In a credit card processing company, such as CETREL, ensuring security and safety of customer's information is critical to the success of thecompany.The collaboration between the SVV lab and Cetrel focuses on developing security testing techniques that help Cetrel in achieving this goal. The project utilizes model-based techniques, mutation and search-based software engineering to develop more rigorous and effective security testing techniques that scale and are applicable in practice. The project aims to develop a black box, extendable, scalable and fully automated security testing technology that can effectively detect application layer risks, such as SQL injection vulnerabilities.


CTIE (Centre des technologies de l'information de l'Etat) is the Luxembourgish national center for information technologies; it was established by the Luxembourgish government in 2009. The main role of CTIE is to lead the development of electronic government (eGovernment) initiatives within Luxembourg, with the ultimate goal of delivering digital public services to citizens and enterprises, as well as improving the processes followed by the public administration. CTIE provides electronic services for all public administrations in Luxembourg, not only by developing the services but also by supporting public administrations in the planning and coordination phases of each eGovernment initiative. Furthermore, CTIE is also responsible for defining the legal framework related to the modernization of (e)government processes and to the implementation of the related software projects. The current collaboration between CTIE and SnT is focused on two areas. The first one, in conjunction with ACD (Administration des Contributions Directes), focuses on modeling, verification, and testing of legal requirements. Specifically, the project will concentrate on software V&V for a new tax system which needs to be demonstrably compliant to the tax law. The second collaboration aims at devising run-time verification techniques for assessing the correctness of eGovernment business processes.


Delphi is one of the world leading suppliers to the automotive industry. Currently, there are two joint projects between the lab and Delphi. The first project focuses on testing software components embedded into Electronic Control Units (ECUs) used in the automotive domain. The amount and the complexity of the software used in the ECUs of today’s vehicles is rapidly increasing. Driving forces of this growth are the new legislations on exhaust gas emission, the demand for reduced fuel consumption and faster time-to-market, and the rising customer expectations regarding comfort, dependability, and variety. The goal of the first project is to provide a technique for automating test case generation for the software components embedded into ECUs. Such automation should include a cost-effective test selection strategy and failure detection mechanism (oracle), and enables the engineers to scale up testing to a much higher level and increase the level of confidence in the ECU software. 

The second project focuses on early verification of performance and timing properties of automotive software systems. With software taking a major role in car components, DELPHI engineers frequently require to integrate customer provided software with their own produced software. In some projects, up to 80% of the software is OEM software (i.e., produced by the customer or other 3rd parties). A major challenge that the DELPHI engineers are currently facing is ensuring that the software from multiple parties with various real-time (and potentially conflicting) properties can be unified, integrated and executed on their platform safely and reliably.  The aim of the second project is to develop techniques that help engineers evaluate and verify real-time design properties and to identify and prevent performance errors before integration while it is still reasonably inexpensive to fix them.


HITEC Luxembourg is a multidisciplinary engineering company providing high-technology solutions in areas such as information and communication technology, satellite ground segment, and measuring methodology/technology. In the context of ICT, it has developed a hardware/software communication suite for the public safety and humanitarian community, to increase situational awareness and improving communication capabilities in emergency response scenarios. In these scenarios, rescue teams need technological support to minimize the risk for their own lives and maximize the chances for victims; reliability and security of the communication system are absolute requirements for the effectiveness of the operations. The collaboration between HITEC Luxembourg and SVV aims to define a run-time verification methodology to check the reliability and security of communications systems deployed in the context of rescue operations.


IEE is a leader in automotive safety systems, specializing in systems for occupant detection and classification. These systems are used in a variety of automotive applications, for example determining if the vehicle’s air bag can be safely employed in the event of a collision. Verification of these systems is a challenging process. The correctness of IEE systems is critical, as failure can potentially result in loss of life. Furthermore, there exist stringent guidelines for the verification process (namely ISO 26262) that must be satisfied prior to the product coming to market. Manually constructing these tests requires a great deal of effort during development. The collaboration with IEE and the SVV lab aims to reduce the manual effort required by automating the construction of tests using the system requirements. The resulting test suites are intended to be both effective at detecting faults, and capable of suitably demonstrating the connection between the verification process and the system requirements satisfying the verification guidelines.


SES provides, among other things, satellite data acquisition systems that are customized for different clients based on their requirements. Testing these systems is time consuming especially as the test suite grows with each new release.  The collaboration between the SVV lab and SES focuses on automation of test data and oracle generation of these systems and on enhancing the process of regression testing.  A significant challenge in this project is that the system is outsourced and, therefore, only black box techniques can be applied. The project attempts to develop a test data and oracle generation approach that only relies on requirements and on the observable relationship between input and output.   

A second joint project between the lab and SES is on the topic of requirements Quality Assurance (QA). Requirement defects, if left undetected, often ripple through the system design and implementation stages with major implications on costs. The aim of this second project is to develop improved requirements QA methods and tools to automate complex and laborious requirement analysis tasks such as consistency checking, ambiguity detection, and change propagation.


CRC "Methods and Tools for Understanding and Controlling Privacy" is a European project in which the SVV lab collaborates with Saarland University and Max Planck Institutes, Saarbrucken, Germany and the University of Lorraine and INRIA, France. The research centre was established in early 2016. The project targets towards making scientific and technological contributions for providing privacy in tomorrow's Internet. The SVV team participating to the CRC investigates methods for analysing how Web and mobile applications handle private information, new techniques for determining potential privacy violations and assessing users' privacy impacts from online interactions and mobile encounters.



EDLAH2 "Enhanced Daily Living and Health of Older Adults" is a European project in which the SVV lab collaborates with KG&S company (UK), EverdreamSoft company (Switzerland), terzStiftung company (Switzerland), and the University of Geneva. The goal of the project is to create a service system for the elderly to stay autonomous as long as possible based on the concept called gamification. The project will develop a set of gamified tablet applications and offer different services such as Health and Nutrition, Social network, Medicine and Object location. The SVV team participating to EDLAH2 investigates methods for capturing the security and privacy concerns for using gamified applications using restricted use case modelling techniques and methods for automatically generating security test cases from use case models to ensure that the developed gamified applications comply with applicable security and privacy regulations.