BIBSYS: Open Journals Systems
Not a member yet
393 research outputs found
Sort by
Component trustworthiness in an enterprise software platform ecosystem
Enterprise software packages are increasingly designed as ex-tendable software platforms. These platforms are characterised by modular architecture that allows third parties to innovate and create value through the development of complementary applications. The development process of complementary applications from scratch is resource-intensive. One way of optimising the development process is by using the component-based software engineering (CBSE) approach that focuses on software reuse and suggests building applications with reusable components. There is a considerable amount of literature on CBSE; however, there has been little discussion on how component-based software engineering can strengthen third-party application development in the context of an enterprise software platform ecosystem. Specifically, it is unclear how the challenge of component trustworthiness can be addressed in this context. To explore this, we conducted a design science research(DSR) study to answer the following question: What are design principles pertaining to component trustworthiness for implementing a component repository that facilitates component reuse in an enterprise software platform ecosystem? In our study, we have explored the potential for component reuse in the ecosystem of the global health software platform DHIS2 by designing and developing a prototype component repository. Duringthe design and development process, two design principles were identi-fied: Principle of component trustworthiness and Principle of balanced certification. These principles are to guide researchers and practitioners on how a component repository can be implemented in the context of an enterprise software platform ecosystem
IAVS: Intelligent Active Network Vulnerability Scanner
Network security needs to be assured through runtime active evaluating and assessment. However, active vulnerability scanners suffer from serious deficiencies such as heavy scan traffic during the reconnaissance phase, uncertainty in the environment, and heavy reliance on experts. Generating a blind heavy load of attack packets not only causes usage of network resources, but it also increases the probability of detection by target defense systems and causes failure in finding vulnerabilities. Furthermore, environmental uncertainty increases pointless attempts of vulnerability scanners, which wastes time. Utilizing a decision-making method devised for uncertainty conditions, we present Intelligent Active Network Vulnerability Scanner (IAVS). IAVS is implemented as an extension on Hail Mary, the automatic execution mechanism in the Metasploit toolkit. IAVS learns from previous vulnerability exploitation attempts to select exploit codes purposefully. IAVS not only reduces the role of experts in the process of vulnerability testing, but it also decreases the volume of scanning requests during the reconnaissance phase by integrating the reconnaissance and exploitation phases. Our experimental results indicate a successful decrease in failed attempts. It is also demonstrated that improvements in the results of IAVS correspond directly to the rate of similarity among different vulnerabilities in systems of the target network; that is, the higher the similarity, the better the results of IAVS. Our experiments compared the results of IAVS and those of Hail Mary without the IAVS extension; these results show that IAVS improved Hail Marys successful attempts by around 37%.
Study of Blacklisted Malicious Domains from a Microsoft Windows End-user Perspective: Is It Safe Behind the Wall?
The Internet is a dangerous place, filled with dierent cyber threats, including malware. To withstand this, blacklists have been utilized for a long time to block known infection and delivery sources. However, through blacklisting the domain names we are leaving a landscape of threats to be unknown and forgotten. In this paper, first, we investigate the current state-of-the-art in cyber threats available on such blacklists. Then, we study the corresponding malicious actors and reveal that those persistently appear since 2006. By shedding light on this part of the cyber threat landscape we target increased information security perception of the landscape from the perspective of the average end-user. Moreover, it is clear that the blacklisting the domains should not be one-way function and need to be regularly re-evaluated. Moreover, blacklisting might not be enforced by client applications in addition to outdated system software leaving real danger. For practical evaluation, we created a multi-focused experimental setup employing different MS Windows OS and browser versions. This allowed us to perform a thorough analysis of blacklisted domains from the perspective of the published information, content retrieved and possible malware distribution campaigns. We believe that this paper serves as a stepping stone in a re-evaluation of the once found and then blacklisted domains from the perspective of minimal security protection of a general user, who might not be equipped with a blacklisting mechanism
How formative assessment using ePortfolio can add value to computer students
This submission is a poster submission that describes an ongoing study. In the study, we examinehow formative feedback with ePortfolio can provide value to computer students. The background for the study is related to the pandemic that led higher education institutions to face challenges conducting assessments, the need for more flexible courses in the future to meet the diversity of the student population, and computer education's crucial role in realizing sustainable development
Modenhetsmodell For Måling Av Datadrevenhet i Organisasjoner
Med en økende grad av tilgjengelig data skapes det en forventing til organisasjoner om at de skal bli datadrevne. En datadreven organisasjon kjennetegnes av at de lykkes i å bruke data for å ta valg og skape verdi for organisasjonen. Organisasjoner har ofte en forståelse av hvorfor man burde være datadrevne. Det er allikevel uklart hvordan man skal gå frem for å skape en datadreven organisasjon. Vi har utviklet en modenhetsmodell som kan kartlegge organisasjoners modenhet, når det kommer til å ta i bruk data og analyse i beslutningstagning. Modellen er utviklet etter forskningsmetoden "Design Science Research" og evaluert grundig i samarbeid med en casebedrift. Formålet til modellen er å gi en indikasjon på graden av analytisk modenhet innenfor ulike enheter i en organisasjon, som kan brukes for å utvikle et overordnet veikart for videre utvikling
Multicore Max-Flow using GraphBLAS: A Usability Study
Optimizing linear algebra operations has been a research topic for decades. The compact language of mathematics also produce lean, maintainable code. Using linear algebra as a high-level abstraction for graph operations is therefore very attractive. In this work, we will explore the usability of the GraphBLAS framework, currently the leading standard for graph operations that uses linear algebra as an abstraction. We analyze the usability of GraphBLAS by using it to implement the Edmonds-Karp algorithm for s-t maximum-flow/minimum-cut. To our knowledge, this work represents the first published results of Max-Flow in GraphBLAS. The result of our novel implementation was an algorithm that achieved a speedup of up to 11 over its own baseline, and is surprisingly compact and easy to reason about
Autotuning CUDA: Applying NLP Techniques to LS-CAT
The abstract relation between hardware parameters and program performance makes setting program parameters a difficult task. Without autotuning, software can miss low-level optimizations, resulting in lower performance. Traditionally, time-consuming trial and error search methods have been the staple of autotuning. Applying Natural language processing (NLP) based machine learning (ML) methods to source code as a means to perform autotuning-oriented tasks is a growing topic. Earlier research has, with success, performed a range of different autotuning tasks using multiple source code languages. However, most of the source code data is CPU-oriented, with very little GPU code. The LS-CAT (Large-Scale CUDA AutoTuning) dataset [BTE21] uses CUDA GPU-based kernels and generates a dataset to perform thread-coarsening. This paper implements several custom NLP-ML pipelines to evaluate ML-based thread-coarsening using the LS-CAT dataset, and a custom scoring function to ?nd the performance impact for any choice. Several model con?gurations were able to beat both random choice, 0.9400, and only selecting the largest thread-block (1024), 0.9437. Finally, the best model achieves a score of 0.9483, giving an average performance increase and speedup of 0.49 percent over the largest thread-block. Implementing self-attention mechanisms proved to counteract overfitting, while a multi-label based learning task outperformed other approaches. Compared to previous datasets [Cum+17], the LS-CAT dataset's higher thread-coarsening precision gives a more precise evaluation of the model's performance. The inst2vec embedding used in earlier works was unable to correctly parse the CUDA LLVM IR tokens, resulting in high data loss. Approaches to addressing this, and other ideas for future work, are also included
An EFL coursebook evaluation in terms of design and language: Private school samples in Sinop
In this study, it is aimed to evaluate the English language coursebook at a private school sample in Sinop. Private schools are considered better than public schools in general. One of the differences between the two schools is the preference of course books. This study examined the English Language coursebook in terms of design elements under the title of external evaluation and educational elements under the title of internal evaluation. The research design is a qualitative one and the process is carried by two different researchers. The results show that although the coursebook preference is suitable and effective in terms of external evaluation, graphic design, and printing quality; the presentation of four skills in the coursebook is found weak. The reading skill is the most dominant skill and writing skill is the weakest skill. The coursebook needs supportive materials to present other skills effectively. It can be said that the coursebook in this study is not appropriate to teach the four skills in language effectively and it is not suitable for the aims of the English language content defined by MONE
Diffcult SQLi Code Patterns for Static Code Analysis Tools
We compared vulnerable and fixed versions of the source code of 50 different PHP open source projects based on CVE reports for SQL injection vulnerabilities. We scanned the source code with commercial and open source tools for static code analysis. Our results show that five current state-of-the-art tools have issues correctly marking vulnerable and safe code. We identify 25 code patterns that are not detected as a vulnerability by at least one of the tools and 6 code patterns that are mistakenly reported as a vulnerability that cannot be confirmed by manual code inspection. Knowledge of the patterns could help vendors of static code analysis tools, and software developers could be instructed to avoid patterns that confuse automated tools
Video portfolio as an exam option in a database course
What happens when we provide database students with a choice of selecting between two different exam types? Do you want to display your skills and knowledge through a traditional three hour school exam, or do you want to display them by creating a video portfolio?
This paper describes a specific case where the students at Kristiania University College got that choice. A new video portfolio exam was piloted for three years. The results from the pilot are presented and discussed in relation to related topics such as flexible assessment, Open Educational Resources, portfolio and, most importantly, learning.
Portfolio students self-report that they learn more through a portfolio assessment than a traditional school exam, and the exam results indicate the same. But after piloting for three years, only 10% of the students chose portfolio as their final exam. We try to understand why the numbers of portfolio students were so low, and the students’ thoughts behind the exam choice.
Video portfolio exam comes with an extra assessment cost and there are challenges in regard to plagiarism. Looking ahead, we try to describe how we may use some of the perceived benefits of using a video portfolio exam into our teaching. How may we be provide students with similar learning activities without risking an increase in plagiarism cases and assessment costs