889 resultados para mobile environment, peer-to-peer, PeerHood, software security, vulnerabilities
Resumo:
The purpose of this study was to find out how a software company can successfully expand business to the Danish software market through distribution channel. The study was commissioned by a Finnish software company and it was conducted using a qualitative research method by analyzing external and internal business environment, and interviewing Danish ICT organizations and M-Files personnel. Interviews were semi-structured interviews, which were designed to collect comprehensive information on the existing ICT and software market in Denmark. The research used three external and internal analyzing frameworks; PEST analysis (market level), Porter´s Five Force analysis (industry level competition) and SWOT analysis (company level). Distribution channels theory was a base to understand why and what kind of distribution channels the case company uses, and what kind of channels target markets companies’ uses. Channel strategy and design were integrated to the industry level analysis. The empirical findings revealed that Denmark has very business friendly ICT environment. Several organizations have ranked Denmark´s information and communication technology as the best in the world. Denmark’s ICT and software market are relatively small, compared to many other countries in Europe. Danish software market is centralized. Largest software clusters are in the largest cities; Copenhagen, Aarhus, Odense and Aalborg. From these clusters, software companies can most likely find suitable resellers. The following growing trends are clearly seen in the software market: mobile and wireless applications, outsourcing, security solutions, cloud computing, social business solutions and e-business solutions. When expanding software business to the Danish market, it is important to take into account these trends. In Denmark distribution channels varies depending on the product or service. For many, a natural distribution channel is a local partner or internet. In the public sector solutions are purchased through a public procurement process. In the private sector the buying process is more straight forwarded. Danish companies are buying software from reliable suppliers. This means that they usually buy software direct from big software vendors or local partners. Some customers prefer to use professional consulting companies. These consulting companies can strongly influence on the selection of the supplier and products, and in this light, consulting companies can be important partners for software companies. Even though the competition is fierce in ECM and DMS solutions, Danish market offers opportunities for foreign companies. Penetration to the Danish market through reseller channel requires advanced solutions and objective selection criteria for channel partners. Based on the findings, Danish companies are interested in advanced and efficient software solutions. Interest towards M-Files solutions was clearly seen and the company has excellent opportunity to expand business to the Danish market through reseller channel. Since the research explored the Danish ICT and software market, the results of the study may offer valuable information also to the other software companies which are expanding their business to the Danish market.
Resumo:
The number of security violations is increasing and a security breach could have irreversible impacts to business. There are several ways to improve organization security, but some of them may be difficult to comprehend. This thesis demystifies threat modeling as part of secure system development. Threat modeling enables developers to reveal previously undetected security issues from computer systems. It offers a structured approach for organizations to find and address threats against vulnerabilities. When implemented correctly threat modeling will reduce the amount of defects and malicious attempts against the target environment. In this thesis Microsoft Security Development Lifecycle (SDL) is introduced as an effective methodology for reducing defects in the target system. SDL is traditionally meant to be used in software development, principles can be however partially adapted to IT-infrastructure development. Microsoft threat modeling methodology is an important part of SDL and it is utilized in this thesis to find threats from the Acme Corporation’s factory environment. Acme Corporation is used as a pseudonym for a company providing high-technology consumer electronics. Target for threat modeling is the IT-infrastructure of factory’s manufacturing execution system. Microsoft threat modeling methodology utilizes STRIDE –mnemonic and data flow diagrams to find threats. Threat modeling in this thesis returned results that were important for the organization. Acme Corporation now has more comprehensive understanding concerning IT-infrastructure of the manufacturing execution system. On top of vulnerability related results threat modeling provided coherent views of the target system. Subject matter experts from different areas can now agree upon functions and dependencies of the target system. Threat modeling was recognized as a useful activity for improving security.
Resumo:
Peer reviewed
Resumo:
In today's internet world, web browsers are an integral part of our day-to-day activities. Therefore, web browser security is a serious concern for all of us. Browsers can be breached in different ways. Because of the over privileged access, extensions are responsible for many security issues. Browser vendors try to keep safe extensions in their official extension galleries. However, their security control measures are not always effective and adequate. The distribution of unsafe extensions through different social engineering techniques is also a very common practice. Therefore, before installation, users should thoroughly analyze the security of browser extensions. Extensions are not only available for desktop browsers, but many mobile browsers, for example, Firefox for Android and UC browser for Android, are also furnished with extension features. Mobile devices have various resource constraints in terms of computational capabilities, power, network bandwidth, etc. Hence, conventional extension security analysis techniques cannot be efficiently used by end users to examine mobile browser extension security issues. To overcome the inadequacies of the existing approaches, we propose CLOUBEX, a CLOUd-based security analysis framework for both desktop and mobile Browser EXtensions. This framework uses a client-server architecture model. In this framework, compute-intensive security analysis tasks are generally executed in a high-speed computing server hosted in a cloud environment. CLOUBEX is also enriched with a number of essential features, such as client-side analysis, requirements-driven analysis, high performance, and dynamic decision making. At present, the Firefox extension ecosystem is most susceptible to different security attacks. Hence, the framework is implemented for the security analysis of the Firefox desktop and Firefox for Android mobile browser extensions. A static taint analysis is used to identify malicious information flows in the Firefox extensions. In CLOUBEX, there are three analysis modes. A dynamic decision making algorithm assists us to select the best option based on some important parameters, such as the processing speed of a client device and network connection speed. Using the best analysis mode, performance and power consumption are improved significantly. In the future, this framework can be leveraged for the security analysis of other desktop and mobile browser extensions, too.
Resumo:
Although the ASP model has been around for over a decade, it has not achieved the expected high level of market uptake. This research project examines the past and present state of ASP adoption and identifies security as a primary factor influencing the uptake of the model. The early chapters of this document examine the ASP model and ASP security in particular. Specifically, the literature and technology review chapter analyses ASP literature, security technologies and best practices with respect to system security in general. Based on this investigation, a prototype to illustrate the range and types of technologies that encompass a security framework was developed and is described in detail. The latter chapters of this document evaluate the practical implementation of system security in an ASP environment. Finally, this document outlines the research outputs, including the conclusions drawn and recommendations with respect to system security in an ASP environment. The primary research output is the recommendation that by following best practices with respect to security, an ASP application can provide the same level of security one would expect from any other n-tier client-server application. In addition, a security evaluation matrix, which could be used to evaluate not only the security of ASP applications but the security of any n-tier application, was developed by the author. This thesis shows that perceptions with regard to fears of inadequate security of ASP solutions and solution data are misguided. Finally, based on the research conducted, the author recommends that ASP solutions should be developed and deployed on tried, tested and trusted infrastructure. Existing Application Programming Interfaces (APIs) should be used where possible and security best practices should be adhered to where feasible.
Resumo:
En el nostre projecte, considerem un escenari urbà o interurbà on persones amb dispositius mòbils (smartphones) o vehicles equipats amb interfícies de comunicació, estan interessats en compartir fitxers entre ells o descarregar-los al creuar Punts d’Accés (APs) propers a la carretera. Estudiem la possibilitat d’utilizar la cooperació en les trobades casuals entre nodes per augmentar la velocitat de descàrrega global. Amb aquest objectiu, plantejem algoritmes per a la selecció de quins paquets, per a quins destins i quins transportistes s’escullen en cada moment. Mitjançant extenses simulacions, mostrem com les cooperacions carry&forward dels nodes augmenten significativament la velocitat de descàrrega dels usuaris, i com aquest resultat es manté per a diversos patrons de mobilitat, col•locacions d'AP i càrregues de la xarxa. Per altra banda, aparells com els smartphones, on la targeta de WiFi està encesa contínuament, consumeixen l'energia de la bateria en poques hores. En molts escenaris, una targeta WiFi sempre activa és poc útil, perque sovint no hi ha necessitat de transmissió o recepció. Aquest fet es veu agreujat en les Delay Tolerant Networks (DTN), on els nodes intercanvien dades quan es creuen i en tenen l’oportunitat. Les tècniques de gestió de l’estalvi d’energia permeten extendre la duració de les bateries. El nostre projecte analitza els avantatges i inconvenients que apareixen quan els nodes apaguen períodicament la seva targeta wireless per a estalviar energia en escenaris DTN. Els nostres resultats mostren les condicions en que un node pot desconnectar la bateria sense afectar la probabilitat de contacte amb altres nodes, i les condicions en que aquesta disminueix. Per exemple, es demostra que la vida del node pot ser duplicada mantenint la probabilitat de contacte a 1. I que aquesta disminueix ràpidament en intentar augmentar més la vida útil.
Resumo:
This case study introduces our continuous work to enhance the virtual classroom in order to provide faculty and students with an environment open to their needs, compliant with learning standards and, therefore compatible with other e-learning environments, and based on open source software. The result is a modulable, sustainable and interoperable learning environment that can be adapted to different teaching and learning situations by incorporating the LMS integrated tools as well as wikis, blogs, forums and Moodle activities among others.
Resumo:
[cat] Una qüestió clau sobre la producció de salut relativament poc explorada es refereix a la influència dels factors socioeconòmics i mediambientals sobre el pes i l’obesitat. Aquesta problemàtica adquireix particular rellevància quan es comparen dos països Mediterranis com Itàlia i Espanya. És interessant adonar-se que l’obesitat a Espanya és 5 punts percentual més elevada al 2003 mentre que a l’any 1990 era aproximadament la mateixa en ambdós països. Aquesta article presenta una descomposició no lineal dels gaps o diferencials en taxes de sobrepès (índex de massa corporal – IMC- entre 25 i 29.9 9 kg/m2), obesitat classe 1 (IMC≥30 kg/m2) i classe 2 (IMC≥35 kg/m2) entre Espanya i Itàlia per gènere i grups d’edat. En explicar aquests gaps entre països aïllem les influències dels estils de vida, els efectes socioeconòmics i els mediambientals. Els nostres resultats indiquen que quan no es controla pels efectes mediambientals (efectes de grup o ‘peer effects’) els hàbits alimentaris i el nivell educatiu són els principals predictors del gaps totals entre països (36-52%), si bé aquests dos factors exerceixen un impacte diferenciat segons gènere i edat. Un tant paradoxalment, quan controlem pels efectes de grup aquests predictors perden la seva capacitat explicativa i els efectes de grup passen a explicar entre el 46-76% dels gaps en sobrepès i obesitat i mostren un patró creixent amb l’edat.
Resumo:
[cat] Una qüestió clau sobre la producció de salut relativament poc explorada es refereix a la influència dels factors socioeconòmics i mediambientals sobre el pes i l’obesitat. Aquesta problemàtica adquireix particular rellevància quan es comparen dos països Mediterranis com Itàlia i Espanya. És interessant adonar-se que l’obesitat a Espanya és 5 punts percentual més elevada al 2003 mentre que a l’any 1990 era aproximadament la mateixa en ambdós països. Aquesta article presenta una descomposició no lineal dels gaps o diferencials en taxes de sobrepès (índex de massa corporal – IMC- entre 25 i 29.9 9 kg/m2), obesitat classe 1 (IMC≥30 kg/m2) i classe 2 (IMC≥35 kg/m2) entre Espanya i Itàlia per gènere i grups d’edat. En explicar aquests gaps entre països aïllem les influències dels estils de vida, els efectes socioeconòmics i els mediambientals. Els nostres resultats indiquen que quan no es controla pels efectes mediambientals (efectes de grup o ‘peer effects’) els hàbits alimentaris i el nivell educatiu són els principals predictors del gaps totals entre països (36-52%), si bé aquests dos factors exerceixen un impacte diferenciat segons gènere i edat. Un tant paradoxalment, quan controlem pels efectes de grup aquests predictors perden la seva capacitat explicativa i els efectes de grup passen a explicar entre el 46-76% dels gaps en sobrepès i obesitat i mostren un patró creixent amb l’edat.
Resumo:
Abstract In this thesis we present the design of a systematic integrated computer-based approach for detecting potential disruptions from an industry perspective. Following the design science paradigm, we iteratively develop several multi-actor multi-criteria artifacts dedicated to environment scanning. The contributions of this thesis are both theoretical and practical. We demonstrate the successful use of multi-criteria decision-making methods for technology foresight. Furthermore, we illustrate the design of our artifacts using build and-evaluate loops supported with a field study of the Swiss mobile payment industry. To increase the relevance of this study, we systematically interview key Swiss experts for each design iteration. As a result, our research provides a realistic picture of the current situation in the Swiss mobile payment market and reveals previously undiscovered weak signals for future trends. Finally, we suggest a generic design process for environment scanning.
Resumo:
The use of open source software continues to grow on a daily basis. Today, enterprise applications contain 40% to 70% open source code and this fact has legal, development, IT security, risk management and compliance organizations focusing their attention on its use, as never before. They increasingly understand that the open source content within an application must be detected. Once uncovered, decisions regarding compliance with intellectual property licensing obligations must be made and known security vulnerabilities must be remediated. It is no longer sufficient from a risk perspective to not address both open source issues.
Resumo:
1. Introduction "The one that has compiled ... a database, the collection, securing the validity or presentation of which has required an essential investment, has the sole right to control the content over the whole work or over either a qualitatively or quantitatively substantial part of the work both by means of reproduction and by making them available to the public", Finnish Copyright Act, section 49.1 These are the laconic words that implemented the much-awaited and hotly debated European Community Directive on the legal protection of databases,2 the EDD, into Finnish Copyright legislation in 1998. Now in the year 2005, after more than half a decade of the domestic implementation it is yet uncertain as to the proper meaning and construction of the convoluted qualitative criteria the current legislation employs as a prerequisite for the database protection both in Finland and within the European Union. Further, this opaque Pan-European instrument has the potential of bringing about a number of far-reaching economic and cultural ramifications, which have remained largely uncharted or unobserved. Thus the task of understanding this particular and currently peculiarly European new intellectual property regime is twofold: first, to understand the mechanics and functioning of the EDD and second, to realise the potential and risks inherent in the new legislation in economic, cultural and societal dimensions. 2. Subject-matter of the study: basic issues The first part of the task mentioned above is straightforward: questions such as what is meant by the key concepts triggering the functioning of the EDD such as presentation of independent information, what constitutes an essential investment in acquiring data and when the reproduction of a given database reaches either qualitatively or quantitatively the threshold of substantiality before the right-holder of a database can avail himself of the remedies provided by the statutory framework remain unclear and call for a careful analysis. As for second task, it is already obvious that the practical importance of the legal protection providedby the database right is in the rapid increase. The accelerating transformationof information into digital form is an existing fact, not merely a reflection of a shape of things to come in the future. To take a simple example, the digitisation of a map, traditionally in paper format and protected by copyright, can provide the consumer a markedly easier and faster access to the wanted material and the price can be, depending on the current state of the marketplace, cheaper than that of the traditional form or even free by means of public lending libraries providing access to the information online. This also renders it possible for authors and publishers to make available and sell their products to markedly larger, international markets while the production and distribution costs can be kept at minimum due to the new electronic production, marketing and distributionmechanisms to mention a few. The troublesome side is for authors and publishers the vastly enhanced potential for illegal copying by electronic means, producing numerous virtually identical copies at speed. The fear of illegal copying canlead to stark technical protection that in turn can dampen down the demand for information goods and services and furthermore, efficiently hamper the right of access to the materials available lawfully in electronic form and thus weaken the possibility of access to information, education and the cultural heritage of anation or nations, a condition precedent for a functioning democracy. 3. Particular issues in Digital Economy and Information Networks All what is said above applies a fortiori to the databases. As a result of the ubiquity of the Internet and the pending breakthrough of Mobile Internet, peer-to-peer Networks, Localand Wide Local Area Networks, a rapidly increasing amount of information not protected by traditional copyright, such as various lists, catalogues and tables,3previously protected partially by the old section 49 of the Finnish Copyright act are available free or for consideration in the Internet, and by the same token importantly, numerous databases are collected in order to enable the marketing, tendering and selling products and services in above mentioned networks. Databases and the information embedded therein constitutes a pivotal element in virtually any commercial operation including product and service development, scientific research and education. A poignant but not instantaneously an obvious example of this is a database consisting of physical coordinates of a certain selected group of customers for marketing purposes through cellular phones, laptops and several handheld or vehicle-based devices connected online. These practical needs call for answer to a plethora of questions already outlined above: Has thecollection and securing the validity of this information required an essential input? What qualifies as a quantitatively or qualitatively significant investment? According to the Directive, the database comprises works, information and other independent materials, which are arranged in systematic or methodical way andare individually accessible by electronic or other means. Under what circumstances then, are the materials regarded as arranged in systematic or methodical way? Only when the protected elements of a database are established, the question concerning the scope of protection becomes acute. In digital context, the traditional notions of reproduction and making available to the public of digital materials seem to fit ill or lead into interpretations that are at variance with analogous domain as regards the lawful and illegal uses of information. This may well interfere with or rework the way in which the commercial and other operators have to establish themselves and function in the existing value networks of information products and services. 4. International sphere After the expiry of the implementation period for the European Community Directive on legal protection of databases, the goals of the Directive must have been consolidated into the domestic legislations of the current twenty-five Member States within the European Union. On one hand, these fundamental questions readily imply that the problemsrelated to correct construction of the Directive underlying the domestic legislation transpire the national boundaries. On the other hand, the disputes arisingon account of the implementation and interpretation of the Directive on the European level attract significance domestically. Consequently, the guidelines on correct interpretation of the Directive importing the practical, business-oriented solutions may well have application on European level. This underlines the exigency for a thorough analysis on the implications of the meaning and potential scope of Database protection in Finland and the European Union. This position hasto be contrasted with the larger, international sphere, which in early 2005 does differ markedly from European Union stance, directly having a negative effect on international trade particularly in digital content. A particular case in point is the USA, a database producer primus inter pares, not at least yet having aSui Generis database regime or its kin, while both the political and academic discourse on the matter abounds. 5. The objectives of the study The above mentioned background with its several open issues calls for the detailed study of thefollowing questions: -What is a database-at-law and when is a database protected by intellectual property rights, particularly by the European database regime?What is the international situation? -How is a database protected and what is its relation with other intellectual property regimes, particularly in the Digital context? -The opportunities and threats provided by current protection to creators, users and the society as a whole, including the commercial and cultural implications? -The difficult question on relation of the Database protection and protection of factual information as such. 6. Dsiposition The Study, in purporting to analyse and cast light on the questions above, is divided into three mainparts. The first part has the purpose of introducing the political and rationalbackground and subsequent legislative evolution path of the European database protection, reflected against the international backdrop on the issue. An introduction to databases, originally a vehicle of modern computing and information andcommunication technology, is also incorporated. The second part sets out the chosen and existing two-tier model of the database protection, reviewing both itscopyright and Sui Generis right facets in detail together with the emergent application of the machinery in real-life societal and particularly commercial context. Furthermore, a general outline of copyright, relevant in context of copyright databases is provided. For purposes of further comparison, a chapter on the precursor of Sui Generi, database right, the Nordic catalogue rule also ensues. The third and final part analyses the positive and negative impact of the database protection system and attempts to scrutinize the implications further in the future with some caveats and tentative recommendations, in particular as regards the convoluted issue concerning the IPR protection of information per se, a new tenet in the domain of copyright and related rights.
Resumo:
Terrestrial Trunked Radio (TETRA) on moderni digitaalinen matkapuhelinjärjestelmän standardi, joka on suunniteltu täyttämään erityisesti viranomaisten vaativat tarpeet turvallisuuden ja luotettavuuden suhteen. Ohjelmiston testaus on tärkeä osa sen laadun takaamiseksi. Testaus on jaettu useisiin vaiheisiin ja se kattaa koko ohjelmiston elinkaaren: ohjelmiston kehittelystä alkaen asiakkaalle lähetettyyn valmiiseen tuotteeseen saakka. Toiminnallisuustestauksen suorittaa joko ohjelmiston suunnittelijat tai erillinen testausryhmä käyttäen Nokia TETRA-järjestelmän testauslaboratoriota. Testauksen tarkoituksena on varmistaa, että ohjelmisto, sen aliohjelmat ja ominaisuudet täyttävät niille annetut toiminnalliset ja laadulliset vaatimukset. Tämä diplomityö antaa yleiskuvan toiminnallisuustestausprosessista Nokia TETRA järjestelmän laboratoriossa. Se tarjoaa esimerkkitestitapauksen avulla kokonaiskuvan siitä, kuinka toiminnallisuustestausprosessi suoritetaan alusta loppuun.
Resumo:
Diplomityön tavoitteina oli antaa yleiskuva eri mobiiliteknologioistaja niihin liittyvistä käsitteistä, antaa käsitys mobiilisovellusten toimintaympäristöstä ja kuvata ja arvioda määrätyt mobiilit pilottisovellukset. Ensin työssä kerätään tietoa mobiilista ympäristöstä, laitteista, käyttöympäristöstä ja sovelluksista. Sitten työssä esitetään yleisesti mobiiliteknologiat, laitteiden eroavuudet ja erinäisiä tekijöitä, joita tulee ottaa huomioon mobiilien sovellusten kehittämisessä. Seuraavaksi työn aihepiiriin kuuluvat mobiilisovellukset on kuvattu ja pilotoitu. Lopuksi on muodostettu johtopäätökset ja suositukset sovellusten kehittämiseksi. Sovellusten pilotoinnista selvisi, että sovellusten toiminnallisuuteen eri virhetapauksissa ei ole kiinnitetty riittävästi huomiota. Lisäksi työssä pohditaan, josko kaikkien sovellusten pitäisi pohjautua Internet-teknologiaan.
Resumo:
Keeping track of software assets and managing software installations in IT environments can be a hard endeavor, especially when the size and diversity of the environment grows. How to install and uninstall software efficiently and cost effectively? Are there too few or too many software licenses purchased? If installed, is the software actually in use? Software Asset Management (SAM) is a process that involves managing and optimizing the purchase, deployment, maintenance, utilization, and disposal of software applications within an organization. This master’s thesis describes a special Software Lifecycle Management Framework to provide solutions to the multitude of challenges within SAM. The main objectives when designing the framework was to provide a set of tools to control the software assets during their entire lifecycle while trying to minimize the costs related to owning and managing them.
