Processo de certificação de qualidade de produto de software na Embrapa: apostila de curso.

v. 1. Aspectos de qualidade de produto de software na Embrapa. Visão geral de qualidade. Qualidade de software. Certificação de qualidade de produto de software. NBR 13596 - modelo de qualidade: características e subcaracterísticas. NBR 12119 - pacotes de software - teste e requisitos de qualidade. Qualidade na Embrapa.

Arquitetura de software para a manutenção de dados da Agência de Informação Embrapa.

A agencia de informação Embrapa disponibiliza na internet informação qualificada e organizada e, muitas vezes, também aquelas geradas pela própria Embrapa. As soluções de software esposta neste trabalho são dirigidas ao gerenciamento dessas informações, que são armazenadas em base de dados centralizada e atualizada via internet por aplicativos deste sistema. O objetivo de apresentar essas soluções é contribuir para o desenvolvimento de sistemas com orientação metodológica similar. Este sistema teve como principal identificação de requisitos as falhas existentes na primeira versão do mesmo, que foi orientada exclusivamente para manipulação de dados formatados em XML. A nova versão traz uma arquitetura baseada nas orientações Java 2 Enterprise Editon (J2EE): modelo em camadas (orientação Model View Controler-MVC), uso de containers e sistema gerenciador de banco de dados. O resultado é um sistema mais robusto em seu todo, além das melhorias de manutenabilidade. Termos para indexação:J2EE, XML, PDOM, Model view controller- MVC, Oracle.

Modelo de balanço de nitrogênio para a cana-de-açúcar fase II - construção de modelo software STELLA.

A cultura da cana-de-açúcar vem sofrendo mudanças, de âmbitos tecnológicos e sociais, profundas nesta década, procurando se adaptar às demandas de produção com alta produtividade, competitividade e respeito ao meio ambiente. Apesar de o Brasil ser o maior produtor mundial de cana-de-açúcar, ainda pratica a queima da palha do canavial para facilitar a colheita, o que gera prejuízos econômicos, sociais e ambientais. Sem essa queima (Decreto n.° 42056 do Estado de SP), a cobertura do solo pela palhada irá provocar significativas mudanças no manejo da cultura e na dinâmica do nitrogênio. Dada a complexibilidade do ciclo de nitrogênio no solo, seus vários caminhos de transformação, e as variações climáticas, é difícil a determinação do melhor manejo do nitrogênio em sistemas de cultivo, pois não há análise de solo para apoiar o agricultor no seu manejo. Modelos de Simulação que descrevem as transformações do nitrogênio do solo podem prever valores e direcionar o melhor manejo do nitrogênio, tanto do ponto de vista da produtividade da cana como da qualidade ambiental. Assim, o modelo preliminar proposto na Fase I deste estudo em Relatório Técnico 22, da Embrapa informática Agropecuária, foi, nesta Fase II do projeto, ajustado com valores para solos tropicais e reconstruído no software de Simulação STELLA, agregando-se todo o conhecimento disponível em expressões matemáticas sobre esse assunto. Procedendo-se a simulação numérica em situações usuais, geraram-se como resultados, cenários que permitiram discussões técnicas sobre o melhoria do manejo do fertilizante nitrogenado. Concluiu-se que, apesar da complexa dinâmica do nitrogênio no sistema solo-planta e das dificuldades inerentes à medida de formas disponíveis de N, o modelo ajustado apresentou-se como uma alternativa para pesquisadores, técnicos e produtores no entendimento dos processos que envolvem o nitrogênio no sistema, auxiliando na busca por soluções para o melhor manejo de fertilizantes nitrogenados à cultura da cana-de-açúcar para manutenção de produtividades adequadas.

Cálculo de possíveis contatos atômicos internos a uma proteína ou entre proteínas no software SMS.

Contatos interatômicos são definidos no contexto deste trabalho como as forças de atração ou de repulsão existentes entre átomos distintos.

LIVIA - um software para classificação não supervisionada de áreas foliares infectadas pela ferrugem do café.

O objetivo deste comunicado é apresentar a implementação JavaTM do software LIVIA (Library for Visual Image Analysis). Trata-se de um módulo de processamento de imagens digitais aplicado à agricultura, desenvolvido na Embrapa Informática Agropecuária (Campinas/SP), sob demanda da Embrapa Meio Ambiente (Jaguariúna/SP).

Uma proposta de plataforma de software para integração e interoperabilidade de serviços Web - Webagritec: estudo de caso.

Este trabalho tem por finalidade apresentar os resultados obtidos no contexto do projeto de pesquisa, cujo objetivo foi definir uma infraestrutura de software para implantação de um portal de integração e interoperabilidade de serviços desenvolvidos pela Embrapa Informática Agropecuária denominado WebAgritec.

An integrated firewall policy validation tool.

Security policies are increasingly being implemented by organisations. Policies are mapped to device configurations to enforce the policies. This is typically performed manually by network administrators. The development and management of these enforcement policies is a difficult and error prone task. This thesis describes the development and evaluation of an off-line firewall policy parser and validation tool. This provides the system administrator with a textual interface and the vendor specific low level languages they trust and are familiar with, but the support of an off-line compiler tool. The tool was created using the Microsoft C#.NET language, and the Microsoft Visual Studio Integrated Development Environment (IDE). This provided an object environment to create a flexible and extensible system, as well as simple Web and Windows prototyping facilities to create GUI front-end applications for testing and evaluation. A CLI was provided with the tool, for more experienced users, but it was also designed to be easily integrated into GUI based applications for non-expert users. The evaluation of the system was performed from a custom built GUI application, which can create test firewall rule sets containing synthetic rules, to supply a variety of experimental conditions, as well as record various performance metrics. The validation tool was created, based around a pragmatic outlook, with regard to the needs of the network administrator. The modularity of the design was important, due to the fast changing nature of the network device languages being processed. An object oriented approach was taken, for maximum changeability and extensibility, and a flexible tool was developed, due to the possible needs of different types users. System administrators desire, low level, CLI-based tools that they can trust, and use easily from scripting languages. Inexperienced users may prefer a more abstract, high level, GUI or Wizard that has an easier to learn process. Built around these ideas, the tool was implemented, and proved to be a usable, and complimentary addition to the many network policy-based systems currently available. The tool has a flexible design and contains comprehensive functionality. As opposed to some of the other tools which perform across multiple vendor languages, but do not implement a deep range of options for any of the languages. It compliments existing systems, such as policy compliance tools, and abstract policy analysis systems. Its validation algorithms were evaluated for both completeness, and performance. The tool was found to correctly process large firewall policies in just a few seconds. A framework for a policy-based management system, with which the tool would integrate, is also proposed. This is based around a vendor independent XML-based repository of device configurations, which could be used to bring together existing policy management and analysis systems.

Design and implementation of robust systems for secure malware detection

Malicious software (malware) have significantly increased in terms of number and effectiveness during the past years. Until 2006, such software were mostly used to disrupt network infrastructures or to show coders’ skills. Nowadays, malware constitute a very important source of economical profit, and are very difficult to detect. Thousands of novel variants are released every day, and modern obfuscation techniques are used to ensure that signature-based anti-malware systems are not able to detect such threats. This tendency has also appeared on mobile devices, with Android being the most targeted platform. To counteract this phenomenon, a lot of approaches have been developed by the scientific community that attempt to increase the resilience of anti-malware systems. Most of these approaches rely on machine learning, and have become very popular also in commercial applications. However, attackers are now knowledgeable about these systems, and have started preparing their countermeasures. This has lead to an arms race between attackers and developers. Novel systems are progressively built to tackle the attacks that get more and more sophisticated. For this reason, a necessity grows for the developers to anticipate the attackers’ moves. This means that defense systems should be built proactively, i.e., by introducing some security design principles in their development. The main goal of this work is showing that such proactive approach can be employed on a number of case studies. To do so, I adopted a global methodology that can be divided in two steps. First, understanding what are the vulnerabilities of current state-of-the-art systems (this anticipates the attacker’s moves). Then, developing novel systems that are robust to these attacks, or suggesting research guidelines with which current systems can be improved. This work presents two main case studies, concerning the detection of PDF and Android malware. The idea is showing that a proactive approach can be applied both on the X86 and mobile world. The contributions provided on this two case studies are multifolded. With respect to PDF files, I first develop novel attacks that can empirically and optimally evade current state-of-the-art detectors. Then, I propose possible solutions with which it is possible to increase the robustness of such detectors against known and novel attacks. With respect to the Android case study, I first show how current signature-based tools and academically developed systems are weak against empirical obfuscation attacks, which can be easily employed without particular knowledge of the targeted systems. Then, I examine a possible strategy to build a machine learning detector that is robust against both empirical obfuscation and optimal attacks. Finally, I will show how proactive approaches can be also employed to develop systems that are not aimed at detecting malware, such as mobile fingerprinting systems. In particular, I propose a methodology to build a powerful mobile fingerprinting system, and examine possible attacks with which users might be able to evade it, thus preserving their privacy. To provide the aforementioned contributions, I co-developed (with the cooperation of the researchers at PRALab and Ruhr-Universität Bochum) various systems: a library to perform optimal attacks against machine learning systems (AdversariaLib), a framework for automatically obfuscating Android applications, a system to the robust detection of Javascript malware inside PDF files (LuxOR), a robust machine learning system to the detection of Android malware, and a system to fingerprint mobile devices. I also contributed to develop Android PRAGuard, a dataset containing a lot of empirical obfuscation attacks against the Android platform. Finally, I entirely developed Slayer NEO, an evolution of a previous system to the detection of PDF malware. The results attained by using the aforementioned tools show that it is possible to proactively build systems that predict possible evasion attacks. This suggests that a proactive approach is crucial to build systems that provide concrete security against general and evasion attacks.

Evaluation of TFTP DDoS Amplification Attack.

Web threats are becoming a major issue for both governments and companies. Generally, web threats increased as much as 600% during last year (WebSense, 2013). This appears to be a significant issue, since many major businesses seem to provide these services. Denial of Service (DoS) attacks are one of the most significant web threats and generally their aim is to waste the resources of the target machine (Mirkovic & Reiher, 2004). Dis-tributed Denial of Service (DDoS) attacks are typically executed from many sources and can result in large traf-fic flows. During last year 11% of DDoS attacks were over 60 Gbps (Prolexic, 2013a). The DDoS attacks are usually performed from the large botnets, which are networks of remotely controlled computers. There is an increasing effort by governments and companies to shut down the botnets (Dittrich, 2012), which has lead the attackers to look for alternative DDoS attack methods. One of the techniques to which attackers are returning to is DDoS amplification attacks. Amplification attacks use intermediate devices called amplifiers in order to amplify the attacker's traffic. This work outlines an evaluation tool and evaluates an amplification attack based on the Trivial File Transfer Proto-col (TFTP). This attack could have amplification factor of approximately 60, which rates highly alongside other researched amplification attacks. This could be a substantial issue globally, due to the fact this protocol is used in approximately 599,600 publicly open TFTP servers. Mitigation methods to this threat have also been consid-ered and a variety of countermeasures are proposed. Effects of this attack on both amplifier and target were analysed based on the proposed metrics. While it has been reported that the breaching of TFTP would be possible (Schultz, 2013), this paper provides a complete methodology for the setup of the attack, and its verification.

An analysis of manufacturing simulation software.

As a management tool Similation Software deserves greater analysis from both an academic and industrial viewpoint. A comparative study of three packages was carried out from a 'first time' use approach. This allowed the ease of use and package features to be assessed using a simple theoretical benchmark manufacturing process. To back the use of these packages an objective survey on simulation use and package features was carried out within the manufacturing industry.This identified the use of simulation software, its' applicability and preception of user requirements thereby proposing an ideal package.

A software development package for intelligent supervisory systems

Barnes, D. P., Hardy, N. W., Lee, M. H., Orgill, C. H., Sharpe, K. A. I. A software development package for intelligent supervisory systems. In Proc. ACME Res. Conf., Nottingham, September 1988, pp. 4

Model-Based Reasoning: A Principled Approach for Software Engineering

Lee M.H., Model-Based Reasoning: A Principled Approach for Software Engineering, Software - Concepts and Tools,19(4), pp179-189, 2000.

Intelligent software for laboratory automation

Whelan, K. E. and King, R. D. (2004) Intelligent software for laboratory automation. Trends in Biotechnology 22 (9): 440-445

Comparing Student Software Designs Using Semantic Categorization

Eckerdal, A. McCartney, R. Mostr?m, J.E. Ratcliffe, M. Zander, C. Comparing Student Software Designs Using Semantic Categorization. Proceedings of the Fifth Finnish/Baltic Sea Conference on Computer Science Education, 2005

Can Graduating Students Design Software Systems?

Eckerdal, A. Ratcliffe, M. McCartney, R. Mostr?m, J.E. Zander, C. Can Graduating Students Design Software Systems? Proc. 37th SIGCSE Technical Symposium on Computer Science Education. 2006