regrets and Negative Results (March 23, 2023)
  • Magnus O. Myreen - The CakeML Project: Chasing End-to-End Correctness, Verified Compilation and Applications (March 16, 2023)
  • Luca Chiodini - Teaching problem decomposition with graphics (March 9, 2023)
  • Dimi Racordon - The bright future between immutability and aliasing restrictions (March 2, 2023)
  • Hassan Atwi - Toward Decentralized Process Execution (December 1, 2022)
  • Sajad Mazraehkhatiri - Testing Drones in Simulation: Let's Be Realistic! (November 24, 2022)
  • Csaba Nagy - Perils and Pitfalls of the Application-Database Gap (November 17, 2022)
  • Marco D'Ambros - CodeLounge: a roller-coaster ride (November 10, 2022)
  • Matteo Biagiola - Reinforcement Learning for Software Testing (November 3, 2022)
  • Matthias Hauswirth - Pitfalls in Teaching Programming (October 20, 2022)
  • Davide Paolo Tua - An ECS Primer (October 13, 2022)
  • Nargiz Humbatova - DeepCrime: Mutation Testing of Deep Learning Systems Based on Real Faults (October 6, 2022)
  • Mohammad Rezaalipour - FauxPy: A Fault Localization Tool for Python Programs (September 29, 2022)
  • Crista Lopes - Exercises in Programming Style (September 9, 2022)
  • Michele Tufano - Unit Test Case Generation with Transformers and Focal Context (June 20, 2022)
  • Valerie Burgener - React 101 (May 19, 2022)
  • Diego Venâncio Marcílio - Towards Untangling Java Exceptions (May 12, 2022)
  • Bin Lin - Academic Job Search: An Experience Report (April 28, 2022)
  • Michael Weiss - Uncertainty-Wizard: Fast and User-Friendly Neural Network Uncertainty Quantification (April 7, 2022)
  • Matteo Ciniselli - On automatically generating source code (March 31, 2022)
  • Aron Fiechter - Creating a Domain Specific Language in Kotlin Using Type-Safe Builders (March 24, 2022)
  • Emad Aghajani - 5 Years of Research: Lessons Learned (March 17, 2022)
  • Andrea Stocco - Testing and Evaluation of Autonomous Driving Systems: From Simulated to Real-world Test Environments (March 10, 2022)
  • Luca Pascarella - Fine-Grained Code Summarization (March 3, 2022)
  • Alessio Merlo - Mobile Apps: The Dark Side of the Droid (December 6, 2021)
  • Vincenzo Riccio - Automated Test Input Generation to Check if the Machine Actually Learned (December 2, 2021)
  • Jesper Findahl - What’s Up With the CodeLoungers?
    AKA what are CodeLoungers doing all day         (November 25, 2021)
  • Carlo Alberto Furia - When does correlation imply causation? (November 18, 2021)
  • Antonio Mastropaolo - Supporting code-related tasks via Deep-Learning (November 11, 2021)
  • Andrea Gallidabino - Do you understand the code you write? 'I hope the TAs won't look at this!' (November 4, 2021)
  • Igor Moreno Santos - Towards sound notional machines: a Lambda Calculus crash course (October 28, 2021)
  • Gunel Jahangirova - Quality Metrics and Oracles for Autonomous Vehicles Testing (October 21, 2021)
  • Marco Raglianti - Visualizing Discord Servers - definitely not a virtual conference video replay (October 14, 2021)
  • Anthony Cleve - Analyzing and Supporting the Evolution of Data-Intensive Systems (October 7, 2021)
  • Bhargav Bhatt - Datalog Synthesis and Repair (September 30, 2021)
  • Rosalia Tufano - Towards Automating Code Review Activities (May 27, 2021)
  • Cesare Pautasso - Presentations as Code (May 20, 2021)
  • Luca Chiodini - A Curated Inventory of Programming Language Misconceptions (May 6, 2021)
  • Andrea Mocci - How does CodeLounge develop? (April 29, 2021)
  • Fabio Di Lauro - Towards Large-scale Empirical Assessment of Web APIs Evolution (April 22, 2021)
  • Michele Lanza - History is not a burden on the (computer) memory but an illumination of the (software engineering researcher's) soul (April 15, 2021)
  • Tahereh Zohdinasab - Explaining Deep Learning Systems by exploring their feature space (March 25, 2021)
  • Roberto Minelli - DFlow is dead. Long live Tako! (March 18, 2021)
  • Souhaila Serbout - Structural Patterns Mining in Web APIs (March 11, 2021)
  • Paolo Tonella - Deep Learning Testing: problems, solutions and elephants (March 4, 2021)
  • Gabriele Bavota - On Lessons Learned while Replicating my Own Research (December 10, 2020)
  • Matthias Hauswirth - Rainfall and LuCE: The Difficulty of Learning to Program (December 3, 2020)
  • Nargiz Humbatova - Mutation Testing of Deep Learning Systems (November 26, 2020)
  • Alejandro Mazuera Rozo - Investigating types and survivability of performance bugs in mobile apps (November 19, 2020)
  • Matteo Biagiola - Testing the plasticity of reinforcement learning based systems (November 12, 2020)
  • Csaba Nagy - Analyzing SQL Queries Embedded in the Source Code (November 5, 2020)
  • Mohammad Rezaalipour - Deep Neural Network Bugs and the Challenges of Repairing Them (October 29, 2020)
  • Luca Pascarella - Augmented Fine-Grained Defect Prediction for Code-Review (October 22, 2020)
  • Diego Venâncio Marcílio - SpongeBugs: Automatically Fixing Static Analysis Tools Violations (October 15, 2020)
  • Michael Weiss - Detecting Uncertainty in Deep Learning (February 27, 2020)
  • Christoph Treude - Uncovering the best parts of software documentation (January 28, 2020)
  • Bhargav Bhatt - DroidPLUMB: Repairing Resource-Leak bugs with Static Analysis (December 5, 2019)
  • Jesper Findahl - TypeScript - what is that and why should I care? (November 28, 2019)
  • Francesco Magagnino - Envisioning the future of the customer interaction (November 21, 2019)
  • Armin Heinzl - How Pair Programming Influences Team Performance: The Role of backup-behavior, shared mental models, and task novelty (November 7, 2019)
  • Davide Paolo Tua - Time Evolving Voronoi Treemaps for Metrics Visualization (October 31, 2019)
  • Bin Lin - Program Comprehension at ICSME 2019 (October 24, 2019)
  • Ana Ivanchikj - Discovering Imgur API – Controlled Experiment (October 17, 2019)
  • Marco D'Ambros - Dashboarding your inbox for fun and profit (October 3, 2019)
  • Emad Aghajani - Software Documentation: How far we've come, and challenges ahead (September 26, 2019)
  • Andrea Stocco - Black-box Confidence Estimation for Misbehavior Prediction in Autonomous Driving Systems (September 19, 2019)
  • Jacopo Tagliabue - Less (Data) Is More: Why Small Data Holds the Key to the Future of Artificial Intelligence (June 24, 2019)
  • David Clark - The Theory of Testing Programs - An Information Theoretic View (June 19, 2019)
  • Jan Vitek - Getting everything wrong without doing anything right! (June 13, 2019)
  • Hridesh Rajan - Software as Data (June 12, 2019)
  • Alejandro Mazuera Rozo - SOFIA: An Automated Security Oracle for Black-Box Testing of SQL-Injection Vulnerabilities (May 23, 2019)
  • Jevgenija Pantiuchina - On the Naturalness of Buggy Code (May 16, 2019)
  • Richard Torkar - Why do we encourage even more missingness when having missing data? (May 9, 2019)
  • Fengcai Wen - Neural-Machine-Translation-Based Commit Message Generation: How Far Are We? (May 2, 2019)
  • Vincenzo Riccio - A Day in the (Activity) Lifecycle (April 18, 2019)
  • Luis Mastrangelo - Casting about in the Dark (April 11, 2019)
  • Gunel Jahangirova - Mutation Testing of Deep Learning Systems (April 4, 2019)
  • Andrea Mocci - The Tale of 'Quattro Tabelle' (March 28, 2019)
  • Carlo Alberto Furia - Why You Should Use Bayesian Statistics for Empirical Software Engineering (March 7, 2019)
  • Csaba Nagy - Beauty and the Beast: True Stories of Evolving Software Systems (February 28, 2019)
  • Andrea Gallidabino - Liquid Software: Multi-Device Adaptation with Liquid Media Queries (February 21, 2019)
Load more...