Ville Leppänen

Technical Debt and the Effect of Agile Software Development Practices on It - An Industry Practitioner Survey

A major reason for the popularity of agile and lean software methods is their capability to function in resource scarce and requirement erratic environments. Both of these characteristics cause accumulation of technical debt, something that is the end result of either intentional or unintentional decisions. The ability of these methods to function with technical debt indicates that they contain components with inherent technical debt management capabilities. This study conducts a survey on industry practitioners to discover what is their level of technical debt knowledge, how does technical debt manifest in their projects and which of the applied components of agile software development -- both processes and practices -- are sensitive to technical debt. This paper contributes to the technical debt discussion by showing differences in assumed and indicated technical debt knowledge. Furthermore, components closest to implementation and its maintenance are perceived to have the most positive effects on technical debt management. Finally, the most encountered instances of technical debt are caused by architectural inadequacies, they are internal legacy, and increase in size as a result of continued implementation.

Resource allocation methodology for the segmented bus platform

Consider a system-on-chip platform realized around the concept of segmented bus structure. The bus is segmented in such a way that modules connected to a particular segment of the bus can communicate in parallel with the data transfer operations going on in the other segments. Given the frequency of data transfer operations between the modules, our task is to determine an efficient segmentation and segment-to-module assignment of this kind of system organization. We consider several different optimization methods for the problem and demonstrate their use for sample cases, both theoretically and practically.

Browser extension-based man-in-the-browser attacks against Ajax applications with countermeasures

As the web pages today rely on Ajax and JavaScript, a larger attack surface becomes available. This paper presents in detail several different man-in-the-browser attacks against Ajax applications. We implemented browser extensions for Mozilla Firefox to demonstrate these attacks and their effectiveness. Some countermeasures to mitigate the problem are also considered. We conclude that man-in-the-browser attacks are a serious threat to online applications and there are only partial countermeasures to alleviate the problem.

Hot-potato routing algorithms for sparse optical torus

In this paper we present an optical network architecture and deflection (or hot potato) routing algorithms supporting efficient communication between n processor nodes in a shared memory parallel computer. The sparse optical torus network consists of an n/spl times/n torus, where processor nodes are situated diagonally, and routing nodes are optical deflection nodes of two inputs and two outputs. A design of optical deflection node is presented. Several routing algorithms, based on the greedy routing algorithm, are developed. By experiments and partial theoretical analyses these algorithms run efficiently on sparse optical torus.

DebtFlag : technical debt management with a development environment integrated tool

In this paper, we introduce the DebtFlag tool for capturing, tracking and resolving technical debt in software projects. DebtFlag integrates into the development environment and provides developers with lightweight documentation tools to capture technical debt and link them to corresponding parts in the implementation. During continued development these links are used to create propagation paths for the documented debt. This allows for an up-to-date and accurate presentation of technical debt to be upheld, which enables developer conducted implementation-level micromanagement as well as higher level technical debt management.

Symbol diversification of linux binaries

In this paper, we advocate large-scale diversification as a method to protect operating systems and render malicious programs ineffective. The idea is to diversify all the indirect library entry points to the system calls on a specific computer. As a result, it becomes very difficult for a piece of malware to access resources. The diversification of indirect system call entry points in operating system libraries is unique for each computer. Therefore, a piece of malware no longer works on several computers and becomes incompatible with their environment. We also present a concrete diversification tool and results on successful diversification. We conclude that despite some challenges, our tool can successfully diversify symbols in binaries and associated libraries in order to protect the system from attacks.

Diversification of System Calls in Linux Binaries

This paper studies the idea of using large-scale diversification to protect operating systems and make malware ineffective. The idea is to first diversify the system call interface on a specific computer so that it becomes very challenging for a piece of malware to access resources, and to combine this with the recursive diversification of system library routines indirectly invoking system calls. Because of this unique diversification i.e. a unique mapping of system call numbers, a large group of computers would have the same functionality but differently diversified software layers and user applications. A malicious program now becomes incompatible with its environment. The basic flaw of operating system monoculture --- the vulnerability of all software to the same attacks --- would be fixed this way. Specifically, we analyze the presence of system calls in the ELF binaries. We study the locations of system calls in the software layers of Linux and examine how many binaries in the whole system use system calls. Additionally, we discuss the different ways system calls are coded in ELF binaries and the challenges this causes for the diversification process. Also, we present a diversification tool and suggest several solutions to overcome the difficulties faced in system call diversification. The amount of problematic system calls is small, and our diversification tool manages to diversify the clear majority of system calls present in standard-like Linux configurations. For diversifying all the remaining system calls, we consider several possible approaches.

Quantifying distances from points to polygons-applications in determining fetch in coastal environments

Distance from a point to adjacent borderlines is a variable that has many applications in environmental research. Geographical information systems (GIS) include tools for measuring such distances, but these tools are inefficient if there are multiple, i.e. millions of distances to be calculated. In this paper we propose an efficient algorithm which calculates the distances in multiple predetermined directions from a large number of points to polygon borders. The problem is significantly simplified by the fact that the distances are calculated in some directions, only. An interval tree is utilized for efficiently retrieving those line segments describing the coastal lines and the borders of the islands that are relevant in determining these distances. The algorithm is also robust so that it gives meaningful results in the presence of rounding errors regardless of the positions of the study points with respect to the polygon borders. In coastal environments the straight-line distance from a point to the nearest shoreline over an open water surface is referred to as fetch length. The fetch lengths in multiple directions indicate general openness around a studied point and it may also be used as a variable in wave power calculations. An implementation of the algorithm was used for calculating fetch data for the archipelago of SW-Finnish coast in the Baltic Sea. The map data contained 3 million vertices and fetch lengths were calculated for 2.5 million points in 48 directions. The algorithm enabled determining fetch lengths in the complex archipelago environment quickly in high spatial accuracy and it may have applications also in other geographical research and image processing.

The sigmoidal growth of operating system security vulnerabilities: An empirical revisit

Purpose. Motivated by the calls for more replications, this paper evaluates a theoretical model for the sigmoidal growth of operating system security vulnerabilities by replicating and extending the existing empirical evidence. Approach. The paper investigates the growth of software security vulnerabilities by fitting the linear, logistic, and Gompertz growth models with nonlinear least squares to time series data that covers a number of operating system products from Red Hat and Microsoft. Results. Although the fitted models are not free of statistical problems, the empirical results show that a sigmoidal growth function can be used for descriptive purposes. The paper further shows that a sigmoidal trend applies also to the number of software faults that were fixed in the Red Hat products. Conclusion. The paper supports the contested theoretical growth model. The few discussed theoretical problems can be used to develop the model further.

EyeCloud: A BotCloud Detection System

Leveraging cloud services, companies and organizations can significantly improve their efficiency, as well as building novel business opportunities. A significant research effort has been put in protecting cloud tenants against external attacks. However, attacks that are originated from elastic, on-demand and legitimate cloud resources should still be considered seriously. The cloud-based botnet or botcloud is one of the prevalent cases of cloud resources misuses. Unfortunately, some of the clouds essential characteristics enable criminals to form reliable and low cost botclouds in a short time. In this paper, we present EyeCloud, a system that helps to detect distributed infected Virtual Machines (VMs) acting as elements of botclouds. Based on a set of botnet related system level symptoms, EyeCloud groups VMs. Grouping VMs helps to separate infected VMs from others and narrows down the target group under inspection. EyeCloud takes advantages of Virtual Machine Introspection (VMI) and data mining techniques.