Skadlig kod och sårbarheter i Windows : En studie i virusens historia och nutidens olika säkerhetsrisker

Lejdemalm, Roger, Andreasson, Daniel

January 2008

I dag kan man oftast läsa om olika säkerhetshot och risker en datoranvändare måste tänka på för att inte ge någon utomstående möjlighet att komma åt känslig och/eller privat information. Här talas det om nya virus och nya typer av trojaner som sprids som epidemier över Internet, och i bland handlar det om ett spionprogram som följer med en nedladdad fil. Det är svårt att hålla reda på alla typer av skadlig kod som nämns fast med ökad förståelse ökar också chanserna för att klara sig från smitta. Det har visat sig att utvecklingen av skadlig kod är lika stark som den inom kommersiella mjukvaror. Från persondatorns uppkomst i början av 80-talet och fram till i dag, har utveckling skett i alla områden av den skadliga kod det handlar om strategi, syfte och framförallt ren kodkomplexitet. Dagens ledande leverantör av operativsystem och webbläsare, Microsoft, lovar allt mer sofistikerade säkerhetslösningar varje gång en ny version av ett program släpps. Framförallt nämndes det i samband med lanseringen av Windows Vista att säkerheten var det som stod högst på listan. Vi har tillsammans med WM-data i Stockholm tagit fram en programvara för fjärradministration av Windows. Huvudmålet var att med hjälp av våra baskunskaper i programmering skapa ett program för Windows XP och Windows Vista där en rad funktioner skulle kunna fjärrstyras utan att en användare vid den drabbade datorn upptäckte intrånget. I denna rapport beskrivs utvecklingen av programvaran och de tester som gjorts på de båda operativsystemen. Vidare delas begreppet ”skadlig kod” upp i kategorierna virus, maskar, trojaner samt rootkits och förklaras mer ingående tillsammans med en historisk bild över hur utvecklingen av skadlig kod har sett ut. / In media today, you often read about different security threats and risks that one has to be aware of. Many things must be taken into consideration in order to maintain your integrity and information secrecy. It might be new virus outbreak, a new trojan or some kind of spy ware that undetected finds the way to your computer. It’s hard to keep track of all terms and types of malicious code, and with greater understanding, the risk of infection decreases. The development when it comes to malicious code is as strong as the one in commercial software development. From the 80’s until present day, every area in the development of malicious code has evolved, from strategy and purpose to the pure complexity of the code. Microsoft, the worlds leading supplier of operating systems and web browsers, ensure us with every new release, that measures has been taken in order to enhance the security features. As the new operating system Windows Vista was released, spokesmen said that the security was now the highest priority. We have, together with WM-data in Stockholm, developed software for remote administration of Windows. The objectives where by using our limited programming skills only, to come up with a program for Windows XP and Windows Vista, where a number of functions could be remotely executed without alerting a user at the infected computer. This report describes the development of the software together with test results of execution on both operating systems. Further on, the report discusses different types of malicious code, such as viruses, worms, Trojans and root kits, together with a historical study of the development of malicious code.

Virus history

trojans

root kits

security mechanisms

Windows Vista UAC

developing malicious code

Windows built-in security features

Computer Sciences

Datavetenskap (datalogi)

Multiplattformtjänster på mobila enheter

Ulén, Johannes

January 2015

Mobila enheter så som mobiltelefoner och surfplattor är idag väldigt vanliga i arbetslivet, där de inte bara används för kommunikation utan även för att utföra arbetsuppgifter. Alla verktyg finns dock inte alltid tillgängliga för sådana enheter eller i alla fall inte i en form som gör det praktiskt att använda dem. Systemet Semko Instrument Register (SIR), utvecklat av Triona, är ett sådant verktyg i form av en ej mobilanpassad hemsida, som bland annat används för att hämta kalibreringscertifikat för mätinstrument. Målet med detta projekt är att komma fram till ett sätt att tillgängliggöra systemet på så många olika typer av mobila enheter som möjligt, på ett så enkelt sätt som möjligt. Olika metoder (mobilanpassade webbsidor, plattformsspecifika applikationer och plattformsoberoende applikationer) jämförs och analyseras, med fokus på möjligheter till att använda samma kod på flera plattformar samtidigt och huruvida de kan uppfylla kraven som är ställda på applikationen eller ej. Designförslaget tar upp ett sådant sätt, som sedan utvärderas med hjälp av olika aspekter, exempelvis mängd kod som kan återanvändas på flera plattformar. Slutsatsen är att det bästa sättet att tillgängliggöra en tjänst på så många plattformar som möjligt är genom mobilanpassade webbsidor, men på grund av de krav som ställts på projektet användes istället Ionic, ett webbteknologi-baserat verktyg för plattformsoberoende applikationsutveckling, då moderna webbläsare ej ännu har den funktionalitet som krävdes. / Mobile devices such as smartphones and tablets are very common at companies nowadays, where they’re not just used for communication but also for doing work. Not all tools are available for such devices though, or at least not in a suitable form that makes it practical to use them. Semko Instrument Register (SIR) is a such a system, developed by Triona, in the form of a website that is not adapted for mobile devices, which is used for downloading calibration certificates for measuring instruments among other things. The goal of this project is to come up with a method of making the system available to as many mobile devices as possible in the simplest way possible. Different methods (websites adapted for mobile devices, native applications and cross-platform applications) are compared and analysed with a focus on possibilities for sharing code on multiple platforms and whether they’re able to fulfill what is required of the application. The design chapter presents such a method which is then evaluated on different aspects, such as the amount of code that can be shared between platforms. The conclusion is that the best way of making a system available on multiple platforms is through websites adapted for mobile devices, but because of this particular system’s requirements a cross-platform solution called Ionic was used instead, as modern mobile browsers are not yet able to fulfill what was required of the application.

iOS

Android

Windows Phone 8

mobile devices

web technologies

cross-platform applications

iOS

Android

Windows Phone 8

mobila enheter

webbteknologier

plattformsoberoende applikationer

Computer and Information Sciences

Data- och informationsvetenskap

Multiplatformní RPG hra pro více hráčů / Multi-platform Multiplayer RPG Game

Do Manh, Tuan

January 2015

Title: Multi-platform Multiplayer RPG Game A multi-platform game, which would be able to run on various devices with Windows 8.1 and Windows Phone 8.1 systems, was created in this work. It was supposed to be a universal game client executable on desktop PCs, notebooks, tablets or mobile phones. The game was supposed to be role-playing game (RPG) with focus on turn-based action combat. In this work, a 3D game engine was written which supports rendering simple scenes with objects and animated characters. The engine was developed using DirectX. The engine was written in .NET C# using SharpDX library. A cross-device communication framework based on bluetooth technology was implemented in this project as well. This communication framework allows two game clients running on two different devices to communicate with each other.

Optimalizace tras při rozvozu zásilek / Route optimization for the parcels distribution

Ptáčková, Michaela

January 2014

This thesis deals with optimization problems of the parcels distribution. This issue can be solved on the ground of traveling salesman problem whose mathematical and economic model, including their modifications, are presented in the theoretical part of the thesis. We can solve these problems by using exact methods, heuristic and metaheuristic algorithms. In the theoretical part are described traveling salesman problem, traveling salesman problem with time windows, traveling salesman problem with multiple time windows and dynamic traveling salesman problem including possible ways of solution. In the practical part we can find application of problems on the real example, when we are finding the shortest possible route for the PPL's employee under different assumptions. The solution is obtained by using solver Gurobi within the modelling system MPL for Windows. In conclusion of the thesis the results are summarized and models are compared with each other.

Podpora webových služeb v prostředí .NET framework / Web services support in the .NET framework

Fischer, Roman

January 2008

The work targets the very important part of service oriented architecture -- web services. It is focused at one of its practical implementation, from the Microsoft Corporation, especially in the last two releases of .NET Framework. The main target of this work is comprehensive summary and demonstration of Microsoft web services development. The principles of web services and their base in the .NET Framework are described here. At the beginning of this work the web services are put into the scope of service oriented architecture and their main principles are described. Subsequently the .NET Framework is explained with its main principles and with the comparison to the JAVA technology. This part is finished with the explanation of classic ASMX web services. The main part of this work focuses at detailed description of the theoretical and practical aspects of web services in the Windows Communication Foundation and the Windows Workflow Foundation context. Even the development of Windows Forms application is not left out, because they also have done a large progress and they are often consumers of web services. The options of securing web services in the .NET Framework are shown both theoretically and practically including authentication and authorization. The methods of transactional behavior are shown too. The work also focuses at the orchestration of web services including the explanation of workflows with the deployment example. At the end of the work there is revealed how to guarantee interoperability with other technologies, how to manage web services and how to ensure their versioning.

Windows Phone 7 aplikace s backendem na Windows Azure / Windows Phone7 Application with Backend on Windows Azure

Kolín, Tomáš

January 2011

The main objective of this diploma thesis is to design and develop a cloud hosted service that allows developers of games for Windows Phone 7 platform to extend their products with social and competitive aspect using Platform as a Service solution Windows Azure for hosting the backend of this system. The first part of the thesis analyses systems that are available on the market and that are providing similar services for the target platform. Based on this analysis, functional and general requirements for the future application are specified in the second part. Based on these requirements, use case analysis is made. The third part of the thesis is dedicated to description of the most important features, APIs and specifics of the Windows Phone 7 software platform. The fourth part is dedicated to Windows Azure as a Cloud platform both in terms of most important services, their characteristics and APIs used to utilise them and in terms of their business and pricing conditions. The fifth part addresses the architecture and the most important implementation details of the application. The final part contains the user guide for both the Windows Phone 7 application and for developers interested in using the library containing the API during the development of their game. The output of this thesis is the designed and implemented application with client-server architecture ready to have its backend deployed in Windows Azure environment and to have its frontend deployed on Windows Phone 7 devices. The client part of the system is comprised of a library intended for developers of games, which encapsulates the API needed to access the backend on the Internet, and a graphic frontend intended for end users. The server part, which contains most of the application logic, has REST interface. The applications architecture allows future development in terms of new functionality and expansion on more client platforms.

Tvorba mapové aplikace pro sledování polohy v Cloudu - klientská část Windows Phone 7 / Development of map application for tracking in cloud - Client side on Windows Phone 7

Čurda, Vít

January 2011

This thesis deals with developing applications on Windows Phone 7. The application focuses on two main target groups; cyclists and individuals who are confined to wheelchairs. Application offers the possibility of navigating around the city and over difficult terrain, and is divided into two parts - the client side application, and server side application. Development of the server side application will be analyzed in the thesis Development of map application for tracking in cloud - Server side on Windows Azure, by Vojtech Ruzicka. The primary objective of this thesis is to offer new solutions for development on Windows Phone 7, with attention being given to the communication between client and server. The second objective is to provide the public with the free application, which will help cyclists and handicapped individuals to navigate through cities around the world. The primary goal of this thesis will be achieved by identifying any problems that may arise during development, whereby a simplified description of the problem will be formed and a solution provided. Realization of the second goal will be in the use of application by the public, by providing them with an efficient means of increasing their mobility throughout their surroundings.

Performance and Design of Retention Anchors in Blast Resistant Windows

Alameer, Alameer Marai

01 December 2020

Windows in building façade are vulnerable to blast pressures. When subjected to blast shock waves, glass windows may suffer failures, potentially causing serious injuries and casualties to the building occupants due to the flying glass shards and other projectiles. Protective films and laminated glass are widely used to protect windows against blast loads. These techniques have proven to reduce or prevent hazards associated with glass breakage. The use of steel or strengthened aluminum frames also reduce window blast hazards associated with frame failures. However, such measures are not always sufficient to mitigate the blast hazard if window retention anchors do not have sufficient resistance to blast pressures. Research on blast resistant windows is scarce in the literature. Therefore, a comprehensive research project was undertaken to address the behaviour, analysis, and design of window retention anchors. The research program consisted of combined experimental and analytical components. Three main phases were pursued, comprising of: i) Experimental research using a shock tube as blast simulator, ii) Numerical investigation based on three-dimensional finite element method (FEM) of analysis, and iii) Non-linear dynamic analysis of window systems based on a single-degree-of-freedom (SDOF) simplification. The experimental phase consisted of tests of 23 punched windows mounted on four different types of substrates consisting of structural steel, reinforced concrete, concrete block masonry, and stone masonry. The experimental parameters included window size and aspect ratio, glazing type, protective film thickness, substrate type, as well as the number and pattern of window retention anchors. Two levels of blast pressure-impulse combinations were used as per the recommendations of the U.S General Services Administration (GSA).The numerical phase involved FEM modelling and analysis of selected test windows. The FEM models were first validated against test results. The validated models were then employed to conduct an analytical parametric study. The parameters in this phase consisted of; substrate type, window frame rigidity, anchor fixity level in the substrate, window aspect ratio and size, anchor spacing, and blast pressure-impulse combination. The results demonstrated the significance of design parameters on window response, while also defining anchor force distribution along the window frame. A simplified SDOF method of analysis was developed for window systems, including the effects of anchor flexibility and substrate rigidity on non-linear response. The analysis approach includes the construction of window resistance functions in pre-break and post-break phases of response, where the latter stage of response is dominated by the membrane action of protective film. The analysis leads to the computation of anchor design forces, which have been validated against anchor shear and axial tension forces recorded experimentally. The SDOF analysis is recommended for use in designing blast-resistant window retention anchors on different substrates.

Shock tube tests

Blast-resistant windows

Blast tests

FEM

SDOF

Retention anchor

Window anchor design

Glazed windows

Glazing resistant

CSA 852-18

Explosin

Standoff distance

Detekce, lokalizace a určení plochy chronických ran / Detection, Localization and Determination of Chronic Wounds

Gulán, Filip

January 2018

The aim of this diploma thesis is to design and implement a multiplatform application for detection, localization and determination of the extent of chronic wounds. The application is intended to assist nurses, doctors and healthcare assistants to monitor and evaluate chronic wounds in the course of treatment. The application is based on the Typescript programming language, on the Ionic hybrid application framework and on the Electron desktop application framework. Chronic wound assessment runs on the server-side where the Python programming language is used. The Flask application framework is used for the RESTful application interface and the OpenCV library is used for image processing.

Návrh aplikace pro správu tenkých klientů / Thin Client Management Solution Design

Juhaňák, Filip

January 2013

This thesis focuses on designing and developing a centralized management and configuration solution for the thin clients offered by the OldanyGroup s.r.o. company. The purpose of this application is to simplify the thin client administration and control for customers as well as to improve the competitiveness of the whole thin client solution offered by the company.