liu.seSearch for publications in DiVA
Change search
Refine search result
1234567 1 - 50 of 419
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • oxford
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Rows per page
  • 5
  • 10
  • 20
  • 50
  • 100
  • 250
Sort
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
Select
The maximal number of hits you can export is 250. When you want to export more records please use the 'Create feeds' function.
  • 1.
    Abrahamsson, Marcus
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology.
    A platform for third-party applications on the web2013Independent thesis Basic level (degree of Bachelor), 10,5 credits / 16 HE creditsStudent thesis
    Abstract [en]

    A trend seen on the web today is to create a platform where externally developed applications can run inside some kind of main application. This is often done by providing an API to access data and business logic of your service and a sandbox environment in which third-party applications can run. By providing this, it is made possible for external developers to come up with new ideas based on your service. Some good examples on this are Spotify Apps, Apps on Facebook and SalesForce.com.

    Ipendo Systems AB is a company that develops a web platform for intellectual properties. Currently most things on this platform are developed by developers at Ipendo Systems AB. Some interest has though risen to enable external developers to create applications that will in some way run inside the main platform.

    In this thesis an analysis of already existing solutions has been done. These solutions were Spotify Apps and Apps on Facebook. The two have different approaches on how to enable third-party applications to run inside their own service. Facebook’s solution builds mainly on iframe embedded web pages where data access is provided through a web API. Spotify on the other hand hosts the third-party applications themselves but the applications may only consist of HTML5, CSS3 and JavaScript.

    In addition to the analysis a prototype was developed. The purpose of the prototype was to show possible ways to enable third-party applications to run inside your own service. Two solutions showing this were developed. The first one was based on Facebook’s approach with iframing of external web pages. The second was a slightly modified version of Spotify’s solution with only client-side code hosted by the main application. To safely embed the client side code in the main application a sandboxing tool for JavaScript called Caja was used.

    Of the two versions implemented in the prototype was the Iframe solution considered more ready to be utilized in a production environment than Caja. Caja could be seen as an interesting technique for the future but might not be ready to use today. The reason behind this conclusion was that Caja decreased the performance of the written JavaScript as well as adding complexity while developing the third-party applications.

  • 2.
    Achichi, Manel
    et al.
    LIRMM/University of Montpellier, France.
    Cheatham, Michelle
    Wright State University, USA.
    Dragisic, Zlatan
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology.
    Euzenat, Jerome
    INRIA & Univ. Grenoble Alpes, Grenoble, France.
    Faria, Daniel
    Instituto Gulbenkian de Ciencia, Lisbon, Portugal.
    Ferrara, Alfio
    Universita degli studi di Milano, Italy.
    Flouris, Giorgos
    Institute of Computer Science-FORTH, Heraklion, Greece.
    Fundulaki, Irini
    Institute of Computer Science-FORTH, Heraklion, Greece.
    Harrow, Ian
    Pistoia Alliance Inc., USA.
    Ivanova, Valentina
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology.
    Jiménez-Ruiz, Ernesto
    University of Oslo, Norway and University of Oxford, UK.
    Kuss, Elena
    University of Mannheim, Germany.
    Lambrix, Patrick
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology.
    Leopold, Henrik
    Vrije Universiteit Amsterdam, The Netherlands.
    Li, Huanyu
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
    Meilicke, Christian
    University of Mannheim, Germany.
    Montanelli, Stefano
    Universita degli studi di Milano, Italy.
    Pesquita, Catia
    Universidade de Lisboa, Portugal.
    Saveta, Tzanina
    Institute of Computer Science-FORTH, Heraklion, Greece.
    Shvaiko, Pavel
    TasLab, Informatica Trentina, Trento, Italy.
    Splendiani, Andrea
    Novartis Institutes for Biomedical Research, Basel, Switzerland.
    Stuckenschmidt, Heiner
    University of Mannheim, Germany.
    Todorov, Konstantin
    LIRMM/University of Montpellier, France.
    Trojahn, Cassia
    IRIT & Universit ́ e Toulouse II, Toulouse, France.
    Zamazal, Ondřej
    University of Economics, Prague, Czech Republic.
    Results of the Ontology Alignment Evaluation Initiative 20162016In: Proceedings of the 11th International Workshop on Ontology Matching, Aachen, Germany: CEUR Workshop Proceedings , 2016, 73-129 p.Conference paper (Refereed)
  • 3.
    Ahlberg, Gustav
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology.
    Generating web applications containing XSS and CSRF vulnerabilities2014Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesis
    Abstract [en]

    Most of the people in the industrial world are using several web applications every day. Many of those web applications contain vulnerabilities that can allow attackers to steal sensitive data from the web application's users. One way to detect these vulnerabilities is to have a penetration tester examine the web application. A common way to train penetration testers to find vulnerabilities is to challenge them with realistic web applications that contain vulnerabilities. The penetration tester's assignment is to try to locate and exploit the vulnerabilities in the web application. Training on the same web application twice will not provide any new challenges to the penetration tester, because the penetration tester already knows how to exploit all the vulnerabilities in the web application. Therefore, a vast number of web applications and variants of web applications are needed to train on.

    This thesis describes a tool designed and developed to automatically generate vulnerable web applications. First a web application is prepared, so that the tool can generate a vulnerable version of the web application. The tool injects Cross Site Scripting (XSS) and Cross Site Request Forgery (CSRF) vulnerabilities in prepared web applications. Different variations of the same vulnerability can also be injected, so that different methods are needed to exploit the vulnerability depending on the variation. A purpose of the tool is that it should generate web applications which shall be used to train penetration testers, and some of the vulnerabilities the tool can inject, cannot be detected by current free web application vulnerability scanners, and would thus need to be detected by a penetration tester.

    To inject the vulnerabilities, the tool uses abstract syntax trees and taint analysis to detect where vulnerabilities can be injected in the prepared web applications.

    Tests confirm that web application vulnerability scanners cannot find all the vulnerabilities on the web applications which have been generated by the tool.

  • 4.
    Andersson, Fredrik
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
    Storing and structuring big data with businessintelligence in mind2015Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesis
    Abstract [en]

    Sectra has a customer database with approximately 1600 customers across the world. In this system there exists not only medical information but alsoinformation about the environment which the system runs in, usage  pattern and much more.

    This report is about storing data received from log les into a suitable database. Sectra wants to be able to analyze this information so that they can make strategic decisions and get a better understanding of their customers' needs. The tested databases are MongoDB, Cassandra, and MySQL. The results shows that MySQL  is not suitable for storing large amount of data with the current conguration. On the other hand, both MongoDB and Cassandra performed well with the growing amount of data.

  • 5.
    Ardi, Shanai
    et al.
    Linköping University, The Institute of Technology. Linköping University, Department of Computer and Information Science, Database and information techniques.
    Byers, David
    Linköping University, The Institute of Technology. Linköping University, Department of Computer and Information Science, Database and information techniques.
    Meland, Per Håkon
    SINTEF ICT, Trondheim, Norway.
    Tøndel, Inger Anne
    SINTEF ICT, Trondheim, Norway.
    Shahmehri, Nahid
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology.
    How can the developer benefit from security modeling?2007In: Second International Conference on Availability, Reliability and Security, 2007, IEEE Computer Society, 2007, 1017-1025 p.Conference paper (Refereed)
    Abstract [en]

    Security has become a necessary part of nearly every software development project, as the overall risk from malicious users is constantly increasing, due to increased consequences of failure, security threats and exposure to threats. There are few projects today where software security can be ignored. Despite this, security is still rarely taken into account throughout the entire software lifecycle; security is often an afterthought, bolted on late in development, with little thought to what threats and exposures exist. Little thought is given to maintaining security in the face of evolving threats and exposures. Software developers are usually not security experts. However, there are methods and tools available today that can help developers build more secure software. Security modeling, modeling of e.g., threats and vulnerabilities, is one such method that, when integrated in the software development process, can help developers prevent security problems in software. We discuss these issues, and present how modeling tools, vulnerability repositories and development tools can be connected to provide support for secure software development

  • 6.
    Ardi, Shanai
    et al.
    Linköping University, The Institute of Technology. Linköping University, Department of Computer and Information Science, Database and information techniques.
    Byers, David
    Linköping University, The Institute of Technology. Linköping University, Department of Computer and Information Science, Database and information techniques.
    Shahmehri, Nahid
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology.
    Towards a Structured Unified Process for Software Security2006In: ICSE Workshop on Software Engineering for Secure Systems,2006, ACM , 2006, 3-10 p.Conference paper (Refereed)
  • 7.
    Ardi, Shanai
    et al.
    Linköping University, The Institute of Technology. Linköping University, Department of Computer and Information Science, Database and information techniques.
    Shahmehri, Nahid
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology.
    A post-mortem incident modeling method2009In: 2009 International Conference on Availability, Reliability and Security (ARES),  Vol. 1-2, IEEE , 2009, 1018-1023 p.Conference paper (Refereed)
    Abstract [en]

    Incident post-mortem analysis after recovery from incidents is recommended by most incident response experts. An analysis of why and how an incident happened is crucial for determining appropriate countermeasures to prevent the recurrence of the incident. Currently, there is a lack of structured methods for such an analysis, which would identify the causes of a security incident. In this paper, we present a structured method to perform the post-mortem analysis and to model the causes of an incident visually in a graph structure. This method is an extension of our earlier work on modeling software vulnerabilities. The goal of modeling incidents is to develop an understanding of what could have caused the security incident and how its recurrence can be prevented in the future. The method presented in this paper is intended to be used during the post-mortem analysis of incidents by incident response teams.

  • 8.
    Ardi, Shanai
    et al.
    Linköping University, The Institute of Technology. Linköping University, Department of Computer and Information Science, Database and information techniques.
    Shahmehri, Nahid
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology.
    Integrating a security plug-in with the OpenUP/Basic development process2008In: Third International Conference on Availability, Reliability and Security, 2008, IEEE Computer Society, 2008, 284-291 p.Conference paper (Refereed)
    Abstract [en]

    In this paper we present a security plug-in for the OpenUP/Basic development process. Our security plug-in is based on a structured unified process for secure software development, named S3P (sustainable software security process). This process provides the formalism required to identify the causes of vulnerabilities and the mitigation techniques that prevent these vulnerabilities. We also present the results of an expert evaluation of the security plug-in. The lessons learned from development of the plug-in and the results of the evaluation will be used when adapting S3P to other software development processes.

  • 9.
    Ardi, Shanai
    et al.
    Linköping University, The Institute of Technology. Linköping University, Department of Computer and Information Science, Database and information techniques.
    Shahmehri, Nahid
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology.
    Introducing Vulnerability Awareness to Common Criteria's Security Targets2009In: The Fourth International Conference on Software Engineering Advances, Portugal, IEEE Computer Society , 2009, 419-424 p.Conference paper (Refereed)
    Abstract [en]

    Security of software systems has become one of the biggest concerns in our everyday life, since software systems are increasingly used by individuals, companies and governments. One way to help software system consumers gain assurance about the security measures of software products is to evaluate and certify these products with standard evaluation processes. The Common Criteria (ISO/IEC 15408) evaluation scheme is a standard that is widely used by software vendors. This process does not include information about already known vulnerabilities, their attack data and lessons learned from them. This has resulted in criticisms concerning the accuracy of this evaluation scheme since it might not address the areas in which actual vulnerabilities might occur.

    In this paper, we present a methodology that introduces information about threats from vulnerabilities to Common Criteria documents. Our methodology improves the accuracy of the Common Criteria by providing information about known vulnerabilities in Common Criteria’s security target. Our methodology also provides documentation about how to fulfill certain security requirements, which can reduce the time for evaluation of the products.

     

  • 10.
    Arlitt, Martin
    et al.
    HP Labs.
    Carlsson, Niklas
    Linköping University, The Institute of Technology. Linköping University, Department of Computer and Information Science, Database and information techniques.
    Gill, Phillipa
    University of Toronto.
    Mahanti, Aniket
    University of Calgary.
    Williamson, Carey
    University of Calgary.
    Characterizing Intelligence Gathering and Control on an Edge Network2011In: ACM Transactions on Internet Technology, ISSN 1533-5399, Vol. 11, no 1Article in journal (Refereed)
    Abstract [en]

    here is a continuous struggle for control of resources at every organization that is connected to the Internet. The local organization wishes to use its resources to achieve strategic goals. Some external entities seek direct control of these resources, for purposes such as spamming or launching denial-of-service attacks. Other external entities seek indirect control of assets (e. g., users, finances), but provide services in exchange for them. less thanbrgreater than less thanbrgreater thanUsing a year-long trace from an edge network, we examine what various external organizations know about one organization. We compare the types of information exposed by or to external organizations using either active (reconnaissance) or passive (surveillance) techniques. We also explore the direct and indirect control external entities have on local IT resources.

  • 11.
    Arlitt, Martin
    et al.
    HP Labs.
    Carlsson, NiklasLinköping University, Department of Computer and Information Science, Database and information techniques.Hedge, NidhiTechnicolor.Wierman, AdamCalifornia Institute of Technology.
    ACM SIGMETRICS Performance Evaluation ReviewVolume 40 Issue 3, December 2012.: Special issue on the 2012 GreenMetrics workshop2013Conference proceedings (editor) (Refereed)
  • 12.
    Arlitt, Martin
    et al.
    HP Labs and University of Calgary.
    Carlsson, Niklas
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology.
    Williamson, Carey
    University of Calgary, Canada.
    Rolia, Jerry
    HP Labs.
    Passive Crowd-based Monitoring of World Wide Web Infrastructure and its Performance2012In: Proc. IEEE International Conference on Communications (ICC 2012), IEEE , 2012, 2689-2694 p.Conference paper (Refereed)
    Abstract [en]

    The World Wide Web and the services it provides are continually evolving. Even for a single time instant, it is a complex task to methodologically determine the infrastructure over which these services are provided and the corresponding effect on user perceived performance. For such tasks, researchers typically rely on active measurements or large numbers of volunteer users. In this paper, we consider an alternative approach, which we refer to as passive crowd-based monitoring. More specifically, we use passively collected proxy logs from a global enterprise to observe differences in the quality of service (QoS) experienced by users on different continents. We also show how this technique can measure properties of the underlying infrastructures of different Web content providers. While some of these properties have been observed using active measurements, we are the first to show that many of these properties (such as location of servers) can be obtained using passive measurements of actual user activity. Passive crowd-based monitoring has the advantages that it does not add any overhead on Web infrastructure, it does not require any specific software on the clients, but still captures the performance and infrastructure observed by actual Web usage.

  • 13.
    Axelsson, Jesper
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology.
    Implementering av PostgreSQL som databashanterare för MONITOR2014Independent thesis Basic level (degree of Bachelor), 10,5 credits / 16 HE creditsStudent thesis
    Abstract [sv]

    Monitors affärssystem MONITOR är under ständig utveckling och i och med detta ville man kolla upp huruvida PostgreSQL skulle kunna användas som DBMS istället för det nuvarande; Sybase SQL Anywhere. Examensarbete har därför bestått av en jämförelse hur PostgreSQL står sig jämte andra DBMS:er, en implementering utav en PostgreSQLdatabas som MONITOR arbetar mot samt ett prestandatest utav skapandet av databasen.

    I många avseenden verkar PostgreSQL vara ett alternativ till SQL Anywhere;

    1. Alla datatyper finns i båda dialekterna.
    2. Backup av data finns i olika utföranden och går att automatisera
    3. Enkelt att installera och uppdatera.
    4. Ingen licensieringskostnad existerar.
    5. Support finns tillgänglig i olika former.

    Dock så är inte PostgreSQL ett bra DBMS att byta till i dagsläget då systemet inte fungerade på grund av att vissa uttryck inte översattes ordentligt samt att ingen motsvarighet till LIST existerar. Ännu större är dock problemet med tiden det tar att flytta data till en PostgreSQL-databas då det inte är intressant att lösa problem med funktioner i systemet om det ändå inte går att använda på grund utav att konvertering av data tar så lång tid som det gör.

  • 14.
    Backofen, Rolf
    et al.
    Albert-Ludwigs-universität Freiburg, Germany.
    Burger, Albert
    Heriot-Watt university Edinburgh, UK.
    Busch, Anke
    Albert-Ludwigs-universität Freiburg, Germany.
    Dawelbait, Gihan
    TU Dresden, Germany.
    Fages, Francois
    INRIA Rocquencourt Paris, France.
    Jakoniené, Vaida
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology.
    Lambrix, Patrick
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology.
    McLeod, Kenneth
    Heriot-Watt university Edinburgh, UK.
    Soliman, Sylvain
    INRIA Rocquencourt Paris, France.
    Tan, He
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology.
    Will, Sebastian
    Albert-Ludwigs-universität Freiburg, Germany.
    Implementation of prototypes2007Report (Other academic)
  • 15.
    Baker, Christopher
    et al.
    University of New Brunswick, Canada.
    Lambrix, Patrick
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology.
    Laurila Bergman, Jonas
    Linköping University, The Institute of Technology. Linköping University, Department of Computer and Information Science, Database and information techniques.
    Kanagasabai, Rajamaran
    ASTAR, Singapore.
    Ang, Wee Tiong
    ASTAR, Singapore.
    Slicing through the scientific literature2009In: Proceedings of the 6th International Workshop on Data Integration in the Life Sciences , Springer , 2009, 1, 127-140 p.Chapter in book (Refereed)
    Abstract [en]

    Success in the life sciences depends on access to information in knowlegde bases and literature. Finding and extracting the relevant information depends on a user’s domain knowledge and the knowledge of the search technology. In this paper we present a system that helps users formulate queries and search the scientific literature. The system coordinates ontologies, knowledge representation, text mining and NLP techniques to generate relevant queries in response to keyword input from the user. Queries are presented in natural language, translated to formal query syntax and issued to a knowledge base of scientific literature, documents or aligned document segments. We describe the components of the system and exemplify using real-world examples.

  • 16.
    Bendtsen, Marcus
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
    Bayesian Optimisation of Gated Bayesian Networks for Algorithmic Trading2015In: / [ed] John Mark Agosta, Rommel Novaes Carvalho, CEUR-WS.org , 2015, Vol. 1565, 2-11 p.Conference paper (Refereed)
    Abstract [en]

    Gated Bayesian networks (GBNs) are an extension of Bayesian networks that aim to model systems that have distinct phases. In this paper, we aim to use GBNs to output buy and sell decisions for use in algorithmic trading systems. These systems may have several parameters that require tuning, and assessing the performance of these systems as a function of their parameters cannot be expressed in closed form, and thus requires simulation. Bayesian optimisation has grown in popularity as a means of global optimisation of parameters where the objective function may be costly or a black box. We show how algorithmic trading using GBNs, supported by Bayesian optimisation, can lower risk towards invested capital, while at the same time generating similar or better rewards, compared to the benchmark investment strategy buy-and-hold.

  • 17.
    Bendtsen, Marcus
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
    Gated Bayesian Networks2017Doctoral thesis, monograph (Other academic)
    Abstract [en]

    Bayesian networks have grown to become a dominant type of model within the domain of probabilistic graphical models. Not only do they empower users with a graphical means for describing the relationships among random variables, but they also allow for (potentially) fewer parameters to estimate, and enable more efficient inference. The random variables and the relationships among them decide the structure of the directed acyclic graph that represents the Bayesian network. It is the stasis over time of these two components that we question in this thesis.

    By introducing a new type of probabilistic graphical model, which we call gated Bayesian networks, we allow for the variables that we include in our model, and the relationships among them, to change overtime. We introduce algorithms that can learn gated Bayesian networks that use different variables at different times, required due to the process which we are modelling going through distinct phases. We evaluate the efficacy of these algorithms within the domain of algorithmic trading, showing how the learnt gated Bayesian networks can improve upon a passive approach to trading. We also introduce algorithms that detect changes in the relationships among the random variables, allowing us to create a model that consists of several Bayesian networks, thereby revealing changes and the structure by which these changes occur. The resulting models can be used to detect the currently most appropriate Bayesian network, and we show their use in real-world examples from both the domain of sports analytics and finance.

  • 18.
    Bendtsen, Marcus
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
    Regime Aware Learning2016In: Proceedings of the Eighth International Conference on Probabilistic Graphical Models, JMLR , 2016, Vol. 52, 1-12 p.Conference paper (Refereed)
    Abstract [en]

    We propose a regime aware learning algorithm to learn a sequence of Bayesian networks (BNs) that model a system that undergoes regime changes. The last BN in the sequence represents the system’s current regime, and should be used for BN inference. To explore the feasibility of the algorithm, we create baseline tests against learning a singe BN, and show that our proposed algorithm outperforms the single BN approach. We also apply the learning algorithm on real world data from the financial domain, where it is evident that the algorithm is able to produce BNs that have adapted to the regime changes during the most recent global financial crisis of 2007-08.

  • 19.
    Bendtsen, Marcus
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
    Regimes in baseball players' career data2017In: Data mining and knowledge discovery, ISSN 1384-5810, E-ISSN 1573-756XArticle in journal (Refereed)
    Abstract [en]

    In this paper we investigate how we can use gated Bayesian networks, a type of probabilistic graphical model, to represent regimes in baseball players’ career data. We find that baseball players do indeed go through different regimes throughout their career, where each regime can be associated with a certain level of performance. We show that some of the transitions between regimes happen in conjunction with major events in the players’ career, such as being traded or injured, but that some transitions cannot be explained by such events. The resulting model is a tool for managers and coaches that can be used to identify where transitions have occurred, as well as an online monitoring tool to detect which regime the player currently is in.

  • 20.
    Bendtsen, Marcus
    et al.
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology.
    Bendtsen, Preben
    Linköping University, Department of Medical and Health Sciences, Division of Community Medicine. Linköping University, Faculty of Health Sciences. Östergötlands Läns Landsting, Local Health Care Services in West Östergötland, Department of Medical Specialist in Motala.
    Feasibility and user perception of a fully automated push-based multiple-session alcohol intervention for university students: randomized controlled trial.2014In: JMIR mhealth and uhealth, E-ISSN 2291-5222, Vol. 2, no 2, e30- p.Article in journal (Refereed)
    Abstract [en]

    BACKGROUND: In recent years, many electronic health behavior interventions have been developed in order to reach individuals with unhealthy behaviors, such as risky drinking. This is especially relevant for university students, many of whom are risky drinkers.

    OBJECTIVE: This study explored the acceptability and feasibility in a nontreatment-seeking group of university students (including both risk and nonrisk drinkers), of a fully automated, push-based, multiple-session, alcohol intervention, comparing two modes of delivery by randomizing participants to receive the intervention either by SMS text messaging (short message service, SMS) or by email.

    METHODS: A total of 5499 students at Luleå University in northern Sweden were invited to participate in a single-session alcohol assessment and feedback intervention; 28.04% (1542/5499) students completed this part of the study. In total, 29.44% (454/1542) of those participating in the single-session intervention accepted to participate further in the extended multiple-session intervention lasting for 4 weeks. The students were randomized to receive the intervention messages via SMS or email. A follow-up questionnaire was sent immediately after the intervention and 52.9% (240/454) responded.

    RESULTS: No difference was seen regarding satisfaction with the length and frequency of the intervention, regardless of the mode of delivery. Approximately 15% in both the SMS (19/136) and email groups (15/104) would have preferred the other mode of delivery. On the other hand, more students in the SMS group (46/229, 20.1%) stopped participating in the intervention during the 4-week period compared with the email group (10/193, 5.2%). Most students in both groups expressed satisfaction with the content of the messages and would recommend the intervention to a fellow student in need of reducing drinking. A striking difference was seen regarding when a message was read; 88.2% (120/136) of the SMS group read the messages within 1 hour in contrast to 45.2% (47/104) in the email group. In addition, 83.1% (113/136) in the SMS group stated that they read all or almost all the messages, compared with only 63.5% (66/104) in the email group.

    CONCLUSIONS: Based on the feedback from the students, an extended, multiple-session, push-based intervention seems to be a feasible option for students interested in additional support after a single-session alcohol intervention. SMS as a mode of delivery seems to have some advantages over email regarding when a message is read and the proportion of messages read. However, more students in the SMS group stopped the intervention than in the email group. Based on these promising findings, further studies comparing the effectiveness of single-session interventions with extended multiple-session interventions delivered separately or in combination are warranted.

  • 21.
    Bendtsen, Marcus
    et al.
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology.
    Peña, Jose M.
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology.
    Gated Bayesian Networks2013In: TWELFTH SCANDINAVIAN CONFERENCE ON ARTIFICIAL INTELLIGENCE (SCAI 2013), Amsterdam: IOS Press, 2013, 35-44 p.Conference paper (Refereed)
    Abstract [en]

    This paper introduces a new probabilistic graphical model called gated Bayesian network (GBN). This model evolved from the need to represent real world processes that include several distinct phases. In essence a GBN is a model that combines several Bayesian networks (BN) in such a manner that they may be active or inactive during queries to the model. We use objects called gates to combine BNs, and to activate and deactivate them when predefined logical statements are satisfied. These statements are based on combinations of posterior probabilities of the variables in the BNs. Although GBN is a new formalism there are features of GBNs that are similar to other formalisms and research, including influence diagrams, context-specific independence and structural adaptation.

  • 22.
    Bendtsen, Marcus
    et al.
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
    Peña, Jose M.
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
    Gated Bayesian Networks for Algorithmic Trading2016In: International Journal of Approximate Reasoning, ISSN 0888-613X, E-ISSN 1873-4731, Vol. 69, 58-80 p.Article in journal (Refereed)
    Abstract [en]

    Gated Bayesian networks (GBNs) are a recently introduced extension of Bayesian networks that aims to model dynamical systems consisting of several distinct phases. In this paper, we present an algorithm for semi-automatic learning of GBNs. We use the algorithm to learn GBNs that output buy and sell decisions for use in algorithmic trading systems. We show how using the learnt GBNs can substantially lower risks towards invested capital, while at the same time generating similar or better rewards, compared to the benchmark investment strategy buy-and-hold.

  • 23.
    Bendtsen, Marcus
    et al.
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology.
    Peña, Jose M.
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology.
    Learning Gated Bayesian Networks for Algorithmic Trading2014In: Probabilistic Graphical Models: 7th European Workshop, PGM 2014, Utrecht, The Netherlands, September 17-19, 2014. Proceedings / [ed] Linda C. van der Gaag and Ad J. Feelders, Springer, 2014, 49-64 p.Conference paper (Refereed)
    Abstract [en]

    Gated Bayesian networks (GBNs) are a recently introduced extension of Bayesian networks that aims to model dynamical systems consisting of several distinct phases. In this paper, we present an algo- rithm for semi-automatic learning of GBNs. We use the algorithm to learn GBNs that output buy and sell decisions for use in algorithmic trading systems. We show how using the learnt GBNs can substantially lower risks towards invested capital, while at the same time generating similar or better rewards, compared to the benchmark investment strat- egy buy-and-hold. 

  • 24.
    Bendtsen, Marcus
    et al.
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
    Peña, Jose M.
    Linköping University, Department of Computer and Information Science, Statistics. Linköping University, Faculty of Science & Engineering.
    Modelling regimes with Bayesian network mixtures2017In: Proceedings of the Thirtieth Annual Workshop of the Swedish Artificial Intelligence Society, 2017, 20-29 p.Conference paper (Refereed)
    Abstract [en]

    Bayesian networks (BNs) are advantageous when representing single independence models, however they do not allow us to model changes among the relationships of the random variables over time. Due to such regime changes, it may be necessary to use different BNs at different times in order to have an appropriate model over the random variables. In this paper we propose two extensions to the traditional hidden Markov model, allowing us to represent both the different regimes using different BNs, and potential driving forces behind the regime changes, by modelling potential dependence between state transitions and some observable variables. We show how expectation maximisation can be used to learn the parameters of the proposed model, and run both synthetic and real-world experiments to show the model’s potential.

  • 25.
    Bendtsen, Preben
    et al.
    Linköping University, Department of Medical and Health Sciences, Division of Community Medicine. Linköping University, Faculty of Medicine and Health Sciences. Region Östergötland, Local Health Care Services in West Östergötland, Department of Medical Specialist in Motala.
    Bendtsen, Marcus
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
    Karlsson, Nadine
    Linköping University, Department of Medical and Health Sciences, Division of Community Medicine. Linköping University, Faculty of Medicine and Health Sciences.
    White, Ian R.
    Cambridge Institute Public Heatlh, England.
    McCambridge, Jim
    University of York, England.
    Online Alcohol Assessment and Feedback for Hazardous and Harmful Drinkers: Findings From the AMADEUS-2 Randomized Controlled Trial of Routine Practice in Swedish Universities2015In: Journal of Medical Internet Research, ISSN 1438-8871, Vol. 17, no 7, e170- p.Article in journal (Refereed)
    Abstract [en]

    Background: Previous research on the effectiveness of online alcohol interventions for college students has shown mixed results. Small benefits have been found in some studies and because online interventions are inexpensive and possible to implement on a large scale, there is a need for further study. Objective: This study evaluated the effectiveness of national provision of a brief online alcohol intervention for students in Sweden. Methods: Risky drinkers at 9 colleges and universities in Sweden were invited by mail and identified using a single screening question. These students (N=1605) gave consent and were randomized into a 2-arm parallel group randomized controlled trial consisting of immediate or delayed access to a fully automated online assessment and intervention with personalized feedback. Results: After 2 months, there was no strong evidence of effectiveness with no statistically significant differences in the planned analyses, although there were some indication of possible benefit in sensitivity analyses suggesting an intervention effect of a 10% reduction (95% CI -30% to 10%) in total weekly alcohol consumption. Also, differences in effect sizes between universities were seen with participants from a major university (n=365) reducing their weekly alcohol consumption by 14% (95% CI -23% to -4%). However, lower recruitment than planned and differential attrition in the intervention and control group (49% vs 68%) complicated interpretation of the outcome data. Conclusions: Any effects of current national provision are likely to be small and further research and development work is

  • 26.
    Bergersten, Ronny
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology.
    Implementation av sökfunktion i"Mobile Documents"2012Independent thesis Basic level (university diploma), 10 credits / 15 HE creditsStudent thesis
    Abstract [sv]

    Exjobbet gick ut på att skapa en sökfunktion till Androidapplikationen ”MobileDocuments", för att på så sätt få möjligheten att hitta sina mail och dokument på ettsmidigare sätt, mer om ”Mobile Documents” tas upp i rapporten. Ex-jobbet innehölläven en del som gick ut på att undersöka systemdesignen på serversidan, för enframtida implementation av en sökmotor. Rapporten belyser även de utmaningar somuppkommit under utvecklingen samt hur testningen av den nya funktionen gått till.Rapporten avslutas med en diskussion kring arbetsprocessen.

  • 27.
    Bergström, Patrik
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology.
    A Proof-of-Concept Implementation of a Non-linear Video Player for HTTP-based Adaptive Streaming2013Independent thesis Basic level (university diploma), 10,5 credits / 16 HE creditsStudent thesis
    Abstract [en]

    Video consumption on the Internet has been growing over the last decade and is expected to continue to increase. Video streaming is a widely used approach to viewing video on the Internet, which allows users to watch the video while it is being downloaded. Adaptive streaming is a video streaming technique that allows the player to change the downloading video’s bit rate depending on the user’s available bandwidth.

    Another approach to a more personal viewing experience is non-linear videos. These videos can be played in a non-sequential order. For example, a viewer can be given the choice of what ending to watch in a movie, or the path through an exhibition.

    This thesis will present the design and implementation of a novel structure for non-linear video. This structure is used by a video player for downloading and viewing an adaptive video intended for non-linear viewing, stored at some server. Media creators will also have an easier time to both visualize and create uniform video experiences.

    This thesis presents modifications to Adobe’s Open Source Media Framework and Strobe Media Playback which allow playing non-linear video. Presented in this thesis are the design and implementation details. Changes in the player include a user interface for non-linear media. The changes to the back-end include buffer management for parallel downloading and techniques to handle the new structure.

    Finally, this thesis presents proof-of-concept validation tests that show the functionality of the design and implementation. The thesis is concluded with a discussion of future work in this area.

  • 28.
    Bergström, Patrik
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Department of Computer and Information Science, Artificial Intelligence and Intergrated Computer systems. Linköping University, The Institute of Technology.
    Automated Setup of Display Protocols2015Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesis
    Abstract [en]

    Radiologists' workload has been steadily increasing for decades. As digital technology matures it improves the workflow for radiology departments and decreases the time necessary to examine patients. Computer systems are widely used in health care and are for example used to view radiology images. To simplify this, display protocols based on examination data are used to automatically create a layout and hang images for the user. To cover a wide variety of examinations hundreds of protocols must be created, which is a time-consuming task and the system can still fail to hang series if strict requirements on the protocols are not met. To remove the need for this manual step we propose to use machine learning based on past manually corrected presentations. The classifiers are trained on the metadata in the examination and how the radiologist preferred to hang the series. The chosen approach was to create classifiers for different layout rules and then use these predictions in an algorithm for assigning series types to individual image slots according to categories based on metadata, similar to how display protocol works. The resulting presentations shows that the system is able to learn, but must increase its prediction accuracy if it is to be used commercially. Analyses of the different parts show that increased accuracy in early steps should improve overall success.

  • 29.
    Bianco, A.
    et al.
    Dipartimento di Elettronica e Delie Telecomunicazioni, Politecnico di Torino, Italy.
    Krishnamoorthi, Vengatanathan
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology.
    Li, N.
    Dipartimento di Elettronica e Delie Telecomunicazioni, Politecnico di Torino, Italy.
    Giraudo, L.
    VMware, Inc, United States.
    OpenFlow driven ethernet traffic analysis2014In: 2014 IEEE International Conference on Communications, ICC 2014, IEEE Computer Society , 2014, no 6883781, 3001-3006 p.Conference paper (Refereed)
    Abstract [en]

    Software Defined Networking (SDN) is a new networking paradigm that permits to slice network infrastructures. An example of SDN is the OpenFlow framework, where the control plane runs on a separate device, called controller, that manages data forwarding switches. The OpenFlow protocol ensures communications between OpenFlow switches and the OpenFlow controller. Before widely deploying OpenFlow based networks, scalability and performance of such networks should be studied and better understood. In this paper, the scalability of NOX, one of the most popular OpenFlow controller, is analyzed through both simulation and lab measurements. We perform an Ethernet trace analysis on the controller by defining flow characteristics as would be seen by an OpenFlow controller. We study the potential trace impact on an OpenFlow controller, analyzing among others, the number of flows, flow inter arrival times, traffic volumes and flow size distribution. Our results permit to discuss the feasibility of running OpenFlow networks with a single commodity PC as the controller in a mid-size campus network. © 2014 IEEE.

  • 30.
    Bildsten, Caroline
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology.
    Application Whitelisting: Smartphones in High Security Environments2013Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesis
    Abstract [en]

    Today, smartphones are in widespread use by consumers, commercial companies and government authorities. Unfortunately, there are many examples of applications carrying out malicious activities, such as stealing information or subscribing to premium-rate services. In this thesis work, a novel application whitelisting process (AWP) is proposed. It defines processes for application security audits and whitelisting i.e. methods on how to classify, evaluate and test a given application to make sure that it with a level of assurance does not have malicious intentions. In a risk analysis of users in high security environments, the results showed that confidentiality and availability is the top most important security aspects to protect in this environment. The applications in the whitelisting process should therefore be tested for known malware and adware as well as permissions that can be used to send private information to remote servers. Additionally, testing should also be carried out for information leakage through intents and content resolvers. Because whitelisting is locking down the freedom and usability that comes with a smartphone, three different leveled whitelists are proposed to satisfy users and organizations with different security needs. A prototype was developed to prove the overall usability of the design. The result of scanning 200 applications from Google Play showed that 12% of all applications can be placed in the highest leveled whitelist. The results also suggest that 17.5 % of all applications on Google Play are malware or potentially unwanted applications. The results points to that using this novel whitelisting process, about 30% of all applications can be automated into whitelists and will not need manual analysis.

  • 31.
    Bni, Asmae
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology.
    A Metric for Anonymity based on Subjective Logic2014Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesis
    Abstract [en]

    Anonymity metrics have been proposed to evaluate anonymity preserving systems by estimating the amount of information displayed by these systems due to vulnerabilities. A general metric for anonymity that assess the latter systems according to the mass and quality of information learned by an attacker or a collaboration of attackers is proposed here.

    The proposed metric is based on subjective logic, a generalization of evidence and probability theory. As a consequence, we proved based on defined scenarios that our metric provide a better interpretation of uncertainty in the measure and it is extended to combine various sources of information using subjective logic operators. Also, we demonstrate that two factors: trust between collaborating attackers and time can influence significantly the metric result when taking them into consideration.

  • 32.
    Bonatti, Piero
    et al.
    Naples University.
    Duma, Claudiu
    Linköping University, The Institute of Technology. Linköping University, Department of Computer and Information Science, Database and information techniques.
    Fuchs, Norbert
    University of Zurich.
    Olmedilla, Daniel
    L3S Research Center.
    Peer, Joachim
    St. Gallen University.
    Shahmehri, Nahid
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology.
    Semantic Web Policies -- A Discussion of Requirements and Research Issues2006In: European Semantic Web Conference,2006, Springer: Springer , 2006, 712-724 p.Conference paper (Refereed)
    Abstract [en]

    Policies are pervasive in web applications. They play crucial roles in enhancing security, privacy and usability of distributed services. There has been extensive research in the area, including the Semantic Web community, but several aspects still exist that prevent policy frameworks from widespread adoption and real world application. This paper discusses important requirements and open research issues in this context, focusing on policies in general and their integration into trust management frameworks, as well as on approaches to increase system cooperation, usability and user-awareness of policy issues.

  • 33.
    Borges, Fabio
    et al.
    Technische Universität Darmstadt, Germany.
    Martucci, Leonardo A.
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology.
    Mühlhäuser, Max
    Technische Universität Darmstadt, Germany.
    Analysis of Privacy-Enhancing ProtocolsBased on Anonymity Networks2012Conference paper (Refereed)
    Abstract [en]

    In this paper, we analyze privacy-enhancing protocolsfor Smart Grids that are based on anonymity networks. Theunderlying idea behind such protocols is attributing two distinctpartial identities for each consumer. One is used to send realtimeinformation about the power consumption, and the otherfor transmitting the billing information. Such protocols providesender-anonymity for the real-time information, while consolidateddata is sent for billing. In this work, the privacy propertiesof such protocols are analyzed, and their computational efficiencyis evaluated and compared using simulation to other solutionsbased on homomorphic encryption.

  • 34.
    Borghol, Youmna
    et al.
    NICTA, Australia; University of New South Wales, Sydney, NSW, Australia.
    Ardon, Sebastien
    NICTA, Alexandria, NSW, Australia .
    Carlsson, Niklas
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology.
    Eager, Derek
    University of Saskatchewan, Canada.
    Mahanti, Anirban
    NICTA, Alexandria, NSW, Australia .
    The Untold Story of the Clones: Content-agnostic Factors that Impact YouTube Video Popularity2012In: Proc. ACM SIGKDD Conference on Knowledge Discovery and Data Mining (KDD) 2012, Association for Computing Machinery (ACM), 2012, 1186-1194 p.Conference paper (Refereed)
    Abstract [en]

    Video dissemination through sites such as YouTube can have widespread impacts on opinions, thoughts, and cultures. Not all videos will reach the same popularity and have the same impact. Popularity differences arise not only because of differences in video content, but also because of other "content-agnostic" factors. The latter factors are of considerable interest but it has been difficult to accurately study them. For example, videos uploaded by users with large social networks may tend to be more popular because they tend to have more interesting content, not because social network size has a substantial direct impact on popularity.

    In this paper, we develop and apply a methodology that is able to accurately assess, both qualitatively and quantitatively, the impacts of various content-agnostic factors on video popularity. When controlling for video content, we observe a strong linear "rich-get-richer" behavior, with the total number of previous views as the most important factor except for very young videos. The second most important factor is found to be video age. We analyze a number of phenomena that may contribute to rich-get-richer, including the first-mover advantage, and search bias towards popular videos. For young videos we find that factors other than the total number of previous views, such as uploader characteristics and number of keywords, become relatively more important. Our findings also confirm that inaccurate conclusions can be reached when not controlling for content.

  • 35.
    Borghol, Youmna
    et al.
    NICTA, Australia.
    Mitra, Siddharth
    Indian Institute Technology Delhi.
    Ardon, Sebastien
    NICTA, Australia.
    Carlsson, Niklas
    Linköping University, The Institute of Technology. Linköping University, Department of Computer and Information Science, Database and information techniques.
    Eager, Derek
    University of Saskatchewan.
    Mahanti, Anirban
    NICTA, Australia.
    Characterizing and modelling popularity of user-generated videos2011In: Performance evaluation (Print), ISSN 0166-5316, Vol. 68, no 11, 1037-1055 p.Article in journal (Refereed)
    Abstract [en]

    This paper develops a framework for studying the popularity dynamics of user-generated videos, presents a characterization of the popularity dynamics, and proposes a model that captures the key properties of these dynamics. We illustrate the biases that may be introduced in the analysis for some choices of the sampling technique used for collecting data; however, sampling from recently-uploaded videos provides a dataset that is seemingly unbiased. Using a dataset that tracks the views to a sample of recently-uploaded YouTube videos over the first eight months of their lifetime, we study the popularity dynamics. We find that the relative popularities of the videos within our dataset are highly non-stationary, owing primarily to large differences in the required time since upload until peak popularity is finally achieved, and secondly to popularity oscillation. We propose a model that can accurately capture the popularity dynamics of collections of recently-uploaded videos as they age, including key measures such as hot set churn statistics, and the evolution of the viewing rate and total views distributions over time.

  • 36.
    Borisenko, Konstantin
    et al.
    St Petersburg Electrotech University of LETI, Russia.
    Rukavitsyn, Andrey
    St Petersburg Electrotech University of LETI, Russia.
    Gurtov, Andrei
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering. ITMO University, Russia.
    Shorov, Andrey
    St Petersburg Electrotech University of LETI, Russia.
    Detecting the Origin of DDoS Attacks in OpenStack Cloud Platform Using Data Mining Techniques2016In: Internet of Things, Smart Spaces, and Next Generation Networks and Systems, NEW2AN 2016/uSMART 2016, SPRINGER INT PUBLISHING AG , 2016, Vol. 9870, 303-315 p.Conference paper (Refereed)
    Abstract [en]

    The paper presents the results of the design and implementation of detection system against DDoS attacks for OpenStack cloud computing platform. Proposed system uses data mining techniques to detect malicious traffic. Formal models of detecting components are described. To train data mining models real legitimate traffic was combined with modelled malicious one. Paper presents results of detecting the origin of DDoS attacks on cloud instances.

  • 37.
    Buö, David
    et al.
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology.
    Kjellander, Magnus
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology.
    Predicting Customer Churn at a Swedish CRM-system Company2014Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesis
    Abstract [en]

    This master thesis investigates if customer churn can be predicted at the Swedish CRM-system provider Lundalogik. Churn occurs when a customer leaves a company and is a relevant issue since it is cheaper to keep an existing customer than finding a new one. If churn can be predicted, the company can target their resources to those customers and hopefully keep them. Finding the customers likely to churn is done through mining Lundalogik's customer database to find patterns that results in churn. Customer attributes considered relevant for the analysis are collected and prepared for mining. In addition, new attributes are created from information in the database and added to the analysis. The data mining was performed with Microsoft SQL Server Data Tools in iterations, where the data was prepared differently in each iteration. The major conclusion from this thesis is that churn can be predicted at Lundalogik. The mining resulted in new insights regarding churn but also confirmed some of Lundalogik's existing theories regarding churn. There are many factors that needs to be taken into consideration when evaluating the results and which preparation gives the best results. To further improve the prediction there are some final recommendations, i.e. including invoice data, to Lundalogik of what can be done.

  • 38.
    Byers, David
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology.
    Improving Software Security by Preventing Known Vulnerabilities2013Doctoral thesis, monograph (Other academic)
    Abstract [en]

    From originally being of little concern, security has become a crucial quality factor in modern software. The risk associated with software insecurity has increased dramatically with increased reliance on software and a growing number of threat agents. Nevertheless, developers still struggle with security. It is often an afterthought, bolted on late in development or even during deployment. Consequently the same kinds of vulnerabilities appear over and over again.

    Building security in to software from its inception and constantly adapting processes and technology to changing threats and understanding of security can significantly contribute to establishing and sustaining a high level of security.

    This thesis presents the sustainable software security process, the S3P, an approach to software process improvement for software security that focuses on preventing known vulnerabilities by addressing their underlying causes, and sustaining a high level of security by adapting the process to new vulnerabilities as they become known. The S3P is designed to overcome many of the known obstacles to software process improvement. In particular, it ensures that existing knowledge can be used to its full potential and that the process can be adapted to nearly any environment and used in conjunction with other other software security processes and security assurance models.

    The S3P is a three-step process based on semi-formal modeling of vulnerabilities, ideally supported by collaborative tools. Such proof-of-concept tools were developed for all parts of the process as part of the SHIELDS project.

    The first two steps of the S3P consist in determining the potential causes of known vulberabilities at all stages of software development, then identifying measures that would prevent each individual cause. These steps are performed using visual modeling languages with well-defined semantics and a modeling workflow. With tool support, modeling effort can be progressively reduced through collaboration and use of pre-existing models.

    Next, the costs of all potential measures are estimated using any suitable method. This thesis uses pairwise comparisons in order to support qualitative judgements. The models and costs yield a boolan optimization problem that is solved using a search-based heuristic, to identify the best set of measures to prevent selected vulnerabilities.

    Empirical evaluation of the various steps of the process has verified a number of key aspects: the modeling process is easy to learn and apply, and the method is perceived by developers as providing value and improving security. Early evaluation results were also used to refine certain aspects of the S3P.

    The modeling languages that were introduced in the S3P have since been enhanced to support other applications. This thesis presents security goal models (SGMs), a language that subsumes several security-related modeling languages to unify modeling of threats, attacks, vulnerabilities, activities, and security goals. SGMs have formal semantics and are sufficiently expressive to  support applications as diverse as automatic run-time testing, static analysis, and code inspection. Proofof-concept implementations of these applications were developed as part of the SHIELDS project.

    Finally, the thesis discusses how individual components of the S3P can be used in situations where the full process is inappropriate.

  • 39.
    Byers, David
    et al.
    Linköping University, The Institute of Technology. Linköping University, Department of Computer and Information Science, Database and information techniques.
    Ardi, Shanai
    Linköping University, The Institute of Technology. Linköping University, Department of Computer and Information Science, Database and information techniques.
    Shahmehri, Nahid
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology.
    Duma, Claudiu
    Linköping University, The Institute of Technology. Linköping University, Department of Computer and Information Science, Database and information techniques.
    Modeling Software Vulnerabilities with Vulnerability Cause Graphs2006In: International Conference on Software Maintenance,2006, IEEE , 2006, 411-422 p.Conference paper (Refereed)
  • 40.
    Byers, David
    et al.
    Linköping University, The Institute of Technology. Linköping University, Department of Computer and Information Science, Database and information techniques.
    Shahmehri, Nahid
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology.
    A Cause-Based Approach to Preventing Software Vulnerabilities2008In: Third International Conference on Availability, Reliability and Security, 2008, IEEE Computer Society, 2008, 276-283 p.Conference paper (Refereed)
    Abstract [en]

    Security is often an afterthought in software development, sometimes even bolted on during deployment or in maintenance through add-on security software and penetrate-and-patch maintenance. We think that security needs to be an integral part of software development and that preventing vulnerabilities by addressing their causes is as important as detecting and fixing them. In this paper we present a method for determining how to prevent vulnerabilities from being introduced during software development. Our method allows developers to select the set of activities that suits them best while being assured that those activities will prevent vulnerabilities. Our method is based on formal modeling of vulnerability causes and is independent of the software development process being used.

  • 41.
    Byers, David
    et al.
    Linköping University, The Institute of Technology. Linköping University, Department of Computer and Information Science, Database and information techniques.
    Shahmehri, Nahid
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology.
    A systematic evaluation of disk imaging in EnCase® 6.8 and LinEn 6.12009In: Digital Investigation, ISSN 1742-2876, Vol. 6, no 1-2, 61-70 p.Article in journal (Refereed)
    Abstract [en]

    Tools for disk imaging (or more generally speaking, digital acquisition) are a foundation for forensic examination of digital evidence. Therefore it is crucial that such tools work as expected. The only way to determine whether this is the case or not is through systematic testing of each tool. In this paper we present such an evaluation of the disk imaging functions of EnCase 6.8® and LinEn 6.1, conducted on behalf of the Swedish National Laboratory of Forensic Science. Although both tools performed as expected under most circumstances, we identified cases where flaws that can lead to inaccurate and incomplete acquisition results in LinEn 6.1 were exposed. We have also identified limitations in the tool that were not evident from its documentation. In addition summarizing the test results, we present our testing methodology, which has novel elements that we think can benefit other evaluation projects.

  • 42.
    Byers, David
    et al.
    Linköping University, The Institute of Technology. Linköping University, Department of Computer and Information Science, Database and information techniques.
    Shahmehri, Nahid
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology.
    Contagious errors: Understanding and avoiding issues with imaging drives containing faulty sectors2008In: Digital Investigation. The International Journal of Digital Forensics and Incident Response, ISSN 1742-2876, E-ISSN 1873-202X, Vol. 5, no 1, 29-33 p.Article in journal (Refereed)
    Abstract [en]

    When using certain tools to image drives that contain faulty sectors, the tool may fail to acquire a run of sectors even though only one of the sectors is really faulty. This phenomenon, which we have dubbed "contagious errors was reported by James Lyle and Mark Wozar in a recent paper presented at DFRWS 2007 [Lyle, J., Wozar, M. Issues with imaging drives containing faulty sectors. Digital Investigation 2007; 4S: S13-5.]. Their results agree with our own experience from testing disk imaging software as part of our work for the Swedish National Laboratory of Forensic Science. We have explored the issue further, in order to determine the cause of contagious errors and to find ways around the issue. In this paper we present our analysis of the cause of contagious errors as well as several ways practitioners can avoid the problem. In addition we present our insights into the problem of consistently faulty drives in forensic tool testing.

  • 43.
    Byers, David
    et al.
    Linköping University, The Institute of Technology. Linköping University, Department of Computer and Information Science, Database and information techniques.
    Shahmehri, Nahid
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology.
    Design of a Process for Software Security2007In: Second International Conference on Availability, Reliability and Security, 2007, IEEE Computer Society, 2007, 301-309 p.Conference paper (Refereed)
    Abstract [en]

    Security is often an afterthought when developing software, and is often bolted on late in development or even during deployment or maintenance, through activities such as penetration testing, add-on security software and penetrate-and-patch maintenance. We believe that security needs to be built in to the software from the beginning, and that security activities need to take place throughout the software lifecycle. Accomplishing this effectively and efficiently requires structured approach combining a detailed understanding on what causes vulnerabilities, and how to prevent them. In this paper we present a process for software security that is based on vulnerability cause graphs, a formalism we have developed for modeling the causes of software vulnerabilities. The purpose of the software security process is to evolve the software development process so that vulnerabilities are prevented. The process we present differs from most current approaches to software security in its high degree of adaptability and in its ability to evolve in step with changing threats and risks. This paper focuses on how to apply the process and the criteria that have influenced the process design

  • 44.
    Byers, David
    et al.
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology.
    Shahmehri, Nahid
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology.
    Graphical Modeling of Security Goals and Software Vulnerabilities2015In: Handbook of Research on Innovations in Systems and Software Engineering / [ed] Vicente García Díaz, Juan Manuel Cueva Lovelle, B. Cristina Pelayo García-Bustelo, IGI Global, 2015, 1-31 p.Chapter in book (Refereed)
    Abstract [en]

    Security has become recognized as a critical aspect of software development, leading to the development of various security-enhancing techniques, many of which use some kind of custom modeling language. Models in different languages cannot readily be related to each other, which is an obstacle to using several techniques together. The sheer number of languages is, in itself, also an obstacle to adoption by developers. The authors have developed a modeling language that can be used in place of four existing modeling languages: attack trees, vulnerability cause graphs, security activity graphs, and security goal indicator trees. Models in the new language can be transformed to and from the earlier language, and a precise definition of model semantics enables an even wider range of applications, such as testing and static analysis. This chapter explores this new language.

  • 45.
    Byers, David
    et al.
    Linköping University, The Institute of Technology. Linköping University, Department of Computer and Information Science, Database and information techniques.
    Shahmehri, Nahid
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology.
    Modeling Security Goals and Software Vulnerabilities2011In: Dependability and Computer Engineering: Concepts for Software-Intensive Systems / [ed] Luigia Petre, Kaisa Sere, Elena Troubitsyna, IGI Global, 2011, 171-198 p.Chapter in book (Other academic)
    Abstract [en]

    Security is becoming recognized as an important aspect of software development, leading to the development of various security-enhancing techniques, many of which use some kind of custom modeling language. Models in different languages cannot readily be related to each other, which is an obstacle to using several techniques together. The sheer number of languages is, in itself, also an obstacle to adoption by developers.

    We have developed a modeling language that can be used in place of four existing modeling languages: attack trees, vulnerability cause graphs, security activity graphs, and security goal indicator trees. Our language is more precise than earlier languages, which allows models to be used in automated applications such as testing and static analysis. Models in the new language can be transformed to and from earlier languages. We also present a data model that allows users to relate different kinds of models and model elements to each other and to core security knowledge.

  • 46.
    Byers, David
    et al.
    Linköping University, The Institute of Technology. Linköping University, Department of Computer and Information Science, Database and information techniques.
    Shahmehri, Nahid
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology.
    Prioritisation and Selection of Software Security Activities2009In: International Conference on Availability, Reliability and Security, 2009, IEEE , 2009, 201-207 p.Conference paper (Refereed)
    Abstract [en]

    Software security is accomplished by introducing security-related activities into the software development process or by altering existing activities so that security is taken into account. Since the importance of software security has only relatively recently received the recognition it deserves, security is not ingrained into the development processes in common use today. A variety of approaches to software security have been proposed, but they rarely support developers in determining which security activities are appropriate for them and which they should choose to implement. An exception to this rule is the Sustainable Software Security Process (S3P). This paper describes the final step of the S3P, which helps developers estimate the cost of security-related activities and select the combination of security activities that best suits their needs. This is accomplished by applying the Analytic Hierarchy Process and an automated search heuristic, scatter search, to the models created as part of the S3P.  

  • 47.
    Byers, David
    et al.
    Linköping University, The Institute of Technology. Linköping University, Department of Computer and Information Science, Database and information techniques.
    Shahmehri, Nahid
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology.
    Unified modeling of attacks, vulnerabilities and security activities2010In: Proceedings of the 2010 ICSE Workshop on Software Engineering for Secure Systems, New York, USA: ACM , 2010, 36-42 p.Conference paper (Refereed)
    Abstract [en]

    Security is becoming recognized as an important aspect of software development, leading to the development of many different security-enhancing techniques, many of which use some kind of custom modeling language. Models in these different languages cannot readily be related to each other, which is an obstacle to using several techniques together. The sheer number of languages is, in itself, also an obstacle to adoption by developers.

    In this paper we present a modeling language that can be used in place of four existing modeling languages: attacktrees, vulnerability cause graphs, security activity graphs, and security goal indicator trees. Models in our language can be more precise than earlier models, which allows them to be used in automated applications, such as automatic testing and static analysis. Models in the new language can be derived automatically from models in the existing languages, and can be viewed using existing notation.

    Our modeling language exploits a data model, also presented in this paper, that permits rich interconnections between various items of security knowledge. In this data model it is straightforward to relate different kinds of models, and thereby different software security techniques, to each other.

  • 48.
    Carlsson, Niklas
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology.
    Broadening the Audience: Popularity Dynamics and Scalable Content Delivery2012In: Advances in secure and networked information systems: the ADIT perspective ; Festschrift in honor of professor Nahid Shahmehri / [ed] Patrick Lambrix, Linköping: Linköping University Electronic Press, 2012, 139-144 p.Chapter in book (Other academic)
    Abstract [en]

    The Internet is playing an increasingly important role in today’s society and people are beginning to expect instantaneous access to information and content wherever they are. As content delivery is consuming a majority of the Internet bandwidth and its share of bandwidth is increasing by the hour, we need scalable and efficient techniques that can support these user demands and efficiently deliver the content to the users. When designing such techniques it is important to note that not all content is the same or will reach the same popularity. Scalable techniques must handle an increasingly diverse catalogue of contents, both with regards to diversity of content (as service are becoming increasingly personalized, for example) and with regards to their individual popularity. The importance of understanding content popularity dynamics is further motivated by popular contents widespread impact on opinions, thoughts, and cultures. This article will briefly discuss some of our recent work on capturing content popularity dynamics and designing scalable content delivery techniques

  • 49.
    Carlsson, Niklas
    Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, Faculty of Science & Engineering.
    Optimized eeeBond: Energy Efficiency with non-Proportional Router Network Interfaces2016In: PROCEEDINGS OF THE 2016 ACM/SPEC INTERNATIONAL CONFERENCE ON PERFORMANCE ENGINEERING (ICPE'16), ACM Digital Library, 2016, 215-223 p.Conference paper (Refereed)
    Abstract [en]

    The recent Energy Efficient Ethernet (EEE) standard and the eBond protocol provide two orthogonal approaches that allow significant energy savings on routers. In this paper we present the modeling and performance evaluation of these two protocols and a hybrid protocol. We first present eeeBond, pronounced ``triple-e bond'', which combines the eBond capability to switch between multiple redundant interfaces with EEE's active/idle toggling capability implemented in each interface. Second, we present an analytic model of the protocol performance, and derive closed-form expressions for the optimized parameter settings of both eBond and eeeBond. Third, we present a performance evaluation that characterizes the relative performance gains possible with the optimized protocols, as well as a trace-based evaluation that validates the insights from the analytic model. Our results show that there are significant advantages to combine eBond and EEE. The eBond capability provides good savings when interfaces only offer small energy savings when in short-term sleep states, and the EEE capability is important as short-term sleep savings improve.

  • 50.
    Carlsson, Niklas
    et al.
    Linköping University, The Institute of Technology. Linköping University, Department of Computer and Information Science, Database and information techniques.
    Arlitt, Martin
    Towards More Effective Utilization of Computer Systems2011In: Proc. ACM/SPEC International Conference on Performance Engineering (ICPE ’10), Karlsruhe, Germany, March 2011., ACM , 2011, 235-246 p.Conference paper (Refereed)
1234567 1 - 50 of 419
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • oxford
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf