Developing security services for network architectures

Tham, Kevin Wen Kaye

January 2006

In the last 15 years, the adoption of enterprise level data networks had increased dramatically. This is mainly due to reasons, such as better use of IT resources, and even better coordination between departments and business units. These great demands have fuelled the push for better and faster connectivity to and from these networks, and even within the networks. We have moved from the slow 10Mbps to 1Gbps connectivity for end-point connections and moved from copper-based ISDN to fibre-linked connections for enterprise connections to the Internet. We now even include wireless network technologies in the mix, because of the greater convenience it offers. Such rapid progress is accompanied by ramifications, especially if not all aspects of networking technologies are improved linearly. Since the 1960s and 1970s, the only form of security had been along the line of authentication and authorisation. This is because of the widely used mainframes in that era. When the Internet and, ultimately, the wide-spread use of the Internet influxed in the 1980s, network security was born, and it was not until the late 1980s that saw the first Internet Worm that caused damage to information and systems on the Internet. Fast forward to today, and we see that although we have come a long way in terms of connectivity (connect to anywhere, and anytime, from anywhere else), the proposed use of network security and network security methods have not improved very much. Microsoft Windows XP recently switched from using their own authentication method, to the use of Kerberos, which was last revised 10 years ago. This thesis describes the many problems we face in the world of network security today, and proposes several new methods for future implementation, and to a certain extend, modification to current standards to encompass future developments. Discussion will include a proposed overview of what a secure network architecture should include, and this will lead into several aspects that can be improved on. All problems identified in this thesis have proposed solutions, except for one. The critical flaw found in the standard IEEE802.11 wireless technology was discovered during the course of this research. This flaw is explained and covered in great detail, and also, an explanation is given as to why this critical flaw is not fixable.

secure network architecture

security services

protocols

denial-of-service

network security

worm

denial-of-service

Σχεδίαση & υλοποίηση reconfingurable αρχιτεκτονικής των secure hash algorithms σε FPGA

Φρέσκος, Ευάγγελος

11 January 2011

Στα πλαίσια αυτής της διπλωματικής εργασίας μελετήσαμε τους Secure Hash Algorithms, σχεδιάσαμε μια υλοποίηση αυτών με Reconfigurable αρχιτεκτονική και το συνθέσαμε σε ένα FPGA board. Η εργασία ξεκίνησε με μελέτη των προτύπων του SHA-160/224/256/384/512 και ιδιαίτερα των μαθηματικών συναρτήσεων υπολογισμού και των χαρακτηριστικών μεγεθών του κάθε αλγόριθμου. Επικεντρωθήκαμε στην εύρεση των κοινών σημείων και στα χαρακτηριστικά μεγέθη και στις συναρτήσεις και στο πως θα μπορούσαμε να εκμεταλλευτούμε αυτά για να πετύχουμε μια υλοποίηση και των πέντε αλγορίθμων χωρίς να γίνονται περιττοί υπολογισμοί και επαναχρησιμοποίηση area. Η υλοποίηση μας θα έπρεπε επίσης να έχεις τέσσερα μπλοκ διαφορετικών μηνυμάτων ταυτόχρονα προς επεξεργασία χωρίζοντας την σε τέσσερα ανεξάρτητα στάδια με pipeline τεχνική για την βελτίωση της απόδοσης. Επίσης κάθε μήνυμα μπορεί να χρησιμοποιεί οποιοδήποτε από τους αλγόριθμους SHA-160/224/256/384/512. Εφόσον η αρχική υλοποίηση μας πιστοποιήθηκε ότι παράγει το σωστό αποτέλεσμα σύμφωνα με τα test vector των προτύπων χρησιμοποιήσαμε την τεχνική του partial unrolling operations για να μειώσουμε τα απαιτούμε clock για τον υπολογισμό των hash τιμών των μηνυμάτων. Τέλος, με την χρήση Modelsim και Precision Physical, υλοποιήσαμε και συνθέσαμε και τις δυο αρχιτεκτονικές μας συγκρίνοντας τα αποτελέσματα και προτείνοντας μελλοντικές βελτιώσεις και προσθήκες στο σύστημά μας. / In this thesis we studied the Secure Hash Algorithms, designed a Reconfiguble Implementation of them and synthesized it on an FPGA board. The work started with the study of the SHA-160/224/256/384/512 prototypes and especially with the mathematical equations and the algorithm sizes. We focused on finding the common points between the algorithm sizes and the mathematical equations along with how we could take advantage of them so we could achieve an implementation of the five SHA algorithms without doing any not necessary computations and area reuse. The implementation must, also, have four different blog messages at the same time for computation in the processor unit, leading to a pipeline distinction of four autonomous parts and improved performance. Moreover the message chooses the algorithm that will be used for encryption. After we validated the original reconfigurable architecture by using the test vectors of the prototypes, we used the partial unrolling of operations technique to decrease the needed number of clocks for the computation of the message digest. Finally, by using Modelsim and Precision Physical we implemented and synthesized both proposed architectures, compared the results and proposed future improvements and additions in our system.

Υλοποίηση αλγορίθμων

005.82

SHA-1

SHA-2

FPGA

VHDL

Reconfingurable implementation

Secure hash algorithms

Ασφαλές σύστημα μνήμης με άμυνα παραποίησης (tamper proof) / Secure memory system with counterfeiting defense (tamper proof)

Σταχούλης, Δημήτριος

19 January 2011

Η παρούσα διπλωματική εργασία αναφέρεται στην ασφάλεια ενός συστήματος που χρησιμοποιεί κάποιο είδος μνήμης για αποθήκευση πληροφορίας. Πιο συγκεκριμένα αναφέρονται τρεις μέθοδοι προστασίας των αποθηκευμένων πληροφοριών της μνήμη. Όμως επειδή το ενδιαφέρον στρέφεται στην απόλυτη προστασία απόρρητων δεδομένων, με βάση αυτό αξιολογούνται οι παραπάνω μέθοδοι. Καταλήγουμε λοιπόν στην χρήση μιας εξ αυτών , όπου κάνουμε χρήση της αναξιοπιστίας και της αστάθειας της μνήμης υπό συγκεκριμένες συνθήκες τροφοδοσίας. Προσδιορίζουμε μέσω προσομοίωσης τα σημεία εκείνα στα οποία η μνήμη μετά την εφαρμογή ενός συγκεκριμένου εύρους τάσης τροφοδοσίας παύει στη συνέχεια να έχει την μέχρι πρότινος αποθηκευμένη απόρρητη πληροφορία. Τα αποτελέσματα αυτά μπορούν να χρησιμοποιηθούν για την ανάπτυξη ενός συστήματος ασφαλείας βασισμένο στην εφαρμοζόμενη τάση τροφοδοσίας της μνήμης για προστασία των αποθηκευμένων δεδομένων. / The present diplomatic work is reported in the safety of system that uses some type of memory for storage of information. They are more concretely reported three methods of protection the stored information in memory. However because the interest is turned in the absolute protection of confidential data, with base this are evaluated these three methods. We lead therefore to the use one from these, where we make use of unreliability and instability of memory under concrete conditions of catering. We determine via simulation that points in which the memory afterwards the application of concrete breadth of tendency of catering ceases then it has up the stored confidential information. These results can be used for the growth of system of safety based on the applied tendency of catering in memory cell for protection of stored data.

Άμυνα παραποίησης

005.8

Secure memory system

Counterfeiting defense

Hardware Root of Trust for Linux Based Edge Gateway

Al-Galby, Mohamed, Arezou, Madani

January 2018

Linux-based Edge Gateways that connects hundreds or maybe thousands of IoT devices, are exposed to various threats and cyber-attacks from the internet. These attacks form a considerable risk targeting the privacy and confidentiality of IoT devices throughout their gateways. Many researches and studies have been conducted to alleviate such a problem. One of the solutions can be achieved by building a root of trust based on a hardware module such as Trusted Platform Module (TPM) or software like Trusted Execution Environment (TEE). In this work, we provide a solution to the problem by enabling Hardware Root of Trust (HRoT) using TPM on a product from HMS Industrial Network AB known as GWen board, a Linux-based embedded system, used as gateway to connect IoT devices. We describe a method that uses the processor of the GWen (i.e. Zynq-7020 FPGA SoC) to enable secure boot. Besides, we provide a method to enable the TPM chip mounted on the GWen (i.e. SLB 9670 TPM 2.0) using TPM Software Stack TSS 2.0. We demonstrated, in detail, various use-cases using the TPM on GWen including cryptographic keys generation, secure key storage and key usage for different cryptographic operations. Furthermore, we conducted an analysis to the adopted solution by inspecting the latency of TPM commands on the GWen gateway. According to the high restrictions of TPM 2.0 specifications and based on our results, adding the TPM 2.0 to the IoT gateway GWen will enhance the security of its Linux distribution and will makes it possible to securely identify and authenticate the gateway on the network based on its secret keys that are stored securely inside its TPM.

HRoT

TPM 2.0

Zynq

TSS

RSA

Secure Boot

TPM Simulator

Computer Systems

Datorsystem

Physical Layer Security in Training-Based Single-Hop/Dual-Hop Massive MIMO Systems

Timilsina, Santosh

01 August 2018

The broadcast nature of wireless medium has made information security as one of the most important and critical issues in wireless systems. Physical layer security, which is based on information-theoretic secrecy concepts, can be used to secure the wireless channels by exploiting the noisiness and imperfections of the channels. Massive multiple-input multiple-output (MIMO) systems, which are equipped with very large antenna arrays at the base stations, have a great potential to boost the physical layer security by generating the artificial noise (AN) with the exploitation of excess degrees-of-freedom available at the base stations. In this thesis, we investigate physical layer security provisions in the presence of passive/active eavesdroppers for single-hop massive MIMO, dual-hop relay-assisted massive MIMO and underlay spectrum-sharing massive MIMO systems. The performance of the proposed security provisions is investigated by deriving the achievable rates at the user nodes, the information rate leaked into the eavesdroppers, and the achievable secrecy rates. Moreover, the effects of active pilot contamination attacks, imperfect channel state information (CSI) acquisition at the base-stations, and the availability of statistical CSI at the user nodes are quantified. The secrecy rate/performance gap between two AN precoders, namely the random AN precoder and the null-space based AN precoder, is investigated. The performance of hybrid analog/digital precoding is compared with the full-dimensional digital precoding. Furthermore, the physical layer security breaches in underlay spectrum-sharing massive MIMO systems are investigated, and thereby, security provisions are designed/analyzed against active pilot contamination attacks during the channel estimation phase. A power-ratio based active pilot attack detection scheme is investigated, and thereby, the probability of detection is derived. Thereby, the vulnerability of uplink channel estimation based on the pilots transmitted by the user nodes in time division duplexing based massive MIMO systems is revealed, and the fundamental trade-offs among physical layer security provisions, implementation complexity and performance gains are discussed.

cooperative relay

massive MIMO

physical layer security

pilot contamination

secure communication

spectrum sharing

Processus sécurisés de dématérialisation de cartes sans contact / Secure processes of dematerialization of contactless cards

Bouazzouni, Mohamed Amine

08 November 2017

Au fil des années, la technologie sans contact NFC s'est imposée dans notre quotidien au travers des différents services proposés. Les cas d'utilisation sont nombreux allant des cartes de fidélité, des cartes de transport, des cartes de paiement sans contact jusqu'aux cartes de contrôle d'accès. Cependant, les premières générations des cartes NFC ont une sécurité minimale reposant sur l'hypothèse de leur non-clonabilité. De multiples vulnérabilités ont été découvertes et leur exploitation a permis des copies frauduleuses. Afin de remédier à ces vulnérabilités, une nouvelle génération de cartes à la sécurité augmentée a vu le jour. Ces cartes permettent une authentification avec un lecteur basée sur des algorithmes de chiffrements symétriques tels qu'AES, DES, et 3DES. Elles sont plus robustes que la première génération mais ont subi des également une attaque en reverse-engineering. Pour garantir et améliorer le niveau de sécurité du système de contrôle d'accès, nous proposons dans le cadre de l'opération neOCampus, la dématérialisation sécurisée de la carte sans contact sur un smartphone muni de la technologie NFC. Cette dématérialisation nous permet d'exploiter la puissance de calcul et la capacité de stockage du smartphone afin de déployer des algorithmes d'authentification plus robustes. Cependant, l'OS du smartphone ne peut être considéré comme un environnement de confiance. Afin de répondre à la problématique du stockage et du traitement sécurisés sur un smartphone, plusieurs solutions ont été proposées : les Secure Elements (SE), les Trusted Platform Module (TPM), les Trusted Execution Environment (TEE) et la virtualisation. Afin de stocker et de traiter de manière sécurisée les données d'authentification, le TEE apparait comme la solution idéale avec le meilleur compromis sécurité/performances. Cependant, de nombreux smartphones n'embarquent pas encore de TEE. Pour remédier à cette contrainte, nous proposons une architecture basée sur l'utilisation de TEEs déportés sur le Cloud. Le smartphone peut le contacter via une liaison Wi-Fi ou 4G. Pour se faire, un protocole d'authentification basé sur IBAKE est proposé. En plus de ce scénario nominal, deux autres scenarii complémentaires ont été proposés permettant d'accompagner le développement et la démocratisation des TEE non seulement dans le monde des smartphones mais aussi sur des dispositifs peu onéreux comme le Raspberry Pi 3. Ces architectures déploient le même algorithme d'authentification que le scénario nominal. Nous proposons aussi une architecture hors ligne permettant à un utilisateur de s'authentifier à l'aide d'un jeton de connexion en cas d'absence de réseaux sans fil. Cette solution permet de relâcher la contrainte sur la connectivité du smartphone à son Cloud. Nous procédons à une évaluation de l'architecture de dématérialisation et de l'algorithme d'authentification en terme de performances et de sécurité. Les opérations cryptographiques du protocole d'authentification sont les plus coûteuses. Nous avons alors procédé à leur évaluation en nous intéressant en particulier aux opérations de chiffrement IBE et à la génération de challenges ECC. Nos implémentations ont été évaluées pour l'infrastructure Cloud et l'environnement mobile. Nous avons ensuite procédé à une validation du protocole d'authentification sur les trois architectures sélectionnées à l'aide de l'outil Scyther. Nous avons montré, que pour les trois scenarii, la clé de session négociée via le protocole d'authentification restait secrète durant tout le protocole. Cette caractéristique nous garantit que les données d'authentification chiffrées avec cette clé resteront secrètes et que la phase d'identification de la personne est protégée tout en préservant l'ergonomie du système existant. / Over the years, the Near Field Communication technology has emerged in our daily lives through a variety of services. There are several use cases for contactless cards : loyalty cards, metro and bus cards, payment cards and access control cards. However, the first version of these cards has a low security level that is based on the assumption that the cards can not be cloned. To address this issue, a new version of NFC cards has been developed. It allows an authentication with the NFC reader through symmetric encryption algorithms such as AES, DES or 3DES. These cards are more robust that the previous ones. However, these cards have also undergone a reverseengineering attack. We propose, in the context of the neOCampus project, to replace the contactless cards with a smartphone equipped with the NFC capabilities. This process, called dematerialization, allows us to take advantage of the computational power and the storage capabilities of the smartphone to deploy more complex and robust authentication algorithms. However, the OS of the smartphone can not be considered as a trusted environment for the storage and the processing of sensitive data. To address these issues, several solutions were proposed : Secure Elements (SE), Trusted Platform Module (TPM), Trusted Execution Environment (TEE) and Virtualization. In order to store and process securely authentication data, the TEE seems to be the best trade-off between security and performances. Nevertheless, many smartphones do not embeed TEE and it is necessary to negotiate agreements with the TEE manufacturers in order to deploy a secure application on it. In order to figure out these issues, we propose to set up an architecture with a TEE in the Cloud. The smartphone has a secure Cloud that can be reached through a Wi-Fi or 4G connection. The reader has also its own secure Cloud reachable with an Ethernet link. An authentication protocol based on IBAKE is also proposed. In addition to this scenario, two other scenarios were proposed to follow the development and democratization of the TEE on the smartphones and on some inexpensive devices such as Raspberry Pi 3. These alternative architectures deploy the same authentication protocol as the main scenario. We propose an offline architecture allowing a user to authenticate using a connection token. This solution relaxes the connectivity constraint between the smartphone and its secure Cloud. We perform an evaluation of our architecture and of the authentication algorithm in terms of performances and security. The cryptographical operations of the authentication protocol are the most consuming operations in term of performance. We have chosen to target these operations especially the encryption with the IBE and the ECC challenges generation. Our implementations have been evaluated for a Cloud infrastructure and a mobile-like environment. We also perform a formal verification of the authentication protocol through the three considered architectures with Scyther. We showed that, for the three scenarios, that the session key negotiated through the authentication protocol remains secret during the overall execution of the protocol. These characteristic guarantee that the authentication data encrypted with this key will remain secret and that this step of the algorithm will be secure while preserving the ergonomy of the existing system.

TEE

Dématérialisation

Contrôle d'accès

Authentication

NFC

Cloud sécurisé

TEE

Dematerializaion

Access control

Authentication

NFC

Secure Cloud

The Federal-Local Nexus in Immigration Enforcement Policy: An Evaluation of the Secure Communities Program

January 2015

abstract: This study analyzes how current U.S. immigration enforcement policy has been carried out, specifically under the implementation of the Secure Communities (S-Comm) program. Paying special attention to the enforcement-only policy hysteria and immigration patchwork trend since the 2000s, this study has the following research questions: (1) whether S-Comm has faithfully implemented enforcement actions for removing "dangerous" criminal noncitizens; (2) how counties with different immigration perspectives have responded to such an immigration enforcement program; and (3) whether the implementation of S-Comm has really made local communities safer as in the program goal. For analysis, 541 counties were selected, and their noncitizen enforcement results under S-Comm were analyzed with 5 time points, covering a 13-month period (Dec. 2011 - Jan. 2013) with longitudinal data analyses. In spite of the rosy advertisement of this program, analysis of S-Comm showed a very different picture. Unlike the federal immigration agency's promise of targeting dangerous criminal noncitizens, 1 in 4 noncitizen removals were for noncriminal violations, and more than half of noncitizen deportations were for misdemeanor charges and immigration violations in the name of "criminal aliens." Based on latent class analysis, three distinct subgroups of counties having different immigration enforcement policy perspectives were extracted, and there have been huge local variations over time on two key intergovernmental enforcement actions under the implementation of S-Comm: immigration detainer issuances and noncitizen deportations. Finally, unlike the federal immigration agency's "immigrant-crime nexus" assumption for legitimating the implementation of S-Comm, no significant and meaningful associations between these two factors were found. With serious conflicts and debates among policy actors on the implementation of S-Comm, this program was finally terminated in November 2014; although, the essence of the policy continues under a different name. A series of results from this study indicate that the current enforcement-only policy approach has been wrongfully implemented, and fundamental reconsideration of immigration policy should be made. Enforcement-focused immigration policy could not solve fundamental immigration-related problems, including why noncitizens immigrate and how they should be dealt with as humans. More rational and humane approaches to dealing with immigration should be discussed at the national and local levels. / Dissertation/Thesis / Doctoral Dissertation Public Administration 2015

Public administration

Public policy

Immigration

Immigration Enforcement Policy

Intergovernmental Relations

Secure Communities

Descaindo a rede do reconhecimento: as pescadoras e o seguro-defeso na comunidade Cristo Rei no Careiro da Várzea

Soares, Sara Moreira

25 September 2012

Made available in DSpace on 2015-04-11T13:41:16Z (GMT). No. of bitstreams: 1 Sara Soares Moreira.pdf: 2857209 bytes, checksum: 0b5793e1468dbb74732acf0e166007e5 (MD5) Previous issue date: 2012-09-25 / FAPEAM - Fundação de Amparo à Pesquisa do Estado do Amazonas / O presente estudo aborda a questão do reconhecimento do trabalho das mulheres na pesca a partir da pesquisa realizada com as pescadoras da Comunidade Cristo Rei, no município do Careiro da Várzea, Amazonas. Dessa forma, tenciona a caracterização das mulheres pescadoras e seu reconhecimento como trabalhadoras da pesca e sua inserção na Política do Seguro-Desemprego do Pescador Artesanal (PSDPA), bem como a contribuição dessa política em suas formas de reprodução social. A pesca é uma das atividades mais importantes no cotidiano das famílias que habitam as áreas rurais e ribeirinhas da Amazônia, praticada principalmente em rios, lagos, paranás e igapós. Mas a presença feminina na atividade foi historicamente negada, silenciada, e o protagonismo das pescadoras subsumido na ideia de que na pesca as mulheres são apenas ajudadeiras. A partir dos anos 1990, estudos como o de Motta-Maués e Alencar trazem à tona a relevância da presença das mulheres na pesca, mas também destacam a dívida da academia e a carência de estudos sobre as pescadoras. As práticas cotidianas observadas no trabalho de campo e os relatos nas entrevistas evidenciam que as pescadoras da comunidade Cristo Rei vêm aos poucos rompendo com a invisibilidade na pesca, universo descrito eminentemente como masculino. Nessa luta pelo reconhecimento, essas trabalhadoras encontram subsídios na PSDPA, popularmente conhecida como seguro-defeso.

Mulheres pescadoras

Seguro-Defeso

Seguridade social

Careiro da Várzea - Amazonas

Women fishers

Secure closed season

OUTROS

Security Without Cost : A Cryptographic Log-structured File System / Säkerhet utan kostnad : Ett kryptografiskt log-strukturerat filsystem

Knutsson, Karl

January 2002

Historically, cryptographic file systems have been several times slower than non-cryptographic file systems. This paper describes the design and implementation of a fast Cryptographic Log-structured File System on OpenBSD. We experimentally demonstrate that our pro-totype file system performs close to the Fast File System (FFS) and the Log-structured File System (LFS). To increase performance, our file system performs most encryption and decryption work during disk read and write operations. This is possible thanks to the SEAL encryption algorithm, a software optimized stream cipher that allows the en-cryption work to be performed prior to the actual data is available. We believe that our cryptographic file system design is ideal for optimal read and write performance on locally stored confidential data. / Denna uppsats beskriver utvecklingen av ett kryptografiskt log-strukturerat filsystem och vi visar genom experiment att dess prestanda är jämförbar med lokala filsystem. / Karl Knutsson Skiftesgatan 40 332 35 Gislaved Sweden

File System

Secure File Storage

Log-structured File System

Cryptography

Computer Sciences

Datavetenskap (datalogi)

Identification and Evaluation of Security Activities in Agile Projects : A Systematic Literature Review and Survey Study

Ayalew, Tigist, Kidane, Tigist

January 2012

Context: Today’s software development industry requires high-speed software delivery from the development team. In order to do this, organizations make transformation from their conventional software development method to agile development method while preserving customer satisfaction. Even though this approach is becoming popular development method, from security point of view, it has some disadvantage. Because, this method has several constraints imposed such as lack of a complete overview of a product, higher development pace and lack of documentation. Although security-engineering (SE) process is necessary in order to build secure software, no SE process is developed specifically for agile model. As a result, SE processes that are commonly used in waterfall model are being used in agile models. However, there is a clash or disparity between the established waterfall SE processes and the ideas and methodologies proposed by the agile manifesto. This means that, while agile models work with short development increments that adapt easily to change, the existing SE processes work in plan-driven development setting and try to reduce defects found in a program before the occurrence of threats through heavy and inflexible process. This study aims at bridging the gap in agile model and security by providing insightful understanding of the SE process that are used in the current agile industry. Objectives: The objectives of this thesis are to identify and evaluate security activities from high-profile waterfall SE-process that are used in the current agile industry. Then, to suggest the most compatible and beneficial security activities to agile model based on the study results. Methods: The study involved two approaches: systematic literature review and survey. The systematic literature review has two main aims. The first aim is to gain a comprehensive understanding of security in an agile process model; the second one is to identify high-profile SE processes that are commonly used in waterfall model. Moreover, it helped to compare the thesis result with other previously done works on the area. A survey is conducted to identify and evaluate waterfall security activities that are used in the current agile industry projects. The evaluation criteria were based on the security activity integration cost and benefit provides to agile projects. Results: The results of the systematic review are organized in a tabular form for clear understanding and easy analysis. High-profile SE processes and their activities are obtained. These results are used as an input for the survey study. From the survey study, security activities that are used in the current agile industry are identified. Furthermore, the identified security activities are evaluated in terms of benefit and cost. As a result the best security activities, that are compatible and beneficial, are investigated to agile process model. Conclusions: To develop secure software in agile model, there is a need of SE-process or practice that can address security issues in every phase of the agile project lifecycle. This can be done either by integrating the most compatible and beneficial security activities from waterfall SE processes with agile process or by creating new SE-process. In this thesis, it has been found that, from the investigated high-profile waterfall SE processes, none of the SE processes was fully compatible and beneficial to agile projects. / (046) 73 6136215

Security Engineering

Agile projects

Security Activities

Secure Software Development

Computer Sciences

Datavetenskap (datalogi)

Software Engineering

Programvaruteknik