UML consistency rules: a systematic mapping study

Context: The Unified Modeling Language (UML), with its 14 different diagram types, is the de-facto standard tool for objectoriented modeling and documentation. Since the various UML diagrams describe different aspects of one, and only one, software under development, they are not independent but strongly depend on each other in many ways. In other words, the UML diagrams describing a software must be consistent. Inconsistencies between these diagrams may be a source of the considerable increase of faults in software systems. It is therefore paramount that these inconsistencies be detected, ana

Automatic Control and Routing of Marine Vessels

Due to the intensive development of the global economy, many problems are constantly emerging connected to the safety of ships’ motion in the context of increasing marine traffic. These problems seem to be especially significant for the further development of marine transportation services, with the need to considerably increase their efficiency and reliability. One of the most commonly used approaches to ensuring safety and efficiency is the wide implementation of various automated systems for guidance and control, including such popular systems as marine autopilots, dynamic positioning systems, speed control systems, automatic routing installations, etc. This Special Issue focuses on various problems related to the analysis, design, modelling, and operation of the aforementioned systems. It covers such actual problems as tracking control, path following control, ship weather routing, course keeping control, control of autonomous underwater vehicles, ship collision avoidance. These problems are investigated using methods such as neural networks, sliding mode control, genetic algorithms, L2-gain approach, optimal damping concept, fuzzy logic and others. This Special Issue is intended to present and discuss significant contemporary problems in the areas of automatic control and the routing of marine vessels

Security and trust in cloud computing and IoT through applying obfuscation, diversification, and trusted computing technologies

Cloud computing and Internet of Things (IoT) are very widely spread and commonly used technologies nowadays. The advanced services offered by cloud computing have made it a highly demanded technology. Enterprises and businesses are more and more relying on the cloud to deliver services to their customers. The prevalent use of cloud means that more data is stored outside the organization’s premises, which raises concerns about the security and privacy of the stored and processed data. This highlights the significance of effective security practices to secure the cloud infrastructure. The number of IoT devices is growing rapidly and the technology is being employed in a wide range of sectors including smart healthcare, industry automation, and smart environments. These devices collect and exchange a great deal of information, some of which may contain critical and personal data of the users of the device. Hence, it is highly significant to protect the collected and shared data over the network; notwithstanding, the studies signify that attacks on these devices are increasing, while a high percentage of IoT devices lack proper security measures to protect the devices, the data, and the privacy of the users. In this dissertation, we study the security of cloud computing and IoT and propose software-based security approaches supported by the hardware-based technologies to provide robust measures for enhancing the security of these environments. To achieve this goal, we use obfuscation and diversification as the potential software security techniques. Code obfuscation protects the software from malicious reverse engineering and diversification mitigates the risk of large-scale exploits. We study trusted computing and Trusted Execution Environments (TEE) as the hardware-based security solutions. Trusted Platform Module (TPM) provides security and trust through a hardware root of trust, and assures the integrity of a platform. We also study Intel SGX which is a TEE solution that guarantees the integrity and confidentiality of the code and data loaded onto its protected container, enclave. More precisely, through obfuscation and diversification of the operating systems and APIs of the IoT devices, we secure them at the application level, and by obfuscation and diversification of the communication protocols, we protect the communication of data between them at the network level. For securing the cloud computing, we employ obfuscation and diversification techniques for securing the cloud computing software at the client-side. For an enhanced level of security, we employ hardware-based security solutions, TPM and SGX. These solutions, in addition to security, ensure layered trust in various layers from hardware to the application. As the result of this PhD research, this dissertation addresses a number of security risks targeting IoT and cloud computing through the delivered publications and presents a brief outlook on the future research directions.Pilvilaskenta ja esineiden internet ovat nykyään hyvin tavallisia ja laajasti sovellettuja tekniikkoja. Pilvilaskennan pitkälle kehittyneet palvelut ovat tehneet siitä hyvin kysytyn teknologian. Yritykset enenevässä määrin nojaavat pilviteknologiaan toteuttaessaan palveluita asiakkailleen. Vallitsevassa pilviteknologian soveltamistilanteessa yritykset ulkoistavat tietojensa käsittelyä yrityksen ulkopuolelle, minkä voidaan nähdä nostavan esiin huolia taltioitavan ja käsiteltävän tiedon turvallisuudesta ja yksityisyydestä. Tämä korostaa tehokkaiden turvallisuusratkaisujen merkitystä osana pilvi-infrastruktuurin turvaamista. Esineiden internet -laitteiden lukumäärä on nopeasti kasvanut. Teknologiana sitä sovelletaan laajasti monilla sektoreilla, kuten älykkäässä terveydenhuollossa, teollisuusautomaatiossa ja älytiloissa. Sellaiset laitteet keräävät ja välittävät suuria määriä informaatiota, joka voi sisältää laitteiden käyttäjien kannalta kriittistä ja yksityistä tietoa. Tästä syystä johtuen on erittäin merkityksellistä suojata verkon yli kerättävää ja jaettavaa tietoa. Monet tutkimukset osoittavat esineiden internet -laitteisiin kohdistuvien tietoturvahyökkäysten määrän olevan nousussa, ja samaan aikaan suuri osuus näistä laitteista ei omaa kunnollisia teknisiä ominaisuuksia itse laitteiden tai niiden käyttäjien yksityisen tiedon suojaamiseksi. Tässä väitöskirjassa tutkitaan pilvilaskennan sekä esineiden internetin tietoturvaa ja esitetään ohjelmistopohjaisia tietoturvalähestymistapoja turvautumalla osittain laitteistopohjaisiin teknologioihin. Esitetyt lähestymistavat tarjoavat vankkoja keinoja tietoturvallisuuden kohentamiseksi näissä konteksteissa. Tämän saavuttamiseksi työssä sovelletaan obfuskaatiota ja diversifiointia potentiaalisiana ohjelmistopohjaisina tietoturvatekniikkoina. Suoritettavan koodin obfuskointi suojaa pahantahtoiselta ohjelmiston takaisinmallinnukselta ja diversifiointi torjuu tietoturva-aukkojen laaja-alaisen hyödyntämisen riskiä. Väitöskirjatyössä tutkitaan luotettua laskentaa ja luotettavan laskennan suoritusalustoja laitteistopohjaisina tietoturvaratkaisuina. TPM (Trusted Platform Module) tarjoaa turvallisuutta ja luottamuksellisuutta rakentuen laitteistopohjaiseen luottamukseen. Pyrkimyksenä on taata suoritusalustan eheys. Työssä tutkitaan myös Intel SGX:ää yhtenä luotettavan suorituksen suoritusalustana, joka takaa suoritettavan koodin ja datan eheyden sekä luottamuksellisuuden pohjautuen suojatun säiliön, saarekkeen, tekniseen toteutukseen. Tarkemmin ilmaistuna työssä turvataan käyttöjärjestelmä- ja sovellusrajapintatasojen obfuskaation ja diversifioinnin kautta esineiden internet -laitteiden ohjelmistokerrosta. Soveltamalla samoja tekniikoita protokollakerrokseen, työssä suojataan laitteiden välistä tiedonvaihtoa verkkotasolla. Pilvilaskennan turvaamiseksi työssä sovelletaan obfuskaatio ja diversifiointitekniikoita asiakaspuolen ohjelmistoratkaisuihin. Vankemman tietoturvallisuuden saavuttamiseksi työssä hyödynnetään laitteistopohjaisia TPM- ja SGX-ratkaisuja. Tietoturvallisuuden lisäksi nämä ratkaisut tarjoavat monikerroksisen luottamuksen rakentuen laitteistotasolta ohjelmistokerrokseen asti. Tämän väitöskirjatutkimustyön tuloksena, osajulkaisuiden kautta, vastataan moniin esineiden internet -laitteisiin ja pilvilaskentaan kohdistuviin tietoturvauhkiin. Työssä esitetään myös näkemyksiä jatkotutkimusaiheista

Análise de fatores críticos à implantação de parques científicos: um estudo de caso

Tese (doutorado) - Universidade Federal de Santa Catarina, Centro Tecnológico, Programa de Pós-Graduação em Engenharia e Gestão do Conhecimento, Florianópolis, 2015.O objetivo deste estudo é identificar fatores críticos à implantação de Parques Científicos e Tecnológicos (PCTs). Mesmo havendo um número crescente de PCTs em implantação no Brasil e no exterior, ainda existe lacuna na literatura sobre esse processo. Entende-se que, para que a implantação seja bem-sucedida, é necessário conhecer e gerenciar os fatores críticos envolvidos. Assim, com o intuito de identificar os fatores críticos de sucesso para a implantação de parques científicos, foi realizada uma revisão sistemática de literatura na base de dados Scopus, dos estudos relacionados ao tema publicados entre os anos de 2009 e 2015. Em paralelo, foi realizado um estudo de caso por meio de análise documental, que garantiu fidelidade de dados e ofereceu condições de inventariar as atividades e projetos desenvolvidos pelo PCT estudado. Também possibilitou mapear as ações planejadas em conjunto com as esferas pública e privada e, por fim, a análise do faturamento do Parque em implantação. Os resultados do estudo de caso demonstraram que a falta de um modelo conceitual e de diretrizes estabelecidas fragiliza o desenvolvimento de projetos e atividades oferecidas pelo parque, refletindo-se no seu papel estratégico. Na pesquisa de campo com os gestores do parque, foi possível identificar o entendimento desses atores quanto aos fatores críticos de sucesso. Os dados obtidos foram analisados por meio da triangulação entre métodos de pesquisa, em que a pesquisadora verificou os dados de maneira a proporcionar a sua compreensão para utilizá-los como subsídios na proposição de um modelo de framework conceitual para implantação de Parque Científico e Tecnológico.Abstract : The objective of this study is to identify factors critical to the implementation of Science and Technology Parks (PCTs). Even with a growing number of PCTs under implementation in Brazil and abroad, there is still shortage of studies on this process. It is understood that in order for the implementation to be successful, it is necessary to know and manage the critical factors involved. Thus, with the objective to identify critical success factors for implementing science parks, the study carried out a systematic review of literature on the Scopus database, the studies related to the subject published between 2009 and 2015. In parallel, a case study was conducted through document analysis, which ensured data fidelity and conditions offered to inventory the activities and projects developed by the PCT studied. It was possible to map the actions planned in conjunction with the public and private sector, and finally, the financial analysis of the Park under implementation. The case study results showed that the lack of a conceptual framework and established guidelines weakens the development of projects and activities offered by the park, reflected in its strategic role. In the field research with the managers of the park, it was possible to identify the understanding of these actors as the critical success factors. Data were analyzed using triangulation between research methods, in which the researcher found the data so as to provide their understanding, to use them as subsidies in proposing a conceptual framework model for Scientific and Technological Park deployment

Factors Influencing Customer Satisfaction towards E-shopping in Malaysia

Online shopping or e-shopping has changed the world of business and quite a few people have decided to work with these features. What their primary concerns precisely and the responses from the globalisation are the competency of incorporation while doing their businesses. E-shopping has also increased substantially in Malaysia in recent years. The rapid increase in the e-commerce industry in Malaysia has created the demand to emphasize on how to increase customer satisfaction while operating in the e-retailing environment. It is very important that customers are satisfied with the website, or else, they would not return. Therefore, a crucial fact to look into is that companies must ensure that their customers are satisfied with their purchases that are really essential from the ecommerce’s point of view. With is in mind, this study aimed at investigating customer satisfaction towards e-shopping in Malaysia. A total of 400 questionnaires were distributed among students randomly selected from various public and private universities located within Klang valley area. Total 369 questionnaires were returned, out of which 341 questionnaires were found usable for further analysis. Finally, SEM was employed to test the hypotheses. This study found that customer satisfaction towards e-shopping in Malaysia is to a great extent influenced by ease of use, trust, design of the website, online security and e-service quality. Finally, recommendations and future study direction is provided. Keywords: E-shopping, Customer satisfaction, Trust, Online security, E-service quality, Malaysia

CIRA annual report FY 2014/2015

Reporting period July 1, 2014-March 31, 2015

Improving cyber security in industrial control system environment.

Integrating industrial control system (ICS) with information technology (IT) and internet technologies has made industrial control system environments (ICSEs) more vulnerable to cyber-attacks. Increased connectivity has brought about increased security threats, vulnerabilities, and risks in both technology and people (human) constituents of the ICSE. Regardless of existing security solutions which are chiefly tailored towards technical dimensions, cyber-attacks on ICSEs continue to increase with a proportionate level of consequences and impacts. These consequences include system failures or breakdowns, likewise affecting the operations of dependent systems. Impacts often include; marring physical safety, triggering loss of lives, causing huge economic damages, and thwarting the vital missions of productions and businesses. This thesis addresses uncharted solution paths to the above challenges by investigating both technical and human-factor security evaluations to improve cyber security in the ICSE. An ICS testbed, scenario-based, and expert opinion approaches are used to demonstrate and validate cyber-attack feasibility scenarios. To improve security of ICSs, the research provides: (i) an adaptive operational security metrics generation (OSMG) framework for generating suitable security metrics for security evaluations in ICSEs, and a list of good security metrics methodology characteristics (scope-definitive, objective-oriented, reliable, simple, adaptable, and repeatable), (ii) a technical multi-attribute vulnerability (and impact) assessment (MAVCA) methodology that considers and combines dynamic metrics (temporal and environmental) attributes of vulnerabilities with the functional dependency relationship attributes of the vulnerability host components, to achieve a better representation of exploitation impacts on ICSE networks, (iii) a quantitative human-factor security (capability and vulnerability) evaluation model based on human-agent security knowledge and skills, used to identify the most vulnerable human elements, identify the least security aspects of the general workforce, and prioritise security enhancement efforts, and (iv) security risk reduction through critical impact point assessment (S2R-CIPA) process model that demonstrates the combination of technical and human-factor security evaluations to mitigate risks and achieve ICSE-wide security enhancements. The approaches or models of cyber-attack feasibility testing, adaptive security metrication, multi-attribute impact analysis, and workforce security capability evaluations can support security auditors, analysts, managers, and system owners of ICSs to create security strategies and improve cyber incidence response, and thus effectively reduce security risk.PhD in Manufacturin

CIRA annual report FY 2015/2016

Reporting period April 1, 2015-March 31, 2016

Towards Sustainable Blockchains:Cryptocurrency Treasury and General Decision-making Systems with Provably Secure Delegable Blockchain-based Voting

The blockchain technology and cryptocurrencies, its most prevalent application, continue to gain acceptance and wide traction in research and practice within academia and the industry because of its promise in decentralised and distributed computing. Notably, the meteoric rise in the value and number of cryptocurrencies since the creation of Bitcoin in 2009 have ushered in newer innovations and interventions that addressed some of the prominent issues that affect these platforms. Despite the increased privacy, security, scalability, and energy-saving capabilities of new consensus protocols in newer systems, the development and management of blockchains, mostly, do not reflect the decentralisation principle despite blockchains being decentralised and distributed in their architecture. The concept of treasury has been identified as a tool to address this problem. We explore the idea of blockchain treasury systems within literature and practice, especially with relation to funding and decision-making power towards blockchain development and maintenance. Consequently, we propose a taxonomy for treasury models within cryptocurrencies. Thereafter, we propose an efficient community-controlled and decentralised collaborative decision-making mechanism to support the development and management of blockchains. Our proposed system incentivises participants and is proven secure under the universally composable (UC) framework while also addressing gaps identified from our investigation of prior systems e.g. non-private ballots and insecure voting. Furthermore, we adapt our system and propose a privacy-preserving general decision making system for blockchain governance that supports privacy-centric cryptocurrencies. Besides, using a set of metrics, we introduce a consensus analysis mechanism to enhance the utility of decision-making of the systems by evaluating individual choices against collective (system-wide) decisions. Finally, we provide pilot system implementations with benchmark results confirming the efficiency and practicality of our constructions

Proceedings of the 2018 Canadian Society for Mechanical Engineering (CSME) International Congress

Published proceedings of the 2018 Canadian Society for Mechanical Engineering (CSME) International Congress, hosted by York University, 27-30 May 2018