Refine
Year of publication
- 2019 (4) (remove)
Document Type
- Bachelor Thesis (3)
- Master's Thesis (1)
Language
- English (4) (remove)
Has Fulltext
- yes (4)
Is part of the Bibliography
- no (4) (remove)
Keywords
- Bedrohungsanalyse (1)
- Event Tracing for Windows (1)
- Logging (1)
- Material Flow (1)
- STRIDE (1)
- Security (1)
- Software Architecture (1)
- Telemetry (1)
- Threat Modeling (1)
- Timing Attacks (1)
Institute
Open Access
- Closed Access (3)
- Open Access (1)
The core logging and tracing facility in Windows operating system is called Event Tracing for Windows (ETW).
Data sources providing events for ETW are instrumented all over the operating system.
That means most hard- and software assets in a Windows system are instrumented with ETW and so are able to contribute low-level information.
ETW can be used by developers and administrators to get low-level information about operating system's activity.
We describe existing tools to interact with the ETW faciltity and evaluate them based on defined criteria.
Based on relevant application scenarios, we show the richness of informational content for debugging or detecting security incidents with ETW.
The widely used instrumentation of ETW in the operating system and its application results also in security risks according to confidentiality.
Based on common ETW providers we show the impact to confidentiality what ETW offers an adversary.
At the end we evaluate solutions and approaches for a customizable telemetry infrastructure using ETW in large-scale environments.
Webassembly is a new technology to create application in a new way. Webassembly is being developed since 2017 by the worldwide web consortium (w3c). The primary task of webassembly is to improve web applications.
Today, more and more applications are being created as web applications. Web applications have some advantages - they are platform independent and even mobile platforms can run them, and no installation is needed apart from a modern web browser.
Currently, web applications are being developed in JavaScript (JS), hypertext mark-up language 5 (HTML 5), and cascading style sheets (CSS).
These technologies are not made for huge web applications, but they should not be replaced by webassembly; rather, webassembly is an extension to the currently existing technology.
The purpose of webassembly is to fix or improve the problems in web application development.
This master’s thesis reviews all of the aspects and checks whether the promises of webassembly are kept and where problems still exist.
This paper describes a project absolved to increase the material flow through the LTCC production of the Bosch Anderson Plant in South Carolina, USA. To archive this goal the regarded value stream is introduced first. The bottleneck, which is limiting the material flow is found and eliminated in order to increase the output of the machine and consequently improve the material flow through the whole value stream. The completed projects made for this purpose result in a 13% increase. To control the material flow the inventory sizes are determined. The inventories, from which the size is desired to be determined, include climatization processes to dry the pastes that are applied in the previous process steps. Therefore, a separation of the parts in the production process climatization and the buffer is necessary first. After that the buffer can be eliminated and the inventory areas minimized. The results are smaller and controlled buffer sizes that make part of the floor space unnecessary. A welcomed side effect is the solution to a production problem of warped parts because of too long climatization times. Observations over time show that the results of the buffer limitations are just right to improve the material flow through the LTCC production.
The development of secure software systems is of ever-increasing importance. While software companies often invest large amounts of resources into the upkeeping and general security properties of large-scale applications when in production, they appear to neglect utilizing threat modeling in the earlier stages of the software development lifecycle. When applied during the design phase of development, and continuously during development iterations, threat modeling can help in following a “Security by Design” approach. This approach allows issues relating to IT security to be found early during development, reducing the need for later improvement – and thus saving resources in the long term. In this thesis the current state of threat modeling is investigated. Based on this analysis, requirements for a new tool are derived. These requirements are then used to develop a new tool, called OVVL, which utilizes all main components of current threat modeling methodologies, as well as functionality not available in existing solutions. After documenting the development process and OVVL in general, this newly developed tool is used to conduct two case studies in the field of e-commerce and IoT.