CICEM2012 Keynote Speakers

Software Engineering: New Trends

 

 

Prof. Fawaz Ahmad M.  AL Zaghoul

 King Abdullah II School for Information Technology (KASIT), University of Jordan

Recent trends in software engineering especially in response to the increasing criticality of software within systems and the increasing demands being put onto 21st century systems, systems and software engineering processes will evolve significantly over the next two decades. This paper identifies ten relatively new trends; increasingly rapid change, dealing with huge data size, next-generation analytic, the increasing interaction of software engineering and systems engineering, increased emphasis on users and end value, increased emphasis on systems and software dependability, increasing global connectivity and need for systems to interoperate, increasingly complex systems of systems, increasing needs for COTS, reuse, legacy systems and software integration, and computational plenty. It then discusses the likely influences of these trends on systems and software engineering processes between now and 2025. This can be done by simply extrapolating some of the popular, current trends. And, in fact, we examine a few of these obvious indicators. However, software engineering has had new approaches that are more revolutionary than evolutionary. In particular, we try to discern trends in software engineering based on trends in delivered software systems.

 

 

The Arts on ART Neural Networks

 

Kamal R Al-Rawi

Department of Computer Science,

Faculty of Information Technology, Petra University

The Compact fuzzy ART will be discussed   Its advantage over fuzzy ART are: 1) Only committed category nodes C rather then the full capacity of the category nodes N(N>>C) are involved in determining the winning category node. 2) Only the numerator of the original match value  is compared to , where   . M is number of input patterns. 3) In addition to that, the initialization for weights and choice values parameter has been eliminated.

This reduces a lot the training time without altering the categorization accuracy. While the new architectures are presented toward the fuzzy ART ANN, in this work, it can be    applied to all ART ANN.

The supervision of ART will be discussed.  While the Map-Field (ARTMAP) is the first supervision approach, we will present two more simplified supervisions, ARTTAG and ARTBAG.

In ARTTAG when a new category node is committed, we tag it with the category number of the input pattern that forced it to be committed. To check if a committed category node can represent an input pattern we just compare the tag of the node with the class category of the input pattern. This will eliminate completely the Map Field and its weights. This will reduce the memory requirement and the training and testing time.

In ARTBAG we group all committed category node of the same TAG in a single BAG. So number of BAGs will equal number of classes in our data. This will increase the memory requirement by assigning a single TAG for each BAG rather than a TAG for each committed category node as in ARTTAG. More over, for flying  each BAG will introduce its candidate to represents the current input. The max of all candidates will be tested first. If it passes the match test its weights will be trained, otherwise only the BAG with the failed candidate will introduce a new candidate keeping other candidates for all other BAGs unchanged. This will reduce the training time. However, for fixed  only the proper BAG (the BAG that represents the category of the current input pattern) will introduce a candidate without involving other BAGs.

At the end we will present the Adaptive Pointing Theory APT which decide from a single test if there is a committed category node can represent the current input or a new node must be committed.

We have to mention that, for all above unsupervised and supervised neural networks, the training parameter must equal one if the vigilance parameter is equal one.

Finally, applications of these neural networks on analysis of satellite images will be introduced.

 

Route Discovery in Mobile Ad Hoc Networks: Requirements and Simulation

 

Hussein Al-Bahadili

 

Faculty of Information Technology, Petra University

Dynamic routing protocols (e.g., AODV, DSR) are widely-used for data packets forwarding in Mobile Ad Hoc Networks (MANETs). Dynamic routing protocols consist of two main phases: (1) Route discovery in which a route between source and destination nodes is established for the first time, and (2) Route maintenance in which the route is maintained. One of the earliest route discovery algorithms proposed in the literature is pure flooding. Although, it is simple and reliable, it is costly where it inflicts a huge number of redundant retransmissions causing a serious contention and collisions in the network; such a scenario has often been referred to as the Broadcast Storm Problem (BSP). To eliminate the effects of the BSP during route discovery in MANETs, a variety of flooding optimization algorithms have been developed aiming at reducing the number of retransmissions to its minimum level while maintaining the highest possible network reachability.

In this talk, we discuss the main requirement, modeling, simulation, and evaluation of the route discovery process in MANETs. The implementation of a number of route discovery algorithms is described, namely, pure flooding, probabilistic, Location-Aided Routing scheme 1 (LAR-1), LAR-1-Probabilsitic (LAR-1P), and Optimal Multipoint Relying (OMPR). The performance of these algorithms is evaluated, analyzed, and compared through simulations. This talk builds up an appreciation for flooding optimization algorithms, and identifies future trends for developing more cost-effective algorithms to meet the growing users and applications needs. It also substantiates the case of experimenting via simulation with such algorithms and shows how the different simulation parameters interplay.

A framework for Embedded Malware Considerations, Botnets and Phishing Attacks

 

Dr. Sufian Yousef, Anglia Ruskin University, UK

 

ABSTRACT

 

With the emergence and proliferation of malwares, the next frontier in system vulnerabilities is the embedded viruses or system attacks below the application layer. The potential attack defences against implanted malware, function underneath the operating system (OS). At the lower OSI layers, the Malware takes control and command before starting the operating system. The common wisdom is that if the underlying firmware cannot be trusted, then the OS and the applications depended on the firmware also cannot be trusted.

 

Due to software and hardware advances and complexity of system designs, comes the natural path to vulnerabilities. Recent advances in malware attacks involve techniques utilizing the software entry points to the firmware by way of BIOS.  Of particular interest to this research was the use of the SMM mode. Such vulnerability is the most lethal and critical firmware hack. This is the case since the malware in the form of a rootkit, can be persistent, subvert, and undetectable even with some of the most powerful anti malware tools. This type of malware is undetectable by the operating system. Persistent malware can survive restart and hard disk formatting

When a malware is integrated into the supply chain, the malware becomes part of the design and beyond the detection of any malware detection tools. In situations like this a physical replacement of the firmware would be the only option. Hackers can penetrate the system and implant a persistent malicious code. The malware can be very potent and can out live a system re-boot. Even with hard disk formatting or replacement, the hack would continue. This rendering the system to always be infected and un-trusted since the hardware foundation is compromised.

 

To protect the system, ideally, is to implement a software tool at the application layer that can penetrate with probes reaching out to the firmware layers.

 

To prevent hacking and the unauthorized access to the firmware after installation and system boot up, steps must be taken to ensure authenticity and integrity of the firmware. 

 

The recommended steps include:

Digitally sign each update before applying software updates to the firmware. Integrate a trusted module to verify digitally signed updates with the use of a protocol such as FIPS 186-3. Restrict the rollback of the installed version of the software unless it is verified. This is the case since some software versions are known to have unmitigated vulnerabilities so the rollback will re-expose the system to hacking.

 

Software reload or update through patches or otherwise, must be done through two factors authentication. This can be accomplished by prompting the loading process for two variables in two separate domains, such as password and physical verification. An example to this would be a Password and PKI, or a password and physical trigger in the hardware such as hardware switch or a jumper on the motherboard or digital switch such as manually triggering a voltage pin on a chip.

This research will aid future researchers and system designers in understanding the technical aspects of an embedded malware in the firmware, and the challenges of detecting such malware. This paper was presented in a way to provide a comprehensive understanding of the problem. This paper concluded with novel methods and techniques to protect the firmware. This is very timely since ubiquitous computing systems with common firmware platforms are widely and steadily becoming available to all, therefore it is a matter of time when the hacks to the firmware will be as popular as a hack to the OS in current systems.

 

In information technology, a Botnet is defined as a collection of compromised computers which are connected to the internet. These compromised computers are called bots, or zombies which are used for malicious purposes.  When a host machine becomes compromised, it becomes a part of Botnet. 

Botnets can be used to launch various types of attacks. The attacks could be either variation of DDOS (distributed denial of service) attacks, to carry out online fraud, to spread and send out spam e-mail messages, stealing sensitive information, spreading viruses, click frauds and lots more of such.

The size of the Botnets can be very massive, it is reported that the size of a popular Botnet called the storm Botnet is unknown but it is suspected to be more than 1 million compromised computers.

Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public. Phishing is typically carried out by e-mail spoofing or instant messaging.

Phishing deals with social engineering techniques used to deceive the computer users. And it also tempts to exploit the poor web security technologies. 

The phishers mostly are targeting the customers of the banks and online payment services. Emails are mainly used to deceive the users and gain sensitive data.

Many social network sites are also now a day’s being a prime target for phishing, since the personal details in such sites can be used in identity theft.

Many interesting techniques of phishing are available, but one famous technique is the clone phishing and the whaling.

Clone Phishing: A type of phishing attack whereby a legitimate, and previously delivered, email containing an attachment or link has had its content and recipient address (es) taken and used to create an almost identical or email. The attachment or Link within the email is replaced with a malicious version and then sent from an email address spoofed to appear to come from the original sender. It may claim to be a re-send of the original or an updated version to the original. This technique could be used to pivot (indirectly) from a previously infected machine and gain a foothold on another machine, by exploiting the social trust associated with the inferred connection due to both parties receiving the original email.

 

Software engineering as a major in Jordanian Universities

Reality and Vision

Dr. Izzat Alsmadi

 

 Abstract

Several universities in Jordan are currently offering a B.sc degree in software engineering. Those universities extend this major from already existed majors such as CIS and CS. In this speak, I will assess this approach of editing new majors from existing majors and I will present my own thoughts of how should such major be planned. The proposed plan is based on author experience along with several successful cases in known universities. The proposal also assume a new major structure that is not a copy cat of existed one, a structure that takes into consideration the academic and industry needs along with current advances in information technology fields.

 

Short bibliography for Izzat Alsmadi

 

Izzat Mahmoud Alsmadi is an assistant professor in the department of computer information systems at Yarmouk University in Jordan. He obtained his Ph.D degree in software engineering from NDSU (USA). His second master in software engineering from NDSU (USA) and his first master in CIS from University of Phoenix (USA). He had B.sc degree in telecommunication engineering from Mutah university in Jordan.  He has several published books, journals and conference articles largely in software engineering and information retrieval fields.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

© 2012 Jordan ACM Professional Chapter - ISWSA