Identifying Patterns in MAL Languages

Vemula, Nagasudeep

January 2021

With the advent of the digital era there has been an exponential increase in complex cyber systems.As our everyday lives are increasingly being spent on the digital world as much as the physical world or even sometimes more, there is an increased risk of cyber threats or breaches which can lead to loss of data, financial damage or even at its extreme threaten our security and lives. A robust form of resiliency should be introduced into these structures to ensure the digital wellbeing of society. Threat modelling is one of the key steps to building this security framework, it is the process by which the vulnerabilities of a system are analysed and eliminated before they can be exploited by a malicious attacker. The Meta Attack Language provides a framework for the creation of domain specific languages that can express probabilistic attack graphs and there are already a few flavours of language instances created using this framework such as vehicleLang for the automotive domain and icsLang for industrial control systems. As there already exist a few instances of the Meta Attack Language and some that are in development there must exist best and worst practices for the development of these languages. It is essential that these are identified and provided to future developers of such languages to ensure more efficient and robust threat modelling of systems. In order to achieve this, this work is focussed on finding the patterns present in MAL development and cataloging them. These recurrent patterns, if proven to be beneficial, can add to the body of MAL literature and greatly help the team with their efforts. The thesis is a qualitative study involving interviews with the language developers and a code analysis to validate the findings. The end goal is to identify the patterns in MAL and catalog them in order to identify and define the future direction to be taken for development. / I och med den växande digitala eran har det skett en exponentiell ökning av komplexa cybersystem. Eftersom våra vardagsliv blir alltmer beroende av den digitala världen, i princip lika mycket som den fysiska världen, finns det en ökad risk för cyberhot eller överträdelser som kan leda till förlust av data, ekonomisk skada eller till och med i värsta fall hota vår säkerhet och våra liv. En robust form av motståndskraft bör införas i dessa cyberstrukturer för att säkerställa samhällets digitala välbefinnande. Hotmodellering är ett viktigt verktyg för att bygga upp detta säkerhetsramverk, det är processen genom vilken sårbarheten i ett system analyseras och elimineras innan de kan utnyttjas av en skadlig angripare. Meta Attack Language (MAL) är ett ramverk för skapandet av domänspecifika språk som kan uttrycka attackgrafer och det finns redan några varianter av olika språkinstanser som skapats med hjälp av detta ramverk, till exempel vehicleLang för fordonsdomänen och icsLang för industriella styrsystem. Eftersom det redan finns några instanser av MAL och fler som är under utveckling, så finns också olika metoder för utveckling av dessa språk. Det är viktigt att dessa identifieras och tillhandahålls till framtida utvecklare för att säkerställa en mer effektiv och robust hotmodellering av system. För att uppnå detta fokuserar detta arbete på att hitta de mönster som finns i MAL -utveckling och katalogisera dem. Dessa återkommande mönster, om de har visat sig vara fördelaktiga, kan bidra till MAL - litteraturen och hjälpa utvecklare i deras ansträngningar. Arbetet som presenteras är en kvalitativ studie som omfattar intervjuer med språkutvecklare och en kodanalys för att validera resultaten. Slutmålet är att identifiera mönstren i MAL och katalogisera dem för att identifiera och definiera den framtida riktningen som ska tas för utvecklingen.

Software Engineering

Programvaruteknik

Performance Aspects in Virtualized Software Systems

Shirinbab, Sogand

January 2014

Virtualization has significantly improved hardware utilization by allowing IT service providers to create and run several independent virtual machine instances on the same physical hardware. One of the features of virtualization is live migration of the virtual machines while they are active, which requires transfer of memory and storage from the source to the destination during the migration process. This problem is gaining importance since one would like to provide dynamic load balancing in cloud systems where a large number of virtual machines share a number of physical servers. In order to reduce the need for copying files from one physical server to another during a live migration of a virtual machine, one would like all physical servers to share the same storage. Providing a physically shared storage to a relatively large number of physical servers can easily become a performance bottleneck and a single point of failure. This has been a difficult challenge for storage solution providers, and the state-of-the-art solution is to build a so called distributed storage system that provides a virtual shared disk to the outside world; internally a distributed storage system consists of a number of interconnected storage servers, thus avoiding the bottleneck and single point of failure problems. In this study, we have done a performance measurement on different distributed storage solutions and compared their performance during read/write/delete processes as well as their recovery time in case of a storage server going down. In addition, we have studied performance behaviors of various hypervisors and compare them with a base system in terms of application performance, resource consumption and latency. We have also measured the performance implications of changing the number of virtual CPUs, as well as the performance of different hypervisors during live migration in terms of downtime and total migration time. Real-time applications are also increasingly deployed in virtualized environments due to scalability and flexibility benefits. However, cloud computing research has not focused on solutions that provide real-time assurance for these applications in a way that also optimizes resource consumption in data centers. Here one of the critical issues is scheduling virtual machines that contain real-time applications in an efficient way without resulting in deadline misses for the applications inside the virtual machines. In this study, we have proposed an approach for scheduling real-time tasks with hard deadlines that are running inside virtual machines. In addition we have proposed an overhead model which considers the effects of overhead due to switching from one virtual machine to another.

Software Engineering

Programvaruteknik

Spatial complexity metrics: : What is available and how they assess novice projects

Myrberg, Anton

January 2021

No description available.

Software Engineering

Programvaruteknik

GutenTag : Ett användarvänligtverktyg för datamärkning / GutenTag : A user-friendly tool for data labeling

Hjalmarsson, Adam, Hughes, Joseph, Ivansson, Linnéa, Lindström, John, Lönnqvist, Oscar, Vorbrodt, Maximilian, Wång, Annie

January 2021

Denna rapport behandlar ett projektarbete i kursen TDDD96 Kandidatprojekt i progravaruutveckling som utförts av sju studenter på Linköpings Universitet under vårterminen 2021. Arbetet kretsade kring utvecklingen av en webbapplikation vid namn GutenTag på uppdrag av konsultföretaget TietoEVRY. Applikationens syfte var att hjälpa deras kunder att komma igång med maskininlärning. Detta genom att möjliggöra datamarkering och göra processen både enkel och rolig. Applikationen publicerades med öppen källkod på plattformen GitHub för att främja vidareutveckling av produkten. Rapportens gemensamma del börjar med att introducera och kontextuelisera projektet, och beskriver sedan vilka arbetsmetoder och tekniker som användes för att utveckla produkten. Därefter beskrivs projektets resultat som diskuteras för att nå fram till slutsatser kring de centrala frågeställningarna. Sist finnes individuella bidrag skrivna av projektgruppens sju medlemmar som djupdyker in i ett relaterat ämne.

Software Engineering

Programvaruteknik

An Empirical Investigation on the State of the Art and Practice of Load Testing In Web Applications

Kandikonda, Venkata Sai Narayana Murthy Naidu

January 2022

Background: Software testing refers to various activities from unit testing toacceptance testing. Different test cases are generated for testing different parts of ansystem or an application, these test cases replicate actual user behavior. Load testingis used to check performance and usability attributes of the application under theload. Web application is an application that will be executed on a web browser likechrome, safari, and opera etc. Load testing is essential for web applications, whereloads are used to mimic actual user’s behavior. There can be several challenges toperform load testing on web applications to ensure the quality a product before it’srelease into the market.Objectives: This thesis aims to provide an in-depth understanding of load testing in web applications by investigating the state of the art and state of the practiceand challenges related to load testing. The main objectives of this research are toaggregate the research on state of the art in load testing in web applications, toidentify the state of the practices and existing problems related to load testing inweb applications, to identify the solutions to the problems that are faced while implementing load testing in web applications.Research Method: A systematic mapping study has been conducted to investigate state of the art and challenges while performing load testing. From thechallenges obtained from the systematic mapping study, a survey had been conducted to investigate state of the practices for the challenges while performing loadtesting and also derive measures or strategies to overcome the challenges.Results & Conclusion: From analysing the data from systematic mappingstudy we had considered 21 research articles to conduct this study. From those21 articles a total of 8 challenges had been derived. Among the 8 challenges Resource utilization and performance metrics are most refereed among the 21 articles.few more challenges and recommended measures for the obtained challenges are reported from the survey study. This research assisted us in identifying some of themost prevalent issues faced by practitioners, as well as the appropriate counter measures to take while performing load testing on web applications. This study canbe further more extended by conducting a multi use case in different companies todeepen the understanding about the challenges

Software Engineering

Programvaruteknik

Comparing Traditional Key Frame Animation Approach and Hybrid Animation Approach of Humanoid Characters

Holmqvist, Lucas, Ahlström, Eric

January 2017

No description available.

Software Engineering

Programvaruteknik

Reduction of surveillance video playback time using event-based playback : based on object tracking metadata

Ljungberg, Christian, Nilsson, Erik

January 2016

No description available.

Software Engineering

Programvaruteknik

Adaptation of Agile Methodology in Mainframe Projects

Jeyapaul, Hermus

January 2022

The software engineering methodologies have played a significant role in an organization that is fuelled by programming. ‘Continuous development’ has been the most popular buzzword of the previous decade. If executed right, continuous delivery of software is considered the epitome of software development based on customer retention and satisfaction. That is why methodologies like Agile, Scaled Agile, and DevOps, the recent ones, are reigning in the IT and development industries today. The biggest challenge for today’s organization lies in selecting the most appropriate software development methodology for a given project, adapting the methods to a diverse working culture spread across countries.  The thesis aims to evaluate how the new Agile Methodology is used in legacy Mainframe Projects specific to Volvo. The thesis also discusses how the Volvo internal ‘Application Development Framework’ helps to work along with the agile methods. The research is carried out in a qualitative method where participants are interviewed, and the results are inferred from their day-to-day activities.  The research result contributes to a better understanding of the issues faced while working with a new methodology following legacy systems.

Software Engineering

Programvaruteknik

WebAssembly for Video Analysis: An Explorative Multi-method study

Kaluva, Lakshmi Venkata Sainath, Hossain, Abdullah

January 2020

Context: WebAssembly(wasm) language has gained popularity across the web-development domain for its niche characterises that differentiate from JavaScript. Several non-web developers are also showing interest in this technology to run their native applications on web platform. However, it is challenging for practitioners to identify whether this technology fits with their needs and processes. There is a lack of research that helps practitioners make this choice. Objective: Our study aims to determine the potential for adopting wasm in industry by analysing the existing knowledge on wasm with the knowledge of development practices in video analysis domain. Method: We conducted case study and SLR using snowballing and interviews. The obtained data is coded using Thematic analysis. A classification schema is modelled after UTAUT for presenting the factors that determine adoptability in the given context. Results: 16 potential factors are found that determine the adoption of wasm in the video analysis. We have also reported the current state of research on wasm and analysed the practitioner’s view points on the wasm. Conclusion: Our study provides the first systematic study on state-of-the-art Wasm literature. It can help the Software Engineering researchers to understand the current state of research on wasm and providing directions to future studies. Our study helps the practitioners in decision-making of adopting wasm. This study serves as a road map for both researchers and practitioners to understand the pre-adoption perspective on WebAssembly.

Software Engineering

Programvaruteknik

SYSTEM-LEVEL AUTOMATED TESTING FOR HOME DIGITAL VOICE ASSISTANTS

Tlemcani, Ismail

January 2020

Home Digital Voice Assistants (HDVA) are devices that are performing tasks based on voice commands. A normal user can use these devices to perform daily tasks like sending an email, play a song or check for an event online, just to name a few. These systems got very popular in recent years due to their ease of use and the evolution of their technology that is now handling many commands and is able to perform complex tasks. HDVA devices are also nowadays used in some critical cases like for door opening and in some healthcare services. On the other hand, software testing is an important verification and validation activity used to reveal software faults in systems that include a software part. This activity is used to make sure that the expected behavior of the system matches the actual software execution. This activity results in the creation of test cases that are run as scripts in an automatic way.  Because of the fact that HDVA devices are used nowadays in some critical use cases, it is of utmost importance that these devices are thoroughly tested to make sure that they are behaving in the correct way. In this thesis, we first investigated the current automation testing frameworks for HDVA devices that exist in the market by doing a multivocal literature review. This is an important step to do in order to discover what are the existing frameworks in the market and therefore decide on the most appropriate research that can be carried out on these. We have, after doing the multivocal literature review and listing the available automation testing tools for HDVA devices, evaluated one tool selected from this review and assessed its usefulness and applicability for professionals and researchers in terms of ease of use and resources it uses during test execution. During the evaluation, we focused on automation testing tools for the Amazon Echo device because of its popularity on the market and the great amount of resources that are available online on this device and we focused on system testing. After doing the multivocal literature review, we found that the Botium framework is the only framework available to use to test the Amazon Echo device on a system level. We took the Botium framework as the framework to be evaluated and we performed an evaluation on it from a test automation capability perspective. The evaluation was done on a virtual machine which was set up locally with the VMware software. The evaluation showed a slow test execution capability of the Botium tool. More studies are needed on testing the other popular HDVA devices and on the lower testing levels.

Software Engineering

Programvaruteknik