Refine
Year of publication
Document Type
- Master's Thesis (66)
- Bachelor Thesis (29)
- Study Thesis (13)
- Conference Proceeding (8)
- Article (reviewed) (6)
- Book (1)
- Other (1)
Conference Type
- Konferenzartikel (4)
- Konferenzband (4)
Language
- English (124) (remove)
Is part of the Bibliography
- no (124) (remove)
Keywords
- COVID-19 (13)
- Government Measures (13)
- Corona (9)
- Crisis (8)
- IT-Sicherheit (8)
- Export (7)
- Maschinelles Lernen (5)
- Deep learning (4)
- Communication Systems (3)
- Computersicherheit (3)
Institute
- Fakultät Medien (M) (ab 22.04.2021) (31)
- Fakultät Maschinenbau und Verfahrenstechnik (M+V) (28)
- Fakultät Wirtschaft (W) (24)
- Fakultät Elektrotechnik, Medizintechnik und Informatik (EMI) (ab 04/2019) (16)
- Fakultät Elektrotechnik und Informationstechnik (E+I) (bis 03/2019) (15)
- IfTI - Institute for Trade and Innovation (13)
- Fakultät Medien und Informationswesen (M+I) (bis 21.04.2021) (11)
- ivESK - Institut für verlässliche Embedded Systems und Kommunikationselektronik (4)
- INES - Institut für nachhaltige Energiesysteme (2)
- IUAS - Institute for Unmanned Aerial Systems (1)
Open Access
- Closed (52)
- Closed Access (41)
- Open Access (31)
- Diamond (5)
- Gold (1)
Webassembly is a new technology to create application in a new way. Webassembly is being developed since 2017 by the worldwide web consortium (w3c). The primary task of webassembly is to improve web applications.
Today, more and more applications are being created as web applications. Web applications have some advantages - they are platform independent and even mobile platforms can run them, and no installation is needed apart from a modern web browser.
Currently, web applications are being developed in JavaScript (JS), hypertext mark-up language 5 (HTML 5), and cascading style sheets (CSS).
These technologies are not made for huge web applications, but they should not be replaced by webassembly; rather, webassembly is an extension to the currently existing technology.
The purpose of webassembly is to fix or improve the problems in web application development.
This master’s thesis reviews all of the aspects and checks whether the promises of webassembly are kept and where problems still exist.
An organized strategy to ensure the security of an organization is an information security management system. During various security crises, hazards, and breaches, this strategy aids an organization in maintaining the confidentiality, integrity, and accessibility of information. Organizations are getting ready to comply with information security management system criteria. Despite this, security concerns continue to plague ineffective controls, have poor connectivity, or cause a silo effect, which is a common cause. One of the causes is a low maturity model that is not synchronized with the organization’s business processes. For a higher level of maturity, it is best to evaluate the practices.
Different maturity models on information security and cyber security capacity, management processes, security controls, implementation level, and many more have already been developed by numerous international organizations, experts, and scholars. The present models, however, do not assess a particular organization's particular practices. The evaluation of the business process is frequently neglected because measurement requirements for models are typically more concentrated on examining specific elements. For this reason, it caused the maturity assessment to not be executed explicitly and broadly.
We developed an organizational information security maturity model, a combination of work of different maturity models currently existing. While making this model, we considered that any size or type of organization could use this model. The model considers the success elements of the information security management system when assessing the implementation's effectiveness. We employed a mixed-method strategy that included both qualitative and quantitative research. With the help of a questionnaire survey, we evaluated the previous research using a qualitative methodology. In the quantitative method, we'll figure out how mature the information security management system is now. The proposed model could be used to reduce security incidents by improving implementation gaps.
Strong security measures are required to protect sensitive data and provide ongoing service as a result of the rising reliance on online applications for a range of purposes, including e-commerce, social networking, and commercial activities. This has brought to light the necessity of strengthening security measures. There have been multiple incidents of attackers acquiring access to information, holding providers hostage with distributed denial of service attacks, or accessing the company’s network by compromising the application.
The Bundesamt für Sicherheit in der Informationstechnik (BSI) has published a comprehensive set of information security principles and standards that can be utilized as a solid basis for the development of a web application that is secure.
The purpose of this thesis is to build and construct a secure web application that adheres to the requirements established in the BSI guideline. This will be done in order to answer the growing concerns regarding the security of web applications. We will also evaluate the efficacy of the recommendations by conducting security tests on the prototype application and determining whether or not the vulnerabilities that are connected with a web application that is not secure have been mitigated.
The embedding of microwave devices is treated by applying the finite-difference method to three-dimensional shielded structures. A program package was developed to evaluate electromagnetic fields inside arbitrary transmission-line connecting structures and to compute the scattering matrix. The air bridge, the transition through a wall, and the bond wire are examined as interconnecting structures. Detailed results are given and discussed regarding the fundamental behavior of embedding.
The rapid pace of innovation and technological advancements has led to the emergence of start-up companies in various sectors. To remain competitive and sustainable, start-ups need to make informed business decisions that can enhance their operations and profitability. Business Intelligence (BI) has become an essential tool for businesses of all sizes in managing their operations and gaining a competitive edge.
This master thesis explores the role of Business Intelligence in start-up companies. The study aims to investigate the use of BI in start-up companies, the drivers and the inhibitors for its adoption and their relationship with price. The research conducted for this thesis involves a review of relevant literature on Business Intelligence, start-up companies, and related topics. The study also includes structured survey with entrepreneurs, start-up company executives, and BI experts to gain data for a quantitative analysis of the topic.
The thesis aims to contribute to the existing body of knowledge on Business Intelligence and its role in start-up companies. The research conducted for this thesis can be of value to start-up entrepreneurs, investors, and other stakeholders who seek to improve their understanding of the benefits and challenges of implementing BI in start-up companies.
The primary objective of this thesis is to examine the lean accounting transformation, which involves applying lean management principles to the accounting domain. In recent years, various sectors, including manufacturing, healthcare, and services, have experienced success with lean management practices. Nevertheless, the implementation of lean accounting within financial management has not been as extensively explored. This research aims to bridge that gap by scrutinizing the benefits and potential drawbacks of adopting lean accounting practices in business operations.
This research uses a combination of qualitative techniques and an extensive literature review to better understand the present subject matter. By describing the ideas of lean management and standard accounting and highlighting the fundamental distinctions between the two systems, the literature study lays a theoretical framework. The case studies illustrate the benefits of adopting lean accounting processes with real-world examples of firms that have made the transition effectively.
In the quantitative analysis of lean accounting's impact, both financial and operational factors are examined extensively. The results indicate that companies embracing lean accounting practices experience significant improvements in productivity, cost reduction, and decisionmaking quality. By highlighting the potential gains to be made by incorporating lean techniques into accounting procedures, this study adds to the current body of information on lean management. The findings offer practical implications for accounting professionals, business leaders, and policymakers interested in leveraging lean accounting to drive organizational performance improvement. The thesis finishes with suggestions for further study in this area, lean accounting.
Die Arbeit beschäftigt sich mit dem Thema der Progressive Web App, dabei wird auf die Entwicklung und das Wirtschaftliche Potential eingegangen. Die Arbeit kann als Hilfestellung bei der Entscheidung, ob eine Progressive Web App in einem Unternehmen eingesetzt werden soll, dienen.
G.R.E.C is a adventure game, set in an dystopien industrial world, where you are a scavenger for hire. Explore the village of Vankhart Valley and grab everything valuable you can get your hands on.
Your trusty old jump boots will help you avoiding the nasty and deadly spores that changed the world of G.R.E.C forever.
The coronavirus affects the strongly export-oriented Swiss economy in a situation where political and economic developments are already making the cross-border exchange of goods and services difficult. For this reason, the question arises of how Switzerland can maintain or strengthen its position in global competition in the export business during an unprecedented period of crisis such as the current one.
In order to find an answer to this question, this paper critically examines the existing government support measures for Swiss exporters in times of COVID-19. The fact that Switzerland has so far not taken any specific support measures for exporters raises the actual research question of whether there is a specific necessity and demand for a special export promotion. To answer this research question, various expert opinions are compared and overall conclusions are drawn. By rapidly introducing and adapting the already existing instruments – liquidity assistance and an expansion of short-time work benefits – the federal government was able to ensure the survival of many companies. According to the authors of this paper, this focus of government support in times of crisis is just right for a small national economy in the short term and therefore preferable to a specific support of exporters. Nevertheless, given the high relative importance of foreign trade for Switzerland’s overall economic performance, there can be no recovery of national economy without a recovery of foreign trade.
Study of impact of change in market economics of Biosimilars due to SPC waiver on EU 469/2009
(2023)
This research was conducted to understand and investigate the impact of SPC waiver EU 933/2019 made as an amendment to EU 469/2019. The research was conducted for analysis and extraction of the data to compile the exact number of biological products impacted with the SPC waiver. The highest sale top-5 products were identified according to the expert’s opinion. The sales revenue opportunity valuable to the top-5 products in the top-5 non-EU markets for early exports is investigated. Additionally, a survey was conducted to assess the readiness of the industry for these changes. The information from this study will be very useful to students of the biopharmaceutical market research and to the stakeholders from the biopharmaceutical industry.
This essay deals with the Spanish economy and especially with the Spanish governmental measures for SME exporters in times of COVID-19. The focus was set on SMEs, as they are an essential part of trade for the government and are particularly affected by the pandemic. Since the financial crisis, the Spanish economy has become highly diversified, with a greater focus on exports. Competitiveness, productivity and efficiency have increased significantly. The Spanish government measures largely affect the areas liquidity and financing, taxes and protection of the employment. One of the most important measures is the 100-billion-euro credit line and the policies on unemployment. The Spanish government is dependent on further aid packages and is criticized for the measures.
The COVID-19 pandemic has led to an economic downturn in the Slovak Republic. To bridge corporate liquidity problems the Slovakian Government has introduced several support measures. The investigation discusses the effectiveness of the measures imposed. Based on theoretical foundations, the research question is empirically examined by using a qualitative expert survey. As the automotive industry plays a leading role in Slovakia, the research conducted is oriented towards the financing phases, a typical automotive exporter is undergoing. As a result of the research, bridging loans and government grants were identified as the most important measures. Additionally, tendencies towards political recommendations for action were identified. The research explored, that the Slovakian Government should focus on meeting the short-term liquidity needs, boosting exports and promoting innovation as well as considering a support package for the automotive industry.
As cyber threats continue to evolve, it is becoming increasingly important for organizations to have a Security Operations Center (SOC) in place to effectively defend against them. However, building and maintaining a SOC can be a daunting task without clear guidelines, policies, and procedures in place. Additionally, most current SOC solutions used by organizations are outdated, lack key features and integrations, and are expensive to maintain and upgrade. Moreover, proprietary solutions can lead to vendor lock-in, making it difficult to switch to a different solution in the future.
To address these challenges, this thesis proposes a comprehensive SOC framework and an open-source SOC solution that provides organizations with a flexible and cost-effective way to defend against modern cyber threats. The research methodology involved conducting a thorough literature review of existing literature and research on building and maintaining a SOC, including using SOC as a service. The data collected from the literature review was analyzed to identify common themes, challenges, and best practices for building and maintaining a SOC.
Based on the data collected, a comprehensive framework for building and maintaining a SOC was developed. The framework addresses essential areas such as the scope and purpose of the SOC, governance and leadership, staffing and skills, technologies and tools, processes and procedures, service level agreements (SLAs), and evaluation and measurement. This framework provides organizations with the necessary guidance and resources to establish and effectively operate a SOC, as well as a reference for evaluating the service provided by SOC service providers.
In addition to the SOC framework, a modern open-source SOC solution was developed, which emphasizes several key measures to help organizations defend against modern cyber threats. These measures include real-time, actionable threat intelligence, rapid and effective incident response, continuous security monitoring and alerting, automation, integration, and customization. The use of open-source technologies and a modular architecture makes the solution cost-effective, allowing organizations to scale it up or down as needed.
Overall, the proposed SOC framework and open-source SOC solution provide organizations with a comprehensive and systematic approach for building and maintaining a SOC that is aligned with the needs and objectives of the organization. The open-source SOC solution provides a flexible and cost-effective way to defend against modern cyber threats, helping organizations to effectively operate their SOC and reduce their risk of security incidents and breaches.
Schluckspecht project
(2022)
Risk-based Cybermaturity Assessment Model - Protecting the company against ransomware attacks
(2023)
Ransomware has become one of the most catastrophic attacks in the previous decade, hurting businesses of all sorts worldwide. So, no organization is safe, and most companies are reviewing their ransomware defensive solutions to avoid business and operational hazards. IT departments are using cybersecurity maturity assessment frameworks like CMMC, C2M2, CMMI, NIST, CIS, CPP, and others to analyze organization security capabilities. In addition to maturity assessment models for the process layer and human pillar, there are much research on the analysis, identification, and defense of cyber threats in product/software layers that propose state-of-the-art approaches.
This motivates a comprehensive ransomware cyber security solution. Then, a crucial question arises: “How companies can measure the security maturity of controls in a specific danger for example for Ransomware attack?” Several studies and frameworks addressed this subject.
Complexity of understanding the ransomware attack, Lack of comprehensive ransomware defense solutions and Lack of cybermaturity assessment model for ransomware defense solutions are different aspects of problem statement in this study. By considering the most important limitations to developing a ransomware defense cybermaturity assessment method, this study developed a cybermaturity assessment methodology and implemented a Toolkit to conduct cyber security self-assessment specifically for ransomware attack to provide a clearer vision for enterprises to analyze the security maturity of controls regardless of industry or size.
The current thesis conducts the study on the integration of digitalization techniques aimed at improving energy supply efficiency in off-grid energy systems. The primary objective is to fortify the security of energy supply in remote areas, particularly in instances of adverse weather conditions, unanticipated changes in load and fluctuations in the performance of renewable energy systems. This objective is to be achieved through the implementation of a smart load management strategy in stand-alone photovoltaic systems (SAPVS). This strategy involves deployment of forecasting algorithms on an edge device that operates with limited processing resources in an environment characterized for the lack of internet connection. The edge device is designed to interact with a smart home gateway that prioritizes, and schedules smart appliances based on the forecasted state of charge (SOC) in the 36-hours ahead of the SAPVS operation (the implementation of the loads schedule deployed on the Home Assistant device is out of the scope of the tasks implemented for this project).
The edge device, developed using a Raspberry Pi 3B+, was specifically intended for being implemented along with a SAPVS, in remote areas such as health stations in Africa and tropical islands, providing communities with a reliable source of electrical energy. The deployment of the strategy was carried out in four phases. The first phase involved the implementation of an Extraction-Transformation-Load (ETL) pipeline, where data was gathered from various heterogeneous hardware sources of an implemented test system that served as the enabler and testbench of this research, this test stand is composed of power electronics components such as an inverter, a MPPT solar charge controller, a smart meter, and a BOS LiFePo4 battery prototype. In the transformation stage, a data model was developed to identify the most critical parameters of the energy system, and to eliminate outliers and null values. In the load stage, a local SQL database was established for saving and structuring the data gathered and to ensure high-quality data with defined units and casting.
The second phase involved data analysis to identify the relevant features and potential exogenous variables for the forecasting model to implement. In the third phase, an Auto Regressive Moving Average (ARMA) model with two selected exogenous variables was implemented to forecast the AC load consumption profile for the 36- hours ahead of the off-grid system operation. The final phase involved the information exchange with the Home Assistant device, by transferring to it from the edge device the battery SOC present value and the predicted 36-hour ahead AC load profile information for prioritization and scheduling of loads; this through an MQTT interface.
The outcome of the experiment was a successful deployment of a data engineering and data forecasting approach that enabled data quality strategy implementation, local database storage, and forecasting algorithms on a processing and internet-constrained edge device. The interface with a home assistant implementation resulted in the successful execution of smart load management endeavors in an off-grid system, thereby enhancing the energy security of supply and contributing to the advancement of data-driven strategies in the rural electrification sector.
This thesis emphasizes the significance of digitalization strategies in smart SAPVS and highlights the potential of edge computing solutions in achieving seamless energy management in smart homes.
Self-sufficient enzymes belong to the cytochrome P450 (CYP) group and are known for their superior hydroxylation catalytic activity. In the pursuit of identifying new pesticides to combat antimicrobial-resistant pathogens, we employed BM3 wild type (BM3-WT), the fastest monohydroxylating CYP, along with its seven homologs, to investigate the production of potential hydroxylated derivatives from the established pesticide, 4-oxocrotonic acid using high-pressure liquid chromatography (HPLC) method. Following the recombinant production of BM3-WT and three other homologs in E. coli, and their subsequent purification using Immobilized Metal Affinity Chromatography (IMAC), a novel enzyme assay approach was developed as a substitute for the carbon monoxide (CO) assay. This new method relied on the measurement of NADPH consumption at 340 nm by BM3-WT for palmitic acid. Leveraging this established technique, we explored the substrate specificity of BM3-WT and its homologs not only on palmitic acid but also on other structurally similar compounds, including 4-oxocrotonic acid. The results obtained from the established NADPH assay indicate that all tested enzymes displayed greater catalytic activity on 4-oxocrotonic acid in comparison to other substrates with similar structures. However, the impact of BM3-WT and its homologs on 4-oxocrotonic acid varied in terms of product specificity. Enzymes such as Poh, Trr and Bas-CYP D exhibited specificity in producing solely monohydroxylated products, while others tended to yield dehydroxylated and ketol metabolites.
"Ad fontes!"
Francesco Petrarca (1301–1374)
In the beginning, there was an idea: the reconstruction of the first "Iron Hand" of the Franconian imperial knight Götz von Berlichingen (1480–1562). We found that with this historical prosthesis, simple actions for daily use, such as holding a wine glass, a mobile phone, a bicycle handlebar grip, a horse’s reins, or some grapes, are possible without effort. Controlling this passive artificial hand, however, is based on the help of a healthy second hand.
This thesis deals with the implementation of the SUBSCALE algorithm in the Python programming language. First, the current state of research and the needs of the target group are considered. Then, the choice of language is decided based on the findings. On the basis of self-generated requirements, the implementation is carried out.
Finally, the code is evaluated for accuracy, consistency, and execution time, as well as its applicability in practice.
Since the implementation of the current work proved to be unconvincing, an approach is tested in which Python is used only as a front-end.
Communication protocols enable information exchange between different information systems. If protocol descriptions for these systems are not available, they can be reverse-engineered for interoperability or security reasons. This master thesis describes the analysis of such a proprietary binary protocol, named the DVRIP or Dahua private protocol from Dahua Technology. The analysis contains the identification of the DVRIP protocol header format, security mechanisms and vulnerabilities inside the protocol implementation. With the revealing insights of the protocol, an increase of the overall security is achieved. This thesis builds the foundation for further targeted security analyses.
The tenth edition of the successful report "Project Management Software Systems" provided the complete guide to a successful project management software selection program. It includes an extensive overview of the leading products on the market. If you are seeking to purchase project (portfolio) management software for your organization, this report from BARC and GPM puts the facts at your fingertips to help you select the best tool to match your requirements.
Among the many highlights of this comprehensive report, you will discover
- the critical success factors in software selection processes,
- the phases of a systematic software selection process,
- basics on software architecture regarding modern PM software, and
- descriptions of all the functions you can except from today's PM software tools.
The second section contains a detailed analysis of market-leading products based on over 300 criteria. Each product reviewed in this report is assessed based on the same criteria so that product comparisons can be made easily.
Organized by the Fraunhofer Additive Manufacturing Alliance, the bi-annual Direct Digital Manufacturing Conference brings together researchers, educators and practitioners from around the world. The conference covers the entire range of topics in additive manufacturing, starting with methodologies, design and simulation, right up to more application-specific topics, e.g. from the realm of medical engineering and electronics.
In recent years, the demand for reliable power, driven by sensitive electronic equipment, has surged. Even minor deviations from the nominal supply can lead to malfunctions or failure. Despite technological advancements, power quality issues persist due to various factors like short circuits, overloads, voltage fluctuations, unbalanced loads, and non-linear loads.
This thesis extensively explores power quality anomalies in industrial and commercial sectors, using power system data as the primary analytical resource. It addresses the critical need for power supply reliability in today's evolving power grid industry, affected by non-linear loads, renewable energy integration, and electric vehicles. This field of study is paramount for ensuring power supply reliability and stability in the evolving power grid industry.
The core of this thesis involves a comprehensive investigation of power quality, with a focus on frequency, power, and harmonics in voltage and current signals. The research employs Python programming for advanced data analysis, utilizing techniques such as advanced Fast Fourier Transformation (FFT) analysis. The primary objective is to provide valuable insights aimed at elevating power supply quality and enhancing reliability in both industrial and commercial environments.
Even though the internet has only been there for a short period, it has grown tremendously. To- day, a significant portion of commerce is conducted entirely online because of increased inter- net users and technological advancements in web construction. Additionally, cyberattacks and threats have expanded significantly, leading to financial losses, privacy breaches, identity theft, a decrease in customers’ confidence in online banking and e-commerce, and a decrease in brand reputation and trust. When an attacker pretends to be a genuine and trustworthy institution, they can steal private and confidential information from a victim. Aside from that, phishing has been an ongoing issue for a long time. Billions of dollars have been shed on the global economy. In recent years, there has been significant progress in the development of phishing detection and identification systems to protect against phishing attacks. Phishing detection technologies frequently produce binary results, i.e., whether a phishing attempt was made or not, with no explanation. On the other hand, phishing identification methodologies identify phishing web- pages by visually comparing webpages with predetermined authentic references and reporting phishing together with its target brand, resulting in findings that are understandable. However, technical difficulties in the field of visual analysis limit the applicability of currently available solutions, preventing them from being both effective (with high accuracy) and efficient (with little runtime overhead). Here, we evaluate existed framework called Phishpedia. This hybrid deep learning system can recognize identity logos from webpage screenshots and match logo variants of the same brand with high precision. Phishpedia provides high accuracy with low run- time. Lastly, unlike other methods, Phishpedia does not require training on any phishing sam- ples whatsoever. Phishpedia exceeds baseline identification techniques (EMD, PhishZoo, and LogoSENSE), inaccurately detecting phishing pages in lengthy testing using accurate phishing data. The effectiveness of Phishpedia was tested and compared against other standard machine learning algorithms and some state-of-the-art algorithms. The given solutions performed better than different algorithms in the given dataset, which is impressive.
As the Industry 4.0 is evolving, the previously separated Operational Technology (OT) and Information Technology (IT) is converging. Connecting devices in the industrial setting to the Internet exposes these systems to a broader spectrum of cyber-attacks. The reason is that since OT does not have much security measures as much as IT, it is more vulnerable from the attacker's perspective. Another factor contributing to the vulnerability of OT is that, when it comes to cybersecurity, industries have focused on protecting information technology and less prioritizing the control systems. The consequences of a security breach in an OT system can be more adverse as it can lead to physical damage, industrial accidents and physical harm to human beings. Hence, for the OT networks, certificate-based authentication is implemented. This involves stages of managing credentials in their communication endpoints. In the previous works of ivESK, a solution was developed for managing credentials. This involves a CANopen-based physical demonstrator where the certificate management processes were developed. The extended feature set involving certificate management will be based on the existing solution. The thesis aims to significantly improve such a solution by addressing two key areas that is enhancing functionality and optimizing real-time performance. Regarding the first goal, firstly, an analysis of the existing feature set shall be carried out, where the correct functionality shall be guaranteed. The limitations from the previously implemented system will be addressed and to make sure it can be applied to real world scenarios, it will be implemented and tested in the physical demonstrator. This will lay a concrete foundation that these certificate management processes can be used in the industries in large-scale networks. Implementation of features like revocation mechanism for certificates, automated renewal of the credentials and authorization attribute checks for the certificate management will be implemented. Regarding the second goal, the impact of credential management processes on the ongoing CANopen real-time traffic shall be a studied. Since in real life scenarios, mission-critical applications like Industrial control systems, medical devices, and transportation networks rely on real-time communication for reliable operation, delays or disruptions caused by credential management processes can have severe consequences. Optimizing these processes is crucial for maintaining system integrity and safety. The effect to minimize the disturbance of the credential management processes on the normal operation of the CANopen network shall be characterized. This shall comprise testing real-time parameters in the network such as CPU load, network load and average delay. Results obtained from each of these tests will be studied.
How can manufacturers or service companies provide better services with connected products, without having acquired a powerful IT infrastructure nor the competences for software development?
Today companies can appeal to a relocated-IT-infrastructure provider, which is called Cloud.
Consequently, they do not have to manage and take care of the safety/security aspect, the updates and the breakdown of the infrastructure internally, as those are all managed by the provider.
It is possible to outsource the development of the software of the connected product to an external company. However, the question now is how fast this company can juggle from one Cloud to another in order to fulfil their clients wishes?
neverMind offers a solution based on a multi-protocols-platform linking the different connected products to a multitude of Clouds without having to redesign the whole communication stack/building block for each change in the Cloud-solution. This is the object of my thesis.
The development follows the V-Model, the first steps to understand the complexity of the project were the realisation of the product technical and architectural specifications. The last step before the Implementation was to design in details the progress and the process of every parts of the platform.
The outcome of the requirements analysis led me to divide the project in two parts:
• a “General Interface” acting as a gateway between the Client-application and “Cloud-modules”
• the “Cloud-modules” themselves.
So far, the specifications are drown up; the General Interface and a client example are coded, as well as a first Cloud-module template.
As information technology continues to advance at a rapid speed around the world, new difficulties emerge. The growing number of organizational vulnerabilities is among the most important issues. Finding and mitigating vulnerabilities is critical in order to protect an organization’s environment from multiple attack vectors.
The study investigates and comprehends the complete vulnerability management process from the standpoint of the security officer job role, as well as potential improvements. Few strategies are used to achieve efficient mitigation and the de- velopment of a process for tracking and mitigating vulnerabilities. As a result, a qualitative study is conducted in which the objective is to create a proposed vulner- ability and risk management process, as well as to develop a system for analyzing and tracking vulnerabilities and presenting the vulnerabilities in a graphical dash- board format. This thesis’s data was gathered through an organized literature study as well as through the use of various web resources. We explored numerous ap- proaches to analyze the data, such as categorizing the vulnerabilities every 30, 60, and 90 days to see whether the vulnerabilities were reoccurring or new. According to our findings, tracking vulnerabilities can be advantageous for a security officer.
We come to the conclusion that if an organization has a proper vulnerability tracking system and vulnerability management process, it can aid security officers in having a better understanding of and making plans for reducing vulnerabilities. In terms of system patching and vulnerability remediation, it will also assist the security officer in identifying areas of weakness in the process. As a result, the suggested ways provide an alternate approach to managing and tracking vulnerabilities in an effective manner, although there is still a small area that needs additional analysis and research to make it even better.
This paper describes a project absolved to increase the material flow through the LTCC production of the Bosch Anderson Plant in South Carolina, USA. To archive this goal the regarded value stream is introduced first. The bottleneck, which is limiting the material flow is found and eliminated in order to increase the output of the machine and consequently improve the material flow through the whole value stream. The completed projects made for this purpose result in a 13% increase. To control the material flow the inventory sizes are determined. The inventories, from which the size is desired to be determined, include climatization processes to dry the pastes that are applied in the previous process steps. Therefore, a separation of the parts in the production process climatization and the buffer is necessary first. After that the buffer can be eliminated and the inventory areas minimized. The results are smaller and controlled buffer sizes that make part of the floor space unnecessary. A welcomed side effect is the solution to a production problem of warped parts because of too long climatization times. Observations over time show that the results of the buffer limitations are just right to improve the material flow through the LTCC production.
In the field of network security, the detection of intrusions is an important task to prevent and analyse attacks.
In recent years, an increasing number of works have been published on this subject, which perform this detection based on machine learning techniques.
Thereby not only the well-studied detection of intrusions, but also the real-time capability must be considered.
This thesis addresses the real-time functionality of machine learning based network intrusion detection.
For this purpose we introduce the network feature generator library PyNetFlowGen, which is designed to allow real-time processing of network data.
This library generates 83 statistical features based on reassembled data flows.
The introduced performant Cython implementation allows processing individual packets within 4.58 microseconds.
Based on the generated features, machine learning models were examined with regard to their runtime and real-time capabilities.
The selected Decision-Tree-Classifier model created in Python was further optimised by transpiling it into C-Code, what reduced the prediction time of a single sample to 3.96 microseconds on average.
Based on the feature generator and the machine learning model, an basic IDS system was implemented, which allows a data throughput between 63.7 Mbit/s and 2.5 Gbit/s.
Much of the research in the field of audio-based machine learning has focused on recreating human speech via feature extraction and imitation, known as deepfakes. The current state of affairs has prompted a look into other areas, such as the recognition of recording devices, and potentially speakers, by only analysing sound files. Segregation and feature extraction are at the core of this approach.
This research focuses on determining whether a recorded sound can reveal the recording device with which it was captured. Each specific microphone manufacturer and model, among other characteristics and imperfections, can have subtle but compounding effects on the results, whether it be differences in noise, or the recording tempo and sensitivity of the microphone while recording. By studying these slight perturbations, it was found to be possible to distinguish between microphones based on the sounds they recorded.
After the recording, pre-processing, and feature extraction phases we completed, the prepared data was fed into several different machine learning algorithms, with results ranging from 70% to 100% accuracy, showing Multi-Layer Perceptron and Logistic Regression to be the most effective for this type of task.
This was further extended to be able to tell the difference between two microphones of the same make and model. Achieving the identification of identical models of a microphone suggests that the small deviations in their manufacturing process are enough of a factor to uniquely distinguish them and potentially target individuals using them. This however does not take into account any form of compression applied to the sound files, as that may alter or degrade some or most of the distinguishing features that are necessary for this experiment.
Building on top of prior research in the area, such as by Das et al. in in which different acoustic features were explored and assessed on their ability to be used to uniquely fingerprint smartphones, more concrete results along with the methodology by which they were achieved are published in this project’s publicly accessible code repository.
When a patient with hearing aids needs to partake in audiometry procedures they need to visit a specialist which costs both time and money. Ideally, the patient should be able to conduct these tests alone, during their own time, and without additional costs. With this idea comes the question of if whether this is possible or not, and, if it is, how.
This thesis explores the throughput of Bluetooth Low Energy and if it is configurable to have a high enough data rate to send high quality audio data with a lossless audio codec while communicating with a low end device. Additionally, this thesis will show that using Rust to develop embedded software is possible and how using it can make the process of doing so easier.
Linux and Linux-based operating systems have been gaining more popularity among the general users and among developers. Many big enterprises and large companies are using Linux for servers that host their websites, some even require their developers to have knowledge about Linux OS. Even in embedded systems one can find many Linux-based OS that run them. With its increasing popularity, one can deduce the need to secure such a system that many personnel rely on, be it to protect the data that it stores or to protect the integrity of the system itself, or even to protect the availability of the services it offers. Many researchers and Linux enthusiasts have been coming up with various ways to secure Linux OS, however new vulnerabilities and new bugs are always found, by malicious attackers, with every update or change, which calls for the need of more ways to secure these systems.
This Thesis explores the possibility and feasibility of another way to secure Linux OS, specifically securing the terminal of such OS, by altering the commands of the terminal, getting in the way of attackers that have gained terminal access and delaying, giving more time for the response teams and for forensics to stop the attack, minimize the damage, restore operations, and to identify collect and store evidence of the cyber-attack. This research will discuss the advantages and disadvantages of various security measures and compare and contrast with the method suggested in this research.
This research is significant because it paints a better picture of what the state of the art of Linux and Linux-based operating systems security looks like, and it addresses the concerns of security enthusiasts, while exploring new uncharted area of security that have been looked at as a not so significant part of protecting the OSes out of concern of the various limitations and problems it entails. This research will address these concerns while exploring few ways to solve them, as well as addressing the ideal areas and situations in which the proposed method can be used, and when would such method be more of a burden than help if used.
Encryption techniques allow storing and transferring of sensitive information securely by using encryption at rest and encryption in transit, respectively. However, when computation is performed on these sensitive data, the data needs to be decrypted first and encrypted again after performing the computations. During the computations, the sensitive data becomes vulnerable to attackers as it's in decrypted form. Homomorphic encryption, a special type of encryption technique that allows computation on encrypted data can be used to solve the above-mentioned problem. The best way to achieve maximum security with homomorphic encryption is to perform at least the homomorphic encryption and decryption on the client side (browser) of a web application by not trusting the server. At present time there are many libraries with different homomorphic schemes available for homomorphic encryption. However, there are very few to no JavaScript libraries available to perform homomorphic encryption on the client side of any web application. This thesis mainly focuses on the JavaScript implementation of client-side homomorphic encryption. The fully homomorphic encryption scheme BFV is selected for the implementation. After implementing the fully homomorphic encryption scheme based on the “py-fhe” library, tests are also carried out in order to determine the applicability (in terms of time consumption, security and correctness) of this implementation in a web application by comparing the performance and security for different test cases and different settings.
The aim of this essay is to analyse and evaluate the Italian government measures for exporters in response to COVID-19. The unexpected, rapid and hardly predictable consequences of the pandemic paralyzed the entire globe. For a long time, Italy was the epicentre of the virus, which caused severe damage in the Italian export economy dropping temporarily more than 40%. The Italian government reacted exemplary fast and took multiple countermeasures of high extent especially through the Italian export credit agency SACE. On the one hand, the internationally compared broad structure of SACE was a huge advantage, which allowed to release quickly numerous measures. On the other hand, there is room for improvement regarding the accessibility of measure-related information, which has been partially only available in Italian. Furthermore, there is a remarkable risk resulting from the combination of the high monetary effort to enable the numerous measures, the difficult financial situation of the Italian government and the unpredictability of the COVID-19 consequences.
The core logging and tracing facility in Windows operating system is called Event Tracing for Windows (ETW).
Data sources providing events for ETW are instrumented all over the operating system.
That means most hard- and software assets in a Windows system are instrumented with ETW and so are able to contribute low-level information.
ETW can be used by developers and administrators to get low-level information about operating system's activity.
We describe existing tools to interact with the ETW faciltity and evaluate them based on defined criteria.
Based on relevant application scenarios, we show the richness of informational content for debugging or detecting security incidents with ETW.
The widely used instrumentation of ETW in the operating system and its application results also in security risks according to confidentiality.
Based on common ETW providers we show the impact to confidentiality what ETW offers an adversary.
At the end we evaluate solutions and approaches for a customizable telemetry infrastructure using ETW in large-scale environments.
Researchers are developing new GNSS receivers and antennas based on an innovative signal-processing scheme to significantly improve GNSS tracking reliability and accuracy under degraded signal conditions. It is based on the principles of synthetic-aperture radar. Like in a multi-antenna phased array receiver, GNSS signals from different spatial locations are combined coherently forming an optimized synthetic antenna-gain pattern. The method is implemented in a real-time PC-based software receiver and works with GPS, GLONASS, and Galileo signals. Multiple frequencies are generally supported. The idea of synthetic-aperture processing is realized as a coherent summation of correlation values of each satellite over the so-called beamforming interval. Each correlation value is multiplied with a phase factor. For example, the phase factor can be chosen to compensate for the relative antenna motion over the beam-forming interval and the resulting sum of the scaled correlation values represents a coherent correlation value maximizing the line of sight signal power.
Though the basic concept of a ledger that anyone can view and verify has been around for quite some time, today’s blockchains bring much more to the table including a way to incentivize users. The coins given to the miner or validator were the first source of such incentive to make sure they fulfilled their duties. This thesis draws inspiration from other peer efforts and uses this same incentive to achieve certain goals. Primarily one where users are incentivised to discuss their opinions and find scientific or logical backing for their standpoint. While traditional chains form a consensus on a version of financial "truth", the same can be applied to ideological truths too. To achieve this, creating a modified or scaled proof of stake consensus mechanism is explored in this work. This new consensus mechanism is a Reputation Scaled - Proof of Stake. This reputation can be built over time by voting for the winning side consistently or by sticking to one’s beliefs strongly. The thesis hopes to bridge the gap in current consensus algorithms and incentivize critical reasoning.
The purpose of this master's thesis was to set up a test bed for the absorption of chemical compounds by carbon-based sorbents and polymers and to develop a method for the detection of these substances applied by liquid chromatography.
The study made it possible to demonstrate the effectiveness of both polymers and biochars sorbents for the adosorption of specific substances. The results obtained open new paths on the study of biochar for the treatment of contaminated water. Some biochars made from plant-based materials have been shown to be almost as effective as commercial products used in plants. The developed chromatography method allows efficient separation of substances and their detection.
On a regular basis, we hear of well-known online services that have been abused or compromised as a result of data theft. Because insecure applications jeopardize users' privacy as well as the reputation of corporations and organizations, they must be effectively secured from the outset of the development process. The limited expertise and experience of involved parties, such as web developers, is frequently cited as a cause of risky programs. Consequently, they rarely have a full picture of the security-related decisions that must be made, nor do they understand how these decisions affect implementation accurately.
The selection of tools and procedures that can best assist a certain situation in order to protect an application against vulnerabilities is a critical decision. Regardless of the level of security that results from adhering to security standards, these factors inadvertently result in web applications that are insufficiently secured. JavaScript is a language that is heavily relied on as a mainstream programming language for web applications with several new JavaScript frameworks being released every year.
JavaScript is used on both the server-side in web applications development and the client-side in web browsers as well.
However, JavaScript web programming is based on a programming style in which the application developer can, and frequently must, automatically integrate various bits of code from third parties. This potent combination has resulted in a situation today where security issues are frequently exploited. These vulnerabilities can compromise an entire server if left unchecked. Even though there are numerous ad hoc security solutions for web browsers, client-side attacks are also popular. The issue is significantly worse on the server side because the security technologies available for server-side JavaScript application frameworks are nearly non-existent.
Consequently, this thesis focuses on the server-side aspect of JavaScript; the development and evaluation of robust server-side security technologies for JavaScript web applications. There is a clear need for robust security technologies and security best practices in server-side JavaScript that allow fine-grained security.
However, more than ever, there is this requirement of reducing the associated risks without hindering the web application in its functionality.
This is the problem that will be tackled in this thesis: the development of secure security practices and robust security technologies for JavaScript web applications, specifically, on the server-side, that offer adequate security guarantees without putting too many constraints on their functionality.
Technology advancement has played a vital role in business development; however, it has opened a broad attack surface. Passwords are one of the essential concepts used in applications for authentication. Companies manage many corporate applications, so the employees must meet the password criteria, which leads to password fatigue. This thesis addressed this issue and how we can overcome this problem by theoretically implementing an IAM solution. In this, we disused MFA, SSO, biometrics, strong password policies and access control. We introduced the IAM framework that should be considered while implementing the IAM solution. Implementing an IAM solution adds an extra layer of security.
This thesis deals with the implementation of character controls and combat system of the Action Adventure 'Scout 3D'. The game development was realized with the game engine Unity 3D. In the first part, the architecture of a typical game engine is explained. The single components are describes step by step. Then, five well-known game engines are compared and evaluated. In the next chapter, a short overview about design and architecture patterns is worked out. The features of Unity, that are used for the implementation, and Unity's animation system 'Mecanim, are described finally. The second part includes the requirement definitions for the game 'Scout COD' which define player input, different conditions that allow or disallow several activities and the behaviour of enemies. With the help of patterns the architecture of the game is designed. Then, the implementation is explained by means of code snippets.
Implementation and Evaluation of an Assisting Fuzzer Harness Generation Tool for AUTOSAR Code
(2024)
The digitalization in vehicles tends to add more connectivity such as over-the-air (OTA) updates. To achieve this digitization, each ECU (Electronic Control Unit) becomes smarter and needs to support more and more different externally available protocols such as TLS, which increases the attack surface for attackers. To ensure the security of a vehicle, fuzzing has proven to be an effective method to discover memory-related security vulnerabilities. Fuzzing the software run- ning on a ECU is not an easy task and requires a harness written by a human. The author needs a deep understanding of the specific service and protocol, which is time consuming. To reduce the time needed by a harness author, this thesis aims to develop FuzzAUTO, the first assistant harness generation tool targeting the AUTOSAR (AUTomotive Open System ARchitecture) BSW (Basic Software) to support manual harness generation.
Cloud computing has revolutionized the way businesses operate by providing them with access to scalable, cost-effective, and flexible IT resources. This technology has enabled businesses to store, manage, and process data more efficiently, leading to improved competitiveness and increased revenue. The purpose of this thesis is to explore the impacts of using cloud computing from a business perspective. The research employs both primary and secondary sources of data, including a literature review, interviews with employees who have more than 5 years of experience, a questionnaire, and observations from Billwerk+ company.
The findings of this research indicate that cloud computing has had a significant impact on businesses, providing them with cost savings, improved agility and flexibility, and enhanced access to data and applications. However, it has been revealed that the benefits of cloud computing for companies may vary according to the departments of the employees. The results of this research contribute to the existing body of knowledge on the topic of cloud computing and its impact on businesses. The findings of this thesis can be used by business owners, managers, technology professionals, and students to make informed decisions about the adoption and use of cloud computing technology.
In conclusion, this thesis provides a comprehensive understanding of the impacts of using cloud computing from a business perspective, highlighting the factors that companies consider when deciding to use cloud environments and the views from different departments. The results of this research will be valuable to a wide range of individuals interested in exploring the implications of cloud computing for businesses.
This study investigates the impact of global payroll outsourcing on organizational efficiency and cost reduction based on the analysis of diverse implications stemming from thirty one (31) survey results. The findings reveal multifaceted challenges and benefitsassociated with outsourcing global payroll processing.
The research also unveils the most benefits of global payroll outsourcing. Notably, there's a consensus on the reduction in time-to-process payroll, cost per payroll processed, and improved payroll accuracy rate. Outsourcing streamlines processes, enhances operational efficiency, and contributes to faster, more accurate financial reporting.
Despite these benefits and challenges, statistical analysis reveals weak correlations between outsourcing global payroll and cost reduction or improved efficiency in various parameters, indicating a lack of a significant relationship. Consequently, the results, suggest no substantial correlation between global payroll outsourcing and enhanced efficiency or cost reduction based on this study's data.
IEC 62061:2021-03
(2021)
This second edition cancels and replaces the first edition, published in 2005, Amendment 1:2012 and Amendment 2:2015. This edition constitutes a technical revision.
This edition includes the following significant technical changes with respect to the previous edition:
– structure has been changed and contents have been updated to reflect the design process of the safety function,
– standard extended to non-electrical technologies,
– definitions updated to be aligned with IEC 61508-4,
– functional safety plan introduced and configuration management updated (Clause 4),
– requirements on parametrization expanded (Clause 6),
– reference to requirements on security added (Subclause 6.8),
– requirements on periodic testing added (Subclause 6.9),
– various improvements and clarification on architectures and reliability calculations (Clause 6 and Clause 7),
– shift from "SILCL" to "maximum SIL" of a subsystem (Clause 7),
– use cases for software described including requirements (Clause 8),
– requirements on independence for software verification (Clause 8) and validation activities (Clause 9) added,
– new informative annex with examples (Annex G),
– new informative annexes on typical MTTFD values, diagnostics and calculation methods for the architectures (Annex C, Annex D and Annex H).
As a result of automation, demand for increased production and reduced operator physical effort, Safety-related Control Systems (referred to as SCS) of machines play an increasing role in the achievement of overall machine safety. Furthermore, the SCS themselves increasingly employ complex electronic technology.
IEC 62061 specifies requirements for the design and implementation of safety-related control systems of machinery. This document is machine sector specific within the framework of IEC 61508.
Privacy is the capacity to keep some things private despite their social repercussions. It relates to a person’s capacity to control the amount, time, and circumstances under which they disclose sensitive personal information, such as a person’s physiology, psychology, or intelligence. In the age of data exploitation, privacy has become even more crucial. Our privacy is now more threatened than it was 20 years ago, outside of science and technology, due to the way data and technology highly used. Both the kinds and amounts of information about us and the methods for tracking and identifying us have grown a lot in recent years. It is a known security concern that human and machine systems face privacy threats. There are various disagreements over privacy and security; every person and group has a unique perspective on how the two are related. Even though 79% of the study’s results showed that legal or compliance issues were more important, 53% of the survey team thought that privacy and security were two separate things. Data security and privacy are interconnected, despite their distinctions. Data security and data privacy are linked with each other; both are necessary for the other to exist. Data may be physically kept anywhere, on our computers or in the cloud, but only humans have authority over it. Machine learning has been used to solve the problem for our easy solution. We are linked to our data. Protect against attackers by protecting data, which also protects privacy. Attackers commonly utilize both mechanical systems and social engineering techniques to enter a target network. The vulnerability of this form of attack rests not only in the technology but also in the human users, making it extremely difficult to fight against. The best option to secure privacy is to combine humans and machines in the form of a Human Firewall and a Machine Firewall. A cryptographic route like Tor is a superior choice for discouraging attackers from trying to access our system and protecting the privacy of our data There is a case study of privacy and security issues in this thesis. The problems and different kinds of attacks on people and machines will then be briefly talked about. We will explain how Human Firewalls and machine learning on the Tor network protect our privacy from attacks such as social engineering and attacks on mechanical systems. As a real-world test, we will use genomic data to try out a privacy attack called the Membership Inference Attack (MIA). We’ll show Machine Firewall as a way to protect ourselves, and then we’ll use Differential Privacy (DP), which has already been done. We applied the method of Lasso and convolutional neural networks (CNN), which are both popular machine learning models, as the target models. Our findings demonstrate a logarithmic link between the desired model accuracy and the privacy budget.
The research employed HPTLC Pro System and other HPTLC instruments from CAMAG® to conduct various laboratory tests, aiming to compile a database for subsequent analyses. Utilizing MATLAB, distinct codes were developed to reveal patterns within analyzed biomasses and pyrolysis oils (sewage sludge, fermentation residue, paper sludge, and wood). Through meticulous visual and numerical analysis, shared characteristics among different biomasses and their respective pyrolysis oils were revealed, showcasing close similarities within each category. Notably, minimal disparity was observed in fermentation residue and wood biomasses with a similarity coefficient of 0.22. Similarly, for pyrolysis oils, the minimal disparity was found in fermentation residues 1 and 3, with a disparity coefficient of 1.41. Despite higher disparity coefficients in certain results, specific biomasses and pyrolysis oils, such as fermentation residue and sewage sludge, exhibited close similarities, with disparity coefficients of 0.18 and 0.55, respectively. The database, derived from triplicate experimentation, now serves as a valuable resource for rapid analysis of newly acquired raw materials. Additionally, the utility of HPTLC PRO as an investigation tool, enabling simultaneous analysis of up to five samples, was emphasized, although areas for improvement in derivatization methods were identified.
Among the billions of smartphone users in the world, Android still holds more than 80% of the market share. The applications which the users install have a specific set of features that need access to some device functionalities and sensors that may hold sensitive information about the user. Therefore, Android releases have set permission standards to let the user know what information is being disclosed to the application. Along with other security and privacy improvements, significant changes to the permission scheme are introduced with the Android 6.0 version (API level 23). In this master thesis, the Android permission scheme is tested on two devices from different eras. The evolution of Android over the years is examined in terms of confidentiality. For each device, two applications are built; one focused on extracting every piece of information within the confidentiality scope with every permission declared and/or requested, and the other app focused on getting this type of information without user notification. The resulting analysis illustrates whether how and in what way the Android permission scheme declined or improved over time.