Towards Automated Attack Simulations of BPMN-based Processes

Process digitization and integration is an increasing need for enterprises, while cyber-attacks denote a growing threat. Using the Business Process Management Notation (BPMN) is common to handle the digital and integration focus within and across organizations. In other parts of the same companies, threat modeling and attack graphs are used for analyzing the security posture and resilience. In this paper, we propose a novel approach to use attack graph simulations on processes represented in BPMN. Our contributions are the identification of BPMN's attack surface, a mapping of BPMN elements to concepts in a Meta Attack Language (MAL)-based Domain-Specific Language (DSL), called coreLang, and a prototype to demonstrate our approach in a case study using a real-world invoice integration process. The study shows that non-invasively enriching BPMN instances with cybersecurity analysis through attack graphs is possible without much human expert input. The resulting insights into potential vulnerabilities could be beneficial for the process modelers.Comment: Submitted for review to EDOC 202

Why Phishing Works on Smartphones: A Preliminary Study

Phishing is a form of fraud where an attacker attempts to acquire sensitive information from a target by posing as trustworthy. One strategy to fool the target is spoofing of a legitimate website. But why do people fall for phishing, and what security indicators are utilized or not utilized when deciding the legitimacy of a website? Hitherto, two studies have been conducted in 2006 and 2015. As time has passed since then, we like to check if people are meanwhile more certain in identifying spoofed websites. Therefore, 20 participants were observed when they analyzed and classified websites as legitimate or spoofed. On average participants had a success rate of 69 %, like previous studies’ results. The URL was used as an indicator by most of the participants (80 %), indicating user behavior and ease of identifying spoofed and legitimate websites is not very different on a smartphone compared to a desktop. Almost all participants used the content of the website at least once when deciding if a website was spoofed or legitimate. These findings will be used to conduct a bigger study to create more resilient results

Multivariate Unsupervised Machine Learning for Anomaly Detection in Enterprise Applications

Existing application performance management (APM) solutions lack robust anomaly detection capabilities and root cause analysis techniques, that do not require manual efforts and domain knowledge. In this paper, we develop a density-based unsupervised machine learning model to detect anomalies within an enterprise application, based upon data from multiple APM systems. The research was conducted in collaboration with a European automotive company, using two months of live application data. We show that our model detects abnormal system behavior more reliably than a commonly used outlier detection technique and provides information for detecting root causes

Gender-Based Harassment and the Hostile Work Environment

Large investments are made annually to develop and maintain IT systems. Successful outcome of IT projects is therefore crucial for the economy. Yet, many IT projects fail completely or are delayed or over budget, or they end up with less functionality than planned. This article describes a Bayesian decision-support model. The model is based on expert elicited data from 51 experts. Using this model, the effect management decisions have upon projects can be estimated beforehand, thus providing decision support for the improvement of IT project performance.QC 20140131. Updated from accepted to published.</p

Перспективы использования электронных наглядных пособий в процессе преподавания студентам инфекционных болезней

ОБРАЗОВАНИЕ МЕДИЦИНСКОЕВУЗЫМЕДИЦИНСКИЕ УЧЕБНЫЕ ЗАВЕДЕНИЯСТУДЕНТЫ МЕДИЦИНСКИХ УЧЕБНЫХ ЗАВЕДЕНИЙИНФЕКЦИОННЫЕ БОЛЕЗНИ (ДИСЦИПЛИНА)НАГЛЯДНЫЕ МАТЕРИАЛЫЭЛЕКТРОННЫЕ НАГЛЯДНЫЕ ПОСОБИ

Exploring the Relationship between Architecture Coupling and Software Vulnerabilities: A Google Chrome Case

Employing software metrics, such as size and complexity, for predicting defects has been given a lot of attention over the years and proven very useful. However, the few studies looking at software architecture and vulnerabilities are limited in scope and findings. We explore the relationship between software vulnerabilities and component metrics (like code churn and cyclomatic complexity), as well as architecture coupling metrics (direct, indirect, and cyclic coupling). Our case is based on the Google Chromium project, an open source project that has not been studied for this topic yet. Our findings show a strong relationship between vulnerabilities and both component level metrics and architecture coupling metrics. Unfortunately, the effects of different types of coupling are somewhat hard to distinguish

The G Protein–Coupled Receptor Subset of the Chicken Genome

G protein–coupled receptors (GPCRs) are one of the largest families of proteins, and here we scan the recently sequenced chicken genome for GPCRs. We use a homology-based approach, utilizing comparisons with all human GPCRs, to detect and verify chicken GPCRs from translated genomic alignments and Genscan predictions. We present 557 manually curated sequences for GPCRs from the chicken genome, of which 455 were previously not annotated. More than 60% of the chicken Genscan gene predictions with a human ortholog needed curation, which drastically changed the average percentage identity between the human–chicken orthologous pairs (from 56.3% to 72.9%). Of the non-olfactory chicken GPCRs, 79% had a one-to-one orthologous relationship to a human GPCR. The Frizzled, Secretin, and subgroups of the Rhodopsin families have high proportions of orthologous pairs, although the percentage of amino acid identity varies. Other groups show large differences, such as the Adhesion family and GPCRs that bind exogenous ligands. The chicken has only three bitter Taste 2 receptors, and it also lacks an ortholog to human TAS1R2 (one of three GPCRs in the human genome in the Taste 1 receptor family [TAS1R]), implying that the chicken's ability and mode of detecting both bitter and sweet taste may differ from the human's. The chicken genome contains at least 229 olfactory receptors, and the majority of these (218) originate from a chicken-specific expansion. To our knowledge, this dataset of chicken GPCRs is the largest curated dataset from a single gene family from a non-mammalian vertebrate. Both the updated human GPCR dataset, as well the chicken GPCR dataset, are available for download

The Adhesion GPCR GPR125 is specifically expressed in the choroid plexus and is upregulated following brain injury

<p>Abstract</p> <p>Background</p> <p>GPR125 belongs to the family of <it>Adhesion </it>G protein-coupled receptors (GPCRs). A single copy of GPR125 was found in many vertebrate genomes. We also identified a <it>Drosophila </it>sequence, DmCG15744, which shares a common ancestor with the entire Group III of <it>Adhesio</it>n GPCRs, and also contains Ig, LRR and HBD domains which were observed in mammalian GPR125.</p> <p>Results</p> <p>We found specific expression of GPR125 in cells of the choroid plexus using <it>in situ </it>hybridization and protein-specific antibodies and combined <it>in situ</it>/immunohistochemistry co-localization using cytokeratin, a marker specific for epithelial cells. Induction of inflammation by LPS did not change GPR125 expression. However, GPR125 expression was transiently increased (almost 2-fold) at 4 h after traumatic brain injury (TBI) followed by a decrease (approximately 4-fold) from 2 days onwards in the choroid plexus as well as increased expression (2-fold) in the hippocampus that was delayed until 1 day after injury.</p> <p>Conclusion</p> <p>These findings suggest that GPR125 plays a functional role in choroidal and hippocampal response to injury.</p

Enterprise Systems Modifiability Analysis : An Enterprise Architecture Modeling Approach for Decision Making

Contemporary enterprises depend to great extent on software systems. During the past decades the number of systems has been constantly increasing and these systems have become more integrated with one another. This has lead to a growing complexity in managing software systems and their environment. At the same time business environments today need to progress and change rapidly to keep up with evolving markets. As the business processes change, the systems need to be modified in order to continue supporting the processes. The complexity increase and growing demand for rapid change makes the management of enterprise systems a very important issue. In order to achieve effective and efficient management, it is essential to be able to analyze the system modifiability (i.e. estimate the future change cost). This is addressed in the thesis by employing architectural models. The contribution of this thesis is a method for software system modifiability analysis using enterprise architecture models. The contribution includes an enterprise architecture analysis formalism, a modifiability metamodel (i.e. a modeling language), and a method for creating metamodels. The proposed approach allows IT-decision makers to model and analyze change projects. By doing so, high-quality decision support regarding change project costs is received. This thesis is a composite thesis consisting of five papers and an introduction. Paper A evaluatesa number of analysis formalisms and proposes extended influence diagrams to be employed for enterprise architecture analysis. Paper B presents the first version of the modifiability metamodel. InPaper C, a method for creating enterprise architecture metamodels is proposed. This method aims to be general, i.e. can be employed for other IT-related quality analyses such as interoperability, security, and availability. The paper does however use modifiability as a running case. The second version of the modifiability metamodel for change project cost estimation is fully described in Paper D. Finally, Paper E validates the proposed method and metamodel by surveying 110 experts and studying 21 change projects at four large Nordic companies. The validation indicates that the method and metamodel are useful, contain the right set of elements and provide good estimation capabilities.QC2010071