Search results

The purpose of this paper is to introduce a new tool which detects, prevents and records common web attacks that mainly result in web applications information leaking using pattern recognition. It is a cross‐platform application, namely, it is not OS‐dependent or web server dependent. It offers a flexible attacks search engine, which scans http requests and responses during a webpage serving without affecting the web server performance.

The paper starts with a study of the most known web vulnerabilities and the way they can be exploited. Then, it focuses on those web attacks based on input validation, which are the ones the new tool detects through pattern recognition. This tool acts as a proxy server having a simple GUI for administration purposes. Patterns can be detected in both http requests and responses in an extensible and manageable way.

The new tool was compared to dotDefender, a commercial web application firewall, and ModSecurity, a widely used open source application firewall, using over 200 attack patterns. The new tool had satisfying results for every attack category examined having a high percentage of success. Results for stored XSS could not be achieved since the other tools are not able to search and detect them in http responses. The fact that the new tool is very extensible, it makes it possible for future work to be done.

This paper introduces a new web server plug‐in, which has some advanced web application firewall features with a flexible attacks search engine which scans http requests and responses. By scanning http responses, attacks such as stored XSS can be detected, a feature that cannot be found on other web application firewalls.

This article aims to describe how information and communications technology (ICT) has introduced a new approach in the handling of spatial data and related services and how Regione Autonoma della Sardegna, one of the Italian local governments, has been involved in an interesting growth that adopts ICT to provide spatial data and related services to itself and to its territory.

This article considers three aspects data and services interoperability and the implications of spatial data delivered through a multi-channel environment; the use of social web as a platform for volunteered geographical information in the public administration environment; and the application of mobile technologies.

The article represents the summary of recent activities in the Sardinia region and may constitute a paradigmatic example for other realities.

The research and activities conducted represent a point of view advanced and innovative in the field of territorial sciences and spatial planning on a regional scale.

This paper aims to identify and propose strategies for development of mobile applications from Web-based enterprise systems and introduce a process called Metamorphosis. This process provides a set of activities subdivided into four phases – requirements, design, development and deployment – to assist in the creation of mobile applications from existing Web information systems.

With the aim to provide a background to propose the Metamorphosis process, a systematic review was performed to identify strategies, good practices and experiences reported in the literature about creation of mobile applications.

This paper identifies and proposes strategies for development of mobile applications from Web-based enterprise systems and introduces a process called Metamorphosis. Then, this process is applied for creation of SIGAA Mobile.

The originality of this paper is the proposal of Metamorphosis process, that is, a process for development of mobile applications from Web-based enterprise systems.

Many service-oriented software engineering (SOSE) methods from industry and academia claim their compliance with SOA and SO, but there is a lack of framework to assess the existing methods or to provide new ones. First, the paper questions: (Q1) to what extent an approach would consider the three aspect: service, composition, and management to deliver software solutions that are conformed to SO and SOA principles; (Q2) to what extent an approach would consider the aggregates of a method, including representation techniques, assisting tools, and inspection techniques to assess the delivered solution (service and composition), in addition to the process; and (Q3) to what extent an approach would consider the alignment of business and IT through the application of model-driven development by using standards such as model-driven architecture. Then, the paper compares four generic approaches: top-down, bottom-up, green-field, and meet-in-the-middle, within a framework, to highlight their strengths and weaknesses. Finally, the paper aims to propose a business-oriented approach that focuses on the value a business can add to its customers, whereby the value must be specified in a contract to be largely re-used.

This work develops a framework as an abstract model for SOSE generic methods. Then, it uses the framework as an analytical study to compare the generic methods and come up with research issues and a new method for SOSE.

A set of guidelines that a SOSE method develops should consider when selecting or developing a new method.

Comparison of existing SOSE methods within the findings of the proposed framework. The paper has theoretical implications as the open issues provide a research roadmap towards the realization of SOA in accordance with a maturity model.

This has practical implications as it: provides a better understanding of the approaches, as they are ambiguously used by the existing methods; and assists developers in deciding an approach having the necessary knowledge related to its process, strengths and weaknesses.

None of the existing comparison framework has raised the level of abstraction up to generic methods such as top-down, green-filed, meet-in-the-middle and bottom-up.

The paper aims to provide the necessary basis for a novel interdisciplinary research field. Various types and implementations of crowdsourcing have emerged in the market; many of them are related to logistics. While we can identify plenty of crowd logistics applications using information technology capabilities and information sharing in practice, theories behind this phenomenon have received only limited attention. This paper accounts for filling this research gap by analyzing the crowd’s contributions in logistics of goods and information.

This paper is part of an ongoing research endeavor in the field of location-based crowdsourcing. It represents conceptual work that builds on a literature review enriched with an in-depth analysis of real-world examples in the field of crowd logistics. Using a scoring method, we provide an example how a company may evaluate the alternatives of crowd logistics. The main approach is an analysis of variants of how the social crowd may be integrated in logistics processes. The work is conceptual in its core. Thereby, we use real-world examples of crowdsourcing applications to underpin the evaluated variants of crowd logistics.

The paper presents relevant theoretical background on crowd logistics. The authors differentiate between variants of crowd logistics with their flow of materials, goods and information. Thereby they zoom in the type, significance and process flow of the crowd’s contributions. They discuss potential advantages and challenges of logistics with the performing crowd and deeply discuss opportunities and challenges from a business and from an individual’s perspective. Finally, they highlight a route map for future research directions in this novel interdisciplinary research field.

As this work is conceptual in its core, generalizations may be drawn only with great care. Still, we are in a position to propose a route map for further research in this area in this paper. Also the integration of an analysis of a scale of real-world applications allows us to highlight our research’s practical relevance and implications.

The main contribution of this paper is an in-depth analysis and consolidation of innovative crowd logistics applications to provide an overview on recent implementations. The authors propose a categorization scheme and contribute with a route map for further research in the field of crowd logistics.

This paper aims to present a collaborative mashup platform for dynamic integration of heterogeneous data sources. The platform encourages sharing and connects data publishers, integrators, developers and end users.

This approach is based on a visual programming paradigm and follows three fundamental principles: openness, connectedness and reusability. The platform is based on semantic Web technologies and the concept of linked widgets, i.e. semantic modules that allow users to access, integrate and visualize data in a creative and collaborative manner.

The platform can effectively tackle data integration challenges by allowing users to explore relevant data sources for different contexts, tackling the data heterogeneity problem and facilitating automatic data integration, easing data integration via simple operations and fostering reusability of data processing tasks.

This research has focused exclusively on conceptual and technical aspects so far; a comprehensive user study, extensive performance and scalability testing is left for future work.

A key contribution of this paper is the concept of distributed mashups. These ad hoc data integration applications allow users to perform data processing tasks in a collaborative and distributed manner simultaneously on multiple devices. This approach requires no server infrastructure to upload data, but rather allows each user to keep control over their data and expose only relevant subsets. Distributed mashups can run persistently in the background and are hence ideal for real-time data monitoring or data streaming use cases. Furthermore, we introduce automatic mashup composition as an innovative approach based on an explicit semantic widget model.

The aim of this paper is to propose a Web environment for pre-processing and post-processing for 2D problems in generalized coordinate systems.

The system consists of a Web service for client-server communication, a database for user information, simulation requests and results storage, a module of (for) calculation processing (front-end) and a graphical interface for visualization of discretized mesh (back-end).

The Web system was able to model real problems and situations, where the user can describe the problem or upload a geometry file descriptor, generated from computer graphics software. The Web system, programmed for finite difference solutions, was able to generate a mesh from other complex methods, such as finite elements method, adapting it to the proposed Web system, respecting the finite difference mesh structure.

The proposed Web system is limited to solve partial differential equations by finite difference discretization. We need to study about refinement and parameters adaptations to solve partial differential equations simulated with other methods.

The Web system includes implications for the development of a powerful real problems simulator, which is useful for computational physics researchers and engineers. The Web system uses several technologies, such as Primefaces, JavaScript, JQuery and HTML, to provide an interactive user interface.

The main contribution of this work is the availability of a generic Web architecture for including other types of coordinate systems and to solve others partial differential equations. Moreover, this paper presents an extended version of the work presented in ICCSA 2014.

This paper aims to present the Modelery, a platform for collaborative repository to support model-based software development. The Modelery is a Web platform, composed both by a Web page and Web services for interoperability.

By performing a study in the existing platforms, it was possible to achieve a set of issues to tackle. The issues enabled the possibility to define a set of requirements that allowed the authors to design a new platform, and to perform a model-driven software development process, which started from the requirements until reaching the final software solution.

With this work, it was possible to perform a survey on the currently available artifacts repositories, categorize them and identify their shortcomings. This was essential to define the set of requirements for a new platform to overcome the identified issues. This process leads to a platform able to improve the currently available solutions, and validated in the scientific community. In this paper, the authors also explore the applications of the repository. First, they use the Modelery to replace an older model’s repository. Second, they have enabled the communication between other tools and the Modelery via Web services.

This work presents a new Web repository for software artifacts aimed at supporting researchers and software developers. The presented platform is an improvement over other platforms on the integration of artifacts repository, social functionalities and scientific publications integration. The authors conclude this paper by comparing the achieved platform in terms of functionalities, against the other analyzed platforms.

The purpose of the research is to speed up the process of semantic web services by transformation of current Web services into semantic web services. This can be achieved by applying ontology learning techniques to automatically extract domain ontologies.

The work here presents a Service Ontology Learning Framework (SOLF), the core aspect of which extracts Structured Interpretation Patterns (SIP). These patterns are used to automate the acquisition (from production domain specific Web Services) of ontological concepts and the relations between those concepts.

A Semantic Web of accessible and re‐usable software services is able to support the increasingly dynamic and time‐limited development process. This is premised on the efficient and effective creation of supporting domain ontology.

Though WSDL documents provide important application level service description, they alone are not sufficient for OL however, as: they typically provide technical descriptions only; and in many cases, Web services use XSD files to provide data type definitions. The need to include (and combine) other Web service resources in the OL process is therefore an important one.

Web service domain ontologies are the general means by which semantics are added to Web services; typically used as a common domain model and referenced by annotated or externally described Web artefacts (e.g. Web services). The development and deployment of Semantic Web services by enterprises and the wider business community has the potential to radically improve planned and ad‐hoc service re‐use. The reality is slower however, in good part because the development of an appropriate ontology is an expensive, error prone and labor intensive task. The proposed SOLF framework is aimed to overcome this problem by contributing a framework and a tool that can be used to build web service domain ontologies automatically.

The output of the SOLF process is an automatically generated OWL domain ontology, a basis from which a future Semantic Web Services can be delivered using existing Web services. It can be seen that the ontology created moves beyond basic taxonomy – extracting and relating concepts at a number of levels. More importantly, the approach provides integrated knowledge (represented by the individual WSDL documents) from a number of domain experts across a group of banks.

Accessing web sites from mobile devices has been gaining popularity but may often do not give the same results and experiences as accessing them from a personal computer. The paper aims to discuss these issues.

To address these issues, the paper presents a server-side adaptation approach to prioritising adaptive pages to different devices through prioritisation system. The prioritisation approach allows users to prioritise page items for different devices. The prioritisation engine reorders, shows, and removes items based on its priority set by users or developers.

With this approach, the overall web page's structure is preserved and the same terminology, content, and similar location of content are delivered to all devices. A user trial and a performance test were conducted. Results show that adaptive page and prioritisation provides a consistent and efficient web experience across different devices.

The approach provides advantages over both client-side and proxy and has conducted significant experimentation to determine the applicability and effectiveness of the approach.