Global ETD Search

91	Assessing security in software product lines; a maintenance analysis SILVEIRA NETO, Paulo Anselmo da Mota 02 June 2017 (has links) Defesa ocorreu em 02/06/2017, conforme Ata de Defesa e Folha de Aprovação, apesar da folha de aprovação, no PDF, informar data de defesa 02/06/2016. / Submitted by Pedro Barros (pedro.silvabarros@ufpe.br) on 2018-09-20T21:37:22Z No. of bitstreams: 2 license_rdf: 811 bytes, checksum: e39d27027a6cc9cb039ad269a5db8e34 (MD5) TESE Paulo Anselmo da Mota Silveira Neto.pdf: 3741891 bytes, checksum: 72e8a5faecf15c78927de18c6d7e0687 (MD5) / Approved for entry into archive by Alice Araujo (alice.caraujo@ufpe.br) on 2018-09-26T18:31:38Z (GMT) No. of bitstreams: 2 license_rdf: 811 bytes, checksum: e39d27027a6cc9cb039ad269a5db8e34 (MD5) TESE Paulo Anselmo da Mota Silveira Neto.pdf: 3741891 bytes, checksum: 72e8a5faecf15c78927de18c6d7e0687 (MD5) / Made available in DSpace on 2018-09-26T18:31:38Z (GMT). No. of bitstreams: 2 license_rdf: 811 bytes, checksum: e39d27027a6cc9cb039ad269a5db8e34 (MD5) TESE Paulo Anselmo da Mota Silveira Neto.pdf: 3741891 bytes, checksum: 72e8a5faecf15c78927de18c6d7e0687 (MD5) Previous issue date: 2017-06-02 / CNPq / Different terms such as "the real-time enterprise", "software infrastructures", "service oriented architectures" and "composite software applications" have gained importance in industry. It brings us the need of information systems that support cross-application integration, cross-company transactions and end-user access through a range of channels, including the Internet. In this context, Software Product Line (SPL) Engineering has gained importance by product oriented companies, as a strategy to cope with the increasing demand of large-scale product customization, providing an effective and efficient ways of improving productivity, software quality, and time-to-market. These benefits combined with the need of most applications interact with other applications, and the internet access makes critical assets vulnerable to many threats. For most of the product oriented companies, security requirements are likely to be as varied as for any other quality. Thus, it is important to supply variants of the same product to satisfy different needs. Owing to its variability management capabilities, software product line architectures can satisfy these requirements if carefully designed the resulting system has a better chance of meeting its expectations. All these requirements should be achieved at early design phases. Otherwise the cost to design a secure architecture will increase, which could worsen in SPL context, due to its complexity. In this context, this thesis evaluates different techniques to implement security tactics for the purpose of assessing conditional compilation and aspect-oriented programming as variability mechanisms concerning maintainability by accessing code size, separation of concerns, coupling and cohesion from software architects in the context of Software Product Lines projects. Hence, to better support SPL architects during design decisions, a family of experiments using three different testbeds was performed to analyze different security techniques regarding to maintainability. We have found that for most of the techniques conditional compilation had a smaller amount of lines of code when compared with Aspect Oriented Programming. The separation of concerns attribute had the low impact on maintainability when implemented with aspect-oriented programming. The analysis also showed that detect attack techniques are less costly than resist attack techniques. The results are useful for both researchers and practitioners. On the one hand, researchers can identify useful research directions and get guidance on how the security techniques impact on maintainability. On the other hand, practitioners can benefit from this thesis by identifying the less costly variability implementation mechanism, as well as, learning concrete techniques to implement security tactics at the code level. / Diferentes termos como “empresa em tempo real”, “infraestrutura de software”, “arquiteturas orientadas a serviço” e “aplicações de software” tem ganhado importância na indústria. Isso requer sistemas de informação que suportem a integração com outras aplicações, transações entre empresas e acesso ao usuário final por uma variedade de canais, incluindo internet. Nesse contexto, Linha de Produto de Software (LPS) tem ganhado importância por empresas orientadas a produtos de software, como uma estratégia para lidar com a crescente demanda de personalização de produtos em grande escala, proporcionando uma forma eficaz e eficiente de melhorar a produtividade, a qualidade do software e o tempo de lançamento para o mercado. Esses benefícios combinados com a necessidade da maioria dos aplicativos precisarem interagir com outras aplicações e o acesso à Internet tornam essas aplicações vulneráveis a muitas ameaças. Para a maioria das empresas orientadas à produto, os requisitos de segurança podem variar assim como outro atributo de qualidade do software. Assim, é importante fornecer variantes do mesmo produto para satisfazer diferentes necessidades. Devido às suas capacidades de gerenciamento de variabilidade, arquiteturas de linha de produtos têm a capacidade de satisfazer esses requisitos, se cuidadosamente projetada o sistema resultante terá uma melhor chance de satisfazer as expectativas. Todos esses requisitos devem ser alcançados nas primeiras fases do projeto, caso contrário, o custo para projetar uma arquitetura segura aumentará, o que poderia piorar no contexto SPL, devido à sua natureza complexa. Assim, para melhor apoiar os arquitetos durante as decisões de projeto. Uma família de experimentos utilizando três SPLs distintas foram utilizadas para analisar diferentes técnicas de segurança, implementadas usando compilação condicional (CC) e programação orientada a aspectos (AOP). Essa avaliação teve como objetivo analisar as técnicas e mecanismos em relação a: tamanho, “separation of concerns”, coesão e acoplamento. O resultado nos mostra que para a maioria das técnicas quando implementadas com compilação condicional apresentavam uma menor quantidade de código quando comparadas com AOP. O atributo de “separation of concerns” teve menor impacto na manutenção quando implementado com programação orientada a aspectos. A análise também mostrou que técnicas de detecção de ataque são menos onerosas do que técnicas para resistir a ataque. Os resultados são úteis para pesquisadores e profissionais. Por um lado, os pesquisadores podem identificar direções de pesquisa e obter orientação sobre como as técnicas de segurança impactam na manutenção. Por outro lado, os profissionais podem se beneficiar deste estudo, identificando o mecanismo de implementação da variabilidade menos dispendioso, bem como aprendendo técnicas concretas para implementar táticas de segurança a nível de código. Engenharia de software Segurança de software
92	Implementação e Gerenciamento da Telefonia no IFBA no Campus de Jequié usando voz sobre IP e software livre / Implementação e Gerenciamento da Telefonia no IFBA no Campus de Jequié usando VoIP e software livre SILVA, Jackson Barreto 31 May 2017 (has links) Submitted by Pedro Barros (pedro.silvabarros@ufpe.br) on 2018-09-14T22:35:51Z No. of bitstreams: 2 license_rdf: 811 bytes, checksum: e39d27027a6cc9cb039ad269a5db8e34 (MD5) DISSERTAÇÃO Jackson Barreto Silva.pdf: 6062541 bytes, checksum: c611df214efdfca95cf8659282a9c04c (MD5) / Approved for entry into archive by Alice Araujo (alice.caraujo@ufpe.br) on 2018-09-26T20:57:34Z (GMT) No. of bitstreams: 2 license_rdf: 811 bytes, checksum: e39d27027a6cc9cb039ad269a5db8e34 (MD5) DISSERTAÇÃO Jackson Barreto Silva.pdf: 6062541 bytes, checksum: c611df214efdfca95cf8659282a9c04c (MD5) / Made available in DSpace on 2018-09-26T20:57:34Z (GMT). No. of bitstreams: 2 license_rdf: 811 bytes, checksum: e39d27027a6cc9cb039ad269a5db8e34 (MD5) DISSERTAÇÃO Jackson Barreto Silva.pdf: 6062541 bytes, checksum: c611df214efdfca95cf8659282a9c04c (MD5) Previous issue date: 2017-05-31 / Reduzir custos telefônicos através da utilização da tecnologia de voz sobre redes IP (VoIP) e adoção de software livre é uma estratégia utilizada por milhares de organizações públicas e privadas em todo o mundo. Nesta dissertação é proposta a utilização de uma solução de PBX-IP baseada em software livre, com o objetivo de economizar na aquisição de produtos proprietários, com a utilização da tecnologia de voz sobre o protocolo IP para redução dos gastos com ligações telefônicas internas e externas, pelo Instituto Federal de Educação Tecnológica da Bahia (IFBA) no Campus de Jequié. As ferramentas apresentadas para as implementações e o gerenciamento de uma central PBX-IP foram o Fone@RNP por ser desenvolvida pela Rede Nacional de Ensino e Pesquisa (RNP) para as instituições públicas brasileira, o SNEP por ser uma distribuição genuinamente brasileira e o Elastix pelo fato de ser a distribuição mais utilizada mundialmente. Relações destas tecnologias são definidas, apresentadas, analisadas e avaliadas. Todas as ferramentas são baseadas em Asterisk, porém com interface gráfica para o gerenciamento. A solução proposta, após todo o estudo de caso, é a utilização do serviço Fone@RNP sem a necessidade de aderir à infraestrutura do mesmo, com a utilização de aplicativos gratuitos de terceiro em sua substituição, pelo fato do custo da infraestrutura ser considerado elevado. Passo a passo da instalação destes aplicativos são apresentados, bem como descrições dos processos levantados, analisados e avaliados, contribuindo para a infraestrutura da instituição. / Reducing telephone costs through the use of voice over IP (VoIP) technology and adoption of free software is a strategy used by thousands of public and private organizations around the world. This M.Sc. dissertation proposes the use of a free software-based PBX-IP solution with the objective of saving on the acquisition of proprietary products, plus the use of voice technology over the IP protocol to reduce costs with internal and external telephone calls at the Federal Institute of Technological Education of Bahia (IFBA) in the Jequié Campus. The tools presented for the implementation and management of a PBX-IP exchange are the Fone@RNP, developed by the Rede Nacional de Ensino e Pesquisas (RNP) for Brazilian public institutions, SNEP, a genuinely Brazilian distribution, and Elastix, the most used distribution worldwide. Such technologies are presented, analyzed and assessed. All such tools are Asterisk based, but with a GUI for management. The solution proposed after the whole case study is the use of the Fone@RNP service without the need to adhere to its complete infrastructure, with the use of free third party applications because the cost of the infrastructure is considered high. Their step-by-step installation are presented as well as the descriptions of the processes compiled, analyzed, and evaluated, contributing to the improvement of the IFBA infrastructure. Engenharia de software Gerenciamento de software
93	Ambientes de apoio a desenvolvimento transformacional Flach, Christina Brandão von 23 July 1992 (has links) Orientador: Geovane Cayres Magalhães / Dissertação (mestrado) - Universidade Estadual de Campinas, Instituto de Matemática, Estatística e Ciência da Computação / Made available in DSpace on 2018-07-15T22:52:57Z (GMT). No. of bitstreams: 1 Flach_ChristinaBrandaovon_M.pdf: 2640522 bytes, checksum: b35cefe30727638e4fe8354334391c57 (MD5) Previous issue date: 1992 / Resumo: Este trabalho examina transformações como aspecto central em ambientes de projeto de software e propõe: (a) um conjunto básico de operações de projeto que constitui um núcleo de transformações, (b) um esquema de coordenação composto por dois mecanismos básicos - um genérico, baseado em blackboards, e um específico, baseado em um mecanismo de encadeamento regressivo sobre relações entre objetos, e (c) uma arquitetura genérica de referência para a implementação de ambientes de apoio a desenvolvimento transformacional. As idéias propostas foram exercitadas em um protótipo concreto, programado em C. / Abstract: This work is meant to approach transformations as the main aspect of software design environments. We propose: (a) a basic set of design operations that constitutes a kernel of transformations, (b) a scheme of coordination composed of two kind of mechanisms - a generic one, based on the blackboard mechanism, and a specific one, based on a backward chaining mechanism over relationships among objects, and (c) a generic reference architecture from which we can discuss software development environments that support transformations. Our proposal is demonstrated through a concrete prototype, written in C. / Mestrado / Mestre em Ciência da Computação Software - Desenvolvimento Engenharia de software
94	Estruturação de programas para suporte a reengenharia Moura, Maria Fernanda 03 December 1992 (has links) Orientadores: Mario Jino, Fuad Gattaz Sobrinho / Dissertação (mestrado) - Universidade Estadual de Campinas, Faculdade de Engenharia Eletrica / Made available in DSpace on 2018-07-17T09:18:53Z (GMT). No. of bitstreams: 1 Moura_MariaFernanda_M.pdf: 11360320 bytes, checksum: 132a892315da05884ece61a1270dc388 (MD5) Previous issue date: 1992 / Resumo: Este trabalho propõe um Modelo de Estruturação baseado na decomposição de programas em programas primos, unidades mínimas e básicas da programação estruturada. O modelo é totalmente definido por algoritmos e pode ser completamente automatizado, tratando códigos fonte de produtos de software em qualquer linguagem procedimental e não paralela. Particularmente, são dados os algoritmos e transformações necessárias para instanciar o modelo para as linguagens de programação COBOL, FORTRAN e C. O modelo obtém uma representação padronizada do código fonte original, composta por unidades de programa (subprogramas), onde existem apenas um único ponto de entrada e um único ponto de saída, e são utilizados apenas três tipos de estruturas de controle: comandos seqüenciais, um único tipo de iteração e seleções simples (de duas saídas). A padronização do código fonte é obtida por uma linguagem intermediária, executável e facilmente portável ¿ um subconjunto da linguagem de programação C. O padrão de representação do código estruturado pelo modelo fornece uma base adequada, mínima, necessária e suficiente para servir de suporte a um ambiente de ferramentas de reengenharia e/ou engenharia reversa. A própria implementação do modelo é classificada como uma ferramenta de reengenharia. Os protótipos implementados, assim como o modelo de implementação, foram desenvolvidos em um ambiente UNIX / Abstract: A Structuring Hodel, based on the decomposition of programs into prime programs, is proposed. Prime programs are minimal and basic units of structured programming. The model is completely defined by algorithms and can be automatized to deal with source code of software products impIemented in any procedural non-parallel programming Ianguage. AIgorithms and necessary transformations to instantiate the model for COBOL, FORTRAN and C programming Ianguages are given. The model produces a standardized representation from the source code, compounded by program units, with a singIe entry point and a single exit point, composed by three types of control structures only: sequencial statements, an unique type of iteractive structure and single selections. The standardized representation of the source code is provided by an executable portable intermediate language - a sub set of the C programming language. The standardized representation of the structured source code provides a minimal, necessary and sufficient base to support reengineering and / or reverse engineering environments. The model implementation by itself is classified as a re-engineering tool. The implemented prototypes and the model of implementation were developed in a UNIX environment / Mestrado / Mestre em Engenharia Elétrica Software - Produtividade Engenharia de software
95	Adaptive Regression Testing Strategy: An Empirical Study Arafeen, Md. Junaid January 2012 (has links) When software systems evolve, different amounts of code modifications can be involved in different versions. These factors can affect the costs and benefits of regression testing techniques, and thus, there may be no single regression testing technique that is the most cost-effective technique to use on every version. To date, many regression testing techniques have been proposed, but no research has been done on the problem of helping practitioners systematically choose appropriate techniques on new versions as systems evolve. To address this problem, we propose adaptive regression testing (ART) strategies that attempt to identify the regression testing techniques that will be the most cost-effective for each regression testing session considering organization’s situations and testing environment. To assess our approach, we conducted an experiment focusing on test case prioritization techniques. Our results show that prioritization techniques selected by our approach can be more cost-effective than those used by the control approaches. Computer software. Software engineering.
96	Modeling, Analysis, and Detection of Information Leakage via Protocol-Based Covert Channels Jaskolka, Jason 09 1900 (has links) <p>With the emergence of computers in every day activities and with the ever-growing complexity of networks and network protocols, covert channels are becoming an eminent threat to confidentiality of information. With increasing sensitivity of data in many computer application domains, the leakage of confidential information can have severe repercussions on the institution from which the information was leaked. <br /><br />In light of this eminent threat, we propose a technique to detect confidential information leakage via covert channels. We limit our focus to instances where the users of covert channels modulate the information that is being sent; either by encryption, or some other form of encoding.<br /><br />In the literature, the difference between classes of covert channels under the current classification is unclear. This lack of clarity results in the development of incomplete techniques for modeling, detecting and preventing covert channels. In this thesis, we propose a new classification for covert channels which organizes covert channels into two types: protocol-based covert channels and environment-based covert channels. We also develop a novel, comprehensive model for protocol-based covert channel communication. Using the developed model, we explore the relationship between covert channel communication, steganography and watermarking. The intent is to provide a better understanding of covert channel communication in an attempt to develop investigative support for confidentiality. Finally, we propose a technique for detecting confidential information leakages via covert channels. The technique is based on relation algebra and offers tests for verifying the existence of an abstraction relation which relates the confidential information to the information that is observed to be sent on the communication channel. It focuses on protocol-based covert channels. <br /><br />With a better understanding of covert channel communication, we are able to develop more effective and efficient mechanisms for detecting and preventing the use of covert channels to leak confidential information in computer systems.</p> / Master of Applied Science (MASc) Software Engineering Software Engineering
97	Verification of programs with Z3 Romanowicz, Ewa 06 1900 (has links) <p>Fixing the errors in programs is usually very labor-intensive and thus an expensive task. It is also known to be prone to human error thus not fully reliable. There have been many methods of program verification developed, however they still require a lot of human input and interaction throughout the process. There is an increasing need for an automated software verification tool that would reduce human interaction to the minimum. Satisfiability Modulo Theories (SMT) solvers, a series of SAT-solvers such as Z3 looked initially to be a proper and easy to use tool. Its syntax is fairly uncomplicated and it seems to be quite efficient. In this thesis, Z3 is used to find loop invariants, prove some properties of concurrent programs written in Owicki-Gries style and prove some properties of recursive programs. It appears that - in general- Z3 does not work as well as expected in all areas to which it was applied.</p> / Master of Science (MS) Software Engineering Software Engineering
98	A Generative Approach to Meshing Geometry Elsheikh, Mustafa 09 1900 (has links) <p>This thesis presents the design and implementation of a generative geometric kernel suitable for supporting a family of mesh generation programs. The kernel is designed as a program generator which is generic, parametric, type-safe. and maintainable. The generator can generate specialized code that has minimal traces of the design abstractions. We achieve genericity, understandability, and maintainability in the generator by a layered design that adopts its concepts from the affine geometry domain. We achieve parametricity and type-safety by using MetaOCaml's module system and its support for higher order modules. The cost of adopting natural domain abstractions is reduced by combining MetaOCaml's support for multi-stage programming with the technique of abstract interpretation.</p> / Master of Applied Science (MASc) Software Engineering Software Engineering
99	Developing Scientific Computing Software: Current Processes and Future Directions Tang, Jin January 2008 (has links) <p>Considerable emphasis in scientific computing (SC) software development has been placed on the software qualities of performance and correctness. How ever, other software qualities have received less attention, such as the qualities of usability, maintainability, testability and reusability.</p> <p>Presented in this work is a survey titled "Survey on Developing Scientific Computing Software", which is apparently the first conducted to explore the current approaches to SC software development and to determine which qualities of SC software are in most need of improvement. From the survey we found that systematic development process is frequently not adopted in the SC software community, since 58% of respondents mentioned that their entire development process potentially consists only of coding and debugging. Moreover, semi-formal and formal specification is rarely used when developing SC software, which is suggested by the fact that 70% of respondents indicate that they only use informal specification.</p> <p>In terms of the problems in SC software development, which are discovered by analyzing the survey results, a solution is proposed to improve the quality of SC software by using SE methodologies, concretely, using a modified Parnas' Rational Design Process (PRDP) and the Unified Software Development Process (USDP). A comparison of the two candidate processes is provided to help SC software practitioners determine which of the two pro cesses fits their particular situation. To clarify the discussion of PRDP and USDP for SC software and to help SC software practitioners better understand how to use PRDP and USDP in SC software, a completely documented one-dimensional numerical integration solver (ONIS) example is presented for both PRDP and USDP.</p> / Master of Applied Science (MASc) Software Engineering Software Engineering
100	POWER-AWARE SCHEDULING FOR SERVER CLUSTERS AL-DAOUD, HADIL January 2010 (has links) <p>For the past few years, research in the area of computer clusters has been a hot topic. The main focus has been towards on how to achieve the best performance in such systems. While this problem has been well studied, many of the solutions maximize performance at the expense of increasing the amount of power consumed by the cluster and consequently raising the cost of power usage. Therefore, power management (PM) in such systems has become necessary. Many PM policies are proposed in the literature to achieve this goal for both homogeneous and heterogeneous clusters.</p> <p>In this work, in the case of homogeneous clusters, we review two applicable policies that have been proposed in the literature for reducing power consumption. We also propose a power saving policy, that uses queueing theory formulas, which attempts to minimize power consumption while satisfying given performance constraints. We evaluate this policy by using simulation and compare it to other applicable policies.</p> <p>Our main contribution is for heterogeneous clusters. We suggest a task distribution policy in order to reduce power consumption. Our suggested policy requires solving two linear programming problems (LPs). Our simulation experiments show that our proposed policy is successful in terms of achieving a significant power savings in comparison to other distribution policies, especially in the case of highly heterogeneous clusters.</p> / Master of Applied Science (MASc) Software Engineering Software Engineering

Search results