To see the other types of publications on this topic, follow the link: Java security.
Dissertations / Theses on the topic 'Java security'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 dissertations / theses for your research on the topic 'Java security.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse dissertations / theses on a wide variety of disciplines and organise your bibliography correctly.
1
Doyon, Stéphane. "On the security of Java, the Java bytecode verifier." Thesis, National Library of Canada = Bibliothèque nationale du Canada, 1999. http://www.collectionscanada.ca/obj/s4/f2/dsk1/tape7/PQDD_0004/MQ41890.pdf.
Full text
2
Samson, Frédéric. "Alternative Java Security Policy Model." Thesis, Université Laval, 2004. http://www.theses.ulaval.ca/2004/22020/22020.pdf.
Full textAbstract:
Récemment, les systèmes distribués sont devenus une catégorie fondamentale de systèmes informatiques. Par conséquent, leur sécurité est devenue essentielle. La recherche décrite dans ce document vise à apporter un éclaircissement sur leurs vulnérabilités quant à la sécurité.
Pour ce faire, on a examiné les propriétés de sécurité qu'un système distribué considéré sécuritaire doit supporter. En cherchant un système avec lequel travailler, on a étudié des failles de sécurité des systèmes distribués existants. On a étudié la sécurité de Java et des outils utilisés pour sécuriser ces systèmes.
Suite à ces recherches, un nouveau modèle de sécurité Java imposant de nouvelles propriétés de sécurité a été développé.
Ce document commence par les résultats de notre recherche sur les systèmes distribués, les outils de sécurité, et la sécurité de Java. Ensuite, on décrit les détails du nouveau système pour finalement faire la démonstration des améliorations qu'apporte ce système avec un exemple.Recently, distributed systems have become a fundamental type of computer system. Because of this, their security is essential. The research described in this document aimed to find their weaknesses and to find the means to improve them with regards to their security. To do that, we examined the security properties that a system considered secure must support. While looking for a system with which we could work, we studied security problems in existing distributed systems. We studied the security of Java and some tools used to secure these systems. Following our research, we developed a new Java security model, which imposed new security properties. This document begins with the results of our research in distributed systems, security tools, and Java security. Next, we go into detail about our new system to finally demonstrate the security enhancements of our system using an example.
3
Wanderydz, Kristoffer. "WEB APPLICATION SECURITY IN THE JAVA ENVIRONMENT." Thesis, Blekinge Tekniska Högskola, Sektionen för datavetenskap och kommunikation, 2012. http://urn.kb.se/resolve?urn=urn:nbn:se:bth-2370.
Full textAbstract:
This project focuses on web security. Some of the most famous vulnerabilities, known troubling web applications. Has been collected and analyzed. Each vulnerability collected in this project, was exploited and secured. Demon- strations from a web application prototype, developed for this project. Brings real examples for each vulnerability, both secured, and insecured. The proto- type ran on a Tomcat web server, and was developed with frameworks such as Web, Spring and Hibernate. Connected to one PostgreSQL data source. All vulnerabilities was successfully implemented in Spring framework, and they were all exploited. Every vulnerability was also secured, with different tools and methods from earlier mentioned frameworks. As a result, real examples from the prototype is used for demonstration in the project, both in a secure and an insecure state. The result views Spring as a framework with good security potential. Most of the Spring specific vulnerabilities, are logical design flaws from developers that can be avoided. Vulnerabilities not related to Spring, such as the one collected for this project. Could be prevented by using methods from the Spring framework or intelligent programming. Which leads to conclusions. Web applications are always exposed to attacks, no matter the framework in use. Creative hackers search to discover new vul- nerabilities, and update old ones all the time. Developers has a responsibility, towards the web applications users. Web applications can not just developed for normal use, but also against possible misuse. Frameworks with good reputation and well processed models, is a good ground for developing a secure application.
4
Frantz, Miles Eugene. "Enhancing CryptoGuard's Deployability for Continuous Software Security Scanning." Thesis, Virginia Tech, 2020. http://hdl.handle.net/10919/98521.
Full textAbstract:
The increasing development speed via Agile may introduce overlooked security steps in the process, with an example being the Iowa Caucus application. Verifying the protection of confidential information such as social security numbers requires security at all levels, providing protection through any connected applications. CryptoGuard is a static code analyzer for Java. This program verifies that developers do not leave vulnerabilities in their application. The program aids the developer by identifying cryptographic misuses such as hard-coded keys, weak program hashes, and using insecure protocols. In my Master thesis work, I made several important contributions to improving the deployability, accessibility, and usability of CryptoGuard. I extended CryptoGuard to scan source and compiled code, created live documentation, and supported a dual cloud and local tool-suite. I also created build tool plugins and a program aid for CryptoGuard. In addition, I also analyzed several Java-related surveys encompassing more than 50,000 developers and reported interesting current practices of real-world software developers.Master of Science
Throughout the rise of software development, there has been an increase in development speed with developers embracing methodologies that use higher rates of changes, such as Agile. Since Agile naturally addresses "problems of rapid change", this also increases the likelihood of insecure and vulnerable coding practices. Though consumers depend on various public applications, there can still be failures throughout the development process in applications such as the Iowa caucus application. It was determined the Iowa cacus application development teams' repository credentials (API key) was left within the application itself. API keys provide the credential to be able to directly interact with server systems, and if left unguarded can be easily exploited. Since the Iowa cacus application was released publicly, malicious actors (other people looking to exploit the application) may have already discovered this credential. Within our team we have created CryptoGuard, a program to analyze applications to detect cryptographic issues such as an API key. Creating it with scalability in mind, it was created to be able to scan enterprise code at a reasonable speed. To ensure its use within companies, we have been working on extending and enhancing the work to the current needs of Java developers. Verifying the current Java landscape, we investigated three different companies and their developer ecosystem surveys that are publicly available. Amongst these companies are; JetBrains, known for their Integrated Development Environments (IDE, or application to help write applications) and their own programming language, Snyk, known for their public security platform and anti-virus capability, and Jakarta EE, which is the new platform for the enterprise version of Java. Throughout these surveys, we accumulate more than 50,000 developers' responses, spanning various countries, company experience, and ages. With their responses amalgamated, we enhance CryptoGuard to be available to as many developers and their requests as possible.First, CryptoGuard is enhanced to scan a projects source code. After that, ensuring our project is hosted by a cloud service, we actively are extending our project to the Security Assurance Marketplace (SWAMP). Funded by the DHS, SWAMP not only supplies a public cloud for developers to use, but a local download option to scan a program within the user's own computer. Next, we create a plugin for two most used build tools, Gradle and Maven. Then to ensure CryptoGuard can be have reactive aide, CryptoSoule is created to aide minimal interface aide. Finally utilizing a live documentation service, an open source documentation website was created to provide working examples to the community.
5
Virden, Roy John. "An approach to mobile agent security in Java." Thesis, Monterey, Calif. : Springfield, Va. : Naval Postgraduate School ; Available from National Technical Information Service, 1998. http://handle.dtic.mil/100.2/ADA343420.
Full text
6
Schönefeld, Marc. "Refactoring of security antipatterns in distributed Java components." Bamberg Univ. of Bamberg Press, 2010. http://d-nb.info/1003208398/34.
Full text
7
Morcos, Alexander 1974. "A Java implementation of simple distributed security infrastructure." Thesis, Massachusetts Institute of Technology, 1998. http://hdl.handle.net/1721.1/49658.
Full textAbstract:
Thesis (S.B. and M.Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 1998.Includes bibliographical references (leaf 58).
by Alexander Morcos.
S.B.and M.Eng.
8
Shah, Rahul Arvind. "Vulnerability assessment of Java bytecode." Auburn, Ala., 2005. http://repo.lib.auburn.edu/Send%2012-16-07/SHAH_RAHUL_44.pdf.
Full text
9
Talhi, Chamseddine. "Memory-Constrained Security Enforcement." Doctoral thesis, Québec : Université Laval, 2007. http://www.theses.ulaval.ca/2007/24434/24434.pdf.
Full text
10
Li, Louis. "Security Analysis of Java Web Applications Using String Constraint Analysis." Thesis, Harvard University, 2015. http://nrs.harvard.edu/urn-3:HUL.InstRepos:14398534.
Full textAbstract:
Web applications are exposed to myriad security vulnerabilities related to malicious user
string input. In order to detect such vulnerabilities in Java web applications,
this project employs string constraint analysis, which approximates the values
that a string variable in a program can take on. In string constraint analysis, program analysis
generates string constraints -- assertions about the relationships between string variables. We
design and implement a dataflow analysis for Java programs that generates string constraints and passes
those constraints to the CVC4 SMT solver to find a satisfying assignment of string variables. Using
example programs, we illustrate the feasibility of the system in detecting certain types of web
application vulnerabilities, such as SQL injection and cross-site scripting.
11
Yang, Kent. "JAVA: A PARADIGM SHIFT IN TELEMETRY SOFTWARE ARCHITECTURES." International Foundation for Telemetering, 1999. http://hdl.handle.net/10150/607333.
Full textAbstract:
International Telemetering Conference Proceedings / October 25-28, 1999 / Riviera Hotel and Convention Center, Las Vegas, NevadaIn the commercial marketplace, Java has emerged as the preeminent standard for platform-independent application development. Many reasons for this include platform independence, robustness, effective distribution models, security effectiveness, and a rich set of application programming interfaces (APIs). This paper will provide insight into the design of the Java platform as it relates to the development of telemetry systems. Specific elements of Java will be explored to better understand how to take advantage of a Java platform. The paper will conclude with examples showing Java's effectiveness on overall software development and deployment, the benefits of reduced new code implementations, and how deploying this unique software platform will change the software paradigm in the real-time environment.
12
Kafle, Sijan. "Securing Distributed Context Exchange Networks in Mobile Environments." Thesis, Mittuniversitetet, Avdelningen för informations- och kommunikationssystem, 2013. http://urn.kb.se/resolve?urn=urn:nbn:se:miun:diva-20036.
Full textAbstract:
The use of the internet has exploded with many more context aware applications for different services, simplifying the use and access for human requirements. The present situation shows an increasing number of devices from computers to sensors and actuators that are connected to the internet. MediaSense[1] is a growing framework that provides a platform for applications to connect these devices (smart-phones, sensors, actuators etc.) and provide services using the internet. Applications based on the MediaSense[1] framework access globally available sensors to provide contextual information with regards to a situation and provide better services. However, information flowing between the devices or sensors are open to the internet without any security. Thus, the focus of this thesis is on the development of a security mechanism for the MediaSense framework which is a fully distributed network. The task involves analyzing the security measures with and without centralized authority as well as the advantages and disadvantages of both scenarios regarding the MediaSense framework and proposing appropriate solutions to achieve the maximum possible security on the framework. The first challenge of this thesis is to identify different properties required for a security mechanism which is capable of secure key distribution and secure peer to peer communication among MediaSense instances without having any centralized authority. Therefore, this thesis proposes a resilient solution, namely, a security architecture for MediaSense which is capable of performing in a distributed environment with the ability of key distribution and management and thus securing the communication using different encryption techniques. The next challenge to the security architecture is to store the keys securely and prevent any unauthorized access from a third party. The thesis proposes the use of built in Java Application Programming Interface(API), “KeyStore” to store valuable keys locally. Thus, by addressing these challenges and other related issues, this thesis forms a security architecture or mechanism that is adaptive to a distributed system and utilizes encryption algorithms, key distribution and secure storage of the keys. To support these proposals, this thesis has developed a proof of concept application and prototypes to verify the approach. In addition, the thesis has implemented security features from the security architecture as an extension to the MediaSense framework. Hence, in conclusion, this thesis proposal regarding a security architecture for MediaSense has the ability to provide the necessary security together with the required key distribution mechanism to the framework without any centralized authority.
13
Brandolini, Filippo Alberto. "Hooking Java methods and native functions to enhance Android applications security." Master's thesis, Alma Mater Studiorum - Università di Bologna, 2016. http://amslaurea.unibo.it/12257/.
Full textAbstract:
Mobile devices are becoming the main end-user platform to access the Internet. Therefore, hackers’ interest for fraudulent mobile applications is now higher than ever. Most of the times, static analysis is not enough to detect the application hidden malicious code. For this reason, we design and implement a security library for Android applications exploiting the hooking of Java and native functions to enable runtime analysis. The library verifies if the application shows compliance to some of the most important security protocols and it tries to detect unwanted activities. Testing of the library shows that it successfully intercepts the targeted functions, thus allowing to block the application malicious behaviour. We also assess the feasibility of an automatic tool that uses reverse engineering to decompile the application, inject our library and recompile the security-enhanced application.
I dispositivi mobile rappresentano ormai per gli utenti finali la principale piattaforma di accesso alla rete. Di conseguenza, l’interesse degli hacker a sviluppare applicazioni mobile fraudolente è più forte che mai. Il più delle volte, l’analisi statica non è sufficiente a rilevare tracce di codice ostile. Per questo motivo, progettiamo e implementiamo una libreria di sicurezza per applicazioni Android che sfrutta l’hooking di funzioni Java e native per effettuare un’analisi dinamica del codice. La libreria verifica che l’applicazione sia conforme ad alcuni dei principali protocolli di sicurezza e tenta di rilevare tracce di attività indesiderate. La fase di testing mostra che la libreria intercetta con successo le funzioni bersaglio, consentendo di bloccare il comportamento malevolo dell’applicazione. Valutiamo altresì la fattibilità di un programma che in modo automatico sfrutti tecniche di reverse engineering per decompilare un’applicazione, inserire al suo interno la libreria e ricompilare l’applicazione messa in sicurezza.
14
Schönefeld, Marc [Verfasser]. "Refactoring of security antipatterns in distributed Java components / von Marc Schönefeld." Bamberg : Univ. of Bamberg Press, 2010. http://d-nb.info/1003208398/34.
Full text
15
Pham, Thi Van Anh. "Security of NFC applications." Thesis, KTH, Radio Systems Laboratory (RS Lab), 2013. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-124368.
Full textAbstract:
Near Field Communication (NFC) refers to a communication technology that enables an effortless connection and data transfers between two devices by putting them in a close proximity. Besides contactless payment and ticketing applications, which were the original key drivers of this technology, a large number of novel use cases can benefit from this rapidly developing technology, as has been illustrated in various NFC-enabled application proposals and pilot trials. Typical NFC-enabled systems combine NFC tags, NFC-enabled mobile phones, and online servers. This thesis explores the trust relationships, security requirements, and security protocol design in these complex systems. We study how to apply the security features of different types of NFC tags to secure NFC applications. We first examine potential weaknesses and problems in some novel use cases where NFC can be employed. Thereafter, we analyze the requirements and propose our system design to secure each use case. In addition, we developed proof-of-concept implementations for two of our proposed protocols: an NFCenabled security-guard monitoring system and an NFC-enabled restaurant menu. For the former use case, we also formally verified our proposed security protocol. Our analysis shows that among the discussed tags, the NFC tags based on secure memory cards have the least capability and flexibility. Their built-in three-pass mutual authentication can be used to prove the freshness of the event when the tag is tapped. The programmable contactless smart cards are more flexible because they can be programmed to implement new security protocols. In addition, they are able to keep track of a sequence number and can be used in systems that do not require application-specific software on the mobile phone. The sequence number enforces the order of events, thus providing a certain level of replay prevention. The most powerful type of tag is the emulated card since it provides a clock, greater computational capacity, and possibly its own Internet connection, naturally at higher cost of deployment.Near Field Communication (NFC) hänvisar till en kommunikationsteknik som möjliggör en enkel anslutning och dataöverföring mellan två enheter genom att sätta dem i en närhet. Förutom kontaktlös betalning och biljetthantering ansökningar, vilket var den ursprungliga viktiga drivkrafter för denna teknik, kan ett stort antal nya användningsfall dra nytta av denna snabbt växande teknik, som har visats i olika NFC-aktiverade program förslag och pilotförsök. Typiska NFC-applikationer kombinerar NFC-taggar, NFC-kompatibla mobiltelefoner och online-servrar. Denna avhandling utforskar förtroenderelationer, säkerhetskrav och säkerhetsprotokoll utformning i dessa komplexa system. Vi studerar hur man kan tillämpa de säkerhetsfunktioner för olika typer av NFC-taggar för att säkra NFC-applikationer. Vi undersöker först potentiella svagheter och problem i vissa nya användningsfall där NFC kan användas. Därefter analyserar vi de krav och föreslå vårt system design för att säkra varje användningsfall. Dessutom utvecklade vi proof-of-concept implementationer för två av våra föreslagna protokoll: en NFC-aktiverad säkerhet-guard övervakningssystem och en NFC-aktiverad restaurang meny. Dessutom, för fd bruk fallet, kontrollerade vi formellt vår föreslagna säkerhetsprotokoll. Vår analys visar att bland de diskuterade taggar, NFC taggar som baseras på säkra minneskort har minst kapacitet och dlexibilitet. Deras inbyggda trepass ömsesidig autentisering kan användas för att bevisa färskhet av händelsen när taggen tappas. De programmerbara beröringsfria smarta kort är mer flexibla eftersom de kan programmeras för att genomföra nya säkerhetsprotokoll. Dessutom kan de hålla reda på ett löpnummer och kan användas i system som inte kräver ansökan-specik mjukvara på mobiltelefonen. Sekvensnumret framtvingar ordning av händelser, vilket ger en viss nivå av replay förebyggande. Den mest kraftfulla typen av taggen är den emulerade kortet eftersom det ger en klocka, större beräkningskapacitet, och möjligen sin egen Internet-anslutning, naturligtvis till högre kostnad för utplacering.
16
Lachheb, Tawfik. "A secure client/server java application programming interface." CSUSB ScholarWorks, 2004. https://scholarworks.lib.csusb.edu/etd-project/2561.
Full textAbstract:
The purpose of this project is to develop a generic Java Application Programming Interface (API) that would be used to provide security and user privacy to functions such as data transfer, key management, digital signature, etc.
17
Rubio, Medrano Carlos Ernesto. "A formal approach to specifying access control security features of Java modules." To access this resource online via ProQuest Dissertations and Theses @ UTEP, 2008. http://0-proquest.umi.com.lib.utep.edu/login?COPT=REJTPTU0YmImSU5UPTAmVkVSPTI=&clientId=2515.
Full text
18
Wang, Haiyuan. "Security Architecture for the TEAMDEC System." Thesis, Virginia Tech, 1999. http://hdl.handle.net/10919/9778.
Full textAbstract:
The prevalence of the Internet, client/server applications, Java, e-commerce, and electronic communications offers tremendous opportunities for business, education and communication, while simultaneously presenting big challenges to network security. In general, the web was designed with little concern for security. Thus, the issue of security is important in the design of network-based applications. The software architecture proposed in this thesis allows for the secure and efficient running of a team-based decision support system, specifically TEAMDEC. Based on the system's requirements and architecture, three types of possible attacks to the system are identified and a security solution is proposed that allows for user authentication, secure communication, and script access control. The implementation of these features will reduce security risk and allow effective use of the valuable system information data.Master of Science
19
Herzog, Almut. "Usable Security Policies for Runtime Environments." Doctoral thesis, Linköpings universitet, IISLAB - Laboratoriet för intelligenta informationssystem, 2007. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-8809.
Full textAbstract:
The runtime environments provided by application-level virtual machines such as the Java Virtual Machine or the .NET Common Language Runtime are attractive for Internet application providers because the applications can be deployed on any platform that supports the target virtual machine. With Internet applications, organisations as well as end users face the risk of viruses, trojans, and denial of service attacks. Virtual machine providers are aware of these Internet security risks and provide, for example, runtime monitoring of untrusted code and access control to sensitive resources. Our work addresses two important security issues in runtime environments. The first issue concerns resource or release control. While many virtual machines provide runtime access control to resources, they do not provide any means of limiting the use of a resource once access is granted; they do not provide so-called resource control. We have addressed the issue of resource control in the example of the Java Virtual Machine. In contrast to others’ work, our solution builds on an enhancement to the existing security architecture. We demonstrate that resource control permissions for Java-mediated resources can be integrated into the regular Java security architecture, thus leading to a clean design and a single external security policy. The second issue that we address is the usabilityhttps://www.diva-portal.org/liu/webform/form.jsp DiVA Web Form and security of the setup of security policies for runtime environments. Access control decisions are based on external configuration files, the security policy, which must be set up by the end user. This set-up is security-critical but also complicated and errorprone for a lay end user and supportive, usable tools are so far missing. After one of our usability studies signalled that offline editing of the configuration file is inefficient and difficult for end users, we conducted a usability study of personal firewalls to identify usable ways of setting up a security policy at runtime. An analysis of general user help techniques together with the results from the two previous studies resulted in a proposal of design guidelines for applications that need to set up a security policy. Our guidelines have been used for the design and implementation of the tool JPerM that sets the Java security policy at runtime. JPerM evaluated positively in a usability study and supports the validity of our design guidelines.
20
Holzinger, Philipp Albert [Verfasser]. "A systematic analysis and hardening of the Java security architecture / Philipp Albert Holzinger." Paderborn : Universitätsbibliothek, 2019. http://d-nb.info/1198932619/34.
Full text
21
Chitiprolu, Jyothi. "Three Factor Authentication Using Java Ring and Biometrics." ScholarWorks@UNO, 2004. http://scholarworks.uno.edu/td/187.
Full textAbstract:
Computer security is a growing field in the IT industry. One of the important aspects of the computer security is authentication. Using passwords (something you know) is one of the most common ways of authentications. But passwords have proven to provide weak level of security as they can be easily compromised. Some other ways of authenticating a user are using physical tokens, (something you possess) and biometrics, (something you are). Using any one of these techniques to secure a system always has its own set of threats. One way to make sure a system is secure is to use multiple factors to authenticate. One of the ways to use multiple factors is to use all the three factors of authentication, something you possess, something you are and something you know. This thesis discusses about different ways of authentication and implements a system using three factor authentication. It takes many security aspects of the system into consideration while implementing it, to make it secure.
22
Barák, Pavel. "Aplikace mobilního bankovnictví založené na technologiích JAVA." Master's thesis, Vysoká škola ekonomická v Praze, 2009. http://www.nusl.cz/ntk/nusl-19148.
Full textAbstract:
This thesis addresses the issue of mobile banking and analyzes applications, which provides mobile banking services. Aim of this thesis is to compare individual applications and analyze different approaches of applications based on Java technologies. Structure of this thesis is divided into four main parts. First part describes composition of bank services. It defines traditional and direct banking and points out differences between both concepts. Then it tries to show the position of mobile banking within the hierarchy of the bank. Second part gives detailed information about mobile banking itself. There is a research of current mobile banking situation on Czech market in the third part. This research includes products comparison and assessment. The last part focuses on presenting principles and problems of development on mobile phones through Java and then it analyzes these Java solutions in practice. The main contribution of this thesis is to provide information for companies or banks that choose to implement their own new mobile banking solution. Then this thesis should serve as initial analysis, which defines key parts of banking applications and how they should be properly processed. It could help to create efficient and successful mobile banking solution.
23
Marouf, Said M. "An extensive analysis of the software security vunerabilities that exist within the Java software execution environment /." Connect to title online, 2008. http://minds.wisconsin.edu/handle/1793/34240.
Full text
24
Hermann, Ben [Verfasser], Mira [Akademischer Betreuer] Mezini, and Awais [Akademischer Betreuer] Rashid. "Full-Stack Static Security Analysis for the Java Platform / Ben Hermann ; Mira Mezini, Awais Rashid." Darmstadt : Universitäts- und Landesbibliothek Darmstadt, 2016. http://d-nb.info/1120585198/34.
Full text
25
Chen, Tang-Li. "Designing secure, JAVA based online registration systems to meet peak load performance targets." CSUSB ScholarWorks, 2004. https://scholarworks.lib.csusb.edu/etd-project/2767.
Full textAbstract:
This project "Designing Secure, Java Based Online Registration Systems to Meet Peak Load Performance Targets" is a simulation of a Web-based exposition management system plus a performance testing procedure to examine this web application.
26
Parrend, Pierre. "Software security models for service-oriented programming (SOP) platforms." Lyon, INSA, 2008. http://theses.insa-lyon.fr/publication/2008ISAL0117/these.pdf.
Full textAbstract:
Service-oriented programming (SOP) component platforms are generic execution environments enforcing a proper architectural model for applications. However, few tools exist to guarantee that the selected components do not perform malicious actions. We therefore propose to adapt the Software Security Assurance methods for SOP platform, to perform a security analysis based on these principles and to provide protection mechanisms tailored to the requirements identified during the analysis. The proposed mechanisms are Hardened OSGi, a set of recommendations for buildin more robust OSGi implementation, CBAC, Component-based Access Control, a flexible access control mechanism enforced at install time, and WCA, Weak Component Analysis, a tool for identifying exploitable vulnerabilities in SOP components, according to the exposition of classes. CBAC and WCA are based on static analysis of the component Bytecode to enable automated verification of components even when the source code is not availableLes plates-formes à composants de service (SOP pour Service-oriented Programming) sont des environnements d’exécution génériques qui garantissent des applications conçues selon un modèle architectural propre. Cependant, peu d’outils existent pour garantir l’innocuité des composants installés. Nous proposons par conséquent d’adapter les méthodes d’Assurance de Sécurité Logicielle pour les plates-formes SOP, d’effectuer une analyse de sécurité correspondante et de fournir des mécanismes de protection adaptés. Les mécanismes de protection proposés sont OSGi Robuste (Hardened OSGi), un ensemble de recommandations pour l’implémentation de plates-formes OSGi, CBAC (Component-based Access Control), un mécanisme de contrôle d’accès flexible mis en œuvre à l’installation, et WCA (Weak Component Analysis) qui identifie les vulnérabilités exploitables dans les composants SOP selon l’exposition du code. CBAC et WCA utilisent l’analyse statique du Bytecode pour automatiser la validation des composants lors de leur installation
27
Varma, Nitesh. "Secure Network-Centric Application Access." Thesis, Virginia Tech, 1998. http://hdl.handle.net/10919/46318.
Full textAbstract:
In the coming millennium, the establishment of virtual enterprises will become increasingly common. In the engineering sector, global competition will require corporations to create agile partnerships to use each other’s engineering resources in mutually profitable ways. The Internet offers a medium for accessing such resources in a globally networked environment. However, remote access of resources require a secure and mutually trustable environment, which is lacking in the basic infrastructure on which the Internet is based. Fortunately, efforts are under way to provide the required security services on the Internet. This thesis presents a model for making distributed engineering software tools accessible via the Internet. The model consists of an extensible clientserver system interfaced with the engineering software tool on the server-side. The system features robust security support based on public-key and symmetric cryptography. The system has been demonstrated by providing Web-based access to a .STL file repair program through a Java-enabled Web browser.Master of Science
28
Ruhault, Sylvain. "Security analysis for pseudo-random number generators." Thesis, Paris, Ecole normale supérieure, 2015. http://www.theses.fr/2015ENSU0014/document.
Full textAbstract:
La génération d’aléa joue un rôle fondamental en cryptographie et en sécurité. Des nombres aléatoires sont nécessaires pour la production de clés cryptographiques ou de vecteurs d’initialisation et permettent également d’assurer que des protocoles d’échange de clé atteignent un niveau de sécurité satisfaisant. Dans la pratique, les bits aléatoires sont générés par un processus de génération de nombre dit pseudo-aléatoire, et dans ce cas, la sécurité finale du système dépend de manière cruciale de la qualité des bits produits par le générateur. Malgré cela, les générateurs utilisés en pratique ne disposent pas ou peu d’analyse de sécurité permettant aux utilisateurs de connaître exactement leur niveau de fiabilité. Nous fournissons dans cette thèse des modèles de sécurité pour cette analyse et nous proposons des constructions prouvées sûres et efficaces qui répondront à des besoins de sécurité forts. Nous proposons notamment une nouvelle notion de robustesse et nous étendons cette propriété afin d’adresser les attaques sur la mémoire et les attaques par canaux cachés. Sur le plan pratique, nous effectuons une analyse de sécurité des générateurs utilisés dans la pratique, fournis de manière native dans les systèmes d’exploitation (/dev/random sur Linux) et dans les librairies cryptographiques (OpenSSL ou Java SecureRandom) et nous montrons que ces générateurs contiennent des vulnérabilités potentiellesIn cryptography, randomness plays an important role in multiple applications. It is required in fundamental tasks such as key generation and initialization vectors generation or in key exchange. The security of these cryptographic algorithms and protocols relies on a source of unbiased and uniform distributed random bits. Cryptography practitioners usually assume that parties have access to perfect randomness. However, quite often this assumption is not realizable in practice and random bits are generated by a Pseudo-Random Number Generator. When this is done, the security of the scheme depends of course in a crucial way on the quality of the (pseudo-)randomness generated. However, only few generators used in practice have been analyzed and therefore practitioners and end users cannot easily assess their real security level. We provide in this thesis security models for the assessment of pseudo-random number generators and we propose secure constructions. In particular, we propose a new definition of robustness and we extend it to capture memory attacks and side-channel attacks. On a practical side, we provide a security assessment of generators used in practice, embedded in system kernel (Linux /dev/random) and cryptographic libraries (OpenSSL and Java SecureRandom), and we prove that these generators contain potential vulnerabilities
29
Barbu, Guillaume. "De la sécurité des plateformes Java Card face aux attaques matérielles." Phd thesis, Telecom ParisTech, 2012. http://tel.archives-ouvertes.fr/tel-00798693.
Full textAbstract:
Les cartes à puce jouent un rôle crucial dans de nombreuses applications que nous utilisons quotidiennement : paiement par carte bancaire, téléphonie mobile, titres de transport électroniques, etc. C'est dans ce contexte que la technologie Java Card s'est imposée depuis son introduction en 1996, réduisant les coûts de développement et de déploiement d'applications pour cartes à puce et permettant la cohabitation de plusieurs applications au sein d'une même carte. La communauté scientifique a rapidement démontré que la possibilité donnée à un attaquant d'installer des applications sur les cartes représente une menace. Mais dans le même temps, la sécurité des systèmes embarqués a également été un sujet d'étude très productif, révélant que des algorithmes cryptographiques considérés comme sûrs pouvaient être facilement cassés si leurs implémentations ne prenaient pas en compte certaines propriétés physiques des composants électroniques qui les accueillent. En particulier, une partie des attaques publiées repose sur la capacité de l'attaquant à perturber physiquement le composant pendant qu'un calcul est exécuté. Ces attaques par injections de fautes n'ont que très peu été étudiées dans le contexte de la technologie Java Card. Cette thèse étudie et analyse la sécurité des Java Cards contre des attaques combinant injections de fautes et installations d'applications malicieuses. Tout d'abord, nous présentons différents chemins d'attaques combinées et exposons dans quelle mesure ces attaques permettent de casser différents mécanismes sécuritaires de la plateforme. En particulier, notre analyse sécuritaire permet de démontrer que la propriété de sûreté du typage, l'intégrité du flot de contrôle, ainsi que le mécanisme d'isolation des applications peuvent être contournés et exploités par des combinaisons adéquates. Puis, nous présentons différentes approches permettant d'améliorer la résistance de la plateforme Java Card ainsi que des applications qu'elle accueille contre des attaques combinées. Ainsi, nous définissons plusieurs contremesures rendant les attaques exposées ainsi que certaines attaques de l'état de l'art inopérantes, et ce en gardant à l'esprit les fortes contraintes inhérentes au monde des cartes à puce.
30
Björk, Mårten, and Sofia Max. "ARTSY : A Reproduction Transaction System." Thesis, Linköping University, Department of Electrical Engineering, 2003. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-1611.
Full textAbstract:
A Transaction Reproduction System (ARTSY) is a distributed system that enables secure transactions and reproductions of digital content over an insecure network. A field of application is reproductions of visual arts: A print workshop could for example use ARTSY to print a digital image that is located at a remote museum. The purpose of this master thesis project was to propose a specification for ARTSY and to show that it is technically feasible to implement it.
An analysis of the security threats in the ARTSY context was performed and a security model was developed. The security model was approved by a leading computer security expert. The security mechanisms that were chosen for the model were: Asymmetric cryptology, digital signatures, symmetric cryptology and a public key registry. A Software Requirements Specification was developed. It contains extra directives for image reproduction systems but it is possible to use it for an arbitrary type of reproduction system. A prototype of ARTSY was implemented using the Java programming language. The prototype uses XML to manage information and Java RMI to enable remote communication between its components. It was built as a platform independent system and it has been tested and proven to be operational on the Sun Solaris platform as well as the Win32 platform.
31
Bouffard, Guillaume. "A Generic Approach for Protecting Java Card™ Smart Card Against Software Attacks." Thesis, Limoges, 2014. http://www.theses.fr/2014LIMO0007/document.
Full textAbstract:
De nos jours, la carte à puce est la pierre angulaire de nos usages quotidiens. En effet, elle est indispensable pour retirer de l'argent, voyager, téléphoner, ... Pour améliorer la sécurité tout en bénéficiant d'un environnement de développement facilité, la technologie Java a été adaptée pour être embarquée dans les cartes à puce. Présentée durant le milieu des années 90, cette technologie est devenue la plate-forme principale d'exécution d'applications sécurisées. De part leurs usages, ces applications contiennent des informations sensibles pouvant intéresser des personnes mal intentionnées.Dans le monde de la carte à puce, les concepteurs d'attaques et de contre-mesures se livrent une guerre sans fin. Afin d'avoir une vue générique de toutes les attaques possibles, nous proposons d'utiliser les arbres de fautes. Cette approche, inspirée de l'analyse de sûreté, aide à comprendre et à implémenter tous les événements désirables et non désirables existants. Nous appliquons cette méthode pour l'analyse de vulnérabilité Java Card. Pour cela, nous définissons des propriétés qui devront être garanties: l'intégrité et la confidentialité des données et du code contenus dans la carte à puce. Dans cette thèse, nous nous sommes focalisés sur l'intégrité du code des applications. En effet, une perturbation de cet élément peut corrompre les autres propriétés. En modélisant les conditions, nous avons découvert de nouveaux chemins d'attaques permettant d'accéder au contenu de la carte. Pour empêcher ces nouvelles attaques, nous présentons de nouvelles contre-mesures pour prévenir les éléments indésirables définis dans les arbres de fautesSmart cards are the keystone of various applications which we daily use: pay money for travel, phone, etc. To improve the security of this device with a friendly development environment, the Java technology has been designed to be embedded in a smart card. Introduce in the mid-nineties, this technology becomes nowadays the leading application platform in the world. As a smart card embeds critical information, evil-minded people are interested to attack this device. In smart card domain, attacks and countermeasures are advancing at a fast rate. In order to have a generic view of all the attacks, we propose to use the Fault Tree Analysis. This method used in safety analysis helps to understand and implement all the desirable and undesirable events existing in this domain. We apply this method to Java Card vulnerability analysis. We define the properties that must be ensured: integrity and confidentiality of smart card data and code. During this thesis, we focused on the integrity property, especially on the code integrity. Indeed, a perturbation on this element can break each other properties. By modelling the conditions, we discovered new attack paths to get access to the smart card contents. We introduce new countermeasures to mitigate the undesirable events defined in the tree models
32
Fly, Thomas, and Arvid Villén. "Design och implementation av ett distribuerat system med hög säkerhet." Thesis, KTH, Skolan för informations- och kommunikationsteknik (ICT), 2014. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-177035.
Full textAbstract:
Målet med detta projekt har varit att designa och implementera ett distribuerat system där privatpersoner kan ta del av analysresultat på sina egna blodprover. Tjänsten är en utbyggnad av ett befintligt system för beställning av laboratorietjänster. Eftersom denna tjänst hanterar känsliga personuppgifter har säkerhetsaspekter särskilt beaktats. Ett flertal kända tekniker och ramverk för detta har utvärderats. Resultatet av projektet är ett urval av ramverk som används för att skapa en design och implementation av ett distribuerat system med hög säkerhet.The aim of this project has been to design and implement a distributed system where individuals can view the results of analyzes of their own blood tests. The service is an extension of an existing system for ordering laboratory services. Because this service handles sensitive data, security has been central to the project. Many different techniques and frameworks for this have been evaluated. The outcome of the project is a selection of frameworks used to create a design and implementation of distributed system with high security.
33
Guilhen, Stefan Neusatz. "Um serviço de autorização Java EE baseado em certificados de atributos X.509." Universidade de São Paulo, 2008. http://www.teses.usp.br/teses/disponiveis/45/45134/tde-03122008-164346/.
Full textAbstract:
O surgimento e a popularização de arquiteturas de software que fornecem suporte à programação distribuída orientada a objetos, como CORBA, .NET e Java EE, gerou uma demanda por infra-estruturas de segurança eficientes, capazes de proteger os recursos dos sistemas de ataques maliciosos. Essa proteção começa pela identificação dos usuários que interagem com os sistemas, processo conhecido como autenticação. Entretanto, a autenticação por si só não é suficiente para garantir a segurança dos recursos, uma vez que a autenticação não determina quais ações os usuários estão autorizados a executar depois de autenticados. Em outras palavras, um mecanismo de autorização, que faz valer as políticas de controle de acesso aos recursos definidas pelos administradores de sistemas, se faz necessário. Neste trabalho estudamos mecanismos de controle de acesso baseado em papéis e a aplicabilidade dos certificados de atributos X.509 como estrutura de armazenamento desses papéis em um ambiente Java EE. Em particular, estendemos a infra-estrutura de segurança do servidor de aplicações JBoss, de modo que ela passasse a comportar os certificados de atributos X.509. Além disso, analisamos as vantagens e desvantagens do uso de tais certificados e avaliamos o desempenho da extensão desenvolvida em relação a outras alternativas que são oferecidas pelo JBoss para o armazenamento de papéis dos usuários.The popularization of software architectures that provide support for distributed object-oriented programming, like CORBA, .NET, and Java EE, revealed the need for efficient security infrastructures to protect the resources of enterprise systems from malicious attacks. This protection usually begins with the identification of the users that interact with the systems, a process known as authentication. However, authentication alone is not enough to guarantee the protection of the resources, as it cannot determine what actions a particular user is allowed to execute on a given resource. In other words, an authorization mechanism is needed in order to enforce the access control policies as defined by the system administrators. In this dissertation we studied role-based access control mechanisms and the use of X.509 attribute certificates as data structures that store the users roles in a Java EE environment. Particularly, we added X.509 attribute certificates support to the existing JBoss application server security infrastructure. Furthermore, we evaluated the pros and cons of using these certificates, and compared the performance of the developed extension to the performance of the existing solutions provided by JBoss to store the users roles.
34
Rhodes, Anthony William. "Distributed information systems security through extended role based access control." Thesis, Queensland University of Technology, 2002.
Find full text
35
Meluzín, Ivo. "Multiaplikační čipové karty." Master's thesis, Vysoké učení technické v Brně. Fakulta elektrotechniky a komunikačních technologií, 2011. http://www.nusl.cz/ntk/nusl-219350.
Full textAbstract:
The goal of the first part of the thesis is to describe the options of wide usage of chip cards in different segments of our life. Consequently it is necessary to mention hardware and software equipment of smart card, its communication with terminal and data security. In this thesis we focus on Java Card environment in which we will try to create two applications, one for electronic purse and the second for user identification. Basically, we need to mention multiapplicational rules of sharing data and objects. At the end of the thesis we are focusing on the possibility of mutual interference between the applications and on protection against attacks. Also future applications of this technology are described.
36
Guitart, Fernández Jordi. "Performance Improvement of Multithreaded Java Applications Execution on Multiprocessor Systems." Doctoral thesis, Universitat Politècnica de Catalunya, 2005. http://hdl.handle.net/10803/5989.
Full textAbstract:
El disseny del llenguatge Java, que inclou aspectes importants com són la seva portabilitat i neutralitat envers l'arquitectura, les seves capacitats multithreading, la seva familiaritat (degut a la seva semblança amb C/C++), la seva robustesa, les seves capacitats en seguretat i la seva naturalesa distribuïda, fan que sigui un llenguatge potencialment interessant per ser utilitzat en entorns paral·lels com són els entorns de computació d'altes prestacions (HPC), on les aplicacions poden treure profit del suport que ofereix Java a l'execució multithreaded per realitzar càlculs en paral·lel, o en entorns e-business, on els servidors Java multithreaded (que segueixen l'especificació J2EE) poden treure profit de les capacitats multithreading de Java per atendre de manera concurrent un gran nombre de peticions.No obstant, l'ús de Java per la programació paral·lela ha d'enfrontar-se a una sèrie de problemes que fàcilment poden neutralitzar el guany obtingut amb l'execució en paral·lel. El primer problema és el gran overhead provocat pel suport de threads de la JVM quan s'utilitzen threads per executar feina de gra fi, quan es crea un gran nombre de threads per suportar l'execució d'una aplicació o quan els threads interaccionen estretament mitjançant mecanismes de sincronització. El segon problema és la degradació en el rendiment produïda quan aquestes aplicacions multithreaded s'executen en sistemes paral·lels multiprogramats. La principal causa d'aquest problemes és la manca de comunicació entre l'entorn d'execució i les aplicacions, la qual pot induir a les aplicacions a fer un ús descoordinat dels recursos disponibles.
Aquesta tesi contribueix amb la definició d'un entorn per analitzar i comprendre el comportament de les aplicacions Java multithreaded. La contribució principal d'aquest entorn és que la informació de tots els nivells involucrats en l'execució (aplicació, servidor d'aplicacions, JVM i sistema operatiu) està correlada. Aquest fet és molt important per entendre com aquest tipus d'aplicacions es comporten quan s'executen en entorns que inclouen servidors i màquines virtuals, donat que l'origen dels problemes de rendiment es pot trobar en qualsevol d'aquests nivells o en la seva interacció.
Addicionalment, i basat en el coneixement adquirit mitjançant l'entorn d'anàlisis proposat, aquesta tesi contribueix amb mecanismes i polítiques de planificació orientats cap a l'execució eficient d'aplicacions Java multithreaded en sistemes multiprocessador considerant les interaccions i la coordinació dels mecanismes i les polítiques de planificació en els diferents nivells involucrats en l'execució. La idea bàsica consisteix en permetre la cooperació entre les aplicacions i l'entorn d'execució en la gestió de recursos establint una comunicació bi-direccional entre les aplicacions i el sistema. Per una banda, les aplicacions demanen a l'entorn d'execució la quantitat de recursos que necessiten. Per altra banda, l'entorn d'execució pot ser inquirit en qualsevol moment per les aplicacions ser informades sobre la seva assignació de recursos.
Aquesta tesi proposa que les aplicacions utilitzin la informació proporcionada per l'entorn d'execució per adaptar el seu comportament a la quantitat de recursos que tenen assignats (aplicacions auto-adaptables). Aquesta adaptació s'assoleix en aquesta tesi per entorns HPC per mitjà de la mal·leabilitat de les aplicacions, i per entorns e-business amb una proposta de control de congestió que fa control d'admissió basat en la diferenciació de connexions SSL per prevenir la degradació del rendiment i mantenir la Qualitat de Servei (QoS).
Els resultats de l'avaluació demostren que subministrar recursos de manera dinàmica a les aplicacions auto-adaptables en funció de la seva demanda millora el rendiment de les aplicacions Java multithreaded tant en entorns HPC com en entorns e-business. Mentre disposar d'aplicacions auto-adaptables evita la degradació del rendiment, el subministrament dinàmic de recursos permet satisfer els requeriments de les aplicacions en funció de la seva demanda i adaptar-se a la variabilitat de les seves necessitats de recursos. D'aquesta manera s'aconsegueix una millor utilització dels recursos donat que els recursos que no utilitza una aplicació determinada poden ser distribuïts entre les altres aplicacions.
The design of the Java language, which includes important aspects such as its portability and architecture neutrality, its multithreading facilities, its familiarity (due to its resemblance with C/C++), its robustness, its security capabilities and its distributed nature, makes it a potentially interesting language to be used in parallel environments such as high performance computing (HPC) environments, where applications can benefit from the Java multithreading support for performing parallel calculations, or e-business environments, where multithreaded Java application servers (i.e. following the J2EE specification) can take profit of Java multithreading facilities to handle concurrently a large number of requests.
However, the use of Java for parallel programming has to face a number of problems that can easily offset the gain due to parallel execution. The first problem is the large overhead incurred by the threading support available in the JVM when threads are used to execute fine-grained work, when a large number of threads are created to support the execution of the application or when threads closely interact through synchronization mechanisms. The second problem is the performance degradation occurred when these multithreaded applications are executed in multiprogrammed parallel systems. The main issue that causes these problems is the lack of communication between the execution environment and the applications, which can cause these applications to make an uncoordinated use of the available resources.
This thesis contributes with the definition of an environment to analyze and understand the behavior of multithreaded Java applications. The main contribution of this environment is that all levels in the execution (application, application server, JVM and operating system) are correlated. This is very important to understand how this kind of applications behaves when executed on environments that include servers and virtual machines, because the origin of performance problems can reside in any of these levels or in their interaction.
In addition, and based on the understanding gathered using the proposed analysis environment, this thesis contributes with scheduling mechanisms and policies oriented towards the efficient execution of multithreaded Java applications on multiprocessor systems considering the interactions and coordination between scheduling mechanisms and policies at the different levels involved in the execution. The basis idea consists of allowing the cooperation between the applications and the execution environment in the resource management by establishing a bi-directional communication path between the applications and the underlying system. On one side, the applications request to the execution environment the amount of resources they need. On the other side, the execution environment can be requested at any time by the applications to inform them about their resource assignments.
This thesis proposes that applications use the information provided by the execution environment to adapt their behavior to the amount of resources allocated to them (self-adaptive applications). This adaptation is accomplished in this thesis for HPC environments through the malleability of the applications, and for e-business environments with an overload control approach that performs admission control based on SSL connections differentiation for preventing throughput degradation and maintaining Quality of Service (QoS).
The evaluation results demonstrate that providing resources dynamically to self-adaptive applications on demand improves the performance of multithreaded Java applications as in HPC environments as in e-business environments. While having self-adaptive applications avoids performance degradation, dynamic provision of resources allows meeting the requirements of the applications on demand and adapting to their changing resource needs. In this way, better resource utilization is achieved because the resources not used by some application may be distributed among other applications.
37
Alshammari, Bandar M. "Quality metrics for assessing security-critical computer programs." Thesis, Queensland University of Technology, 2011. https://eprints.qut.edu.au/49780/1/Bandar_Alshammari_Thesis.pdf.
Full textAbstract:
Existing secure software development principles tend to focus on coding vulnerabilities, such as buffer or integer overflows, that apply to individual program statements, or issues associated with the run-time environment, such as component isolation. Here we instead consider software security from the perspective of potential information flow through a program’s object-oriented module structure. In particular, we define a set of quantifiable "security metrics" which allow programmers to quickly and easily assess the overall security of a given source code program or object-oriented design. Although measuring quality attributes of object-oriented programs for properties such as maintainability and performance has been well-covered in the literature, metrics which measure the quality of information security have received little attention. Moreover, existing securityrelevant metrics assess a system either at a very high level, i.e., the whole system, or at a fine level of granularity, i.e., with respect to individual statements. These approaches make it hard and expensive to recognise a secure system from an early stage of development. Instead, our security metrics are based on well-established compositional properties of object-oriented programs (i.e., data encapsulation, cohesion, coupling, composition, extensibility, inheritance and design size), combined with data flow analysis principles that trace potential information flow between high- and low-security system variables. We first define a set of metrics to assess the security quality of a given object-oriented system based on its design artifacts, allowing defects to be detected at an early stage of development. We then extend these metrics to produce a second set applicable to object-oriented program source code. The resulting metrics make it easy to compare the relative security of functionallyequivalent system designs or source code programs so that, for instance, the security of two different revisions of the same system can be compared directly. This capability is further used to study the impact of specific refactoring rules on system security more generally, at both the design and code levels. By measuring the relative security of various programs refactored using different rules, we thus provide guidelines for the safe application of refactoring steps to security-critical programs. Finally, to make it easy and efficient to measure a system design or program’s security, we have also developed a stand-alone software tool which automatically analyses and measures the security of UML designs and Java program code. The tool’s capabilities are demonstrated by applying it to a number of security-critical system designs and Java programs. Notably, the validity of the metrics is demonstrated empirically through measurements that confirm our expectation that program security typically improves as bugs are fixed, but worsens as new functionality is added.
38
Siti, Sugiah Mugniesyah. "Gender Relation in Land Ownership and Household Food Security: Case Study on Sundanese Rural Community in Kemang Village, West Java." Doctoral thesis, Kyoto University, 2019. http://hdl.handle.net/2433/242554.
Full text
39
SILVA, FILHO Paulo de Barros e. "Static analysis of implicit control flow: resolving Java reflection and Android intents." Universidade Federal de Pernambuco, 2016. https://repositorio.ufpe.br/handle/123456789/17637.
Full textAbstract:
Submitted by Fabio Sobreira Campos da Costa (fabio.sobreira@ufpe.br) on 2016-08-08T12:21:17Z
No. of bitstreams: 2
license_rdf: 1232 bytes, checksum: 66e71c371cc565284e70f40736c94386 (MD5)
2016-pbsf-msc.pdf: 596422 bytes, checksum: be9375166fe6e850180863e08b7997d8 (MD5)Made available in DSpace on 2016-08-08T12:21:17Z (GMT). No. of bitstreams: 2 license_rdf: 1232 bytes, checksum: 66e71c371cc565284e70f40736c94386 (MD5) 2016-pbsf-msc.pdf: 596422 bytes, checksum: be9375166fe6e850180863e08b7997d8 (MD5) Previous issue date: 2016-03-04
FACEPE
Implicit or indirect control flow allows a transfer of control to a procedure without having to call the procedure explicitly in the program. Implicit control flow is a staple design pattern that adds flexibility to system design. However, it is challenging for a static analysis to compute or verify properties about a system that uses implicit control flow. When a static analysis encounters a procedure call, the analysis usually approximates the call’s behavior by a summary, which conservatively generalizes the effects of any target of the call. In previous work, a static analysis that verifies security properties was developed for Android apps, but failed to achieve high precision in the presence of implicit control flow. This work presents static analyses for two types of implicit control flow that frequently appear in Android apps: Java reflection and Android intents. In our analyses, the summary of a method is the method’s signature. Our analyses help to resolve where control flows and what data is passed. This information improves the precision of downstream analyses, which no longer need to make conservative assumptions about implicit control flow, while maintaining the soundness. We have implemented our techniques for Java. We enhanced an existing security analysis with a more precise treatment of reflection and intents. In a case study involving ten real-world Android apps that use both intents and reflection, the precision of the security analysis was increased on average by two orders of magnitude. The precision of two other downstream analyses was also improved.
Fluxo de controle implícito, ou indireto, permite que haja uma transferência de controle para um procedimento sem que esse procedimento seja invocado de forma explícita pelo programa. Fluxo de controle implícito é um padrão de projeto comum e bastante utilizado na prática, que adiciona flexibilidade no design de um sistema. Porém, é um desafio para uma análise estática ter que computar e verificar propriedades sobre um sistema que usa fluxos de controle implícito. Quando uma análise estática encontra uma chamada a uma procedimento, geralmente a análise aproxima o comportamento da chamada de acordo com o sumário do método, generalizando de uma forma conservadora os efeitos da chamada ao procedimento. Em trabalho anterior, uma análise estática de segurança foi desenvolvida para aplicações Android, mas falhou em obter uma alta precisão na presença de fluxos de controle implícito. Este trabalho apresenta uma análise estática para dois tipos de fluxos de controle implícito que aparecem frequentemente em aplicações Android: Java reflection e Android intents. Nas nossas análises, o sumário de um método é a assinatura do método. Nossas análises ajudam a descobrir para onde o controle flui e que dados estão sendo passados. Essa informação melhora a precisão de outras análises estáticas, que não precisam mais tomar medidas conservadoras na presença de fluxo de controle implícito. Nós implementamos a nossa técnica em Java. Nós melhoramos uma análise de segurança existente através de um tratamento mais preciso em casos de reflection e intents. Em um estudo de caso envolvendo dez aplicações Android reais que usam reflection e intents, a precisão da análise de segurança aumentou em duas ordens de magnitude. A precisão de outras duas análises estáticas também foi melhorada.
40
Moyo, Thamsanqa. "An investigation into interoperable end-to-end mobile web service security." Thesis, Rhodes University, 2008. http://eprints.ru.ac.za/1137/.
Full text
41
Venelle, Benjamin. "Contrôle d'accès obligatoire pour systèmes à objets : défense en profondeur des objets Java." Thesis, Orléans, 2015. http://www.theses.fr/2015ORLE2023/document.
Full textAbstract:
Les systèmes à objets sont présents partout dans notre quotidien. Ainsi, une vulnérabilité dans ces systèmes compromet amplement la confidentialité ou l'intégrité. Par exemple, Java est un système à objets basé sur les classes qui a été la cible de nombreuses cyber-attaques entre 2012 et 2013 au point que le département de la sécurité intérieure des Etats-Unis recommande son abandon. Dans cette thèse nous proposons de limiter les relations entre objets au moyen d’un contrôle d’accès obligatoire. Pour cela nous définissons un modèle général de système à objets supportant notamment les langages objets et à prototypes. Puis nous formalisons les relations élémentaires que nous pouvons observer et donc contrôler. Celles-ci sont la référence, l’interaction et trois types de flux (d’activité, d’information, de données). Nous proposons également une logique basée sur des automates qui permet de calculer les privilèges de chaque objet. Ainsi, nous calculons dynamiquement la politique obligatoire nécessaire pour satisfaire les objectifs de sécurité exigés. Par là même, nous résolvons d’un seul coup le calcul des politiques obligatoires et le problème d’efficacité puisque la politique obligatoire se trouve réduite. L’expérimentation propose une application aux objectifs de sécurité JAAS existants dans Java. De fait, nous avons été capables d’empêcher les malwares Java correspondant à une année de vulnérabilités au moyen de l’outil d’exploitation MetasploitObjects based systems are presents everywhere in our life. When such a system presents vulnerabilities, confidentiality and integrity are thus widely compromised. For example, Java is an object language authorizing many cyber-attacks between 2012 and 2013 leading the US department of homeland security to recommend its abandon. This thesis proposes to limit the relations between the objects thanks to a mandatory access control. First, a general model of objects supporting objects and prototypes languages is defined. Second, the elementary relations are formalized in order to control them. Those relations include the reference, interaction and three types of flow (activity, information and data). Automata authorize a logic that enables to compute the required mandatory policy. At the same time, the computation of the MAC policy and the efficiency are solved since the policy is reduced. Experimentations use the JAAS security objectives existing in the Java language. Thus, one year of Java vulnerabilities is prevented thanks to the Metasploit framework
42
Hu, Christopher. "A study of the security implications involved with the use of executable World Wide Web content." Thesis, Edith Cowan University, Research Online, Perth, Western Australia, 2003. https://ro.ecu.edu.au/theses/1305.
Full textAbstract:
Malicious executable code is nothing new. While many consider that the concept of malicious code began in the 1980s when the first PC viruses began to emerge, the concept does in fact date back even earlier. Throughout the history of malicious code, methods of hostile code delivery have mirrored prevailing patterns of code distribution. In the 1980s, file infecting and boot sector viruses were common, mirroring the fact that during this time, executable code was commonly transferred via floppy disks. Since the 1990s email has been a major vector for malicious code attacks. Again, this mirrors the fact that during this period of time email has been a common means of sharing code and documents. This thesis examines another model of executable code distribution. It considers the security risks involved with the use of executable code embedded or attached to World Wide Web pages. In particular, two technologies are examined. Sun Microsystems' Java Programming Language and Microsoft's ActiveX Control Architecture are both technologies that can be used to connect executable program code to World Wide Web pages. This thesis examines the architectures on which these technologies are based, as well as the security and trust models that they implement. In doing so, this thesis aims to assess the level of risk posed by such technologies and to highlight similar risks that might occur with similar future technologies. ()_
43
Федотов, А. А. "Програмний сервіс автоматизації збору контенту з відкритих інтернет-джерел." Thesis, Чернігів, 2021. http://ir.stu.cn.ua/123456789/22477.
Full textAbstract:
Федотов, А. А. Програмний сервіз автоматизації збору контенту з відкритих інтернет-джерел : магістерська робота : 121 Інженерія програмного забезпечення / А. А. Федотов ; керівник роботи А. М. Акименко ; НУ «Чернігівська політехніка», кафедра інформаційних технологій програмного забезпечення. – Чернігів, 2021. – 71 с.Об'єктом розробки був веб-застосунок “Програмний сервіс автоматизації збору контенту з відкритих інтернет-джерел ”. Збір даних для подальшого аналізу або використання є актуальним завдання для різноманітних сфер діяльності людини. Таким чином, визначена мета даної кваліфікаційної роботи – створення парсеру для автоматизованого збору інформації з відкритих інтернет-джерел. Відповідно до поставленої мети в роботі вирішені наступні завдання: − ознайомлення з предметною областю; − проведення аналізу існуючих рішень; − створення архітектури веб-застосунку; − створення структури бази даних; − реалізація серверної частини веб-застосунку. Результати роботи викладені у вигляді рисунків та таблиць, що демонструють процес роботи системи. Система була розроблена за допомогою мови програмування Java та на базі фреймворків Spring Boot, Spring Data JPA. В якості реляційної бази даних було вибрано СУБД MySQL. Для тестування публічного REST API було використано Postman. Бізнес логіка була протестована за допомогою бібліотек JUnit та Mockito.Tomcat був використаний у якості веб-сервера. Система розроблялася в середовищі розробки IntelliJ IDEA. Можливий подальший розвиток веб-застосунку, шляхом вдосконалення існуючого або додавання нового функціоналу.
The object of development was the web application "Automated collection of information from open Internet sources". Collecting data for further analysis or use is an urgent task for various areas of human activity. Thus, the purpose of this qualification work is to create a parser for automated collection of information from open Internet sources. In accordance with the goal in the work the following tasks are solved: - acquaintance with the subject area; - analysis of existing solutions; - creating a web application architecture; - creating a database structure; - implementation of the server part of the web application; The results are presented in the form of figures and tables showing the process of the system. The system was developed using the Java programming language and based on Spring Boot and Spring Data JPA frameworks. MySQL database was chosen as a relational database. Postman was used to test the public REST API. Business logic was tested using the JUnit and Mockito libraries. Tomcat was used as a web server. The system was developed in the development environment of IntelliJ IDEA. It is possible to further develop the web application by improving the existing or adding new functionality.
44
Pohner, Martin. "Webová aplikace redakčního systému pro správu dokumentů." Master's thesis, Vysoké učení technické v Brně. Fakulta informačních technologií, 2013. http://www.nusl.cz/ntk/nusl-236373.
Full textAbstract:
The focus of this diploma thesis is a development of advanced web application for. The purpose of the application is extended .docx files management including import, editing, storage and creating new documents. The development comprises analysis, setting the requirements for the application, analysis of the Java Enterprise Edition and Office Open XML standard for the .docx file format. The thesis further deals with design, implementation and testing the application.
45
Hassanzadeh, Reza. "A secure framework and related protocols for ubiquitous access to electronic health records using Java sim cards." Thesis, Queensland University of Technology, 2010. https://eprints.qut.edu.au/37589/1/Reza_Hassanzadeh_Thesis.pdf.
Full textAbstract:
Ubiquitous access to patient medical records is an important aspect of caring for patient safety. Unavailability of sufficient medical information at the point-ofcare could possibly lead to a fatality. The U.S. Institute of Medicine has reported that between 44,000 and 98,000 people die each year due to medical errors, such as incorrect medication dosages, due to poor legibility in manual records, or delays in consolidating needed information to discern the proper intervention. In this research we propose employing emergent technologies such as Java SIM Cards (JSC), Smart Phones (SP), Next Generation Networks (NGN), Near Field Communications (NFC), Public Key Infrastructure (PKI), and Biometric Identification to develop a secure framework and related protocols for ubiquitous access to Electronic Health Records (EHR). A partial EHR contained within a JSC can be used at the point-of-care in order to help quick diagnosis of a patient’s problems. The full EHR can be accessed from an Electronic Health Records Centre (EHRC) when time and network availability permit. Moreover, this framework and related protocols enable patients to give their explicit consent to a doctor to access their personal medical data, by using their Smart Phone, when the doctor needs to see or update the patient’s medical information during an examination. Also our proposed solution would give the power to patients to modify the Access Control List (ACL) related to their EHRs and view their EHRs through their Smart Phone. Currently, very limited research has been done on using JSCs and similar technologies as a portable repository of EHRs or on the specific security issues that are likely to arise when JSCs are used with ubiquitous access to EHRs. Previous research is concerned with using Medicare cards, a kind of Smart Card, as a repository of medical information at the patient point-of-care. However, this imposes some limitations on the patient’s emergency medical care, including the inability to detect the patient’s location, to call and send information to an emergency room automatically, and to interact with the patient in order to get consent. The aim of our framework and related protocols is to overcome these limitations by taking advantage of the SIM card and the technologies mentioned above. Briefly, our framework and related protocols will offer the full benefits of accessing an up-to-date, precise, and comprehensive medical history of a patient, whilst its mobility will provide ubiquitous access to medical and patient information everywhere it is needed. The objective of our framework and related protocols is to automate interactions between patients, healthcare providers and insurance organisations, increase patient safety, improve quality of care, and reduce the costs.
46
Savary, Aymerick. "Détection de vulnérabilités appliquée à la vérification de code intermédiaire de Java Card." Thèse, Université de Sherbrooke, 2016. http://hdl.handle.net/11143/9584.
Full textAbstract:
La vérification de la résistance aux attaques des implémentations embarquées des vérifieurs de code intermédiaire Java Card est une tâche complexe. Les méthodes actuelles n'étant pas suffisamment efficaces, seule la génération de tests manuelle est possible. Pour automatiser ce processus, nous proposons une méthode appelée VTG (Vulnerability Test Generation, génération de tests de vulnérabilité). En se basant sur une représentation formelle des comportements fonctionnels du système sous test, un ensemble de tests d'intrusions est généré. Cette méthode s'inspire des techniques de mutation et de test à base de modèle. Dans un premier temps, le modèle est muté selon des règles que nous avons définies afin de représenter les potentielles attaques. Les tests sont ensuite extraits à partir des modèles mutants. Deux modèles Event-B ont été proposés. Le premier représente les contraintes structurelles des fichiers d'application Java Card. Le VTG permet en quelques secondes de générer des centaines de tests abstraits. Le second modèle est composé de 66 événements permettant de représenter 61 instructions Java Card. La mutation est effectuée en quelques secondes. L'extraction des tests permet de générer 223 tests en 45 min. Chaque test permet de vérifier une précondition ou une combinaison de préconditions d'une instruction. Cette méthode nous a permis de tester différents mécanismes d'implémentations de vérifieur de code intermédiaire Java Card. Bien que développée pour notre cas d'étude, la méthode proposée est générique et a été appliquée à d'autres cas d'études.
47
Scheffler, Thomas. "Privacy enforcement with data owner-defined policies." Phd thesis, Universität Potsdam, 2013. http://opus.kobv.de/ubp/volltexte/2013/6793/.
Full textAbstract:
This thesis proposes a privacy protection framework for the controlled distribution and use of personal private data. The framework is based on the idea that privacy policies can be set directly by the data owner and can be automatically enforced against the data user.
Data privacy continues to be a very important topic, as our dependency on electronic communication maintains its current growth, and private data is shared between multiple devices, users and locations. The growing amount and the ubiquitous availability of personal private data increases the likelihood of data misuse.
Early privacy protection techniques, such as anonymous email and payment systems have focused on data avoidance and anonymous use of services. They did not take into account that data sharing cannot be avoided when people participate in electronic communication scenarios that involve social interactions. This leads to a situation where data is shared widely and uncontrollably and in most cases the data owner has no control over further distribution and use of personal private data.
Previous efforts to integrate privacy awareness into data processing workflows have focused on the extension of existing access control frameworks with privacy aware functions or have analysed specific individual problems such as the expressiveness of policy languages. So far, very few implementations of integrated privacy protection mechanisms exist and can be studied to prove their effectiveness for privacy protection. Second level issues that stem from practical application of the implemented mechanisms, such as usability, life-time data management and changes in trustworthiness have received very little attention so far, mainly because they require actual implementations to be studied.
Most existing privacy protection schemes silently assume that it is the privilege of the data user to define the contract under which personal private data is released. Such an approach simplifies policy management and policy enforcement for the data user, but leaves the data owner with a binary decision to submit or withhold his or her personal data based on the provided policy.
We wanted to empower the data owner to express his or her privacy preferences through privacy policies that follow the so-called Owner-Retained Access Control (ORAC) model. ORAC has been proposed by McCollum, et al. as an alternate access control mechanism that leaves the authority over access decisions by the originator of the data.
The data owner is given control over the release policy for his or her personal data, and he or she can set permissions or restrictions according to individually perceived trust values. Such a policy needs to be expressed in a coherent way and must allow the deterministic policy evaluation by different entities.
The privacy policy also needs to be communicated from the data owner to the data user, so that it can be enforced. Data and policy are stored together as a Protected Data Object that follows the Sticky Policy paradigm as defined by Mont, et al. and others.
We developed a unique policy combination approach that takes usability aspects for the creation and maintenance of policies into consideration. Our privacy policy consists of three parts: A Default Policy provides basic privacy protection if no specific rules have been entered by the data owner. An Owner Policy part allows the customisation of the default policy by the data owner. And a so-called Safety Policy guarantees that the data owner cannot specify disadvantageous policies, which, for example, exclude him or her from further access to the private data. The combined evaluation of these three policy-parts yields the necessary access decision.
The automatic enforcement of privacy policies in our protection framework is supported by a reference monitor implementation. We started our work with the development of a client-side protection mechanism that allows the enforcement of data-use restrictions after private data has been released to the data user. The client-side enforcement component for data-use policies is based on a modified Java Security Framework. Privacy policies are translated into corresponding Java permissions that can be automatically enforced by the Java Security Manager.
When we later extended our work to implement server-side protection mechanisms, we found several drawbacks for the privacy enforcement through the Java Security Framework. We solved this problem by extending our reference monitor design to use Aspect-Oriented Programming (AOP) and the Java Reflection API to intercept data accesses in existing applications and provide a way to enforce data owner-defined privacy policies for business applications.Im Rahmen der Dissertation wurde ein Framework für die Durchsetzung von Richtlinien zum Schutz privater Daten geschaffen, welches darauf setzt, dass diese Richtlinien oder Policies direkt von den Eigentümern der Daten erstellt werden und automatisiert durchsetzbar sind. Der Schutz privater Daten ist ein sehr wichtiges Thema im Bereich der elektronischen Kommunikation, welches durch die fortschreitende Gerätevernetzung und die Verfügbarkeit und Nutzung privater Daten in Onlinediensten noch an Bedeutung gewinnt. In der Vergangenheit wurden verschiedene Techniken für den Schutz privater Daten entwickelt: so genannte Privacy Enhancing Technologies. Viele dieser Technologien arbeiten nach dem Prinzip der Datensparsamkeit und der Anonymisierung und stehen damit der modernen Netznutzung in Sozialen Medien entgegen. Das führt zu der Situation, dass private Daten umfassend verteilt und genutzt werden, ohne dass der Datenbesitzer gezielte Kontrolle über die Verteilung und Nutzung seiner privaten Daten ausüben kann. Existierende richtlinienbasiert Datenschutztechniken gehen in der Regel davon aus, dass der Nutzer und nicht der Eigentümer der Daten die Richtlinien für den Umgang mit privaten Daten vorgibt. Dieser Ansatz vereinfacht das Management und die Durchsetzung der Zugriffsbeschränkungen für den Datennutzer, lässt dem Datenbesitzer aber nur die Alternative den Richtlinien des Datennutzers zuzustimmen, oder keine Daten weiterzugeben. Es war daher unser Ansatz die Interessen des Datenbesitzers durch die Möglichkeit der Formulierung eigener Richtlinien zu stärken. Das dabei verwendete Modell zur Zugriffskontrolle wird auch als Owner-Retained Access Control (ORAC) bezeichnet und wurde 1990 von McCollum u.a. formuliert. Das Grundprinzip dieses Modells besteht darin, dass die Autorität über Zugriffsentscheidungen stets beim Urheber der Daten verbleibt. Aus diesem Ansatz ergeben sich zwei Herausforderungen. Zum einen muss der Besitzer der Daten, der Data Owner, in die Lage versetzt werden, aussagekräftige und korrekte Richtlinien für den Umgang mit seinen Daten formulieren zu können. Da es sich dabei um normale Computernutzer handelt, muss davon ausgegangen werden, dass diese Personen auch Fehler bei der Richtlinienerstellung machen. Wir haben dieses Problem dadurch gelöst, dass wir die Datenschutzrichtlinien in drei separate Bereiche mit unterschiedlicher Priorität aufteilen. Der Bereich mit der niedrigsten Priorität definiert grundlegende Schutzeigenschaften. Der Dateneigentümer kann diese Eigenschaften durch eigene Regeln mittlerer Priorität überschrieben. Darüber hinaus sorgt ein Bereich mit Sicherheitsrichtlinien hoher Priorität dafür, dass bestimmte Zugriffsrechte immer gewahrt bleiben. Die zweite Herausforderung besteht in der gezielten Kommunikation der Richtlinien und deren Durchsetzung gegenüber dem Datennutzer (auch als Data User bezeichnet). Um die Richtlinien dem Datennutzer bekannt zu machen, verwenden wir so genannte Sticky Policies. Das bedeutet, dass wir die Richtlinien über eine geeignete Kodierung an die zu schützenden Daten anhängen, so dass jederzeit darauf Bezug genommen werden kann und auch bei der Verteilung der Daten die Datenschutzanforderungen der Besitzer erhalten bleiben. Für die Durchsetzung der Richtlinien auf dem System des Datennutzers haben wir zwei verschiedene Ansätze entwickelt. Wir haben einen so genannten Reference Monitor entwickelt, welcher jeglichen Zugriff auf die privaten Daten kontrolliert und anhand der in der Sticky Policy gespeicherten Regeln entscheidet, ob der Datennutzer den Zugriff auf diese Daten erhält oder nicht. Dieser Reference Monitor wurde zum einen als Client-seitigen Lösung implementiert, die auf dem Sicherheitskonzept der Programmiersprache Java aufsetzt. Zum anderen wurde auch eine Lösung für Server entwickelt, welche mit Hilfe der Aspekt-orientierten Programmierung den Zugriff auf bestimmte Methoden eines Programms kontrollieren kann. In dem Client-seitigen Referenzmonitor werden Privacy Policies in Java Permissions übersetzt und automatisiert durch den Java Security Manager gegenüber beliebigen Applikationen durchgesetzt. Da dieser Ansatz beim Zugriff auf Daten mit anderer Privacy Policy den Neustart der Applikation erfordert, wurde für den Server-seitigen Referenzmonitor ein anderer Ansatz gewählt. Mit Hilfe der Java Reflection API und Methoden der Aspektorientierten Programmierung gelang es Datenzugriffe in existierenden Applikationen abzufangen und erst nach Prüfung der Datenschutzrichtlinie den Zugriff zuzulassen oder zu verbieten. Beide Lösungen wurden auf ihre Leistungsfähigkeit getestet und stellen eine Erweiterung der bisher bekannten Techniken zum Schutz privater Daten dar.
48
Bjurling, Patrik. "Design and Implementation of a Secure In-app Credit Card Payment System." Thesis, Linköpings universitet, Institutionen för datavetenskap, 2014. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-112745.
Full textAbstract:
Smartphones are often used in order to make purchases today and mobile payments are estimated to continue growing in numbers the following years. This makes mobile payment systems attractive to companies as a new business platform. It also increases the number of malicious users trying to exploit the systems for financial gain. This thesis is conducted for the company TaxiCaller which desires to integrate mobile payments into their existing service. It discusses the current security standards for mobile payments and evaluates existing mobile payment solutions. The focus of the evaluation is on the security of the solutions and vulnerabilities, as well as mitigations of identified vulnerabilities, are discussed. Based on the evaluation, a mobile payment solution is designed and implemented. This system fully integrates with TaxiCaller’s existing system. A threat analysis of the implemented mobile payment solution is performed to provide confidence in the security. This thesis also provides an insight into the ecosystem of mobile payments including the stakeholders, the regulations, the security standards and difficulties during implementations.
49
Yi, Lirong. "Evaluation and Implementation of a Secure Zero Configuration IoT System." Thesis, Mittuniversitetet, Avdelningen för informationssystem och -teknologi, 2017. http://urn.kb.se/resolve?urn=urn:nbn:se:miun:diva-31480.
Full textAbstract:
The Internet of Things (IoT) comprises a large number of heterogeneous devices. It is forecasted that up to 50 billion devices will be connected to the Internet by 2020. All of them have to be configured. Due to the heterogeneity of devices and the enormous increasing number of devices, manual configuration becomes more and more complex and inefficient. Zero configuration is put forward to solve this problem, which makes device configured automatically without additional manual involvement. Besides that, there are many security threats we want to avoid in the future. These security problems include unauthenticated nodes accessing to IoT data, denial of service, lack of confidentiality, malicious attack from hackers and so on. This paper studies the characteristics of IoT firstly and then highlights the implementation of zero configuration and security to IoT. This paper describes the underlying features of zero configuration and primary requirements of security, as well as finds some related mature technologies, based on that proposes a concise solution – combining the Bonjour and many security approaches for implementation of a secure zero IoT system. In addition, this solution is implemented in a small environment scenario of IoT, a smart home. All the programs are in Java language. Evaluation and conclusion are done in final phase.
50
Firouzi, Abdul Rahman. "Workshop webbapplikation : Utveckling av Webbtjänst för pluggstugan vid KTH ICT." Thesis, KTH, Skolan för informations- och kommunikationsteknik (ICT), 2014. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-177036.
Full textAbstract:
Kungliga Tekniska Högskolan har för en tid sedan anordnat så kallade ”workshops” för att hjälpa studenter med sina studier. Dessa workshops ger studenterna tillfälle att få hjälp av assistenter. Syftet med detta projekt är därför att göra administrationen för workshopstillfällena så effektiv och smidig som möjligt.För att uppnå detta syfte har en webbapplikation konstruerats i utvecklingsmiljön Netbeans och är baserad på en treskiktsarkitektur. Detta har genomförts med hjälp av utvecklingsmetoden Scrum och programmeringsspråket Java. Stor vikt har lagts på att skapa en modulär applikation med fokus på hållbar utveckling.Resultatet har blivit en webbapplikation som kan nås via mobila enheter, surfplattor och stationära enheter. Den har prestandatestats och är därmed redo för att testas för en utvärdering av dess effektivitet och inverkan på workshopverksamheten.The Royal Institute of Technology has recently arranged so-called "workshops" to help students with their studies. These workshops give students the opportunity to receive help from assistants. The purpose of this project is to make the administration of the workshop sessions as efficient and seamless as possible.To achieve this purpose, a web application has been designed in Netbeans the development environment and is based on three-layer architecture. This has been implemented using the Scrum development methodology and the Java programming language. Great emphasis was placed on creating a modular application with focus on sustainable development.The result is a web application that can be accessed via mobile devices, tablets, and stationary units. Its performance has been tested and the web application is thus ready to be tested in order to evaluate its effectiveness and impact on the workshop activities.