Security Analysis and Improvement Model for Web-based Applications

Wang, Yong

14 January 2010

Today the web has become a major conduit for information. As the World Wide Web?s popularity continues to increase, information security on the web has become an increasing concern. Web information security is related to availability, confidentiality, and data integrity. According to the reports from http://www.securityfocus.com in May 2006, operating systems account for 9% vulnerability, web-based software systems account for 61% vulnerability, and other applications account for 30% vulnerability. In this dissertation, I present a security analysis model using the Markov Process Model. Risk analysis is conducted using fuzzy logic method and information entropy theory. In a web-based application system, security risk is most related to the current states in software systems and hardware systems, and independent of web application system states in the past. Therefore, the web-based applications can be approximately modeled by the Markov Process Model. The web-based applications can be conceptually expressed in the discrete states of (web_client_good; web_server_good, web_server_vulnerable, web_server_attacked, web_server_security_failed; database_server_good, database_server_vulnerable, database_server_attacked, database_server_security_failed) as state space in the Markov Chain. The vulnerable behavior and system response in the web-based applications are analyzed in this dissertation. The analyses focus on functional availability-related aspects: the probability of reaching a particular security failed state and the mean time to the security failure of a system. Vulnerability risk index is classified in three levels as an indicator of the level of security (low level, high level, and failed level). An illustrative application example is provided. As the second objective of this dissertation, I propose a security improvement model for the web-based applications using the GeoIP services in the formal methods. In the security improvement model, web access is authenticated in role-based access control using user logins, remote IP addresses, and physical locations as subject credentials to combine with the requested objects and privilege modes. Access control algorithms are developed for subjects, objects, and access privileges. A secure implementation architecture is presented. In summary, the dissertation has developed security analysis and improvement model for the web-based application. Future work will address Markov Process Model validation when security data collection becomes easy. Security improvement model will be evaluated in performance aspect.

Testing Challenges in Web-based Applications with respect to Interoperability and Integration / Testande Utmaningar i Webbaserade Applikationer med avseende på Interoperabilitet och Integration

Farooq, Umar, Azmat, Usman

January 2009

Testing is one of the critical processes in software development life cycle. It plays key role in the success of software product by improving its quality. Web-based applications are emerging and evolving rapidly; their importance and complexity is also increasing. Heterogeneous and diverse nature of distributed components, applications; along with their multi-platform support and cooperativeness make these applications more complex and swiftly increasing in their size. Quality assurance of these applications is becoming more crucial and important; testing is one of the key processes to achieve and ensure the quality of these software or Web-based products. There are many testing challenges involved in Web-based applications. But most importantly interoperability and integration are the most critical testing challenges associated with Web-based applications. There are number of challenging factors involved in both integration and interoperability testing efforts. These integration and interoperability factors have almost 70 percent to 80 percent impact on overall quality of Web-based applications. In software industry different kind of testing approaches are used by practitioners to solve the issues associated with integration and interoperability, which are due to ever increasing complexities of Web-based applications. It is fact that both integration and interoperability are inter-related and it is very helpful to cover all the possible issues of interoperability testing that will reduce the integration testing effort. It will be more beneficial if a dedicated testing team is placed to perform the both integration and interoperability testing. / +46 73 55 955 15 +46 73 95 120 32

Integration and interoperability testing

Web-based applications assurance

software testing

Computer Sciences

Datavetenskap (datalogi)

Software Engineering

Programvaruteknik

AJAX technologijų analizė ir demonstravimas / Ajax technology analysis and demonstration

Šilinskas, Almantas

16 January 2007

In the thesis, it was reviewed Ajax technology and developed using Ajax and Java programming language “Online presentation”. Software “Online presentation” allow demonstrators to make online presentations to remote users through the Internet in a real-time and synchronous manner. Demonstrator uploads picture format files and can delete them if he does not need them anymore. The demonstrator can invite viewers to join his presentation by e-mail, generated link and login. In addition, the demonstrator can upload various format files and allow them to download. The only requirement to use “Online presentation” is to have a browser and the internet connection.

Informatics Engineering

Ajax technology

Online presentation

Interneto technologijos

Rich internet client

Vartotojo sąsaja

Informacinės technologijos

web based applications

Ajax technologijos

New opportunities provided by the Swedish electricity meter reform

Wallin, Fredrik

January 2010

The reduction of the impact of energy consumption is a priority issue and a major challenge that concerns every country in the world. This is a complex task that needs to be tackled from several angles in the search for areas where optimizations and savings can be made. In Sweden an electricity meter reading reform was fully implemented by 1st July 2009, including 5.2 million customers, and this created new set of circumstances in the Swedish electricity market. The main purpose of this thesis work has been to investigate the possibilities of increasing the use of remote meter readings. Two research questions have been: “How can the electricity market benefit from remote collected meter readings?” and “Where do barriers appear when utilizing meter readings?”. The work started in 2000/2001 to study Internet based applications that visualize electricity consumption patterns. Over these years the daily internet users have increased from approximately 40 % to 73 % and new markets for web-based applications have evolved. These solutions can be important in the forthcoming years as energy portals that hold new energy services. Experiences from new installations indicate that at least interested customers do submit information concerning building and household properties through internet. Still, it is challenging to enable the majority of customers to take part in these new solutions. It may therefore be important to remind customers on a regular basis in order maintain the frequency using the application and to make it habitual. Further the introduction of demand-based pricing allows electricity distribution utilities to achieve a stronger correlation between peak loads in the distribution network area and their revenues.

automatic meter reading (AMR)

advanced metering infrastructure (AMI)

peak load

consumption patterns

visualize

consumption feed-back

added values

demand-based

tariffs

bottom-up modeling

web-based applications

TECHNOLOGY

TEKNIKVETENSKAP

Development and validation of an integrated model for evaluating e-service quality, usability and user experience (e-SQUUX) of Web-based applications in the context of a University web portal

Ssemugabi, Samuel

01 1900

Text in English / Developments in Internet technology and pervasive computing over the past two and half decades have resulted in a variety of Web-based applications (WBAs) that provide products and services to online users or customers. The Internet is used not only to transfer information via the web but is increasingly used to provide electronic services including business transactions, information-delivery and social networking, as well as e-government, e-health and e-learning. For such organisations, e-service quality, usability and user experience are considered to be critical determinants of their products’ or services’ success. Many studies to model these three concepts separately have been undertaken as part of broader studies of software quality or service quality modelling. However, to the current researcher’s knowledge, none of the studies have focussed on proposing an evaluation model that integrates and combines the three of them. This research is an effort to fill that gap. The primary purpose of this mixed-methods research was to develop a conceptual integrated model for evaluating e-service quality, usability and user experience (e-SQUUX) of WBAs and then contextualise it to evaluation of a University web portal (UWP). This was undertaken using an exploratory sequential research design. During a qualitative phase, an extensive extensive systematic literature review of 264 relevant sources relating to dimensions of e-service quality, usability and user experience, was undertaken to derive an integrated conceptual e-service quality, usability and user experience (e-SQUUX) Model for evaluating WBAs. The model was then empirically refined through a sequential series of validations, thus developing various versions of the e-SQUUX Model. First, it was content validated by a set of four expert reviewers. Second, during the quantitative phase, in the context of a University web portal, a questionnaire survey was conducted that included a comprehensive pilot study with 29 partipants, prior to the main survey. The main survey data from 174 particiapants was used to determine a validated model, using Exploratory factor analysis (EFA), followed by producing a structural model, using partial least square – structural equation modelling (PLS-SEM). This version consisted of the components of the final e-SQUUX Model. Consequently, the research enriches the body of knowledge on IS and HCI by providing the e-SQUUX Model as an evaluation tool. For designers, developers and managers of UWPs, the model serves as a customisable set of evaluation criteria and also provides specific recommendations for design. In line with the Exploratory sequential design of mixed methods research, the findings of the qualitative work in this research influenced the subsequent quantitative study, since the potential Likert-scale questionnaire items were derived from the definitions and meanings of the components that emanated from the qualitative phase of the study. Consequently, this research is an exemplar for developing an integrated evaluation model for specific facets or domains, and of its application in a particular context, in this case, a University web portal. Keywords: e-service quality, usability, user experience, evaluation model, integrated model, exploratory factor analysis, partial least square – structural equation modelling (PLS-SEM), mixed methods research, Exploratory sequential design, quantitative study, qualitative study, validation, Web-based applications, University web portal / Information System / Ph D. (Information Systems)

E-service quality

Usability

User experience

Evaluation model

Integrated model

Exploratory factor analysis

(PLS-SEM)

Mixed methods research

Exploratory sequential design

Quantitative study

Qualitative study

Validation

Web-based applications

University web portal

Web portals

Web portals

Web applications

Web applications

User-centered system design