Holistic recommender systems for software engineering

The knowledge possessed by developers is often not sufficient to overcome a programming problem. Short of talking to teammates, when available, developers often gather additional knowledge from development artifacts (e.g., project documentation), as well as online resources. The web has become an essential component in the modern developer’s daily life, providing a plethora of information from sources like forums, tutorials, Q&A websites, API documentation, and even video tutorials. Recommender Systems for Software Engineering (RSSE) provide developers with assistance to navigate the information space, automatically suggest useful items, and reduce the time required to locate the needed information. Current RSSEs consider development artifacts as containers of homogeneous information in form of pure text. However, text is a means to represent heterogeneous information provided by, for example, natural language, source code, interchange formats (e.g., XML, JSON), and stack traces. Interpreting the information from a pure textual point of view misses the intrinsic heterogeneity of the artifacts, thus leading to a reductionist approach. We propose the concept of Holistic Recommender Systems for Software Engineering (H-RSSE), i.e., RSSEs that go beyond the textual interpretation of the information contained in development artifacts. Our thesis is that modeling and aggregating information in a holistic fashion enables novel and advanced analyses of development artifacts. To validate our thesis we developed a framework to extract, model and analyze information contained in development artifacts in a reusable meta- information model. We show how RSSEs benefit from a meta-information model, since it enables customized and novel analyses built on top of our framework. The information can be thus reinterpreted from an holistic point of view, preserving its multi-dimensionality, and opening the path towards the concept of holistic recommender systems for software engineering

Edge Computing for Extreme Reliability and Scalability

The massive number of Internet of Things (IoT) devices and their continuous data collection will lead to a rapid increase in the scale of collected data. Processing all these collected data at the central cloud server is inefficient, and even is unfeasible or unnecessary. Hence, the task of processing the data is pushed to the network edges introducing the concept of Edge Computing. Processing the information closer to the source of data (e.g., on gateways and on edge micro-servers) not only reduces the huge workload of central cloud, also decreases the latency for real-time applications by avoiding the unreliable and unpredictable network latency to communicate with the central cloud

Identifying and combating cyber-threats in the field of online banking

This thesis has been carried out in the industrial environment external to the University, as an industrial PhD. The results of this PhD have been tested, validated, and implemented in the production environment of Caixabank and have been used as models for others who have followed the same ideas. The most burning threats against banks throughout the Internet environment are based on software tools developed by criminal groups, applications running on web environment either on the computer of the victim (Malware) or on their mobile device itself through downloading rogue applications (fake app's with Malware APP). Method of the thesis has been used is an approximation of qualitative exploratory research on the problem, the answer to this problem and the use of preventive methods to this problem like used authentication systems. This method is based on samples, events, surveys, laboratory tests, experiments, proof of concept; ultimately actual data that has been able to deduce the thesis proposal, using both laboratory research and grounded theory methods of data pilot experiments conducted in real environments. I've been researching the various aspects related to e-crime following a line of research focusing on intrinsically related topics: - The methods, means and systems of attack: Malware, Malware families of banker Trojans, Malware cases of use, Zeus as case of use. - The fixed platforms, mobile applications and as a means for malware attacks. - forensic methods to analyze the malware and infrastructure attacks. - Continuous improvement of methods of authentication of customers and users as a first line of defense anti- malware. - Using biometrics as innovative factor authentication.The line investigating Malware and attack systems intrinsically is closed related to authentication methods and systems to infect customer (executables, APP's, etc.), because the main purpose of malware is precisely steal data entered in the "logon "authentication system, to operate and thus, fraudulently, steal money from online banking customers. Experiments in the Malware allowed establishing a new method of decryption establishing guidelines to combat its effects describing his fraudulent scheme and operation infection. I propose a general methodology to break the encryption communications malware (keystream), extracting the system used to encrypt such communications and a general approach of the Keystream technique. We show that this methodology can be used to respond to the threat of Zeus and finally provide lessons learned highlighting some general principles of Malware (in general) and in particular proposing Zeus Cronus, an IDS that specifically seeks the Zeus malware, testing it experimentally in a network production and providing an effective skills to combat the Malware are discussed. The thesis is a research interrelated progressive evolution between malware infection systems and authentication methods, reflected in the research work cumulatively, showing an evolution of research output and looking for a progressive improvement of methods authentication and recommendations for prevention and preventing infections, a review of the main app stores for mobile financial services and a proposal to these stores. The most common methods eIDAMS (authentication methods and electronic identification) implemented in Europe and its robustness are analyzed. An analysis of adequacy is presented in terms of efficiency, usability, costs, types of operations and segments including possibilities of use as authentication method with biometrics as innovation.Este trabajo de tesis se ha realizado en el entorno industrial externo a la Universidad como un PhD industrial Los resultados de este PhD han sido testeados, validados, e implementados en el entorno de producción de Caixabank y han sido utilizados como modelos por otras que han seguido las mismas ideas. Las amenazas más candentes contra los bancos en todo el entorno Internet, se basan en herramientas software desarrolladas por los grupos delincuentes, aplicaciones que se ejecutan tanto en entornos web ya sea en el propio ordenador de la víctima (Malware) o en sus dispositivos móviles mediante la descarga de falsas aplicaciones (APP falsa con Malware). Como método se ha utilizado una aproximación de investigación exploratoria cualitativa sobre el problema, la respuesta a este problema y el uso de métodos preventivos a este problema a través de la autenticación. Este método se ha basado en muestras, hechos, encuestas, pruebas de laboratorio, experimentos, pruebas de concepto; en definitiva datos reales de los que se ha podido deducir la tesis propuesta, utilizando tanto investigación de laboratorio como métodos de teoría fundamentada en datos de experimentos pilotos realizados en entornos reales. He estado investigando los diversos aspectos relacionados con e-crime siguiendo una línea de investigación focalizada en temas intrínsecamente relacionadas: - Los métodos, medios y sistemas de ataque: Malware, familias de Malware de troyanos bancarios, casos de usos de Malware, Zeus como caso de uso. - Las plataformas fijas, los móviles y sus aplicaciones como medio para realizar los ataques de Malware. - Métodos forenses para analizar el Malware y su infraestructura de ataque. - Mejora continuada de los métodos de autenticación de los clientes y usuarios como primera barrera de defensa anti- malware. - Uso de la biometría como factor de autenticación innovador. La línea investiga el Malware y sus sistemas de ataque intrínsecamente relacionada con los métodos de autenticación y los sistemas para infectar al cliente (ejecutables, APP's, etc.) porque el objetivo principal del malware es robar precisamente los datos que se introducen en el "logon" del sistema de autenticación para operar de forma fraudulenta y sustraer así el dinero de los clientes de banca electrónica. Los experimentos realizados en el Malware permitieron establecer un método novedoso de descifrado que estableció pautas para combatir sus efectos fraudulentos describiendo su esquema de infección y funcionamiento Propongo una metodología general para romper el cifrado de comunicaciones del malware (keystream) extrayendo el sistema utilizado para cifrar dichas comunicaciones y una generalización de la técnica de Keystream. Se demuestra que esta metodología puede usarse para responder a la amenaza de Zeus y finalmente proveemos lecciones aprendidas resaltando algunos principios generales del Malware (en general) y Zeus en particular proponiendo Cronus, un IDS que persigue específicamente el Malware Zeus, probándolo experimentalmente en una red de producción y se discuten sus habilidades y efectividad. En la tesis hay una evolución investigativa progresiva interrelacionada entre el Malware, sistemas de infección y los métodos de autenticación, que se refleja en los trabajos de investigación de manera acumulativa, mostrando una evolución del output de investigación y buscando una mejora progresiva de los métodos de autenticación y de la prevención y recomendaciones para evitar las infecciones, una revisión de las principales tiendas de Apps para servicios financieros para móviles y una propuesta para estas tiendas. Se analizan los métodos más comunes eIDAMS (Métodos de Autenticación e Identificación electrónica) implementados en Europa y su robustez y presentamos un análisis de adecuación en función de eficiencia, usabilidad, costes, tipos de operación y segmentos incluyendo un análisis de posibilidades con métodos biométricos como innovación.Postprint (published version

Human Factors in Secure Software Development

While security research has made significant progress in the development of theoretically secure methods, software and algorithms, software still comes with many possible exploits, many of those using the human factor. The human factor is often called ``the weakest link'' in software security. To solve this, human factors research in security and privacy focus on the users of technology and consider their security needs. The research then asks how technology can serve users while minimizing risks and empowering them to retain control over their own data. However, these concepts have to be implemented by developers whose security errors may proliferate to all of their software's users. For example, software that stores data in an insecure way, does not secure network traffic correctly, or otherwise fails to adhere to secure programming best practices puts all of the software's users at risk. It is therefore critical that software developers implement security correctly. However, in addition to security rarely being a primary concern while producing software, developers may also not have extensive awareness, knowledge, training or experience in secure development. A lack of focus on usability in libraries, documentation, and tools that they have to use for security-critical components may exacerbate the problem by blowing up the investment of time and effort needed to "get security right". This dissertation's focus is how to support developers throughout the process of implementing software securely. This research aims to understand developers' use of resources, their mindsets as they develop, and how their background impacts code security outcomes. Qualitative, quantitative and mixed methods were employed online and in the laboratory, and large scale datasets were analyzed to conduct this research. This research found that the information sources developers use can contribute to code (in)security: copying and pasting code from online forums leads to achieving functional code quickly compared to using official documentation resources, but may introduce vulnerable code. We also compared the usability of cryptographic APIs, finding that poor usability, unsafe (possibly obsolete) defaults and unhelpful documentation also lead to insecure code. On the flip side, well-thought out documentation and abstraction levels can help improve an API's usability and may contribute to secure API usage. We found that developer experience can contribute to better security outcomes, and that studying students in lieu of professional developers can produce meaningful insights into developers' experiences with secure programming. We found that there is a multitude of online secure development advice, but that these advice sources are incomplete and may be insufficient for developers to retrieve help, which may cause them to choose un-vetted and potentially insecure resources. This dissertation supports that (a) secure development is subject to human factor challenges and (b) security can be improved by addressing these challenges and supporting developers. The work presented in this dissertation has been seminal in establishing human factors in secure development research within the security and privacy community and has advanced the dialogue about the rigorous use of empirical methods in security and privacy research. In these research projects, we repeatedly found that usability issues of security and privacy mechanisms, development practices, and operation routines are what leads to the majority of security and privacy failures that affect millions of end users

Simple identification tools in FishBase

Simple identification tools for fish species were included in the FishBase information system from its inception. Early tools made use of the relational model and characters like fin ray meristics. Soon pictures and drawings were added as a further help, similar to a field guide. Later came the computerization of existing dichotomous keys, again in combination with pictures and other information, and the ability to restrict possible species by country, area, or taxonomic group. Today, www.FishBase.org offers four different ways to identify species. This paper describes these tools with their advantages and disadvantages, and suggests various options for further development. It explores the possibility of a holistic and integrated computeraided strategy

Prijedlog ontološki utemeljenog metodološkog okvira za razvoj više-platformskih mobilnih aplikacija

Software development teams are faced with the lack of interoperability during the development of mobile applications for two or more target platforms. The development for second and every other platform means a new project with a need to repeat almost all the phases defined by the chosen methodology but with a narrow possibility of reuse of the already defined artifacts. The existing efforts of professional and scientific community to solve this problem have a similar approach (code once, run everywhere) with similar advantages and drawbacks. Thus, this dissertation aims to propose a different solution and is concerned with: (1) analyzing the methodologies suitable for mobile applications development, (2) observing the implementation of prototype application in order to define artifacts that are created during the development process for two target platforms, (3) semantic description of artifacts and their meaning, and (4) defining unique ontological definition as a base for methodological interoperability. The results of a systematic literature review performed on 6761 primary studies, show that current state-of-the-art literature brings only 22 development methodologies and 7 development approaches which can be identified as eligible for multi-platform mobile applications development. Among these, Mobile-D methodology accompanied with Test Driven Development was chosen and used in the observed development processes for Android and Windows Phone platforms. Total of 71 artifacts were identified and the artifacts reusability level when developing for second target platform was 66.00%. In the last research phase, the artifacts for both platforms were semantically described into a single ontological description comprising 213 classes, 14 object properties and 2213 axioms defined in ALCRIF DL expression sub-language. Having this ontology proved as correct and valid, flexible, reusable and extensible we created the basis for development of an information system to guide the development teams in a more efficient and interoperable process of multiplatform mobile applications development.Razvojni timovi susreću se s problemom neinteroperabilnosti prilikom razvoja aplikacija za dvije ili više mobilnih platformi. Razvoj aplikacije za drugu i svaku sljedeću platformu znači novi projekt u kojem je potrebno ponovno provesti većinu faza definiranih odabranom metodikom razvoja, pri čemu se kreirani artefakti teško ili uopće ponovno ne koriste. Napori profesionalne i znanstvene zajednice za rješenjem ovog problema imaju sličan pristup (kodiraj jednom, koristi svugdje), slične prednosti, ali i zajedničke nedostatke. Stoga ova disertacija navedenom problemu pristupa na nov način i bavi se: (1) analiziranjem metodika pogodnih za razvoj mobilnih aplikacija, (2) promatranjem razvoja prototipne aplikacije u svrhu definiranja artefakata koji nastaju pri razvoju mobilne aplikacije za dvije ciljane platforme, (3) semantičkim opisivanjem definiranih artefakata i njihovih značenja, te (4) definiranjem jedinstvene ontološke definicije kao osnove za metodološku interoperabilnost. Rezultati sustavnog pregleda literature provedenog nad 6761 radom pokazali su da se trenutno u literaturi spominju 22 metodike i 7 pristupa koji su pogodni za razvoj više-platformskih mobilnih aplikacija. Između identificiranih metodika odabrani su Mobile-D metodika i pristup razvoju vođen testiranjem, koji su korišteni pri implementaciji prototipnog rješenja za Android i Windows Phone platformu. Ukupno je identificiran 71 artefakt pri čemu je ponovna iskoristivost artefakata pri razvoju za drugu platformu bila 66.00%. U posljednjoj su fazi istraživanja artefakti semantički opisani u zajedničku ontološku definiciju koja u konačnici sadrži 213 klasa, 14 objektnih svojstava i 2213 aksioma definiranih pomodu ALCRIF-DL jezika izraza. U radu je dokazano da je ontologija valjana, fleksibilna, ponovno iskoristiva i nadogradiva, čime je kreirana osnova za razvoj informacijskog sustava koji bi vodio razvojne timove u efikasnijem i bolje interoperabilnom procesu razvoja više-platformskih mobilnih aplikacija

Prijedlog ontološki utemeljenog metodološkog okvira za razvoj više-platformskih mobilnih aplikacija

Software development teams are faced with the lack of interoperability during the development of mobile applications for two or more target platforms. The development for second and every other platform means a new project with a need to repeat almost all the phases defined by the chosen methodology but with a narrow possibility of reuse of the already defined artifacts. The existing efforts of professional and scientific community to solve this problem have a similar approach (code once, run everywhere) with similar advantages and drawbacks. Thus, this dissertation aims to propose a different solution and is concerned with: (1) analyzing the methodologies suitable for mobile applications development, (2) observing the implementation of prototype application in order to define artifacts that are created during the development process for two target platforms, (3) semantic description of artifacts and their meaning, and (4) defining unique ontological definition as a base for methodological interoperability. The results of a systematic literature review performed on 6761 primary studies, show that current state-of-the-art literature brings only 22 development methodologies and 7 development approaches which can be identified as eligible for multi-platform mobile applications development. Among these, Mobile-D methodology accompanied with Test Driven Development was chosen and used in the observed development processes for Android and Windows Phone platforms. Total of 71 artifacts were identified and the artifacts reusability level when developing for second target platform was 66.00%. In the last research phase, the artifacts for both platforms were semantically described into a single ontological description comprising 213 classes, 14 object properties and 2213 axioms defined in ALCRIF DL expression sub-language. Having this ontology proved as correct and valid, flexible, reusable and extensible we created the basis for development of an information system to guide the development teams in a more efficient and interoperable process of multiplatform mobile applications development.Razvojni timovi susreću se s problemom neinteroperabilnosti prilikom razvoja aplikacija za dvije ili više mobilnih platformi. Razvoj aplikacije za drugu i svaku sljedeću platformu znači novi projekt u kojem je potrebno ponovno provesti većinu faza definiranih odabranom metodikom razvoja, pri čemu se kreirani artefakti teško ili uopće ponovno ne koriste. Napori profesionalne i znanstvene zajednice za rješenjem ovog problema imaju sličan pristup (kodiraj jednom, koristi svugdje), slične prednosti, ali i zajedničke nedostatke. Stoga ova disertacija navedenom problemu pristupa na nov način i bavi se: (1) analiziranjem metodika pogodnih za razvoj mobilnih aplikacija, (2) promatranjem razvoja prototipne aplikacije u svrhu definiranja artefakata koji nastaju pri razvoju mobilne aplikacije za dvije ciljane platforme, (3) semantičkim opisivanjem definiranih artefakata i njihovih značenja, te (4) definiranjem jedinstvene ontološke definicije kao osnove za metodološku interoperabilnost. Rezultati sustavnog pregleda literature provedenog nad 6761 radom pokazali su da se trenutno u literaturi spominju 22 metodike i 7 pristupa koji su pogodni za razvoj više-platformskih mobilnih aplikacija. Između identificiranih metodika odabrani su Mobile-D metodika i pristup razvoju vođen testiranjem, koji su korišteni pri implementaciji prototipnog rješenja za Android i Windows Phone platformu. Ukupno je identificiran 71 artefakt pri čemu je ponovna iskoristivost artefakata pri razvoju za drugu platformu bila 66.00%. U posljednjoj su fazi istraživanja artefakti semantički opisani u zajedničku ontološku definiciju koja u konačnici sadrži 213 klasa, 14 objektnih svojstava i 2213 aksioma definiranih pomodu ALCRIF-DL jezika izraza. U radu je dokazano da je ontologija valjana, fleksibilna, ponovno iskoristiva i nadogradiva, čime je kreirana osnova za razvoj informacijskog sustava koji bi vodio razvojne timove u efikasnijem i bolje interoperabilnom procesu razvoja više-platformskih mobilnih aplikacija

Prijedlog ontološki utemeljenog metodološkog okvira za razvoj više-platformskih mobilnih aplikacija

Software development teams are faced with the lack of interoperability during the development of mobile applications for two or more target platforms. The development for second and every other platform means a new project with a need to repeat almost all the phases defined by the chosen methodology but with a narrow possibility of reuse of the already defined artifacts. The existing efforts of professional and scientific community to solve this problem have a similar approach (code once, run everywhere) with similar advantages and drawbacks. Thus, this dissertation aims to propose a different solution and is concerned with: (1) analyzing the methodologies suitable for mobile applications development, (2) observing the implementation of prototype application in order to define artifacts that are created during the development process for two target platforms, (3) semantic description of artifacts and their meaning, and (4) defining unique ontological definition as a base for methodological interoperability. The results of a systematic literature review performed on 6761 primary studies, show that current state-of-the-art literature brings only 22 development methodologies and 7 development approaches which can be identified as eligible for multi-platform mobile applications development. Among these, Mobile-D methodology accompanied with Test Driven Development was chosen and used in the observed development processes for Android and Windows Phone platforms. Total of 71 artifacts were identified and the artifacts reusability level when developing for second target platform was 66.00%. In the last research phase, the artifacts for both platforms were semantically described into a single ontological description comprising 213 classes, 14 object properties and 2213 axioms defined in ALCRIF DL expression sub-language. Having this ontology proved as correct and valid, flexible, reusable and extensible we created the basis for development of an information system to guide the development teams in a more efficient and interoperable process of multiplatform mobile applications development.Razvojni timovi susreću se s problemom neinteroperabilnosti prilikom razvoja aplikacija za dvije ili više mobilnih platformi. Razvoj aplikacije za drugu i svaku sljedeću platformu znači novi projekt u kojem je potrebno ponovno provesti većinu faza definiranih odabranom metodikom razvoja, pri čemu se kreirani artefakti teško ili uopće ponovno ne koriste. Napori profesionalne i znanstvene zajednice za rješenjem ovog problema imaju sličan pristup (kodiraj jednom, koristi svugdje), slične prednosti, ali i zajedničke nedostatke. Stoga ova disertacija navedenom problemu pristupa na nov način i bavi se: (1) analiziranjem metodika pogodnih za razvoj mobilnih aplikacija, (2) promatranjem razvoja prototipne aplikacije u svrhu definiranja artefakata koji nastaju pri razvoju mobilne aplikacije za dvije ciljane platforme, (3) semantičkim opisivanjem definiranih artefakata i njihovih značenja, te (4) definiranjem jedinstvene ontološke definicije kao osnove za metodološku interoperabilnost. Rezultati sustavnog pregleda literature provedenog nad 6761 radom pokazali su da se trenutno u literaturi spominju 22 metodike i 7 pristupa koji su pogodni za razvoj više-platformskih mobilnih aplikacija. Između identificiranih metodika odabrani su Mobile-D metodika i pristup razvoju vođen testiranjem, koji su korišteni pri implementaciji prototipnog rješenja za Android i Windows Phone platformu. Ukupno je identificiran 71 artefakt pri čemu je ponovna iskoristivost artefakata pri razvoju za drugu platformu bila 66.00%. U posljednjoj su fazi istraživanja artefakti semantički opisani u zajedničku ontološku definiciju koja u konačnici sadrži 213 klasa, 14 objektnih svojstava i 2213 aksioma definiranih pomodu ALCRIF-DL jezika izraza. U radu je dokazano da je ontologija valjana, fleksibilna, ponovno iskoristiva i nadogradiva, čime je kreirana osnova za razvoj informacijskog sustava koji bi vodio razvojne timove u efikasnijem i bolje interoperabilnom procesu razvoja više-platformskih mobilnih aplikacija

Multimedia

The nowadays ubiquitous and effortless digital data capture and processing capabilities offered by the majority of devices, lead to an unprecedented penetration of multimedia content in our everyday life. To make the most of this phenomenon, the rapidly increasing volume and usage of digitised content requires constant re-evaluation and adaptation of multimedia methodologies, in order to meet the relentless change of requirements from both the user and system perspectives. Advances in Multimedia provides readers with an overview of the ever-growing field of multimedia by bringing together various research studies and surveys from different subfields that point out such important aspects. Some of the main topics that this book deals with include: multimedia management in peer-to-peer structures & wireless networks, security characteristics in multimedia, semantic gap bridging for multimedia content and novel multimedia applications