Modeling Security Risks at the System Design Stage Alignment of Mal Activity Diagrams and SecureUML to the ISSRM Domain Model

Turvatehnika disain on üks olulisi süsteemiarenduse komponente. Ta peaks läbima tervet süsteemiarendusprotsessi. Kahjuks pööratakse talle paljudel juhtudel tähelepanu ainult süsteemi arendamise ja haldamise ajal. Paljud turvalise modelleerimise keeled (näiteks Misuse Case, Secure Tropos) aitavad turvariskejuba nõuete analüüsi etapil hallata. Käesolevas magistritöös vaatleme modelleerimisvahendeid (pahateoskeemid ja SecureUML), mida kasutatakse süsteemi disainil. Täpsemalt, me uurime, kuivõrd need vahendid toetavad infosüsteemide turvariskide haldust (Information Systems Security Risks Management, ISSRM). Töö tulemuseks on tabel, mis seab pahateoskeemid ning SecureUML-keele konstruktsioonid ISSRM domeeni mõistetega omavahel vastavusse. Me põhjendame oma analüüsi ning valideerime saadud tulemusi mitmel illustratiivsel näitel. Me loodame, et saadud tulemused aitavad arendajatel paremini aru saada, kuidas turvariske süsteemi disainietapil arvesse võtta. Peale selle, nende keelte analüüs ühisel kontseptuaalsel taustal annab tulevikus võimaluse neid keeli korraga kasutada ning loodud mudeleid ühest keelest teise teisendada.Security engineering is one of the important concerns during system development. It should be addressed throughout the whole system development process; however in many cases it is often dealt only during system development and maintenance. There are several security modeling languages (e.g, Misuse case, Secure Tropos) that help dealing with security risk management at the requirements stage. In this thesis, we are focusing on the modeling languages (e.g. Mal activity diagrams and SecureUML) that are used to design the system. More specifically we investigate how these languages support information systems security risks management (ISSRM). The outcome of this work is an alignment table between the Mal activity diagrams and SecureUML language constructs to the ISSRM domain model concepts. We ground our analysis and validate the received results on the number of illustrative examples. We hope that our results will help developers to understand how they can consider security risks at the system design stage. In addition we open the way for the interoperability between different modeling languages that are analysed using the same conceptual background, thus, potentially leading to the transformation between these modeling approaches

A new, evidence-based, theory for knowledge reuse in security risk analysis

Security risk analysis (SRA) is a key activity in software engineering but requires heavy manual effort. Community knowledge in the form of security patterns or security catalogs can be used to support the identification of threats and security controls. However, no evidence-based theory exists about the effectiveness of security catalogs when used for security risk analysis. We adopt a grounded theory approach to propose a conceptual, revised and refined theory of SRA knowledge reuse. The theory refinement is backed by evidence gathered from conducting interviews with experts (20) and controlled experiments with both experts (15) and novice analysts (18). We conclude the paper by providing insights into the use of catalogs and managerial implications

Designing a Wearable Shoulder Exoskeleton for Hemiparetic Patients

Hemiparesis affects over 80 percent of stroke victims, which can reduce the overall quality of life in affected individuals. There are currently no upper-extremity assistive devices on the market to address shoulder hemiparesis, and current treatment options are expensive and ineffective. To address this need, a cable driven device was created to actively lift the affected arm. The activation and position of the device can be controlled by the user for independently performing activities of daily living (ADLs). Validation testing confirmed that the device could accurately and consistently provide the desired range of motion in both flexion/extension and abduction/adduction. The device was proven to be comfortable and intuitive, and was able to allow users to increase their ADL performance

Geometrical Analysis and Modeling of Craniosynostosis

Craniosynostosis is a developmental abnormality in skull growth, due to the fusion of one or more sutures\cite{patho}. To accommodate the growing brain. the skull needs to grow quickly in the first few months of life, and most of the growth of the skull at that time occurs at the sutures. Craniosynostosis occurs when one or more sutures are fused in utero, resulting in an abnormal skull shape. Surgical intervention is usually required at a young age, and remodeling of the skull is done for cosmetic reasons as well as to avoid raised intracranial pressure. In order to study how the bone remodels after an operation, an accurate corregistration needs to be done. However, because of the rapid growth of the skull, in a non-symmetrical manner, a non-rigid registration is necessary; taking multiple point. The work done here looks at the best method to corregister images, the best fit mathematical model for a skull and the the overall skull shape transformations during development, on young rats CT data from a previous study was used. This project has four purposes. 1) segmenting the Rat skull to have a better view of the skull, with an analysis of the sutures and bones. 2) A 3D non-rigid affine registration based on landmarks identified overtime in each skull dataset was calculated. The registration accuracy is a function of the number of landmarks identified for tracking by a trained user. 3)Have a mathematical model using an ellipsoid to fit the points identified on the skull. This best-fit ellipsoid can then be tracked overtime to analyze the development of several rat skulls. We then compared the ellipsoid parameters to model the growth of the skull. The results show that the landmarks chosen for registration need to be chosen carefully, in a way that establishes a good ?Condition Number? for the transformation fitting stage. The proposed analysis can be used as a diagnostic tool for skull growth modeling and to quantify the proposed treatments. 3) The fitted model can also be used to estimate the growth rate in living rats. 4) Another purpose of this study is to measure craniometrics of the rats skull and compare it to the previous studies

A metacognitive feedback scaffolding system for pedagogical apprenticeship

This thesis addresses the issue of how to help staff in Universities learn to give feedback with the main focus on helping teaching assistants (TAs) learn to give feedback while marking programming assignments. The result is an innovative approach which has been implemented in a novel computer support system called McFeSPA. The design of McFeSPA is based on an extensive review of the research literature on feedback. McFeSPA has been developed based on relevant work in educational psychology and Artificial Intelligence in EDucation (AIED) e.g. scaffolding the learner, ideas about andragogy, feedback patterns, research into the nature and quality of feedback and cognitive apprenticeship. McFeSPA draws on work on feedback patterns that have been proposed within the Pedagogical Patterns Project (PPP) to provide guidance on structuring the feedback report given to the student by the TA. The design also draws on the notion of andragogy to support the TA. McFeSPA is the first Intelligent Tutoring System (ITS) that supports adults learning to help students by giving quality feedback. The approach taken is more than a synthesis of these key ideas: the scaffolding framework has been implemented both for the domain of programming and the feedback domain itself; the programming domain has been structured for training TAs to give better feedback and as a framework for the analysis of students’ performance. The construction of feedback was validated by a small group of TAs. The TAs employed McFeSPA in a realistic situation that was supported by McFeSPA which uses scaffolding to support the TA and then fade. The approach to helping TAs become better feedback givers, which is instantiated in McFeSPA, has been validated through an experimental study with a small group of TAs using a triangulation approach. We found that our participants learned differently by using McFeSPA. The evaluation indicates that 1) providing content scaffolding (i.e. detailed feedback about the content using contingent hints) in McFeSPA can help almost all TAs increase their knowledge/understanding of the issues of learning to give feedback; 2) providing metacognitive scaffolding (i.e. each level of detailed feedback in contingent hint, this can also be general pop-up messages in using the system apart from feedback that encourage the participants to give good feedback) in McFeSPA helped all TAs reflect on/rethink their skills in giving feedback; and 3) when the TAs obtained knowledge about giving quality feedback, providing adaptable fading of TAs using McFeSPA allowed the TAs to learn alone without any support

Development of a pipeline for the study of resting-state fMRI abnormalities in neurological disorders

Treballs Finals de Grau d'Enginyeria Biomèdica. Facultat de Medicina i Ciències de la Salut. Universitat de Barcelona. Curs: 2022-2023. Tutor/Director: Sala Llonch, RoserThe study of brain functional connectivity abnormalities in neurological disorders is not straightforward. The absence of a standardized and well-defined pipeline and the lack of accepted imaging biomarkers give rise to the need to set certain guidelines and common measures to assess the presence of functional abnormalities in neurological disorders. To provide a solution to the current problem, this project studies the whole-brain network dynamics with resting-state functional magnetic resonance imaging (fMRI) data from 49 patients with Post-COVID-19 neurological syndrome, scanned twice, with a 6-month period between scans. These data are firstly preprocessed to further undergo a node-based (or data-driven) study, more specifically group Independent Component Analysis (ICA). Several decompositions of different dimensionalities are tested to find the optimal range number of independent components according to several levels of granularity (i.e., separation of the networks into subnetworks). The outcome is a set of spatial maps and timecourses, one for each independent component. Then, dual regression is needed to set the group-ICA maps to each individual subject, resulting in a collection of spatial maps and timecourses for each component and each subject. In parallel with dual regression, the independent components must be classified between noise and resting state networks (RSN) and subnetworks. Hierarchical maps are helpful to visualize this classification. Group data comparisons between two time points are carried out to finally identify biomarkers. Four biomarker candidates (i.e. quantitative individual measures obtained from the analyses) are studied: BOLD signal amplitude, full correlation, partial correlation, and covariance between brain regions. In addition, we implement different data-representation approaches that can help to understand the localization of the effects from the subnetwork to the network level. This representation might be helpful to interpret the findings from the point of view of cognitive and mental processes. According to the goal of the project, the resulting pipeline and the extracted biomarkers can be used for analyzing resting-state fMRI data from other neurological disorders

Quality of process modeling using BPMN: a model-driven approach

Dissertação para obtenção do Grau de Doutor em Engenharia InformáticaContext: The BPMN 2.0 specification contains the rules regarding the correct usage of the language’s constructs. Practitioners have also proposed best-practices for producing better BPMN models. However, those rules are expressed in natural language, yielding sometimes ambiguous interpretation, and therefore, flaws in produced BPMN models. Objective: Ensuring the correctness of BPMN models is critical for the automation of processes. Hence, errors in the BPMN models specification should be detected and corrected at design time, since faults detected at latter stages of processes’ development can be more costly and hard to correct. So, we need to assess the quality of BPMN models in a rigorous and systematic way. Method: We follow a model-driven approach for formalization and empirical validation of BPMN well-formedness rules and BPMN measures for enhancing the quality of BPMN models. Results: The rule mining of BPMN specification, as well as recently published BPMN works, allowed the gathering of more than a hundred of BPMN well-formedness and best-practices rules. Furthermore, we derived a set of BPMN measures aiming to provide information to process modelers regarding the correctness of BPMN models. Both BPMN rules, as well as BPMN measures were empirically validated through samples of BPMN models. Limitations: This work does not cover control-flow formal properties in BPMN models, since they were extensively discussed in other process modeling research works. Conclusion: We intend to contribute for improving BPMN modeling tools, through the formalization of well-formedness rules and BPMN measures to be incorporated in those tools, in order to enhance the quality of process modeling outcomes

A CMMI-compliant requirements management and development process

Requirements Engineering has been acknowledged an essential discipline for Software Quality. Poorly-defined processes for eliciting, analyzing, specifying and validating requirements can lead to unclear issues or misunderstandings on business needs and project’s scope. These typically result in customers’ non-satisfaction with either the products’ quality or the increase of the project’s budget and duration. Maturity models allow an organization to measure the quality of its processes and improve them according to an evolutionary path based on levels. The Capability Maturity Model Integration (CMMI) addresses the aforementioned Requirements Engineering issues. CMMI defines a set of best practices for process improvement that are divided into several process areas. Requirements Management and Requirements Development are the process areas concerned with Requirements Engineering maturity. Altran Portugal is a consulting company concerned with the quality of its software. In 2012, the Solution Center department has developed and applied successfully a set of processes aligned with CMMI-DEV v1.3, what granted them a Level 2 maturity certification. For 2015, they defined an organizational goal of addressing CMMI-DEV maturity level 3. This MSc dissertation is part of this organization effort. In particular, it is concerned with the required process areas that address the activities of Requirements Engineering. Our main goal is to contribute for the development of Altran’s internal engineering processes to conform to the guidelines of the Requirements Development process area. Throughout this dissertation, we started with an evaluation method based on CMMI and conducted a compliance assessment of Altran’s current processes. This allowed demonstrating their alignment with the CMMI Requirements Management process area and to highlight the improvements needed to conform to the Requirements Development process area. Based on the study of alternative solutions for the gaps found, we proposed a new Requirements Management and Development process that was later validated using three different approaches. The main contribution of this dissertation is the new process developed for Altran Portugal. However, given that studies on these topics are not abundant in the literature, we also expect to contribute with useful evidences to the existing body of knowledge with a survey on CMMI and requirements engineering trends. Most importantly, we hope that the implementation of the proposed processes’ improvements will minimize the risks of mishandled requirements, increasing Altran’s performance and taking them one step further to the desired maturity level

On the engineering of crucial software

The various aspects of the conventional software development cycle are examined. This cycle was the basis of the augmented approach contained in the original grant proposal. This cycle was found inadequate for crucial software development, and the justification for this opinion is presented. Several possible enhancements to the conventional software cycle are discussed. Software fault tolerance, a possible enhancement of major importance, is discussed separately. Formal verification using mathematical proof is considered. Automatic programming is a radical alternative to the conventional cycle and is discussed. Recommendations for a comprehensive approach are presented, and various experiments which could be conducted in AIRLAB are described