889 resultados para mobile environment, peer-to-peer, PeerHood, software security, vulnerabilities
Resumo:
Desde la aparición de Internet, hace ya más de 20 años ha existido por parte de diversos sectores de la sociedad, científicos, empresas, usuarios, etc. la inquietud por la aplicación de esta tecnología a lo que se ha dado en llamar “El Internet de las Cosas”, que no es más que el control a distancia de cualquier elemento útil o necesario para la vida cotidiana y la industria. Sin embargo el desarrollo masivo de aplicaciones orientadas a esto, no ha evolucionado hasta que no se han producido avances importantes en dos campos: por un lado, en las Redes Inalámbricas de Sensores (WSN), redes compuestas por un conjunto de pequeños dispositivos capaces de transmitir la información que recogen, haciéndola llegar desde su propia red inalámbrica, a otras de amplia cobertura y por otro con la miniaturización cada vez mayor de dispositivos capaces de tener una autonomía suficiente como para procesar datos e interconectarse entre sí. Al igual que en las redes de ordenadores convencionales, las WSN se pueden ver comprometidas en lo que a seguridad se refiere, ya que la masiva implementación de estas redes hará que millones de Terabytes de datos, muchas veces comprometidos o sometidos a estrictas Leyes de protección de los mismos, circulen en la sociedad de la información, de forma que lo que nace como una ventaja muy interesante para sus usuarios, puede convertirse en una pesadilla debido a la amenaza constante hacia los servicios mínimos de seguridad que las compañías desarrolladoras han de garantizar a los usuarios de sus aplicaciones. Éstas, y con el objetivo de proveer un ámbito de seguridad mínimo, deben de realizar un minucioso estudio de la aplicación en particular que se quiere ofrecer con una WSN y también de las características específicas de la red ya que, al estar formadas por dispositivos prácticamente diminutos, pueden tener ciertas limitaciones en cuanto al tamaño de la batería, capacidad de procesamiento, memoria, etc. El presente proyecto desarrolla una aplicación, única, ya que en la actualidad no existe un software con similares características y que aporta un avance importante en dos campos principalmente: por un lado ayudará a los usuarios que deseen desplegar una aplicación en una red WSN a determinar de forma automática cuales son los mecanismos y servicios específicos de seguridad que se han de implementar en dicha red para esa aplicación concreta y, por otro lado proporcionará un apoyo extra a expertos de seguridad que estén investigando en la materia ya que, servirá de plataforma de pruebas para centralizar la información sobre seguridad que se tengan en ese momento en una base de conocimientos única, proporcionando también un método útil de prueba para posibles escenarios virtuales. ABSTRACT. It has been more than 20 years since the Internet appeared and with it, scientists, companies, users, etc. have been wanted to apply this technology to their environment which means to control remotely devices, which are useful for the industry or aspects of the daily life. However, the huge development of these applications oriented to that use, has not evolve till some important researches has been occurred in two fields: on one hand, the field of the Wireless Sensor Networks (WSN) which are networks composed of little devices that are able to transmit the information that they gather making it to pass through from their wireless network to other wider networks and on the other hand with the increase of the miniaturization of the devices which are able to work in autonomous mode so that to process data and connect to each other. WSN could be compromised in the matter of security as well as the conventional computer networks, due to the massive implementation of this kind of networks will cause that millions of Terabytes of data will be going around in the information society, thus what it is thought at first as an interesting advantage for people, could turn to be a nightmare because of the continuous threat to the minimal security services that developing companies must guarantee their applications users. These companies, and with the aim to provide a minimal security realm, they have to do a strict research about the application that they want to implement in one WSN and the specific characteristics of the network as they are made by tiny devices so that they could have certain limitations related to the battery, throughput, memory, etc. This project develops a unique application since, nowadays, there is not any software with similar characteristics and it will be really helpful in mainly two areas: on one side, it will help users who want to deploy an application in one WSN to determine in an automatically way, which ones security services and mechanisms are those which is necessary to implement in that network for the concrete application and, on the other side, it will provide an extra help for the security experts who are researching in wireless sensor network security so that ti will an exceptional platform in order to centralize information about security in the Wireless Sensor Networks in an exclusive knowledge base, providing at the same time a useful method to test virtual scenarios.
Resumo:
To our knowledge, no current software development methodology explicitly describes how to transit from the analysis model to the software architecture of the application. This paper presents a method to derive the software architecture of a system from its analysis model. To do this, we are going to use MDA. Both the analysis model and the architectural model are PIMs described with UML 2. The model type mapping designed consists of several rules (expressed using OCL and natural language) that, when applied to the analysis artifacts, generate the software architecture of the application. Specifically the rules act on elements of the UML 2 metamodel (metamodel mapping). We have developed a tool (using Smalltalk) that permits the automatic application of these rules to an analysis model defined in RoseTM to generate the application architecture expressed in the architectural style C2.
Resumo:
ML 1.4 is widely accepted as the standard for representing the various software artifacts generated by a development process. For this reason, there have been attempts to use this language to represent the software architec- ture of systems as well. Unfortunately, these attempts have ended in representa- tions (boxes and lines) already criticized by the software architecture commu- nity. Recently, OMG has published a draft that will constitute the future UML 2.0 specification. In this paper we compare the capacities of UML 1.4 and UML 2.0 to describe software architectures. In particular, we study extensions of both UML versions to describe the static view of the C3 architectural style (a simplification of the C2 style). One of the results of this study is the difficulties found when using the UML 2.0 metamodel to describe the concept of connector in a software architecture.
Resumo:
El presente Trabajo de Fin de Grado (TFG) es el resultado de la necesidad de la seguridad en la construcción del software ya que es uno de los mayores problemas con que se enfrenta hoy la industria debido a la baja calidad de la misma tanto en software de Sistema Operativo, como empotrado y de aplicaciones. La creciente dependencia de software para que se hagan trabajos críticos significa que el valor del software ya no reside únicamente en su capacidad para mejorar o mantener la productividad y la eficiencia. En lugar de ello, su valor también se deriva de su capacidad para continuar operando de forma fiable incluso de cara de los eventos que la amenazan. La capacidad de confiar en que el software seguirá siendo fiable en cualquier circunstancia, con un nivel de confianza justificada, es el objetivo de la seguridad del software. Seguridad del software es importante porque muchas funciones críticas son completamente dependientes del software. Esto hace que el software sea un objetivo de valor muy alto para los atacantes, cuyos motivos pueden ser maliciosos, penales, contenciosos, competitivos, o de naturaleza terrorista. Existen fuentes muy importantes de mejores prácticas, métodos y herramientas para mejorar desde los requisitos en sus aspectos no funcionales, ciclo de vida del software seguro, pasando por la dirección de proyectos hasta su desarrollo, pruebas y despliegue que debe ser tenido en cuenta por los desarrolladores. Este trabajo se centra fundamentalmente en elaborar una guía de mejores prácticas con la información existente CERT, CMMI, Mitre, Cigital, HP, y otras fuentes. También se plantea desarrollar un caso práctico sobre una aplicación dinámica o estática con el fin de explotar sus vulnerabilidades.---ABSTRACT---This Final Project Grade (TFG) is the result of the need for security in software construction as it is one of the biggest problems facing the industry today due to the low quality of it both OS software, embedded software and applications software. The increasing reliance on software for critical jobs means that the value of the software no longer resides solely in its capacity to improve or maintain productivity and efficiency. Instead, its value also stems from its ability to continue to operate reliably even when facing events that threaten it. The ability to trust that the software will remain reliable in all circumstances, with justified confidence level is the goal of software security. The security in software is important because many critical functions are completely dependent of the software. This makes the software to be a very high value target for attackers, whose motives may be by a malicious, by crime, for litigating, by competitiveness or by a terrorist nature. There are very important sources of best practices, methods and tools to improve the requirements in their non-functional aspects, the software life cycle with security in mind, from project management to its phases (development, testing and deployment) which should be taken into account by the developers. This paper focuses primarily on developing a best practice guide with existing information from CERT, CMMI, Mitre, Cigital, HP, and other organizations. It also aims to develop a case study on a dynamic or static application in order to exploit their vulnerabilities.
Resumo:
The risks associated with gestational diabetes (GD) can be reduced with an active treatment able to improve glycemic control. Advances in mobile health can provide new patient-centric models for GD to create personalized health care services, increase patient independence and improve patients’ self-management capabilities, and potentially improve their treatment compliance. In these models, decision-support functions play an essential role. The telemedicine system MobiGuide provides personalized medical decision support for GD patients that is based on computerized clinical guidelines and adapted to a mobile environment. The patient’s access to the system is supported by a smartphone-based application that enhances the efficiency and ease of use of the system. We formalized the GD guideline into a computer-interpretable guideline (CIG). We identified several workflows that provide decision-support functionalities to patients and 4 types of personalized advice to be delivered through a mobile application at home, which is a preliminary step to providing decision-support tools in a telemedicine system: (1) therapy, to help patients to comply with medical prescriptions; (2) monitoring, to help patients to comply with monitoring instructions; (3) clinical assessment, to inform patients about their health conditions; and (4) upcoming events, to deal with patients’ personal context or special events. The whole process to specify patient-oriented decision support functionalities ensures that it is based on the knowledge contained in the GD clinical guideline and thus follows evidence-based recommendations but at the same time is patient-oriented, which could enhance clinical outcomes and patients’ acceptance of the whole system.
Resumo:
Este trabajo contiene el diseño y análisis de dos modalidades de docencia de programación de aplicaciones móviles, con el objetivo de aumentar el interés de los estudiantes de enseñanza secundaria por la Ingeniería Informática. Primeramente se analizó la estructura y el contenido de las diferentes materias relacionadas con la informática que existen actualmente en la educación secundaria en España, con el fin de localizar las carencias del currículo. Estas carencias principales son: la falta de reconocimiento de la Ingeniería informática al mismo nivel que el resto de ingenierías y una falta de contenidos relacionados con el desarrollo de software, tanto a nivel de programación como de diseño. A continuación, una vez analizados diferentes posibilidades de entornos con los que desarrollar dichos cursos, se diseñaron los dos modelos de docencia utilizando App Inventor como herramienta conductora, con los que poder cubrir esos conocimientos. El primer modelo consiste en un curso de cuatro semanas a impartir directamente en el centro, mientras que el segundo se trata de un taller de una mañana a impartir en la Escuela Técnica Superior de Ingenieros Informáticos de la Universidad Politécnica de Madrid. De los resultados de esos modelos se han obtenidos resultados muy positivos en cuanto al incremento de los conocimientos de los alumnos sobre informática, además de aumentar su interés por la Ingeniería Informática y obtener una visión más ajustada a la realidad de la misma.---ABSTRACT---This work details the design and realization of a workshop and a course for teaching mobile application programming to Spanish high school students, with the aim of increasing their interest in Computing. In order to locate the shortcomings of the curriculum, the structure and contents of various subjects related to Computing in currently secondary education in Spain were analyzed. The results show a lack of recognition of computer engineering at the same level as the rest of engineering disciplines and a lack of content related to software development, both in terms of programming and design. Then, after analyzing existing programming environments available for covering the basic programming objectives, App Inventor was chosen as mobile programming environment for both teaching activities (the workshop and the course). The first activity consists of a four-week course to teach directly in the high school, while the second one is a 4-hour workshop to be held at the university. The workshop and the course were carried out with students of two secondary schools, obtaining very positive results in terms of increasing students’ knowledge about computers, increasing their interest in Computing, and making them get a more accurate vision of the discipline.
Resumo:
Hoy en día, existen numerosos sistemas (financieros, fabricación industrial, infraestructura de servicios básicos, etc.) que son dependientes del software. Según la definición de Ingeniería del Software realizada por I. Sommerville, “la Ingeniería del Software es una disciplina de la ingeniería que comprende todos los aspectos de la producción de software desde las etapas iniciales de la especificación del sistema, hasta el mantenimiento de éste después de que se utiliza.” “La ingeniería del software no sólo comprende los procesos técnicos del desarrollo de software, sino también actividades tales como la gestión de proyectos de software y el desarrollo de herramientas, métodos y teorías de apoyo a la producción de software.” Los modelos de proceso de desarrollo software determinan una serie de pautas para poder desarrollar con éxito un proyecto de desarrollo software. Desde que surgieran estos modelos de proceso, se investigado en nuevas maneras de poder gestionar un proyecto y producir software de calidad. En primer lugar surgieron las metodologías pesadas o tradicionales, pero con el avance del tiempo y la tecnología, surgieron unas nuevas llamadas metodologías ágiles. En el marco de las metodologías ágiles cabe destacar una determinada práctica, la integración continua. Esta práctica surgió de la mano de Martin Fowler, con el objetivo de facilitar el trabajo en grupo y automatizar las tareas de integración. La integración continua se basa en la construcción automática de proyectos con una frecuencia alta, promoviendo la detección de errores en un momento temprano para poder dar prioridad a corregir dichos errores. Sin embargo, una de las claves del éxito en el desarrollo de cualquier proyecto software consiste en utilizar un entorno de trabajo que facilite, sistematice y ayude a aplicar un proceso de desarrollo de una forma eficiente. Este Proyecto Fin de Grado (PFG) tiene por objetivo el análisis de distintas herramientas para configurar un entorno de trabajo que permita desarrollar proyectos aplicando metodologías ágiles e integración continua de una forma fácil y eficiente. Una vez analizadas dichas herramientas, se ha propuesto y configurado un entorno de trabajo para su puesta en marcha y uso. Una característica a destacar de este PFG es que las herramientas analizadas comparten una cualidad común y de alto valor, son herramientas open-source. El entorno de trabajo propuesto en este PFG presenta una arquitectura cliente-servidor, dado que la mayoría de proyectos software se desarrollan en equipo, de tal forma que el servidor proporciona a los distintos clientes/desarrolladores acceso al conjunto de herramientas que constituyen el entorno de trabajo. La parte servidora del entorno propuesto proporciona soporte a la integración continua mediante herramientas de control de versiones, de gestión de historias de usuario, de análisis de métricas de software, y de automatización de la construcción de software. La configuración del cliente únicamente requiere de un entorno de desarrollo integrado (IDE) que soporte el lenguaje de programación Java y conexión con el servidor. ABSTRACT Nowadays, numerous systems (financial, industrial production, basic services infrastructure, etc.) depend on software. According to the Software Engineering definition made by I.Sommerville, “Software engineering is an engineering discipline that is concerned with all aspects of software production from the early stages of system specification through to maintaining the system after it has gone into use.” “Software engineering is not just concerned with the technical processes of software development. It also includes activities such as software project management and the development of tools, methods, and theories to support software production.” Software development process models determine a set of guidelines to successfully develop a software development project. Since these process models emerged, new ways of managing a project and producing software with quality have been investigated. First, the so-called heavy or traditional methodologies appeared, but with the time and the technological improvements, new methodologies emerged: the so-called agile methodologies. Agile methodologies promote, among other practices, continuous integration. This practice was coined by Martin Fowler and aims to make teamwork easier as well as automate integration tasks. Nevertheless, one of the keys to success in software projects is to use a framework that facilitates, systematize, and help to deploy a development process in an efficient way. This Final Degree Project (FDP) aims to analyze different tools to configure a framework that enables to develop projects by applying agile methodologies and continuous integration in an easy and efficient way. Once tools are analyzed, a framework has been proposed and configured. One of the main features of this FDP is that the tools under analysis share a common and high-valued characteristic: they are open-source. The proposed framework presents a client-server architecture, as most of the projects are developed by a team. In this way, the server provides access the clients/developers to the tools that comprise the framework. The server provides continuous integration through a set of tools for control management, user stories management, software quality management, and software construction automatization. The client configuration only requires a Java integrated development environment and network connection to the server.
Resumo:
The goal of this publication is to attempt to assess the thirteen years (2001- -2014) of the West’s military presence in the countries of post-Soviet Central Asia, closely associated with the ISAF and OEF-A (Operation Enduring Freedom – Afghanistan) missions in Afghanistan. There will also be an analysis of the actual challenges for the region’s stability after 2014. The current and future security architecture in Central Asia will also be looked at closely, as will the actual capabilities to counteract the most serious threats within its framework. The need to separately handle the security system in Central Asia and security as such is dictated by the particularities of political situation in the region, the key mechanism of which is geopolitics understood as global superpower rivalry for influence with a secondary or even instrumental role of the five regional states, while ignoring their internal problems. Such an approach is especially present in Russia’s perception of Central Asia, as it views security issues in geopolitical categories. Because of this, security analysis in the Central Asian region requires a broader geopolitical context, which was taken into account in this publication. The first part investigates the impact of the Western (primarily US) military and political presence on the region’s geopolitical architecture between 2001 and 2014. The second chapter is an attempt to take an objective look at the real challenges to regional security after the withdrawal of the coalition forces from Afghanistan, while the third chapter is dedicated to analysing the probable course of events in the security dimension following 2014. The accuracy of predictions time-wise included in the below publication does not exceed three to five years due to the dynamic developments in Central Asia and its immediate vicinity (the former Soviet Union, Afghanistan, Pakistan, Iran), and because of the large degree of unpredictability of policies of one of the key regional actors – Russia (both in the terms of its activity on the international arena, and its internal developments).
Resumo:
A report and recommendations by the Illinois Office of Banks and Real Estate in response to Illinois Senate Resolution No. 134, adopted May 26, 1999, which requested the Office to study safety and security issues regarding the use of automated teller machines by consumers--particularly, the merits of the reverse PIN warning system.
Resumo:
We describe a tool for analysing information flow in security hardware. It identifies both sub-circuits critical to the preservation of security as well as the potential for information flow due to hardware failure. The tool allows for the composition of both logical and physical views of circuit designs. An example based on a cryptographic device is provided.
Resumo:
This review compares the results of studies that have investigated the impact of lutein and zeaxanthin supplementation on macular pigment optical density (MPOD) with those that have investigated the reliability of techniques used to measure macular pigment optical density. The review will focus on studies that have used heterochromatic flicker photometry for measurement of macular pigment optical density, as this is the only technique that is currently available commercially to clinicians. We identified articles that reported on supplementation with lutein and/or zeaxanthin and/or meso-zeaxanthin on macular pigment optical density measurement techniques published in peer-reviewed journals, through a multi-staged, systematic approach. Twenty-four studies have investigated the repeatability of MPOD measurements using heterochromatic flicker photometry. Of these, 10 studies provided a coefficient of repeatability or data from which the coefficient could be calculated, with a range in values of 0.06 to 0.58. The lowest coefficient of repeatability assessed on naïve subjects alone was 0.08. These values tell us that, at best, changes greater than 0.08 can be considered clinically significant and at worst, only changes greater than 0.58 can be considered clinically significant. Six studies assessed the effect of supplementation with up to 20 mg/day lutein on macular pigment optical density measured using heterochromatic flicker photometry and the mean increase in macular pigment optical density ranged from 0.025 to 0.09. It seems reasonable to conclude that the chance of eliciting an increase in macular pigment optical density during six months of daily supplementation with between 10 and 20 mg lutein that is of sufficient magnitude to be detected by using heterochromatic flicker photometry on an individual basis is small. Commercially available heterochromatic flicker photometers for macular pigment optical density assessment in the clinical environment appear to demonstrate particularly poor coefficient of repeatability values. Clinicians should exercise caution when considering the purchase of these instruments for potential monitoring of macular pigment optical density in response to supplementation in individual patients.
Resumo:
AOSD'03 Practitioner Report Performance analysis is motivated as an ideal domain for benefiting from the application of Aspect Oriented (AO) technology. The experience of a ten week project to apply AO to the performance analysis domain is described. We show how all phases of a performance analysts’ activities – initial profiling, problem identification, problem analysis and solution exploration – were candidates for AO technology assistance – some being addressed with more success than others. A Profiling Workbench is described that leverages the capabilities of AspectJ, and delivers unique capabilities into the hands of developers exploring caching opportunities.
Resumo:
There are around 285 million visually impaired people worldwide, and around 370,000 people are registered as blind or partially sighted in the UK. Ongoing advances in information technology (IT) are increasing the scope for IT-based mobile assistive technologies to facilitate the independence, safety, and improved quality of life of the visually impaired. Research is being directed at making mobile phones and other handheld devices accessible via our haptic (touch) and audio sensory channels. We review research and innovation within the field of mobile assistive technology for the visually impaired and, in so doing, highlight the need for successful collaboration between clinical expertise, computer science, and domain users to realize fully the potential benefits of such technologies. We initially reflect on research that has been conducted to make mobile phones more accessible to people with vision loss. We then discuss innovative assistive applications designed for the visually impaired that are either delivered via mainstream devices and can be used while in motion (e.g., mobile phones) or are embedded within an environment that may be in motion (e.g., public transport) or within which the user may be in motion (e.g., smart homes). © 2013 Elsevier Inc.
Resumo:
Modern software systems are often large and complicated. To better understand, develop, and manage large software systems, researchers have studied software architectures that provide the top level overall structural design of software systems for the last decade. One major research focus on software architectures is formal architecture description languages, but most existing research focuses primarily on the descriptive capability and puts less emphasis on software architecture design methods and formal analysis techniques, which are necessary to develop correct software architecture design. ^ Refinement is a general approach of adding details to a software design. A formal refinement method can further ensure certain design properties. This dissertation proposes refinement methods, including a set of formal refinement patterns and complementary verification techniques, for software architecture design using Software Architecture Model (SAM), which was developed at Florida International University. First, a general guideline for software architecture design in SAM is proposed. Second, specification construction through property-preserving refinement patterns is discussed. The refinement patterns are categorized into connector refinement, component refinement and high-level Petri nets refinement. These three levels of refinement patterns are applicable to overall system interaction, architectural components, and underlying formal language, respectively. Third, verification after modeling as a complementary technique to specification refinement is discussed. Two formal verification tools, the Stanford Temporal Prover (STeP) and the Simple Promela Interpreter (SPIN), are adopted into SAM to develop the initial models. Fourth, formalization and refinement of security issues are studied. A method for security enforcement in SAM is proposed. The Role-Based Access Control model is formalized using predicate transition nets and Z notation. The patterns of enforcing access control and auditing are proposed. Finally, modeling and refining a life insurance system is used to demonstrate how to apply the refinement patterns for software architecture design using SAM and how to integrate the access control model. ^ The results of this dissertation demonstrate that a refinement method is an effective way to develop a high assurance system. The method developed in this dissertation extends existing work on modeling software architectures using SAM and makes SAM a more usable and valuable formal tool for software architecture design. ^
Resumo:
Security remains a top priority for organizations as their information systems continue to be plagued by security breaches. This dissertation developed a unique approach to assess the security risks associated with information systems based on dynamic neural network architecture. The risks that are considered encompass the production computing environment and the client machine environment. The risks are established as metrics that define how susceptible each of the computing environments is to security breaches. ^ The merit of the approach developed in this dissertation is based on the design and implementation of Artificial Neural Networks to assess the risks in the computing and client machine environments. The datasets that were utilized in the implementation and validation of the model were obtained from business organizations using a web survey tool hosted by Microsoft. This site was designed as a host site for anonymous surveys that were devised specifically as part of this dissertation. Microsoft customers can login to the website and submit their responses to the questionnaire. ^ This work asserted that security in information systems is not dependent exclusively on technology but rather on the triumvirate people, process and technology. The questionnaire and consequently the developed neural network architecture accounted for all three key factors that impact information systems security. ^ As part of the study, a methodology on how to develop, train and validate such a predictive model was devised and successfully deployed. This methodology prescribed how to determine the optimal topology, activation function, and associated parameters for this security based scenario. The assessment of the effects of security breaches to the information systems has traditionally been post-mortem whereas this dissertation provided a predictive solution where organizations can determine how susceptible their environments are to security breaches in a proactive way. ^
