ROP Gadgets hiding techniques in Open Source Projects

Today there are many techniques that allows to exploit vulnerabilities of an application; there are also many techniques that are designed to stop these exploit attacks. This thesis wants to highlight how a specific type of attack, based on a technique called Return Oriented Programming (ROP), can be easily applied to binaries with particular characteristics. A new method that allows the injection of "useful" code in an Open Source projects without arousing suspicions is presented; this is possible because of the harmless aspects of the injected code. This useful code facilitate a ROP attack against an executable that contains vulnerable bugs. The injection process can be visualized in environment where an user can contribute with own code to a particular Open Source project. This thesis also highlights how current software protections are not correctly applied to Open Source project, thus enabling the proposed approach.

Open Source Software : the Intersection of IP and Security in Open Source

The use of open source software continues to grow on a daily basis. Today, enterprise applications contain 40% to 70% open source code and this fact has legal, development, IT security, risk management and compliance organizations focusing their attention on its use, as never before. They increasingly understand that the open source content within an application must be detected. Once uncovered, decisions regarding compliance with intellectual property licensing obligations must be made and known security vulnerabilities must be remediated. It is no longer sufficient from a risk perspective to not address both open source issues.

Economic efficiency of free and open source software in the public sector: the example of Chile

Includes bibliography

Entropy effect in quantum computing and information: an open-source environment simulation

The technologies are rapidly developing, but some of them present in the computers, as for instance their processing capacity, are reaching their physical limits. It is up to quantum computation offer solutions to these limitations and issues that may arise. In the field of information security, encryption is of paramount importance, being then the development of quantum methods instead of the classics, given the computational power offered by quantum computing. In the quantum world, the physical states are interrelated, thus occurring phenomenon called entanglement. This study presents both a theoretical essay on the merits of quantum mechanics, computing, information, cryptography and quantum entropy, and some simulations, implementing in C language the effects of entropy of entanglement of photons in a data transmission, using Von Neumann entropy and Tsallis entropy.

A Model-based Repository for Open Source Service and Component Integration.

Open source is a software development paradigm that has seen a huge rise in recent years. It reduces IT costs and time to market, while increasing security and reliability. However, the difficulty in integrating developments from different communities and stakeholders prevents this model from reaching its full potential. This is mainly due to the challenge of determining and locating the correct dependencies for a given software artifact. To solve this problem we propose the development of an extensible software component repository based upon models. This repository should be capable of solving the dependencies between several components and work with already existing repositories to access the needed artifacts transparently. This repository will also be easily expandable, enabling the creation of modules that support new kinds of dependencies or other existing repository technologies. The proposed solution will work with OSGi components and use OSGi itself.

Un sistema di domotica per il controllo energetico domestico con tecnologie open-source.

Data la sempre maggiore richiesta di fabbisogno energetico, si è sviluppata una nuova filosofia nella gestione dei consumi energetici, il DSM (demand side management), che ha lo scopo di incoraggiare il consumatore ad usare energia in modo più intelligente e coscienzioso. Questo obiettivo, unito all’accumulo di energia da fonti rinnovabili, permetterà un abbassamento dell’utilizzo dell’energia elettrica proveniente dal consumo di fonti non rinnovabili e altamente inquinanti come quelle a combustibili fossili ed una diminuzione sia del consumo energetico, sia del costo per produrre energia che dell’energia stessa. L’home automation e la domotica in ambiente domestico rappresentano un esempio di DSM. L’obiettivo di questa tesi è quello di creare un sistema di home automation utilizzando tecnologie opensource. Sono stati utilizzati device come board Arduino UNO, Raspberry Pi ed un PC con sistema operativo GNU/Linux per creare una simulazione di un sistema di home automation abbinato alla gestione di celle fotovoltaiche ed energy storaging. Il sistema permette di poter spegnere un carico energetico in base a delle particolari circostanze come, per esempio, il superamento di una certa soglia di consumo di energia elettrica. Il software utilizzato è opensource e mira a poter ottimizzare il consumo energetico secondo le proprie finalità. Il tutto a dimostrare che si può creare un sistema di home automation da abbinare con il presente e futuro delle fonti rinnovabili utilizzando tecnologie libere in modo tale da preservare privacy e security oltre che customizzazione e possibilità di adattamento a diverse circostanze. Nella progettazione del sistema è stato implementato un algoritmo per gestire varie situazioni all’interno di un ambiente domestico. La realizzazione di tale algoritmo ha prodotto ottimi risultati nella raggiungimento degli obiettivi prefissati. Il progetto di questa tesi può essere ulteriormente ampliato ed il codice è reperibile in un repository pubblico.

ScriptLattes: an open-source knowledge extraction system from the Lattes platform

The Lattes platform is the major scientific information system maintained by the National Council for Scientific and Technological Development (CNPq). This platform allows to manage the curricular information of researchers and institutions working in Brazil based on the so called Lattes Curriculum. However, the public information is individually available for each researcher, not providing the automatic creation of reports of several scientific productions for research groups. It is thus difficult to extract and to summarize useful knowledge for medium to large size groups of researchers. This paper describes the design, implementation and experiences with scriptLattes: an open-source system to create academic reports of groups based on curricula of the Lattes Database. The scriptLattes system is composed by the following modules: (a) data selection, (b) data preprocessing, (c) redundancy treatment, (d) collaboration graph generation among group members, (e) research map generation based on geographical information, and (f) automatic report creation of bibliographical, technical and artistic production, and academic supervisions. The system has been extensively tested for a large variety of research groups of Brazilian institutions, and the generated reports have shown an alternative to easily extract knowledge from data in the context of Lattes platform. The source code, usage instructions and examples are available at http://scriptlattes.sourceforge.net/.

Building a Open Source Framework for Virtual Medical Training

This paper presents a framework to build medical training applications by using virtual reality and a tool that helps the class instantiation of this framework. The main purpose is to make easier the building of virtual reality applications in the medical training area, considering systems to simulate biopsy exams and make available deformation, collision detection, and stereoscopy functionalities. The instantiation of the classes allows quick implementation of the tools for such a purpose, thus reducing errors and offering low cost due to the use of open source tools. Using the instantiation tool, the process of building applications is fast and easy. Therefore, computer programmers can obtain an initial application and adapt it to their needs. This tool allows the user to include, delete, and edit parameters in the functionalities chosen as well as storing these parameters for future use. In order to verify the efficiency of the framework, some case studies are presented.

Making Fedora easier to implement with Fez: A free open source content model and workflow management front-end to Fedora

The University of Queensland, Australia has developed Fez, a world-leading user-interface and management system for Fedora-based institutional repositories, which bridges the gap between a repository and users. Christiaan Kortekaas, Andrew Bennett and Keith Webster will review this open source software that gives institutions the power to create a comprehensive repository solution without the hassle..

A fast cross-entropy method for estimating buffer overflows in queuing networks

In this paper, we propose a fast adaptive importance sampling method for the efficient simulation of buffer overflow probabilities in queueing networks. The method comprises three stages. First, we estimate the minimum cross-entropy tilting parameter for a small buffer level; next, we use this as a starting value for the estimation of the optimal tilting parameter for the actual (large) buffer level. Finally, the tilting parameter just found is used to estimate the overflow probability of interest. We study various properties of the method in more detail for the M/M/1 queue and conjecture that similar properties also hold for quite general queueing networks. Numerical results support this conjecture and demonstrate the high efficiency of the proposed algorithm.

Analysis of computing open source systems

Graphical user interfaces (GUIs) are critical components of today's open source software. Given their increased relevance, the correctness and usability of GUIs are becoming essential. This paper describes the latest results in the development of our tool to reverse engineer the GUI layer of interactive computing open source systems. We use static analysis techniques to generate models of the user interface behavior from source code. Models help in graphical user interface inspection by allowing designers to concentrate on its more important aspects. One particular type of model that the tool is able to generate is state machines. The paper shows how graph theory can be useful when applied to these models. A number of metrics and algorithms are used in the analysis of aspects of the user interface's quality. The ultimate goal of the tool is to enable analysis of interactive system through GUIs source code inspection.

BAM framework for OMS using open source technologies

No início da década de 90, as empresas começaram a sentir a necessidade de melhorar o acesso à informação das suas actividades para auxiliar na tomada de decisões. Desta forma, no mundo da informática, emergiu o sector Business Intelligence (BI) composto inicialmente por data warehousing e ferramentas de geração de relatórios. Ao longo dos anos o conceito de BI evoluiu de acordo com as necessidades empresariais, tornando a análise das actividades e do desempenho das organizações em aspectos críticos na gestão das mesmas. A área de BI abrange diversos sectores, sendo o de geração de relatórios e o de análise de dados aqueles que melhor preenchem os requisitos pretendidos no controlo de acesso à informação do negócio e respectivos processos. Actualmente o tempo e a informação são vantagens competitivas e por esse mesmo motivo as empresas estão cada vez mais preocupadas com o facto de o aumento do volume de informação estar a tornar-se insustentável na medida que o tempo necessário para processar a informação é cada vez maior. Por esta razão muitas empresas de software, tais como Microsoft, IBM e Oracle estão numa luta por um lugar neste mercado de BI em expansão. Para que as empresas possam ser competitivas, a sua capacidade de previsão e resposta às necessidades de mercado em tempo real é requisito principal, em detrimento da existência apenas de uma reacção a uma necessidade que peca por tardia. Os produtos de BI têm fama de trabalharem apenas com dados históricos armazenados, o que faz com que as empresas não se possam basear nessas soluções quando o requisito de alguns negócios é de tempo quase real. A latência introduzida por um data warehouse é demasiada para que o desempenho seja aceitável. Desta forma, surge a tecnologia Business Activity Monitoring (BAM) que fornece análise de dados e alertas em tempo quase real sobre os processos do negócio, utilizando fontes de dados como Web Services, filas de mensagens, etc. O conceito de BAM surgiu em Julho de 2001 pela organização Gartner, sendo uma extensão orientada a eventos da área de BI. O BAM define-se pelo acesso em tempo real aos indicadores de desempenho de negócios com o intuito de aumentar a velocidade e eficácia dos processos de negócio. As soluções BAM estão a tornar-se cada vez mais comuns e sofisticadas.

Construção de websites com ferramentas open-source: duas experiências de implementação em bibliotecas de ensino superior

As Tecnologias da Informação e da Comunicação (TIC) têm influenciado de forma inequívoca o desenvolvimento das bibliotecas à escala global. Nas últimas décadas, as TIC mudaram a dinâmica das bibliotecas permitindo a sua modernização (pelo desenvolvimento da eficiência das tarefas já realizadas), favorecendo a inovação (pela utilização das tecnologias como base para o desenvolvimento de novos serviços/técnicas) e promovendo a sua transformação (ao nível do paradigma funcional, da disponibilização de conteúdos, etc.) – criando, em suma, uma nova relação com os seus públicos

Open-source software in operations research in engineering teaching

ENEGI 2013: Atas do 2º Encontro Nacional de Engenharia e Gestão Industrial, Universidade de Aveiro, 17 e 18 de maio de 2013, Aveiro, Portugal.

Influence of network effects on the diffusion of information systems: the case of open source

Doutoramento em Gestão