Global ETD Search

491	Inputvalideringsbibliotek med integrering mot Eclipse / Input Validation Library with Eclipse Integration Moghal, Sahdia Fayyaz, Surnflødt, Torunn January 2009 (has links) Validering av input er et sentralt emne innenfor sikker programvareutvikling. Det er spesielt viktig å validere inputfelter i applikasjoner som bruker input for å prosessere. En ondsinnet bruker kan fort utnytte slike felter. Det viktigste tiltaket for å sikre applikasjoner er tilstrekkelig kunnskap, da mangel på dette ofte resulterer i dårlig sikrede applikasjoner. Det ble i fordypningsprosjektet[33] kommet fram til at det eksisterer for dårlige rutiner blant IT-bedrifter når det kommer til sikkerhet. Utviklere har ikke nok kunnskap om området, og Internett blir stadig mer brukt til tjenester som innebærer sensitiv eller kritisk informasjon. Dette prosjektet tar for seg en rekke inputangrep og faren ved disse, og presenterer en rekke Security Patterner man kan bruke for å beskytte seg mot disse angrepene. Security Patternene beskriver problemet, setter det i en kontekst og gir forslag til løsninger som kan brukes i valideringen. I dette prosjektet er det fokusert på løsninger i form av regex, siden det er en effektiv metode for dette formålet. Alle Security Patternene er presentert i et bibliotek på en webside utviklet i dette prosjektet. Hensikten har vært å gi utviklere en felles kilde hvor de kan søke etter inputangrep, finne løsninger for å beskytte seg mot de og legge til egne forslag til løsninger hvis de ønsker det. Det er også laget en funksjon for at brukere skal kunne gi en positiv eller negativ tilbakemelding på bidragene. Dette vil gi en form for kvalitetssikring, og på sikt bidra til at biblioteket blir mer komplett. Biblioteket er utviklet med tanke på utviklere som ikke har mye kjennskap til inputangrep og regex, men er også egnet for mer erfarne brukere. Det er i tillegg til websiden utviklet en plugin for utviklingsverktøyet Eclipse, hvor man finner igjen Security Patternene fra websiden og en regexgenerator for å få hjelp til å generere egne regex. En appletversjon av generatoren er tilgjengelig på websiden for de som ikke benytter Eclipse. Prosjektet er testet både internt, eksternt av potensielle brukere og det er også sendt ut til bedrifter og mottatt tilbakemeldinger fra dem. Produktene ble sett på som nyttige og brukervennlige av testerne, men de ga også konstruktive tilbakemeldinger på hva som kunne forbedres både på brukervennlighet og funksjonalitet. Testresultatene ble analysert og det er blitt gjort en rekke forbedringer av systemet basert på analysen. I evalueringen er det blitt sett på positive og negative sider ved produktene, basert på egne erfaringer og synspunkter og testpersonenes tilbakemeldinger. Evalueringen har gitt en oversikt over en rekke områder som kan forbedres, både på websiden og i pluginen, og dette er beskrevet i kapittelet "videre arbeid" . Nøkkelord: Programvaresikkerhet, Inputvalidering, Regex, Plugin, Security Pattern. ntnudaim SIF2 datateknikk Program- og informasjonssystemer Data- og informasjonsforvaltning
492	Intrusion Detection in High-Speed Networks Riegel, Martin, Walsø, Claes Lyth January 2007 (has links) This thesis investigates methods for implementing an intrusion detection system (IDS) in a high-speed backbone network. The work presented in this report is run in cooperation with Kripos and Uninett. The popular IDS software, Snort, is deployed and tested in Uninett's backbone network. In addition, the monitoring API (MAPI) is considered as a possible IDS implementation in the same environment. The experiments conducted in this report make use of the programmable DAG card, which is a passive monitoring card deployed on several monitoring sensors in Uninett's backbone. As a limitation of the workload, this report only focuses on the detection of botnets. Botnets are networks consisting of infected computers, and are considered to be a significant threat on the Internet as of today. A total of seven experiments using Snort are presented. These experiments test 1) the impact the number of rules have on Snort, 2) the importance of good configuration, 3)the importance of using well written rules, 4) Snort's ability to run in an environment with minimum external traffic, 5) the impact the size of the processed packets have, 6) the impact the TCP protocol has on packet processing and 7) Snort's ability to run as a botnet detection system for a longer period of time. Based on the results from these experiments, it is concluded that Snort is able to run as a botnet detection system in a high-speed network. This report also discusses some strategies for handling high-speed network data and some future aspects. In addition, ideas for further work and research are given in the end of the report. ntnudaim SIF2 datateknikk Program- og informasjonssystemer SIE7 kommunikasjonsteknologi Telematikk
493	Using Honeypots to Analyze Bots and Botnets Bergande, Eirik Falk Georg, Smedsrud, Jon Fjeldberg January 2007 (has links) In this Master thesis we will perform honeypot experiments where we allow malicious users access to systems and analyze their behaviour. Our focus will be on botnets, and how attackers progress to infect systems and add them to their botnet. Our experiments will include both high-interaction honeypots where we let attackers manually access our system, and low interaction-honeypots where we receive automated malware. The high-interaction honeypots are normal Linux distributions accessing the internet through a Honeywall that captures and controls the data flow, while the low-interaction honeypots are running the Nepenthes honeypot. Nepenthes acts by passively emulating known vulnerabilities and downloading the exploiting malware. The honeypots have been connected to both the ITEA and UNINETT networks at NTNU. The network traffic filtering on the IP addresses we have received, has been removed in order to capture more information. Installing the honeypots is a rather complicated matter, and has been described with regard to setup and configuration on both the high and low interaction honeypots. Data that is captures has been thoroughly analyzed with regard to both intent and origin. The results from the high-interaction honeypots focus on methods and techniques that the attackers are using. The low-interaction honeypot data comes from automated sources, and is primary used for code and execution analysis. By doing this, we will gain a higher degree of understanding of the botnet phenomenon, and why they are so popular amongst blackhats. During the experiments we have captures six attacks toward the high-interaction honeypots which have all been analyzed. The low-interaction honeypot, Nepenthes, has captured 56 unique malware samples and of those 14 have been analysed. In addition there has been a thorough analysis of the Rbot. ntnudaim SIF2 datateknikk Program- og informasjonssystemer SIE7 kommunikasjonsteknologi Telematikk
494	The Amazing City Game Bjerkhaug, Sondre Wigmostad, Mathisen, Runar Os, Valtola, Lawrence Alexander January 2011 (has links) Smartphones with capabilities for wireless Internet and GPS have become increasinglycommon in recent years, and a consequence of this is that pervasivegames have become more interesting from both an academical and a commercialpoint of view. Another area of interest is lifelong learning, which offers amore modern take on education compared to the traditional learning model. Inthis thesis we aim to discover whether or not pervasive gaming can help achievelifelong learning. This is done by creating a prototype of a pervasive game ina lifelong learning context for Android, analyzing the effectiveness of the prototype,and using the experiences drawn from it to design a platform to runknowledge competitions.We achieved this by conducting a prestudy on the Android mobile phone operatingsystem (including extension applications), the history of Trondheim, lifelonglearning, pervasive games, and the use of pervasive games in a lifelong learningcontext. During the prestudy we found out that there are several externalapplications and features of Android that can be utilized to expand the social,spatial, and temporal expansions of pervasive games. We also found that, intheory, pervasive games proved to be a suitable platform to support lifelonglearning.We then designed and developed a prototype on Android to run a puzzle racecalled The Amazing City Game. The race consisted of completing differenttasks related to the history of Trondheim, while traveling between many of thehistorical sites in the city. A demonstration race was conducted in early May withfour groups of two students each, using the authors and supervisors of this thesisas group observers. At the end of the race, the participants filled out a survey.Using the observations from the race and the results from the survey we foundthat the prototype was perceived as fun and educational. However, constructionof the race was challenging with many pitfalls concerning ambiguous tasks, useof language, and game balance.Finally, we have provided a possible design for a platform for running knowledgecompetitions. We used the experiences from the development of the prototype,and the results from the demonstration race to design a cleaner and more completeframework. This includes a refinement of the existing functionality anduser interface, adding requirements, and providing an extended discussion ontopics such as having an online community, possible server solutions, and securitymeasures against cheating. We believe that the concept of puzzle races in alifelong learning context is an interesting concept that could have positive effectsif utilized in the real world. ntnudaim:6156 MTDT datateknikk Data- og informasjonsforvaltning Program- og informasjonssystemer
495	Decreasing Response Time of Failing Automated Tests by Applying Test Case Prioritization Dalatun, Sveinung, Remøy, Simon Inge, Seth, Thor Kristian Ravnanger, Voldsund, Øyvind January 2011 (has links) Running automated tests can be a time-consuming task, especially when doing regression testing. If the sequence of the execution of the test cases is arbitrary, there is a good chance that many of the defects are not detected until the end of the test run. If the developer could get the failing tests first, he would almost immediately be able to get back to coding or correcting mistakes. In order to achieve this, we designed and analyzed a set of test case prioritization techniques. The prioritization techniques were compared in an experiment, and evaluated against two existing techniques for prioritizing test cases.Our implementation of the prioritization techniques resulted in a tool called Pritest, built according to good design principles for performance, adaptability and maintainability. This tool was compared to an existing similar tool through a discussion.The problem we address is relevant for the increased popularity of agile software methods, where rapid regression testing is of high importance. The experiment indicates that some prioritization techniques perform better than others, and that techniques based on code analysis is outperformed by techniques analyzing code changes, in the context of our experiment. ntnudaim:5862 MTDT datateknikk Program- og informasjonssystemer Datateknikk
496	Evaluation of an Interactive Campaign : Exploring the use of a motion-controlled game in a public space Aasbakken, Mia, Asplem, Mari Hansen January 2012 (has links) This thesis project explores and evaluates the use of a motion-controlled game as an interactive campaign in a public space. Through a collaboration with the Trondheim-based company Global Illumination, we were given the task of developing a prototype that would be tested in the field. The objective was to evaluate the relevant technology, how users relate to the prototype and what the marketing potential is.Through a literature study and using the technology, we found that while it is still new, the technology is both mature enough to be used for several different platforms and languages, and cheap enough that the cost of getting started should not be a hindrance.We developed a game prototype using the OpenNI and XNA frameworks, in which people who pass by the display would be reflected on the screen in the form of a silhouette and automatically be a part of the game. The prototype was tested at four different public locations in Trondheim, and was evaluated mainly through observation and questionnaires given to both participants and non-participants.Our findings suggest that there is definite potential for using motion-control in interactive campaigns in public settings. The game attracted a good amount of attention, and seemed to pique the curiosity of passers-by. We saw a trend emerge where participants were comfortable with playing the game in public and were easily engaged. Children and young people in groups were by far the most active participants. We also found that keeping a low threshold for interaction was essential, as adding an extra step in the form of a wave gesture to participate reduced the number of participants considerably. ntnudaim:7260 MTDT datateknikk Spillteknologi Program- og informasjonssystemer
497	Temporal Opinion Mining Bjørkelund, Eivind, Burnett, Thomas Hoberg January 2012 (has links) This project explores the possibilities in detecting changes in opinion over time. For this purpose, different techniques and algorithms in opinion mining have been studied and used as a theoretic foundation when developing strategies towards detecting changes in opinions.Different approaches to a system that detects and visualises changes in opinions have been proposed. These approaches include using machine learning techniques like the naiveBayes algorithm and opinion mining techniques based on SentiWordNet. Additionally,feature extraction techniques and the impact of burst detection have been studied.During this project, experiments have been carried out in order to test some of the techniques and algorithms. A data set containing hotel reviews and a prototype have beenbuilt for this purpose, allowing easy support for testing and validation. Results found high accuracy in opinion mining with the lexicon SentiWordNet, and the prototype can detect hotel features and possible reasons for changes in opinion. It can also show "good" and "bad" geographical areas based on hotel reviews.For commercial use, the prototype can help analyse the massive amount of hotel informa-tion published each day by customers, and can help hotel managers analyse their products. It can also be used as a more advanced hotel search engine where users can find extra information in a map user interface. ntnudaim:8041 MTDT datateknikk Data- og informasjonsforvaltning Program- og informasjonssystemer
498	Specification of Requirements for Safety in the Early Development Phases - Misuse Case and HAZOP in the Concept Phase Maringa, Joshua, Sæther, Thorbjørn January 2011 (has links) In the course TDT4520 - Specialization Project, the preparatory course to this thesis, we looked at several safety analysis methods and how they could be exploited to identify software hazards in the early stages of development. After our evaluation, and with the results from a survey conducted on experts in the field, we proposed a procedure to improve software hazard identification in the concept phase of projects. The procedure consisted of a Misuse Case analysis with a sub-sequential HAZOP analysis. Our case study showed that this procedure will indeed aid in the identification process. However, testing the procedure on others is needed to see if this is correct. That is the main theme for this thesis. We performed an experiment with undergraduate students and an interview with an expert in the field. We use the results from the experiment to validate our assumptions and identify modifications that might be needed. The experiment gave us a good illustration of how the procedure would work in a real hazard analysis project, and the data collected showed us the differences between it and the more commonly used Preliminary Hazard Analysis. Our hypothesis was that the Misuse Case and HAZOP approach would improve the hazard identification with focus on software. The experiment resulted in no clear difference in non-software parts of the system, but a clear improvement on the software parts. Afterwards we conducted an interview with an expert in the field, in which we clarified many of our questions and assumptions, and aided us in modifying the procedure to the better.Although the procedure still needs to be tested thoroughly with real projects in the industry to make a final decision on whether it has merit or not, our conclusion is that the procedure deserves further attention. Software hazard identification in the concept phase is difficult but based on our findings, the Misuse Case and HAZOP combination can improve this problem. ntnudaim:6056 MSINFOSYST Master in Information Systems Information Systems Engineering MTDT datateknikk Program- og informasjonssystemer

Search results