132 research outputs found

    Formal analysis of security models for mobile devices, virtualization platforms and domain name systems

    Get PDF
    En esta tesis investigamos la seguridad de aplicaciones de seguridad criticas, es decir aplicaciones en las cuales una falla podria producir consecuencias inaceptables. Consideramos tres areas: dispositivos moviles, plataformas de virtualizacion y sistemas de nombres de dominio. La plataforma Java Micro Edition define el Perfil para Dispositivos de Informacion Moviles (MIDP) para facilitar el desarrollo de aplicaciones para dispositivos moviles, como telefonos celulares y asistentes digitales personales. En este trabajo primero estudiamos y comparamos formalmente diversas variantes del modelo de seguridad especificado por MIDP para acceder a recursos sensibles de un dispositivo movil. Los hipervisores permiten que multiples sistemas operativos se ejecuten en un hardware compartido y ofrecen un medio para establecer mejoras de seguridad y flexibilidad de sistemas de software. En esta tesis formalizamos un modelo de hipervisor y establecemos (formalmente) que el hipervisor asegura propiedades de aislamiento entre los diferentes sistemas operativos de la plataforma, y que las solicitudes de estos sistemas son atendidas siempre. Demostramos tambien que las plataformas virtualizadas son transparentes, es decir, que un sistema operativo no puede distinguir si ejecuta solo en la plataforma o si lo hace junto con otros sistemas operativos. Las Extensiones de Seguridad para el Sistema de Nombres de Dominio (DNSSEC) constituyen un conjunto de especificaciones que proporcionan servicios de aseguramiento de autenticacion e integridad de origen de datos DNS. Finalmente, presentamos una especificaci´on minimalista de un modelo de DNSSEC que proporciona los fundamentos necesarios para formalmente establecer y verificar propiedades de seguridad relacionadas con la cadena de confianza del arbol de DNSSEC. Desarrollamos todas nuestras formalizaciones en el C´alculo de Construccion

    Especificación y verificación formal de sistemas críticos : Análisis de modelos de seguridad para dispositivos móviles

    Get PDF
    Este documento presenta resultados generados principalmente en el marco de una línea de investigación que involucra a dos proyectos de investigación: "Especificación formal y verificación de sistemas críticos", SeCyT-FCEIA, UNR (ING266), Argentina; y "STEVE: Seguridad a Través de Evidencia VErificable", proyecto PDT, DINACYT, Uruguay. Asimismo, algunas actividades de estos proyectos se enmarcaron en un proyecto de cooperación STIC-AMSUD: "ReSeCo: Reliability and Security of Distributed Software Components". El artículo describe esencial y sucintamente los trabajos realizados, las principales publicaciones obtenidas y la formación de recursos humanos en Argentina y Uruguay.Eje: Aspectos teóricos de Ciencias de la ComputaciónRed de Universidades con Carreras en Informática (RedUNCI

    M-Learning Using Mobile Learning Engine

    Get PDF
    The objective of M-Learning is to integrate the technology combined with the education in order to enhance the effectiveness of student's traditional learning process. In order to explore the use of mobile and handheld IT devices as a learning tool, many factors need to be considered such as its constraint and limitations. Therefore, intensive researches need to be done. The main purpose of M-Learning is to create flexible learning environment for students where the implementation of just-in-time learning is applied. Besides, it creates new approach of learning style. The most challenging part in implementing MLearning is in delivering the content as how users will view the materials in mobile devices instead of the usual large screen desktops. Apart from that, the technology of M-Learning is still new in Malaysia, therefore, a lot of risk and challenges involved in this project. Meanwhile, the target user is students. In this project the methodology used follows four processes which are planning, analysis, design and implementation. Efficiency and flexibly together with ease ofuse become the essential elements inconstructing the final system

    A Certified Access Controller for JME-MIDP 2.0 enabled Mobile Devices

    Get PDF
    Mobile devices, like cell phones and PDAs, allow to store information and to establish connections with external entities. In this sort of devices it is important to guarantee confidentiality and integrity of the stored data as well as ensure service availability. The JME platform, a Java enabled technology, provides the MIDP standard that facilitates applications development and specifies a security model for the controlled access to sensitive resources of the device. This paper describes a high level formal specification of an access controller for JME-MIDP 2.0. This formal definition of the controller has been obtained as an extension of a specification, developed using the Calculus of Inductive Constructions and the proof assistant Coq, of the MIDP 2.0 security model. The paper also discusses the refinement of the specification into an executable model and describes the algorithm which has been proven to be a correct implementation of the specified access controller

    Exploring the possibilities of three dimensional image manipulations on mobile devices

    Get PDF
    With the introduction of more powerful mobile microprocessors and colour screen technology, complex image manipulations on various mobile devices such as mobile phones and handheld devices have become a reality. As a consequence of these improvements, there has been an increasing demand by users for interactive computer games which produce complex graphics by utilizing these advanced hardware technologies. Three dimensional (3D) graphics have been used to produce realistic interactive imaging for computer games during recent years. Java, through its mobile device programming platform, provides the framework for such complex image manipulations in computer games deployed on Java compatible mobile devices. However, the lack of a standard 3D application-programming interface (API), supported by mobile phone manufactures, has resulted in the need for program developers to use custom APis to create 3D programs such as the WGE (Wireless Graphics Engine) API produced by TTPcom. There is some evidence that the use of custom APis to develop 3D graphic images may result in poor compatibility and performance across different mobile platforms and devices This study initially examines the proposed Sun Microsystems specification for the Java 2 Micro Edition (J2ME) Mobile 3D API for the development of 3D graphics programming of mobile devices. These specifications have been designed to create an Industry standard Mobile 3D API. In addition, this study investigates the current specification for the Java 2 Micro Edition (CDDC1.0.3), to ascertain to what extent the development of 3D gaming on mobile devices is effected by the deficiencies in the current specification. These deficiencies include a Jack of support of for a floating point data type and the specification\u27s reliance on fixed-point number calculations for developing 3D graphics. An assessment will be made to determine how these deficiencies influence the performance, stability of 3D algorithms deployed on different mobile device platforms. Investigations carried out on 3D graphics algorithm implementations on Java 2 Standard Edition (J2SE) platform suggests that the implementations rely on float data type and that the CLDC 1.0.3 configuration layer does not support the float data type. Experiments were conducted to determine whether fixed-point number methods can be used effectively to conduct precision calculations. These calculations are required to implement the 3D algorithms for the J2ME platform. In order to assess this, a simulation study was conducted on a number of emulators released by Nokia, Motorola and Siemens mobile phone manufactures. In addition, the algorithms were tested on a Java compatible Nokia 6610 mobile phone to ascertain if findings from emulator studies could be replicated on phones. The emulator study findings suggest that 3D algorithm implementations using fixed-point methods are compatible on Java compatible mobile handsets released by Nokia, Motorola and Siemens. Further more, it was shown that the fixed-point methods are suitable for implementing simple 3D algorithms (Rotation, Scaling and Translation). However, it was found that these methods were not suitable for extreme precision calculations such as Cartesian curve generations

    Development of an Ontology-based Framework and Tool for Employer Information Requirements (OntEIR)

    Get PDF
    The identification of proper requirements is a key factor for a successful construction project. Many attempts in the form of frameworks, models, and tools have been put forward to assist in identifying those requirements. In projects using Building Information Modelling (BIM), the Employer Information Requirements (EIR) is a fundamental ingredient in achieving a successful BIM project.As of April 2016, Building Information Modelling (BIM) was mandated for all UK government projects, as part of the Government Construction Strategy. This means that all central Government departments must only tender with suppliers that demonstrate their capability on working with the Level-2 BIM.One of the fundamental ingredients of achieving the BIM Level-2 is the provision of full and clear Employer Information Requirements (EIR). As defined by PAS 1192-2, EIR is a “pre- tender document that sets out the information to be delivered and the standards and processes to be adopted by the suppler as part of the project delivery process”. it also notes that “EIR should be incorporated into tender documentation to enable suppliers to produce an initial BIM Execution Plan (BEP)”.Effective definition of EIRs can contribute to better productivity; within the budget and time limit set and improve the quality of the built facility. Also, EIR contribute to the information clients get at the end of the project, which will enable the effective management and operation of the asset at less cost, in an industry, where typically 60% of the cost go towards maintenance and operation.The aim of this research is to develop a better approach, for producing a full and complete set of EIRs, which ensures that the clients information needs for the final model delivered by BIM be clearly defined from the very beginning of the BIM process. It also manages the collaboration between the different stakeholders of the project, which allows them to communicate and deliver to the client’s requirements. In other words, an EIR that manages the whole BIM process and the information delivered throughout its lifecycle, and the standards to be adopted by the suppliers as an essential ingredient for the success of a BIM project. For the research to be able to achieve the aims set and the formulated objectives, firstly a detailed and critical review on related work and issues was conducted. Then the initial design of the OntEIR Framework, which introduced the new categorisation system of the information requirements and the elicitation of requirements from high-level needs using ontology was presented. A research prototype of an online tool was developed as a proof-of- concept to implement and operationalise the research framework.The evaluation of the framework and prototype tool via interviews and questionnaires was conducted with both industry experts and inexperienced stakeholders. The findings indicateivthat the adoption of the framework and tool, in addition to the new categorisation system, could contribute towards effective and efficient development of EIRs that provide a better understanding of the information requirements as requested by BIM, and support the production of a complete BIM Execution Plan (BEP) and a Master Information Delivery Plan (MIDP)

    Point of Care Healthcare Quality Control for Patients Using Mobile Devices

    Get PDF
    The advances made in the domain of mobile telecommunications over the last decade offer great potential for developments in many areas. One such area that can benefit from mobile communications is telemedicine, which is the provision of medical assistance, in one form or another, to patients who are geographically separated from the healthcare provider. When a person is ill, individual attention from medical professionals is of the utmost importance until they have returned to full health. However, people who suffer with long term and chronic illnesses may need life long care and often must manage their condition at home. Many chronically ill patients manage their condition themselves and perform ‘self-testing’ with Point of Care Test (POCT) equipment as part of this condition management. When a specimen sample is analysed at home with a POCT device, a result is available to the patient almost immediately, but the result cannot be proven to be plausible for the patient unless it is validated by the hospital systems. In addition to this the hospital is unaware of the patients condition and progress between hospital visits. This research addresses some of the issues and problems that fact patients who use POCT equipment to ‘self-manage’ their condition at home. Using mobile phone technologies and the Java platform, three alternative methods for providing patients with a service of POCT result validation and storage was designed. The implementation and test of these systems, proves that a mobile phone solution to the issues associated with patient self-testing is possible and can greatly contribute to the quality of patient care

    Seguridad informática en la Universidad de la República

    Get PDF
    Este artículo presenta al Grupo de Seguridad Informática de la Facultad de Ingeniería de la Universidad de la República (Uruguay), creado en 2006. Se describen los trabajos de investigación del grupo y los resultados generados, proveyendo referencias a sus artículos publicados. Se incluye asimismo una breve descripción de la actividad de formación curricular universitaria a cargo del equipo

    DEVELOPMENT AND USABILITY EVALUATION OF PLATFORM INDEPENDENT MOBILE LEARNING APPLICATION (M-LA)

    Get PDF
    In today’s digital age, wireless technology and widespread use of handheld devices are going under a continuous advancement to provide information anywhere and at anytime. Furthermore, these technologies are being utilized in the field of education and called mobile learning (M-Learning). Hence, M-learning means using of mobile devices and wireless computing as a learning instrument and communication technology respectively. The limitations of M-learning include either hardware or software of mobile devices, content creation, and no standards for mobile learning system (M-LS), wireless technology, and security. The main objectives of this research are to study and design model for M-learning approach; to develop platform independent M-learning application (M-LA) for Fundamentals of Programming course; to design M-LS platform classification, and to evaluate the effectiveness and usability of the application. In addition, under the development of this application the following aspects are considered: learning theories, M-learning development principles, and some of the aforementioned M-learning limitations. To achieve the above mentioned objectives, ADDIE (Analysis, Design, Development, Implementation, and Evaluation) life cycle is adapted which is one type of instructional design model (IDM). The application has been developed using Java 2 Micro Edition (J2ME), and Extensible Markup Language (XML). It contains several sections, but the main modules are Lecture Materials, and Quiz. Quasi Experiment Design and usability attributes was used to evaluate the effectiveness and usability of the application respectively using Universiti Teknologi PETRONAS foundation students. Finally, the data was analyzed using quantitative and qualitative method. The quantitative data was analyzed using coefficient variance and independent t-Test, and Cronbach alpha used to measure the internal reliability of the data. Overall results show that M-LA is efficient to improve learners’ performance, makes learning enjoyable, support continuous learning and learning time is reduced, and fulfilled the usability needs
    corecore