Design and Development of Widgets for a Corporate Security Application

Aquest projecte es lliura com a Treball Final del Grau d'Enginyeria Informàtica de la Facultat d'Informàtica de Barcelona. L'objectiu és posar en pràctica els coneixements adquirits durant l'especialitat d'enginyeria del Software. El projecte consisteix a dissenyar i desenvolupar widgets per a una aplicació móvil corporativa de seguretat que permet als usuaris interaccionar amb una de les funcionalitats principals de la aplicació, sempre mantenint la perspectiva de la seguretat i la usabilitat.This project is delivered as the Bachelor Thesis of the Informatics Engineering Degree of the Barcelona Faculty of Computer Science. The objective is to put into practice the knowledge acquired during the Software engineering specialty. The project consists of designing and developing widgets for a corporate security mobile application that allows users to interact with one of the main functionalities of the application, always maintaining the perspective of security and usability

Security and computer forensics in web engineering education

The integration of security and forensics into Web Engineering curricula is imperative! Poor security in web-based applications is continuing to cost organizations millions and the losses are still increasing annually. Security is frequently taught as a stand-alone course, assuming that security can be 'bolted on' to a web application at some point. Security issues must be integrated into Web Engineering processes right from the beginning to create secure solutions and therefore security should be an integral part of a Web Engineering curriculum. One aspect of Computer forensics investigates failures in security. Hence, students should be aware of the issues in forensics and how to respond when security failures occur; collecting evidence is particularly difficult for Web-based applications

Risk and Business Goal Based Security Requirement and Countermeasure Prioritization

Companies are under pressure to be in control of their assets but at the same time they must operate as efficiently as possible. This means that they aim to implement “good-enough security” but need to be able to justify their security investment plans. Currently companies achieve this by means of checklist-based security assessments, but these methods are a way to achieve consensus without being able to provide justifications of countermeasures in terms of business goals. But such justifications are needed to operate securely and effectively in networked businesses. In this paper, we first compare a Risk-Based Requirements Prioritization method (RiskREP) with some requirements engineering and risk assessment methods based on their requirements elicitation and prioritization properties. RiskREP extends misuse case-based requirements engineering methods with IT architecture-based risk assessment and countermeasure definition and prioritization. Then, we present how RiskREP prioritizes countermeasures by linking business goals to countermeasure specification. Prioritizing countermeasures based on business goals is especially important to provide the stakeholders with structured arguments for choosing a set of countermeasures to implement. We illustrate RiskREP and how it prioritizes the countermeasures it elicits by an application to an action case

Desktop security as a three-dimensional problem

In this paper we argue against viewing computer desktop security solely as a technical issue. Instead, we propose a perspective that combines three related dimensions: technical infrastructure, usability and user engagement. In this light, we suggest that a viable approach to desktop security should embrace these three key dimensions of the end-user context. An example desktop application is described that has been engineered to embody these dimensions in support of the desktop user

SensorCloud: Towards the Interdisciplinary Development of a Trustworthy Platform for Globally Interconnected Sensors and Actuators

Although Cloud Computing promises to lower IT costs and increase users' productivity in everyday life, the unattractive aspect of this new technology is that the user no longer owns all the devices which process personal data. To lower scepticism, the project SensorCloud investigates techniques to understand and compensate these adoption barriers in a scenario consisting of cloud applications that utilize sensors and actuators placed in private places. This work provides an interdisciplinary overview of the social and technical core research challenges for the trustworthy integration of sensor and actuator devices with the Cloud Computing paradigm. Most importantly, these challenges include i) ease of development, ii) security and privacy, and iii) social dimensions of a cloud-based system which integrates into private life. When these challenges are tackled in the development of future cloud systems, the attractiveness of new use cases in a sensor-enabled world will considerably be increased for users who currently do not trust the Cloud.Comment: 14 pages, 3 figures, published as technical report of the Department of Computer Science of RWTH Aachen Universit

Cloud Migration: A Case Study of Migrating an Enterprise IT System to IaaS

This case study illustrates the potential benefits and risks associated with the migration of an IT system in the oil & gas industry from an in-house data center to Amazon EC2 from a broad variety of stakeholder perspectives across the enterprise, thus transcending the typical, yet narrow, financial and technical analysis offered by providers. Our results show that the system infrastructure in the case study would have cost 37% less over 5 years on EC2, and using cloud computing could have potentially eliminated 21% of the support calls for this system. These findings seem significant enough to call for a migration of the system to the cloud but our stakeholder impact analysis revealed that there are significant risks associated with this. Whilst the benefits of using the cloud are attractive, we argue that it is important that enterprise decision-makers consider the overall organizational implications of the changes brought about with cloud computing to avoid implementing local optimizations at the cost of organization-wide performance.Comment: Submitted to IEEE CLOUD 201