Masters Projects 2009/2010

Data redundancy detection in service-oriented information systems

Supervisor: Peep Küngas (peep.kungas ät ut.ee)

In this project you will investigate the problem of detecting data redundancy in federated information systems by analyzing repositories of WSDL web service interfaces. Your work will not start from scratch. In previous work, we have defined two simple heuristics that help to identify and to pinpoint potential data redundancy. The quality of these two heuristics has been evaluated using Estonia's X-Road e-government service repository. The initial results are promising, but there is a lot of room for improvement. The project is offered in three variants (you can choose your variant):

1. Investigate other heuristics for redundancy detection, particularly heuristics based on network theory, and evaluate these new heuristics in terms of precision and recall.
2. Collect actual data regarding redundancy issues in X-Road and similar service-oriented information systems, and compare these data with the predictions obtained using automated heuristics. The main emphasis here is in gathering data through structured interviews with field experts and by scouring technical documentation.
3. Develop techniques to identify data elements with similar or identical meanings in a given set of web service interfaces. In many cases, redundant data is stored in several information systems but using different nomenclatures. In order to make the identification of redundant data more accurate, we need to apply techniques for detecting semantically equivalent or overlapping data elements.

Applying named entity recognition to enrich news articles.

Supervisor: Peep Küngas (peep.kungas ät ut.ee)

In this project, you will apply Named Entity Recognition (NER) technology for Estonian text, in order to detect addresses and locations in news articles and to automatically attach map widgets to these articles. The result of the project will be an architecture and proof-of-concept implementation of a tool that automatically enriches news articles with map widgets. The tool will be evaluated in terms of performance and usability. The project will be conducted in collaboration with industry partners.

Push-based versus pull-based data transfer in AJAX applications.

Supervisor: Peep Küngas (peep.kungas ät ut.ee)

In a typical AJAX applications, the user-side client application polls the server in order to obtain regular updates of the data displayed on a web page. Since each query entails opening and closing an HTTP connection (the connection is not kept alive during a session) this interaction mechanism slows down overall system performance, which leads to slower response times. In this project a push-based solution for AJAX will be designed and implemented. The idea is to keep HTTP connections alive during sessions while pushing data to server and receiving answers. This solution will be compared against traditional solutions in terms of performance and user experience.

Open and Extensible Business Process Simulator

Supervisor: Luciano García-Bañuelos (luciano.garcia ät ut.ee)

Business process simulation is a widely used technique for analyzing business process models with respect to performance metrics such as cycle time, cost and resource utilization. Many commercial business process modeling tools incorporate a simulation component, e.g. TIBCO Business Studio, IBM Websphere Business Modeler (WBM), ARIS, FileNet and Protos. However, these process simulators have two architectural limitations:

• Only models designed with the tools themselves can be simulated.
• No extensibility mechanism is provided to add new features or change the pre-built simulation and reporting options.

In this project, you will design and implement an open and extensible business process simulation engine. The simulation engine will take as input BPMN process models and will produce Coloured Petri nets that can be loaded into the CPN Tools for simulation purposes. The project is offered in two variants:

1. Pure Java variant: the transformation from BPMN to CPNs will be implemented in Java, by using design patterns that ensure extensibility.
2. Model transformation: the transformation will be implemented using a model transformation engine, in a way that allows the engine to be extended by adding or overriding transformation rules.

In order to ensure openness, the architecture of the process simulator will be based on a RESTful architecture.

Adapting Security Modelling Approaches for Security Risk Management

Supervisor: Raimundas Matulevicius (raimundas.matulevicius [at] ut.ee)

Security is an important system artefact, however the current literature reports, that security concerns appear only when system is already in use, or, at the best case, security is considered only during the late system development stages (e.g., late design and implementation). However, in order not to miss the important concerns, security modelling has to be started already during requirements engineering and continued during system design. When engineering security, it is also very critical to understand sources of the system misbehaviours, and how we could mitigate them: this leads to the security risk discovery and mitigation.

At the early development stages there exists a number of security modelling approaches, such as abuse frames, abuse and misuse cases, SecureUML, UMLsec, Mal-activity diagrams, Secure i*, Secure Tropos, KAOS extensions to security, and others. However these languages help little with respect to security risk management.

The purpose of this thesis is to adapt the security modelling languages to the security risk management. The driving technology will include the security risk management (SRM) domain model. The candidate will need to select the targeted security modelling language (state-of-the-art) and to investigate its suitability and applicability at the SRM domain (contribution). The proposed language improvements will need to be validated (i) theoretically by comparing proposal with the similar analyses, and/or (ii) empirically by conducting case studies or experiments.

Interoperability between Security Risk Modelling Approaches

Supervisor: Raimundas Matulevicius (raimundas.matulevicius [at] ut.ee)

Security Risk Management (SRM) can be addressed using different modelling techniques at different enterprise levels: asset level, risk level, and risk treatment level. Modelling approaches includes security modelling languages, such as Secure Tropos, KAOS extensions to security, Misuse cases and similar. For instance, Secure Tropos (extension of the Tropos approach) is a goal-oriented approach used to model security aspects through actors, their goals, security attacks, and security constraints placed on the dependencies between these actors. KAOS extensions to security propose a way to create anti-goals in order to elicit attackers' rationales. Finally, Misuse Cases (an extension of UML use cases) address security concerns through negative scenarios executed by the attacker and through determining scenarios on how to mitigate the unwanted outcome.

It was proved that the application of these techniques separately, contributes to the better security solutions. However system development includes multiple perspectives and viewpoints, thus combined application of these techniques could much improve the understanding of different stakeholdersÕ needs with respect to the security risks. It would also contribute to the quality of system security developed through different development stages (e.g., from requirements to design).

The purpose of this thesis is to develop a set of rules and guidelines in order to allow combined application of multiple security (risk) modelling languages in a given project. The candidate will need to review the existing state of the art, including the SRM domain models and security risk modelling approaches. He will need to develop and validate the guidelines on how to perform transformations between security models created using different modelling approaches. The proposal will need to be validated in the empirical settings.

This topic is available for 1 or 2 students.

Topics on Cloud Computing

Bachelor's and Master's thesis topics on cloud computing

Topics on Geospatial Technology (by Nutiteq)

Enquiries about the Geospatial Technology projects below should be addressed to Jaak Laineste ([jaak @ nutiteq.com])

1. 3D mobile mapping in J2ME (Bachelor's project). The objective of this project is to create a software component that enables developers to embbed 3D maps in a J2ME application. This includes researching existing solutions, capabilities and limitations of current devices regarding 3D, and selecting best suitable 3D model for this task.
2. Social mapping and microblogging (Bachelor's project). The objective is to create a mobile application similar to Nokia Friend View application using Nutiteq mapping SDK (in J2ME).
3. Custom Mobile Mapping API for Windows Mobile (Master's project). The objective of this project is to create an open-source mobile mapping library for Windows Mobile. The project will include a research part in which similar APIs will be analyzed and comparatively evaluated. Then the project will explore a solution based on a port of Nutiteq MGMaps SDK from J2ME to Windows Mobile, which will be extended with Windows Mobile-specific additions (Windows UI, GPS access, Telephony access). A comparative evaluation of the new solution with respect to existing ones will then be undertaken
4. Video streaming (Master's project). The objective of this project is to implement a universal panoramic video streaming solution for J2ME. Both a server-side and a client-side approach will be considered. Problems to be addressed include selecting suitable encodings, addressing bandwith issues, designing the panoramic video streaming solution, and evaluating usability limitations.