Global ETD Search

101	A pattern-driven and model-based vulnerability testing for Web applications / Une approche à base de modèles et de patterns pour le test de vulnérabilités d'applications Web Vernotte, Alexandre 29 October 2015 (has links) Cette thèse propose une approche originale de test de vulnérabilité Web à partir de modèles etdirigée par des patterns de tests, nommée PMVT. Son objectif est d’améliorer la capacité de détectionde quatre types de vulnérabilité majeurs, Cross-Site Scripting, Injections SQL, Cross-Site RequestForgery, et Privilege Escalation. PMVT repose sur l’utilisation d’un modèle comportemental del’application Web, capturant ses aspects fonctionnels, et sur un ensemble de patterns de test devulnérabilité qui adressent un type de vulnérabilité de manière générique, quelque soit le type del’application Web sous test.Par l’adaptation de technologies MBT existantes, nous avons développé une chaîne outillée complèteautomatisant la détection des quatre types de vulnérabilité. Ce prototype a été exprimenté et évaluésur deux applications réelles, actuellement utiliseés par plusieurs dizaines de milliers d’utilisateurs.Les résultats d’expérimentation démontrent la pertinence et de l’efficience de PMVT, notamment enaméliorant de façon significative la capacité de détection de vulnérabilités vis à vis des scannersautomatiques d’applications Web existants. / This thesis proposes an original approach, dubbed PMVT for Pattern-driven and Model-basedVulnerability Testing, which aims to improve the capability for detecting four high-profile vulnerabilitytypes, Cross-Site Scripting, SQL Injections, CSRF and Privilege Escalations, and reduce falsepositives and false negatives verdicts. PMVT relies on the use of a behavioral model of theapplication, capturing its functional aspects, and a set of vulnerability test patterns that addressvulnerabilities in a generic way. By adapting existing MBT technologies, an integrated toolchain that supports PMVT automates thedetection of the four vulnerability types in Web applications. This prototype has been experimentedand evaluated on two real-life Web applications that are currently used by tens of thousandsusers. Experiments have highlighted the effectiveness and efficiency of PMVT and shown astrong improvement of vulnerability detection capabilities w.r.t. available automated Web applicationscanners for these kind of vulnerabilities. Test de Vulnérabilité Test à partir de Modèles Patterns de Test de Vulnérabilité Applications Web Cross-Site Scripting Injections SQL Cross-Site Request Forgery Privilege Escalation Vulnerability Testing Model-Based Testing Vulnerability Test Patterns Web applications Cross- Site Scripting SQL Injections Cross-Site Request Forgery Privilege Escalation 004.678
102	Influence of geometry and placement configuration on side forces in compression springs Rahul Deshmukh (7847843) 12 November 2019 (has links) <div>A leading cause of premature failure and excessive wear and tear in mechanical components that rely on compression springs for their operation is the development of unwanted side forces when the spring is compressed.</div><div>These side forces are usually around 10% - 20% of the magnitude of the axial load and point in different directions in the plane perpendicular to the axis of the spring.</div><div>The magnitude and direction of the resultant of side forces varies very non-linearly and unpredictably even though the axial force behavior of the spring is very consistent and predictable.</div><div>Since these side forces have to be resisted by the housing components that hold the spring in place, it is difficult to design these components for optimal operation.</div><div><br></div><div>The hypothesis of this study is that side forces are highly sensitive to small changes in spring geometry and its placement configuration in the housing. <br></div><div><div>Several experiments are conducted to measure the axial and side forces in barrel springs and two different types of finite element models are developed and calibrated to model the spring behavior. </div><div>Spring geometry and placement are parameterized using several control variables and an approach based on design of experiments is used to identify the critical parameters that control the behavior of side-forces. </div><div>The models resulted in deeper insight into the development of side forces as the spring is progressively loaded and how its contact interactions with the housing lead to changes in the side force.</div><div>It was found that side-forces are indeed sensitive to variations in spring geometry and placement.</div><div>These sensitivities are quantified to enable designers to and manufacturers of such springs to gain more control of side force variations between different spring specimens.</div></div> Mechanical Engineering Mechanics Solid Mechanics Theoretical and Applied Mechanics Side-force Barrel Spring Helical Spring Non linear mechanics Contact ABAQUS python scripting geometric optimization sensitivity analysis Design of Experiments parameter variation study FEA CAD
103	T2/ediT2 : un modèle / système flexible et facile à utiliser pour l'édition et mise en oeuvre de scénarios d'apprentissage / T2/ediT2 : a flexible and easy-to-use model/system for editing and operationalizing learning scenarios Sobreira, Péricles de Lima 26 June 2014 (has links) La question générale envisagée dans cette recherche est le développement d'une représentation de scénarios d'apprentissage adaptable et facile à utiliser sous la forme d'une table (considéré comme un artefact de facile manipulation par les enseignants), associée à un modèle informatique sous la forme d'en arbre (comme un moyen d'intégrer des services avancés). Cette représentation permet à des enseignants sans entraînement méthodologique et ayant des compétences technologiques de base d'éditer et mettre en œuvre des scénarios d'apprentissage à partir d'une interface graphique intuitive et flexible. Bien que cette thèse soit centrée sur des scénarios collaboratifs, l'approche basée sur un modèle table-arbre (nommé T2) que nous proposons présente un intérêt plus général. Dans une première phase, nous avons développé à partir de ce modèle un éditeur de scénarios d'apprentissage (nommé ediT2) proposant des notions de modélisation utilisées dans les scénarios collaboratifs. Dans une seconde phase, nous avons considéré des questions de généralisation à travers l'extension de l'implémentation initiale, de telle manière à permettre aux utilisateurs d'éditer les notions et leurs attributs. Nous avons examiné à travers des études et expériences comment des enseignants ont utilisé notre proposition en tenant en compte comme objectifs/critères d'évaluation: (1) son expressivité pédagogique, i.e., si des éditeurs basés sur tables peuvent représenter une large gamme de scénarios d'apprentissage ; (2) sa facilité et son intuitivité ; (3) son expressivité informatique, i.e., si l'approche permet l'implémentation de services demandant des manipulations informatiques complexes ; et (4) sa flexibilité informatique, i.e., s'il est facile d'adapter l'éditeur à des besoins locaux. / The general issue considered in this research is the development of an adaptable and easy-to-use representation of learning scenarios in the form of a table (considered as an artefact of easy manipulation by teachers) associated with a computational model as a tree (as a way to integrate advanced services). In this way, teachers with basic technological skills and without methodological training can edit and operationalize learning scenarios from flexible and friendly graphical interfaces. Although this thesis has its focus on CSCL scripts, the table-tree-based approach (named T2) presents a more general interest. In a first moment, we implemented from this model a learning scenario editor (named ediT2) using notions from CSCL scripts. In a second moment, we considered generalization issues through the extension of the initial implementation, in order to allow teachers to edit their own notions and respective attributes. We investigated from different studies and experiments how teachers used our proposal considering as objectives/evaluation criteria the following features: (1) pedagogical expressiveness (can table-based editors represent a wide range of learning scenarios?); (2) usability (do teachers find the editor easy to use and intuitive?); (3) computational expressiveness (does the approach allow implementation of advanced services?), and; (4) computational flexibility (is the editor easy to adapt to local needs?). Scénarisation Langage de Modélisation Technology Enhanced Learning Scripting Educational Modeling Language 004
104	Soubor laboratorních úloh k demonstraci počítačových útoků / Collection of laboratory works for demonstration of computer attacks Plašil, Matouš January 2015 (has links) Diploma thesis describes published attacks on computers and computer networks. Principles of footprinting such as availability check, OS detection, port scanning were described. Next part explains attacks on confidentiality, integrity and availability. In the practical part were created four laboratory tasks and a virtual environment which allowed testing of ARP spoofing, DNS spoofing, SSL strip, Cross-site scripting, SQL injection, flooding attacks (TCP, ICMP, UDP), TCP reset and attack on operating system using backdoor with Metasploit framework. In practical part were also created video samples with attacks and documentation for teachers.
105	Development of Enhanced User Interaction and User Experience for Supporting Serious Role-Playing Games in a Healthcare Setting Alow, Mark Lee January 2022 (has links) No description available. Computer Engineering Computer Science Social Determinants of Health Serious Games Mobile Applications User Experience Design Unity Engine Form Validation C# Scripting Reducing Bias Eliminating Bias in Healthcare Setting UX for Bias Elimination Graphic Design Unity Interface Unity Scene Creation Cross-Platform Design
106	Evaluating the efficiency of general purpose and specialized game engines for 2D games Thomas Michael Brogan III (18429519) 24 April 2024 (has links) <p dir="ltr">In the ever-changing landscape of game development, the choice of game engine plays a critical role in deciding the efficiency and performance of a game. This research paper presents a comparative analysis of the performance benchmarks of large general purpose game engines, specifically Unreal Engine 5, Unity, and Godot, versus small genre-specific engines in the context of a simple 2D projectile dodging game. The study focuses on two-dimensional games, which are particularly popular with small studios and indie developers. All three general purpose engines evaluated claim to support building both 2D and 3D applications, however since 2D game logic tends to be smaller scoped and more compact such games are impacted greater by any overhead and bloat the engine introduces, which this research paper intends to evaluate. A series of controlled experiments are conducted to assess each engine's performance in processor utilization, power consumption, memory usage and storage space requirements.</p> Computer graphics Entertainment and gaming game engines Unity3D Unreal Engine Godot In-house game engine Custom game engine performance comparison game engine overhead 2D games small games software overhead overhead Software Bloat Entity Component System Game Scripting Langauge
107	Implementation of data-collection tools using NetFlow for statistical analysis at the ISP level / Implementation av datainsamlingsverktyg med NetFlow på ISP-nivå för statistisk analys av datatrafik Karlström, Daniel January 2012 (has links) Defending against Dos- and DDoS attacks is difficult to accomplish; finding and filtering out illegitimate traffic from the legitimate flow is near impossible. Taking steps to mitigate or even block the traffic can only be done once the IP addresses of the attackers are known. This is achievable by monitoring the flows to- and from the target and identifying the attacker's IP addresses, allowing the company or their ISP to block the addresses itself by blackholing them (also known as a null route). Using the IP accounting and monitoring tool “pmacct”, this thesis aims to investigate whether or not the pmacct suite is suited for larger installations when tracking and mitigating DDoS-attacks, such at an Internet Service Provider (ISP). Potential problems are the amount of traffic that need to be analyzed and the computational power required to do it. This thesis also provide information about the pmacct suite at large. The conclusions are positive, indicating it does scale up to handle larger installations when given careful consideration and planning. / Att försvara sig mot DoS-och DDoS-attacker är svårt att åstadkomma; att hitta och filtrera ut illegitim trafik från det legitima flödet är nästan omöjligt. Att vidta åtgärder när en sådan attack upptäcks kan endast göras när IP-adresserna från angriparna är kända. Detta kan uppnås genom att man övervakar trafikflödet mellan målet för attacken och angriparna och ser vilka som sänder mest data och på så sätt identifierar angriparna.. Detta tillåter företaget eller dess ISP att blockera trafiken ifrån dessa IP-adresser genom att sända trafiken vidare till ingenstans. Detta kallas blackhole-routing eller null-routing. Genom att använda redovisnings- och övervakningsprogrammet pmacct syftar denna uppsats på att undersöka hurvida pmacct-sviten är lämpad för större installationer när det gäller att spåra och förhindra DDoS-attacker, såsom hos en Internetleverantör eller dylikt. Potentialla problem som kan uppstå är att mängden trafik som måste analyserar blir för stor och för krävande. Denna avhandling går även igenom pmacct-verktyget i sig. Slutsatserna är lovande, vilket indikerar att den har potential av att kunna hantera sådana stora miljöer med noggrann planering. pmacct statistical analysis bgp peer peering routing route quagga virtual router virtual router linux graph graphing mrtg database mysql script scripting python bash libpcap mdh data collection data collection collecting ISP internet service provider DoS DDoS attack pmacct statistisk analys bgp peer peering peera routing route quagga virtuell router virtuell router linux graf grafa mrtg databas mysql script scripting python bash libpcap mdh datainsamling insamling data ISP internetleverantör DoS DDoS attack Computer Engineering Datorteknik
108	運用使用者輸入欄位屬性偵測防禦資料隱碼攻擊 / Preventing SQL Injection Attacks Using the Field Attributes of User Input 賴淑美, Lai, Shu Mei Unknown Date (has links) 在網路的應用蓬勃發展與上網使用人口不斷遞增的情況之下，透過網路提供客戶服務及從事商業行為已經是趨勢與熱潮，而伴隨而來的風險也逐步顯現。在一個無國界的網路世界，威脅來自四面八方，隨著科技進步，攻擊手法也隨之加速且廣泛。網頁攻擊防範作法的演進似乎也只能一直追隨著攻擊手法而不斷改進。但最根本的方法應為回歸原始的程式設計，網頁欄位輸入資料的檢核。確實做好欄位內容檢核並遵守網頁安全設計原則，嚴謹的資料庫存取授權才能安心杜絕不斷變化的攻擊。但因既有系統對於輸入欄位內容，並無確切根據應輸入的欄位長度及屬性或是特殊表示式進行檢核，以致造成類似Injection Flaws[1]及部分XSS（Cross Site Scripting）[2]攻擊的形成。面對不斷變化的網站攻擊，大都以系統原始碼重覆修改、透過滲透測試服務檢視漏洞及購買偵測防禦設備防堵威脅。因原始碼重覆修改工作繁重，滲透測試也不能經常施行，購買偵測防禦設備也相當昂貴。本研究回歸網頁資料輸入檢核，根據輸入資料的長度及屬性或是特殊的表示式進行檢核，若能堅守此項原則應可抵禦大部分的攻擊。但因既有系統程式龐大，若要重新檢視所有輸入欄位屬性及進行修改恐為曠日費時。本文中研究以側錄分析、資料庫SCHEMA的結合及方便的欄位屬性定義等功能，自動化的處理流程，快速產生輸入欄位的檢核依據。再以網站動態欄位檢核的方式，於網站接收使用者需求，且應用程式尚未處理前攔截網頁輸入資料，根據事先明確定義的網站欄位屬性及長度進行資料檢核，如此既有系統即無須修改，能在最低的成本下達到有效防禦的目的。 / With the dynamic development of network application and the increasing population of using internet, providing customer service and making business through network has been a prevalent trend recently. However, the risk appears with this trend. In a borderless net world, threaten comes from all directions. With the progress of information technology, the technique of network attack becomes timeless and widespread. It seems that defense methods have to develop against these attack techniques. But the root of all should regress on the original program design – check the input data of data fields. The prevention of unceasing network attack is precisely check the content of data field and adhere to the webpage security design on principle, furthermore, the authority to access database is essential. Since most existing systems do not have exactly checkpoints of those data fields such as the length, the data type, and the data format, as a result, those conditions resulted in several network attacks like Injection Flaws and XSS. In response to various website attack constantly, the majority remodify the system source code, inspect vulnerabilities by the service of penetration test, and purchase the equipment of Intrusion Prevention Systems(IPS). However, several limitations influence the performance, such as the massive workload of remodify source code, the difficulty to implement the daily penetration test, and the costly expenses of IPS equipment. The fundamental method of this research is to check the input data of data fields which bases on the length, the data type and the data format to check input data. The hypothesis is that to implement the original design principle should prevent most website attacks. Unfortunately, most legacy system programs are massive and numerous. It is time-consuming to review and remodify all the data fields. This research investigates the analysis of network interception, integrates with the database schema and the easy-defined data type, to automatically process these procedures and rapidly generates the checklist of input data. Then, using the method of website dynamic captures technique to receive user request first and webpage input data before the system application commences to process it. According to those input data can be checked by the predefined data filed type and the length, there is no necessary to modify existing systems and can achieve the goal to prevent web attack with the minimum cost. 跨站腳本攻擊注入弱點網站攻擊動態攔截檢核檢查網頁輸入資料 Injection Flaws Cross Site Scripting website attack website dynamic captures technique check the input data of data fields
109	Generating Procedural Environments using Masks : Layered Image Document to Real-time environment Eldstål, Emil January 2019 (has links) This paper will explore the possibilities of using an automated self-made procedural tool to create real-time environments based on simple image masks. The purpose of this is to enable a concept artist or level designer to quickly get out results in a game engine and to be able to explore ideas. The goal of this thesis was to better understand how you can break down simple ideas and shapes into more complex details and assets. In the first part of this thesis, I go over the traditional workflow of creating a real-time environment. I then go on and break down my tool, what it does and how it works. I start off with a Photoshop file, make tools in Houdini and then utilize those in Unreal for the end result. I also argument about the time-saving possibilities with these tools. From the work, I draw the conclusion that these kinds of tools save a lot of time for repeating tasks and the creation of similar environments. Unreal Engine Unreal rural area rural procedural 8k game-engine game environment environment real-time environment substance painter substance designer houdini sidefx houdini epic games unreal engine 4.22 real-time realtime terrain roads cars animation animals farm farms farm area editor scripting editor scripts forest forests forest area sweden norwegian skog Design Design Visual Arts Bildkonst
110	Evaluierung von AJAX-basierten frameworks für das Web 2.0 Langer, André 20 April 2007 (has links) (PDF) „Remote Scripting“-Anwendungen erleben seit einigen Jahren einen regelrechten Anfrageboom. Während aus usability-Sicht bisher eine strikte Unterscheidung zwischen Desktop-Anwendungen und Webapplikationen herrschte, finden sich seit einiger Zeit zunehmend Angebote im World Wide Web, die diese strikte Trennung verwischen lassen. Interaktive Nutzerdialoge, nebenläufige Prozessabarbeitung und visuelle Unterstützungsmittel wie Drag & Drop- Effekte halten auf Webseiten Einzug, die dem Nutzer bisher nur aus eigenständigen Softwareprodukten in einer spezifischen Betriebssystemumgebung bekannt waren. Viele dieser neuen Anwendungs- und Interaktionsmöglichkeiten im weltweiten Datennetz werden inzwischen unter dem Oberbegriff Web 2.0 zusammengefasst. Für den Nutzer bringt dieser neue Entwicklungstrend viele Vorteile: Ansprechende, intuitive Nutzerführungen ohne die Notwendigkeit, eine ganze Internetseite bei jedem Interaktionsschritt neu zu laden und ohne bemerkbaren zeitlichen Overhead. Was für den Nutzer Erleichterung bringen soll, bedeutet häufig für einen Programmierer zunächst Mehraufwand. Eine Technik zur Realisierung solcher so genannten Rich Internet Applications, die sich in den letzten beiden Jahren immer mehr in den Vordergrund gedrängt hat, wird unter der Bezeichnung AJAX zusammengefasst. Einen einheitlichen Standard gibt es dabei nicht, sodass fast täglich neue AJAX-basierte frameworks veröffentlicht werden, die dem Programmierer (wenigstens einen Teil der) Komplexität der Programmflusssteuerung abnehmen sollen. Aufgabe der Studienarbeit soll es daher sein, das inzwischen unüberschaubar gewordene Angebot an AJAX frameworks zu systematisieren und einen Überblick über Vor- und Nachteile ausgewählter Programmbibliotheken zu geben. Dafür ist ein Kriterienkatalog zu erarbeiten, der eine Bewertung der verschiedenen frameworks nach unterschiedlichen Gesichtspunkten ermöglicht. Besonderer Schwerpunkt ist dabei auf Kriterien aus Programmierersicht (Sprachunabhängigkeit, Overhead, Implementierungsmöglichkeiten,…) und Anwendersicht (Plattformanforderungen, Einarbeitungszeit, Ergebnisqualität, …) zu legen. Auf den Kriterienkatalog ist anschließend eine Auswahl an bereits existierenden, frei verfügbaren AJAX frameworks anzuwenden, die als zukünftig relevant eingeschätzt werden. Die Ergebnisse sind abschließend in einer Gesamtübersicht zu präsentieren, die eine objektive Empfehlung für Nutzer darstellen soll, die vor der Wahl stehen, welche AJAX Programmbibliothek sie zukünftig einsetzen sollten. Remote Scripting XHR XMLHttpRequest ddc:000 ddc:004 Ajax <Informatik> DOM <Programmierumgebung> Dynamic HTML Evaluation Framework <Informatik> Java JavaScript Microsoft dot net PHP Perl Python <Programmiersprache> RPC Rich Internet Application World Wide Web 2.0 XML

Search results