A methodical approach to performance measurement experiments : measure and measurement specification

This report describes a methodical approach to performance measurement experiments. This approach gives a blueprint for the whole trajectory from the notion of performance measures and how to define them via planning, instrumentation and execution of the experiments to interpretation of the results. The first stage of the approach, Measurement Initialisation, has been worked out completely. It is shown that a well-defined system description allows a procedural approach to defining performance measures and to identifying parameters that might affect it. For the second stage of the approach, Measurement Planning, concepts are defined that enable a clear experiment description or specification. It is highlighted what actually is being measured when executing an experiment. A brief example that illustrates the value of the method and a comparison with an existing method - that of Jain - complete this report

Analysis of the NIST database towards the composition of vulnerabilities in attack scenarios

The composition of vulnerabilities in attack scenarios has been traditionally performed based on detailed pre- and post-conditions. Although very precise, this approach is dependent on human analysis, is time consuming, and not at all scalable. We investigate the NIST National Vulnerability Database (NVD) with three goals: (i) understand the associations among vulnerability attributes related to impact, exploitability, privilege, type of vulnerability and clues derived from plaintext descriptions, (ii) validate our initial composition model which is based on required access and resulting effect, and (iii) investigate the maturity of XML database technology for performing statistical analyses like this directly on the XML data. In this report, we analyse 27,273 vulnerability entries (CVE 1) from the NVD. Using only nominal information, we are able to e.g. identify clusters in the class of vulnerabilities with no privilege which represent 52% of the entries

Gigabits through a slow wire

A centimetre may seem like nothing, but on a microchip it easily becomes an insurmountable distance. In order to transmit gigabits of data over this distance, Daniel Schinkel has had to pull out all the stops. Analog and digital technology come together in the Integrated Circuit Design group, which recently became part of the CTIT

The E-health Strategic Research Orientation at the Centre for Telematics and Information Technology

This report gives an overview of research themes, research groups and research partners of the E-Health Strategic Research Orientation (SRO) at the University of Twente

Value-driven Security Agreements in Extended Enterprises

Today organizations are highly interconnected in business networks called extended enterprises. This is mostly facilitated by outsourcing and by new economic models based on pay-as-you-go billing; all supported by IT-as-a-service. Although outsourcing has been around for some time, what is now new is the fact that organizations are increasingly outsourcing critical business processes, engaging on complex service bundles, and moving infrastructure and their management to the custody of third parties. Although this gives competitive advantage by reducing cost and increasing flexibility, it increases security risks by eroding security perimeters that used to separate insiders with security privileges from outsiders without security privileges. The classical security distinction between insiders and outsiders is supplemented with a third category of threat agents, namely external insiders, who are not subject to the internal control of an organization but yet have some access privileges to its resources that normal outsiders do not have. Protection against external insiders requires security agreements between organizations in an extended enterprise. Currently, there is no practical method that allows security officers to specify such requirements. In this paper we provide a method for modeling an extended enterprise architecture, identifying external insider roles, and for specifying security requirements that mitigate security threats posed by these roles. We illustrate our method with a realistic example

Unobserved Heterogeneity and International Benchmarking in Public Trasport

We analyze the technical efficiency of German and Swiss urban public transport companies by means of SFA. In transport networks we might face different network structures or complexities, not observed, but influencing the production process. The unobserved factors are typically modeled as separable factors. However, we argue that the entire production process is organized around different network structures. Therefore, they are inevitably non-separable from the observed inputs and outputs. The adopted econometric model is a random coefficient stochastic frontier model. We estimate an input distance function for the years 1991 to 2006. The results underline the presence of unobserved non-separable factors.distance function, unobserved heterogeneity, technical efficiency, bus industry, panel data

Advanced Architectures for Transactional Workflows or Advanced Transactions in Workflow Architectures

In this short paper, we outline the workflow management systems research in the Information Systems division at the University of Twente. We discuss the two main themes in this research: architecture design and advanced transaction management. Attention is paid to the coverage of these themes in the context of the completed Mercurius and WIDE projects and in the new CrossFlow project. In the latter project, contracts are introduced as a new theme to support electronic commerce aspects in workflow management