Development and Deployment of VoiceXML-Based Banking Applications

In recent times, the financial sector has become one of the most vibrant sectors of the Nigerian economy with about twenty five banks after the bank consolidation / merger exercise. This sector presents huge business investments in the area of Information and Communication Technology (ICT). It is also plausible to say that the sector today is the largest body of ICT services and products users. It is no gainsaying the fact that so many Nigerians now carry mobile phones across the different parts of the country. However, applications that provide voice access to real-time banking transactions from anywhere, anytime via telephone are still at their very low stage of adoption across the Nigerian banking and financial sector. A versatile speech-enabled mobile banking application has been developed using VXML, PHP, Apache and MySQL. The developed application provides real-time access to banking services, thus improving corporate bottom-line and Quality of Service (QoS) for customer satisfaction

Generic Distribution Support for Programming Systems

This dissertation provides constructive proof, through the implementation of a middleware, that distribution transparency is practical, generic, and extensible. Fault tolerant distributed services can be developed by using the failure detection abilities of the middleware. By generic we mean that the middleware can be used for many different programming languages and paradigms. Distribution for each kind of language entity is done in terms of consistency protocols, which guarantee that the semantics of the entities are preserved in a distributed setting. The middleware allows new consistency protocols to be added easily. The efficiency of the middleware and the ease of integration are shown by coupling the middleware to a programming system, which encompasses the object oriented, the functional, and the concurrent-declarative programming paradigms. Our measurements show that the distribution middleware is competitive with the most popular distributed programming systems (JavaRMI, .NET, IBM CORBA)

Újgenerációs adat- és hálózatbiztonsági módszerek

Az értekezés a szolgáltatókat és felhasználókat érintő adat- és hálózatbiztonsági problémákkal foglalkozott. Adataink védelmére kívántam felhívni a figyelmet, bemutattam több támadási módszert, kivédésükre kliens proxy és szerver oldalon is védelmi eljárásokat kínálva. Kezdetben bemutattam az új generációs csomagtovábbítás által kínált lehetőségeket, illetve a P4-et mint magas absztrakciós szintű csomagtovábbítási logikát leíró nyelv. Ismertettem a T4P4S nevű P4 fordítónk működését, megmutattam, hogy a fordított switch program képes a hardverre optimalizált binárisokéval közel megegyező sebességű csomagtovábbításra. Ezután pedig adtam egy lehetséges módszert a P4 használatára mint állapottal rendelkező csomagszűrő tűzfal. Megmutattam, hogyan épülnek fel az elosztott szolgáltatásmegtagadással járó (DDoS) támadások. Eljárást dolgoztam ki annak érdekében, hogy az elárasztás típusú DDoS támadások modellezhetőek legyenek. A HTTP forgalomra érvényes tulajdonságokat megtartva olyan gazdagon paraméterezhető forgalomgenerátort készítettem, amivel a behatolásdetektáló (IDS) rendszerek tesztelhetőek. Bemutattam a munkamenet eltérítéses és a data breach támadásokat, ami előkelő helyet foglalnak el a legmagasabb prioritású fenyegetések listáján. Elemeztem a HTTP és HTTPS forgalmak veszélyeit, a munkamenet eltérítéses támadások néhány lehetséges módját, illetve felvázoltam egy one time token alapú hitelesítő működési modelljét. Megmutattam, hogy a TooKie nevű eszközöm az egyszer használható tokenekkel, hogyan tudja HTTP-n keresztül is biztonságossá tenni a munkameneteinket. Módszereket mutattam be az egyszerű felhasználók, és a nagyobb céges hálózatok extra védelmi rétegének implementálására. Az OpenWebCrypt kliens oldali böngésző bővítménnyel elérhető egyes szolgáltatásokban tárolt felhasználói adatok elkódolása. CrypStorePI-vel pedig egy teljes hálózat válik védhetővé egy proxy elven működő security middleware használatával. Végül megmutattam, azt is hogyan használható a szteganográfia bizonyos szolgáltatások esetén arra, hogy elfedjük az adatok titkosításának tényét a támadók elől

Towards continuously programmable networks

While programmability has been a feature of network devices for a long time, the past decade has seen significant enhancement of programming capability for network functions and nodes, spearheaded by the ongoing trend towards softwarization and cloudification. In his context, new design principles and technology enablers are introduced (Section 7.2) which reside at: (i) service/application provisioning level, (ii) network and resource management level, as well as (iii) network deployment and connectivity level

Automated metamorphic testing on the analyses of feature models

Copyright © 2010 Elsevier B.V. All rights reserved.Context: A feature model (FM) represents the valid combinations of features in a domain. The automated extraction of information from FMs is a complex task that involves numerous analysis operations, techniques and tools. Current testing methods in this context are manual and rely on the ability of the tester to decide whether the output of an analysis is correct. However, this is acknowledged to be time-consuming, error-prone and in most cases infeasible due to the combinatorial complexity of the analyses, this is known as the oracle problem.Objective: In this paper, we propose using metamorphic testing to automate the generation of test data for feature model analysis tools overcoming the oracle problem. An automated test data generator is presented and evaluated to show the feasibility of our approach.Method: We present a set of relations (so-called metamorphic relations) between input FMs and the set of products they represent. Based on these relations and given a FM and its known set of products, a set of neighbouring FMs together with their corresponding set of products are automatically generated and used for testing multiple analyses. Complex FMs representing millions of products can be efficiently created by applying this process iteratively.Results: Our evaluation results using mutation testing and real faults reveal that most faults can be automatically detected within a few seconds. Two defects were found in FaMa and another two in SPLOT, two real tools for the automated analysis of feature models. Also, we show how our generator outperforms a related manual suite for the automated analysis of feature models and how this suite can be used to guide the automated generation of test cases obtaining important gains in efficiency.Conclusion: Our results show that the application of metamorphic testing in the domain of automated analysis of feature models is efficient and effective in detecting most faults in a few seconds without the need for a human oracle.This work has been partially supported by the European Commission(FEDER)and Spanish Government under CICYT project SETI(TIN2009-07366)and the Andalusian Government project ISABEL(TIC-2533)

Fine-Grained Access Control for HTML5-Based Mobile Applications in Android

HTML5-based mobile applications are becoming more and more popular because they can run on different platforms. Several newly introduced mobile OS natively support HTML5-based applications. For those that do not provide native sup-port, such as Android, iOS, and Windows Phone, developers can develop HTML5-based applications using middlewares, such as PhoneGap [17]. In these platforms, programs are loaded into a web component, called WebView, which can render HTML5 pages and execute JavaScript code. In order for the program to access the system resources, which are isolated from the content inside WebView due to its sand-box, bridges need to be built between JavaScript and the native code (e.g. Java code in Android). Unfortunately, such bridges break the existing protection that was origi-nally built into WebView. In this paper, we study the potential risks of HTML5-based applications, and investigate how the existing mobile systems ’ access control supports these applications. We fo-cus on Android and the PhoneGap middleware. However, our ideas can be applied to other platforms. Our studies indicate that Android does not provide an adequate access control for this kind of applications. We propose a fine-grained access control mechanism for the bridge in Android system. We have implemented our scheme in Android and have evaluated its effectiveness and performance. 1

Context-Aware Computation Offloading for Mobile Cloud Computing: Requirements Analysis, Survey and Design Guideline

AbstractAlong with the rise of mobile handheld devices the resource demands of respective applications grow as well. However, mobile devices are still and will always be limited related to performance (e.g., computation, storage and battery life), context adaptation (e.g., intermittent connectivity, scalability and heterogeneity) and security aspects. A prominent solution to overcome these limita- tions is the so-called computation offloading, which is the focus of mobile cloud computing (MCC). However, current approaches fail to address the complexity that results from quickly and constantly changing context conditions in mobile user scenarios and hence developing effective and efficient MCC applications is still challenging. Therefore, this paper first presents a list of re- quirements for MCC applications together with a survey and classification of current solutions. Furthermore, it provides a design guideline for the selection of suitable concepts for different classes of common cloud-augmented mobile applications. Finally, it presents open issues that developers and researchers should be aware of when designing their MCC-approach