Global ETD Search

481	OTS-Wiki: A Web Community for Fostering Evaluation and Selection of Off-The-Shelf Software Components Aaslund, Kristian, Larsen, Simon January 2007 (has links) <p>Many challenges arises when it comes to the selection of Off-The-Shelf (OTS) software components to use in software development. To make the selection process easier, other users experience on working out similar tasks could be of great value. Such experience data concerning the selection, the use, and the integration of a component is rarely available. In this Master thesis we describe the implementation of OTS-Wiki, which is a wiki based portal with community driven content. OTS-Wiki is a web community fostering evaluation and selection of OTS software components. The wiki provides basic functionality to support the process of evaluating and selecting components for use in component-based software development. The success of OTS-Wiki relies heavily on the quality and relevance of the content populating the repository. The are also usually related heavy start-up costs to such a repository. A wiki based portal, based on the open source collaboration principle, where the users themselves controls and populates the repository could be the solution to both these issues. Keywords: Community Driven, Component Evaluation, Component Selection, Off-The-Shelf, Open Source, OTS, OTS-Wiki, Social Computing, Web Communities, Web Technology, Wiki</p> ntnudaim SIF2 datateknikk Program- og informasjonssystemer Intelligente systemer
482	Using Honeypots to Analyze Bots and Botnets Bergande, Eirik Falk Georg, Smedsrud, Jon Fjeldberg January 2007 (has links) <p>In this Master thesis we will perform honeypot experiments where we allow malicious users access to systems and analyze their behaviour. Our focus will be on botnets, and how attackers progress to infect systems and add them to their botnet. Our experiments will include both high-interaction honeypots where we let attackers manually access our system, and low interaction-honeypots where we receive automated malware. The high-interaction honeypots are normal Linux distributions accessing the internet through a Honeywall that captures and controls the data flow, while the low-interaction honeypots are running the Nepenthes honeypot. Nepenthes acts by passively emulating known vulnerabilities and downloading the exploiting malware. The honeypots have been connected to both the ITEA and UNINETT networks at NTNU. The network traffic filtering on the IP addresses we have received, has been removed in order to capture more information. Installing the honeypots is a rather complicated matter, and has been described with regard to setup and configuration on both the high and low interaction honeypots. Data that is captures has been thoroughly analyzed with regard to both intent and origin. The results from the high-interaction honeypots focus on methods and techniques that the attackers are using. The low-interaction honeypot data comes from automated sources, and is primary used for code and execution analysis. By doing this, we will gain a higher degree of understanding of the botnet phenomenon, and why they are so popular amongst blackhats. During the experiments we have captures six attacks toward the high-interaction honeypots which have all been analyzed. The low-interaction honeypot, Nepenthes, has captured 56 unique malware samples and of those 14 have been analysed. In addition there has been a thorough analysis of the Rbot.</p> ntnudaim SIF2 datateknikk Program- og informasjonssystemer SIE7 kommunikasjonsteknologi Telematikk
483	Developing Patient Controlled Access : An Access Control Model for Personal Health Records Jensen, Torstein, Larsen, Knut Halvor January 2007 (has links) <p>The health and social care sector has a continuous growth in the use of information technology. With more and more information about the patient stored in different systems by different health care actors, information sharing is a key to better treatment. The introduction of the personal health record aims at making this treatment process easier. In addition to being able to share information to others, the patients can also take a more active part in their treatment by communicating with participants through the system. As the personal health record is owned and controlled by the patient with assistance from health care actors, one of the keys to success lies in how the patient can control the access to the record. In this master's thesis we have developed an access control model for the personal health record in a Norwegian setting. The development is based on different studies of existing similar solutions and literature. Some of the topics we present are re-introduced from an earlier project. Interviews with potential users have also been a valuable and important source for ideas and inspiration, especially due to the fact that the access control model sets high demands on user-friendliness. As part of the access control model we have also suggested a set of key roles for the personal health record. Through a conceptual implementation we have further shown that the access control model can be implemented. Three different solutions that show the conceptual implementation in the Indivo personal health record have been suggested, using the Extensible Access Control Markup Language as the foundation.</p> ntnudaim SIF2 datateknikk Data- og informasjonsforvaltning Program- og informasjonssystemer
484	Security in the MIDAS Middleware Pronstad, Thomas, Westerlund, Vegar January 2008 (has links) <p>Security in Mobile ad-hoc networks (MANETs) is difficult because of its operating environment and its lack of a central control unit, making classical security measures inapplicable. MIDAS is a project funded by the European Commission which creates a "Middleware platform for developing and deploying advanced mobile services". It is important for MIDAS to find a middle ground where it provides reasonable security, while using little extra processing power and battery and remains easy to use. In this thesis we identify the vulnerabilities and security measures needed to secure MIDAS, while preserving usability. We approach this problem by analysing the MIDAS design and find similarities to other known systems. From the analysis we identify threats and ethical issues, and suggest security mechanisms that solve MIDAS specific problems. The resulting security mechanisms are described in detail and tied together to create four main configurations with increasing levels of security. The configurations can then be used by MIDAS developers to implement security in a consistent way. The results are specific to MIDAS, but issues, requirements and security building blocks can be used by other projects for applicable MANET problems.</p> ntnudaim SIF2 datateknikk Data- og informasjonsforvaltning Program- og informasjonssystemer
485	Introducing New Technologies to Users in User-Centered Design Projects: : An Experimental Study Klingsheim, Tuva Foldøy, Raae, Benedicte January 2009 (has links) <p>In user-centered design the users play an important role in the development process. The users are included in near every step of the process and it is often a problem that they do not have the necessary overview of a technology intended used in the end system. They do not need to know all the technical details, but they do need to know what possibilities the technology makes available. To do this one needs to introduce the users to the technical possibilities, but how does one do this? We had two suggestions as to how this could be done. We proposed introducing the possibilities through abstract concepts not tied to the users' domain. The reason being we did not want to lock the users to concrete ideas given by us, but let them use the abstract concepts to come up with ideas in their own domain. The other suggestion was giving the users hands-on experience with the concepts. Human knowledge is usually derived from experience, and we believe touching and trying out the possibilities of a technology would also be helpful in this kind of setting. To test whether hands-on experience and abstract concepts is valuable in an introduction of new technologies we conducted an experiment involving two workshops. Both workshops got a theoretical presentation of the abstract concepts, while one workshop let the participants explore a demonstrator made by us giving them hands-on experience. These workshops were then analyzed both qualitatively and quantitatively. The quantitative analysis showed that the workshop incorporating hands-on experience generated more unique ideas and also ideas in more categories than the other workshop. However due to low comparability between the groups due to factors such as prior experience with the technologies and current work situation, we do not give these findings much significance. Through the qualitative analysis we see that hands-on experience can be valuable. For one participant in particular, the hands-on experience was very valuable. In addition we found it valuable as a motivational exercise in a user-centered design process. The abstract concepts were analyzed qualitatively, and these were not as valuable as hoped. The users found it hard to map the abstract concepts to their domain. We now see the value of examples closer to the users' domain, but they should be kept as small building blocks for the users to combine to solve larger problems. We end this paper with a suggested approach to introducing new technological possibilities. We still recommend using the abstract concepts, but taking care to exemplify them through many small domain-specific examples. Hands-on experience is recommended if it is feasible to do this within the domain. We also recommend for time to mature and revisiting the participant after they've been back in their domain for a while.</p> ntnudaim SIF2 datateknikk Data- og informasjonsforvaltning Program- og informasjonssystemer
486	OTS-Wiki: A Web Community for Fostering Evaluation and Selection of Off-The-Shelf Software Components Aaslund, Kristian, Larsen, Simon January 2007 (has links) Many challenges arises when it comes to the selection of Off-The-Shelf (OTS) software components to use in software development. To make the selection process easier, other users experience on working out similar tasks could be of great value. Such experience data concerning the selection, the use, and the integration of a component is rarely available. In this Master thesis we describe the implementation of OTS-Wiki, which is a wiki based portal with community driven content. OTS-Wiki is a web community fostering evaluation and selection of OTS software components. The wiki provides basic functionality to support the process of evaluating and selecting components for use in component-based software development. The success of OTS-Wiki relies heavily on the quality and relevance of the content populating the repository. The are also usually related heavy start-up costs to such a repository. A wiki based portal, based on the open source collaboration principle, where the users themselves controls and populates the repository could be the solution to both these issues. Keywords: Community Driven, Component Evaluation, Component Selection, Off-The-Shelf, Open Source, OTS, OTS-Wiki, Social Computing, Web Communities, Web Technology, Wiki ntnudaim SIF2 datateknikk Program- og informasjonssystemer Intelligente systemer
487	Developing Patient Controlled Access : An Access Control Model for Personal Health Records Jensen, Torstein, Larsen, Knut Halvor January 2007 (has links) The health and social care sector has a continuous growth in the use of information technology. With more and more information about the patient stored in different systems by different health care actors, information sharing is a key to better treatment. The introduction of the personal health record aims at making this treatment process easier. In addition to being able to share information to others, the patients can also take a more active part in their treatment by communicating with participants through the system. As the personal health record is owned and controlled by the patient with assistance from health care actors, one of the keys to success lies in how the patient can control the access to the record. In this master's thesis we have developed an access control model for the personal health record in a Norwegian setting. The development is based on different studies of existing similar solutions and literature. Some of the topics we present are re-introduced from an earlier project. Interviews with potential users have also been a valuable and important source for ideas and inspiration, especially due to the fact that the access control model sets high demands on user-friendliness. As part of the access control model we have also suggested a set of key roles for the personal health record. Through a conceptual implementation we have further shown that the access control model can be implemented. Three different solutions that show the conceptual implementation in the Indivo personal health record have been suggested, using the Extensible Access Control Markup Language as the foundation. ntnudaim SIF2 datateknikk Data- og informasjonsforvaltning Program- og informasjonssystemer
488	Security in the MIDAS Middleware Pronstad, Thomas, Westerlund, Vegar January 2008 (has links) Security in Mobile ad-hoc networks (MANETs) is difficult because of its operating environment and its lack of a central control unit, making classical security measures inapplicable. MIDAS is a project funded by the European Commission which creates a "Middleware platform for developing and deploying advanced mobile services". It is important for MIDAS to find a middle ground where it provides reasonable security, while using little extra processing power and battery and remains easy to use. In this thesis we identify the vulnerabilities and security measures needed to secure MIDAS, while preserving usability. We approach this problem by analysing the MIDAS design and find similarities to other known systems. From the analysis we identify threats and ethical issues, and suggest security mechanisms that solve MIDAS specific problems. The resulting security mechanisms are described in detail and tied together to create four main configurations with increasing levels of security. The configurations can then be used by MIDAS developers to implement security in a consistent way. The results are specific to MIDAS, but issues, requirements and security building blocks can be used by other projects for applicable MANET problems. ntnudaim SIF2 datateknikk Data- og informasjonsforvaltning Program- og informasjonssystemer
489	Introducing New Technologies to Users in User-Centered Design Projects: : An Experimental Study Klingsheim, Tuva Foldøy, Raae, Benedicte January 2009 (has links) In user-centered design the users play an important role in the development process. The users are included in near every step of the process and it is often a problem that they do not have the necessary overview of a technology intended used in the end system. They do not need to know all the technical details, but they do need to know what possibilities the technology makes available. To do this one needs to introduce the users to the technical possibilities, but how does one do this? We had two suggestions as to how this could be done. We proposed introducing the possibilities through abstract concepts not tied to the users' domain. The reason being we did not want to lock the users to concrete ideas given by us, but let them use the abstract concepts to come up with ideas in their own domain. The other suggestion was giving the users hands-on experience with the concepts. Human knowledge is usually derived from experience, and we believe touching and trying out the possibilities of a technology would also be helpful in this kind of setting. To test whether hands-on experience and abstract concepts is valuable in an introduction of new technologies we conducted an experiment involving two workshops. Both workshops got a theoretical presentation of the abstract concepts, while one workshop let the participants explore a demonstrator made by us giving them hands-on experience. These workshops were then analyzed both qualitatively and quantitatively. The quantitative analysis showed that the workshop incorporating hands-on experience generated more unique ideas and also ideas in more categories than the other workshop. However due to low comparability between the groups due to factors such as prior experience with the technologies and current work situation, we do not give these findings much significance. Through the qualitative analysis we see that hands-on experience can be valuable. For one participant in particular, the hands-on experience was very valuable. In addition we found it valuable as a motivational exercise in a user-centered design process. The abstract concepts were analyzed qualitatively, and these were not as valuable as hoped. The users found it hard to map the abstract concepts to their domain. We now see the value of examples closer to the users' domain, but they should be kept as small building blocks for the users to combine to solve larger problems. We end this paper with a suggested approach to introducing new technological possibilities. We still recommend using the abstract concepts, but taking care to exemplify them through many small domain-specific examples. Hands-on experience is recommended if it is feasible to do this within the domain. We also recommend for time to mature and revisiting the participant after they've been back in their domain for a while. ntnudaim SIF2 datateknikk Data- og informasjonsforvaltning Program- og informasjonssystemer
490	A generic and flexible Framework for focusing Search at Yahoo! Shopping Eriksen, Trond Øivind, Korsen, Anne Siri January 2006 (has links) Information retrieval is concerned with extraction of documents from a collection, according to the user's information need. The ranking returned by a search engine is determined by the relevance function in use. The amount of information stored digitally and being searched for on the Web, grows every day. As the document bases grow, relevance has never been more important. There is a trend towards domain-specific search solutions, vertical search services, in the case of searching the Web. A vertical search service utilise semi-structured documents, i.e. documents which contain metadata describing the content. Semi-structured information retrieval is a hybrid between traditional information retrieval based on unstructured documents, and database retrieval based on structured content. Semi-structured documents imply the use of multiple criteria for how the returned documents should be ranked. This in turn arises questions like which criterion that is more important, and how to combine the results produced by the different criteria. This thesis addresses these challenges. We have studied relevance techniques for the purpose of identifying an approach to improving the perceived relevance at the Yahoo! vertical search platform, Vespa. In particular, Yahoo! Shopping has been the focus during problem elaboration, implementation, and evalution. A plug-in is implemented in Vespa, providing a generic and flexible framework for hybrid search. Our solution allows for context queries, i.e. queries that include terms that describe the desired context, with no specific knowledge about the query language or document structure needed. Also, keyword and context terms in a query is treated differently, using the context terms only for focusing the search. 5 experiments have been performed to test our proposed solution. The results indicate that: - A considerable improvement in retrieval performance is achieved for context queries. Much of the improvement is obtained by removing noisy hits from the result. - The solution performs almost similar as the standard approach for non-context queries. However, these queries will suffer from a higher latency. The latency depends on the complexity of the domain. Most search engines today either return thousands of answers to a user query, or, in about 20% of the cases, none. Our solution may provide as a solution to these challenges and thus improve the perceived relevance. It should be noted that the solution requires a reasonable labelling of the documents, in addition to training of the users in order to make them use context words in their queries. The preliminary experiment results are positive, but are influenced by a reference collection somewhat adapted to our solution, and should therefore be complemented with experiments based on a full system implementation and a well-defined reference collection. The first step is to choose an appropriate labelling scheme for how the semantics of the documents and queries should be captured. Next, it would be interesting to experiment with the ranking of the results. Finally, the user interface should be extended in order to guide the user when submitting context queries. ntnudaim SIF2 datateknikk Program- og informasjonssystemer Komplekse datasystemer

Search results