Hide menu

Examensarbeten och uppsatser / Final Theses

Framläggningar på IDA / Presentations at IDA


Se även framläggningar annonserade hos ISY och ITN i Norrköping / See also presentations announced at ISY and ITN in Norrköping (in Swedish)

If nothing is stated about the presentation language then the presentation is in Swedish.

På grund av rådande distansläge kommer framläggningar våren 2020 ske på distans. Se mer information på sidan om digitala framläggningar (även länk till vänster). Vid krav på lösenord för att komma in till exjobbspresentationen, vänligen kontakta examinator för lösenord (skriv in personens namn i sökfältet uppe till höger och välj "Sök IDA-anställda" i menyn).
/
Due to current distance mode thesis presentations during spring of 2020 will take place online. See more information on the page for online presentations (also link in the menu). If password is required to access the online presentation, please contact the examiner (type in the examiner's name in the search bar in the top right, and choose "Sök IDA-anställda" in the menu).

WExUpp - kommande framläggningar
  • 2021-06-15 kl 08:30 i https://liu-se.zoom.us/j/65707166902?

    An exploratory study of winter road maintenance and the use of vehicle data

    Författare: Arin Rashid
    Opponent: Dylan Mäenpää
    Handledare: Stefan Holmlid
    Examinator: Johan Blomkvist
    Nivå: Avancerad (30hp)

    The Swedish road network is maintained by the Swedish Transport Administration, municipalities, and entrepreneurs with the goal of keeping the roads in satisfactory condition for traffic. The road operators are responsible for different roads and have several legislations that regulate construction and operation. One important aspect of winter road maintenance is the monitoring of the road situation ahead in order to call out resources for preventive measures.
    The study is performed at the company NIRA Dynamics to go towards more digitized winter road information. The study explores different winter maintenance organizations in Sweden, investigates the importance of the information needed to be able to detect when roads are deemed too risky, and tries to gain an understanding of how the vehicle data provided by NIRA Dynamics best can provide a service for the winter road maintainers. The study is based on eight semi-structured interviews, user-tests as well as a literature study.
    The findings of the study show that different winter maintenance organizations can differ a lot depending on the size and governing policies of the municipalities or entrepreneurs. The main differences can be found in their requirements and their method of monitoring the road situation ahead. The findings also show that the vehicle data is promising and has the potential to optimize and improve the overall winter maintenance. However, implementing the vehicle data in a real-world context requires an understanding and collaboration from the different organizations to fulfill its value.

  • 2021-06-15 kl 10:15 i https://liu-se.zoom.us/j/65901126222?pwd=cFBYTXFnNzZxbThBakt0MGhQd2FyUT09

    Automating software installation for cyber security research and testing public exploits in CRATE

    Författare: Johan Hedlin, Joakim Kahlström
    Opponenter: Mathias Berggren, Daniel Sonesson
    Handledare: Niklas Carlsson
    Examinator: Andrei Gurtov
    Nivå: Avancerad (30hp)

    As cyber attacks are an ever-increasing threat to many organizations, the need for controlled environments where defenses can be tested against real-world attacks is increasing. These environments, called cyber ranges, exist across the world for both military and academic purposes of various scales. As the function of a cyber range involves having a set of computers, virtual or physical, that can be configured to replicate a corporate network or an industrial control system, having an automated method of configuring these can streamline the process of performing different exercises. This thesis aims to provide a proof of concept of how the installation of software with known vulnerabilities can be performed and examines if the software is vulnerable directly after installation. The Cyber Range And Training Environment (CRATE) developed by the Swedish Defence Research Agency (FOI) is used as a testbed for the installations and FOI-provided tools are used for launching automated attacks against the installed software. The results show that installations can be performed without Internet access and with minimal network traffic being generated and that our solution can rewrite existing software packages from the package manager Chocolatey to work offline with an 85% success rate. It is also shown that very few publicly available exploits succeed without any manual configuration of either the exploit or the targeted software. Our work contributes to making it easier to set up environments where cyber security research and training can be conducted by simplifying the process of installing vulnerable applications.

  • 2021-06-15 kl 15:00 i https://liu-se.zoom.us/j/63650101691

    Memory efficient Monte Carlo Methods for Computing Shortest Paths in Stochastic Graphs

    Författare: Simon Wrede
    Opponent: Erik Häger
    Handledare: John Tinnerholm
    Examinator: Christoph Kessler
    Nivå: Avancerad (30hp)

    Threat modeling for information technology infrastructure can be done using shortest path algorithms in stochastic graphs. By modeling the infrastructure as a graph, potential vulnerabilities may be presented by computing what paths an attacker might take. This thesis project presents and compares two memory efficient algorithms that can be used to solve this problem, the online k-means and sampled k-shortest path algorithm. By computing paths for several different graph types, the two algorithms were compared against a naive algorithm. The online k-means algorithm used approximately 77 times less memory, executed in the same amount of time, and produce similar path lengths. The sampled k-shortest path algorithm used approximately 154 times less memory, execution time was seen to be lowered by a factor of 5 to 20 depending on the graph type, but path distances computed were longer.

  • 2021-06-17 kl 08:15 i https://liu-se.zoom.us/j/62955511300?pwd=YVVIbXJJck1XMzBGOG4yc2FuREpZQT09

    Evaluation of Open Source Web Vulnerability Scanners and Their Techniques Used to Find SQL Injection and Cross-site Scripting Vulnerabilities

    Författare: Erik Matti
    Opponent: Matildha Sjöstedt
    Handledare: Rouhollah Mahfouzi
    Examinator: Ahmed Rezine
    Nivå: Avancerad (30hp)

    o Both for its simplicity and efficiency to search for the most critical security vulnerabilities that could exist within a web application, a web vulnerability scanner is a popular tool among any company that develops a web application. With the existence of many different scanners that are available to use, one is unlikely the same as the other and the results attained when evaluating these scanners in relation to each other are often not the same. In this thesis, three different open source web vulnerability scanners are evaluated and analysed based on their ability to find SQL injection and cross-site scripting vulnerabilities. The scanners were used on several open source deliberately broken web applications that acted as benchmarks. When analysing the scanners based on the results, both the results and the source code of the scanners were explored and investigated. It could be found that the techniques used by the scanners were essentially similar but contained several minor differences that caused the diversity in the results. Most differences were dependant on the variation of the predefined payloads injected by the scanners, but it could also be found that the approaches used to determine if a vulnerability was detected or not could vary as well.

  • 2021-06-17 kl 10:15 i https://liu-se.zoom.us/j/62891297356?pwd=TVFoMkZoNklGc0tpdnljVWtjbWY2QT09

    A study on the use of ARKit to extract and geo-reference floor plans

    Författare: Niklas Larsson, Hampus Runesson
    Opponenter: Rasmus Karlbäck, Anton Orö
    Handledare: Felipe Boeira
    Examinator: Niklas Carlsson
    Nivå: Avancerad (30hp)

    Indoor positioning systems (IPS) has seen an increase in demand because of the need to locate users in environments where Global Navigation Satellite Systems (GNSS) lacks accuracy. The current way of implementing an IPS is often tedious and time consuming. However, with the improvements of position estimation and object detection on phones, a lightweight and low-cost solution could become the standard for the implementation phase of an IPS. Apple recently included a Light Detection And Ranging (LiDAR) sensor in their phones, greatly improving the phones depth measurements and depth understanding. This allows for a more accurate virtual representation of an environment. This thesis studies the accuracy of ARKit's reconstructed world and how different environments impact the accuracy. The thesis also investigates the use of reference points as a tool to map the reconstructed environment to a geo-referenced map, such as Google Maps and Open Street Map. The results show that ARKit can create virtual representations with centimetre level accuracy for small to medium sized environments. For larger or vertical environments, such as corridors or staircases, ARKit's SLAM algorithm no longer recognizes previously visited areas, causing both duplicated virtual environments and large drift errors. With the use of multiple reference points, we showed that ARKit can and should be considered as a viable tool for scanning and mapping small scale environments to geo-referenced floor plans.

  • 2021-06-17 kl 10:15 i https://liu-se.zoom.us/j/68342477592?pwd=dU5iWFliaEVtUVlNanZvdUt0TTg0QT09

    Implementation and Evaluation of an Emulated VS Code Permission System Using Abstract Syntax Trees

    Författare: David Åström
    Opponent: Erik Matti
    Handledare: Rouhollah Mahfouzi
    Examinator: Ahmed Rezine
    Nivå: Avancerad (30hp)

    Implementation and evaluation of an emulated VS Code permission system using Abstract Syntax Trees
    • Sammanfattning: Permission systems are a common security feature in browser extensions and mobile applications to limit their access to resources outside the own process. IDEs such as Visual Studio Code, however, have no such features implemented, and therefore leaves extensions with full user permissions. This thesis explores how VS Code extensions access external resources and presents a proof-of-concept tool that emulates a permission system for extensions. This is done through static analysis of extension source code using abstract syntax trees, scanning for usage of Extension API methods and Node.js dependencies. The tool is evaluated and used on 56 popular VS Code extensions to evaluate what resources are most prevalently access and how. The study concludes that most extensions use minimal APIs, but often rely on Node.js libraries rather than the API for external functionality. This leads to the conclusion the inclusion of Node.js dependencies and npm packages is the largest hurdle to implementing a permission system for VS Code.

  • 2021-06-17 kl 13:00 i Teams

    Verktyg för hyperparameterjustering

    Författare: Patrick Lundberg
    Opponenter: Simon Sandberg, Albin Sidås
    Handledare: Rita Kovordanyi
    Examinator: Jalal Maleki
    Nivå: Grundnivå (16hp)

    Hyperparameteroptimering är ett viktigt uppdrag för att effektivt
    kunna använda en modell för maskininlärning. Att
    utföra detta manuellt kan vara tidskrävande, utan garanti för
    god kvalitet på resulterande hyperparametrar. Att använda
    verktyg för detta ändamål är att föredra, men det finns ett stort
    antal verktyg som använder olika algoritmer. Hur effektiva
    dessa olika verktyg är relativt varandra är ett mindre utforskat
    område. Denna studie bidrar med en enkel analys av hur två
    verktyg för sökning av hyperparametrar, Scikit och Ray Tune,
    fungerar i jämförelse med varandra.

  • 2021-06-17 kl 13:00 i Teams

    Koversationsmotor för transportationssystem

    Författare: Simon Sandberg, Albin Sidås
    Opponent: Adam Eriksson
    Handledare: Rita Kovordanyi
    Examinator: Jalal Maleki
    Nivå: Grundnivå (16hp)

    Communication between operators and industrial drivers is
    today done between humans without any support. This
    paper explores the possibility to support the operators in
    classifying the topic of an incoming communication and
    which entities are affected through the use of named entity
    recognition and topic classifications. By developing a
    synthetic training dataset, a NER model and a topic
    classification model was developed and evaluated to
    achieve f1-scores of 60 and 53 respectively. These results
    were explained by a low variance in the generated dataset in
    comparison to a transcribed dataset from the real world
    which included anomalies not represented in the generated
    dataset. The aforementioned models were integrated into
    the dialogue framework Emora to seamlessly handle the
    back and forth communication and response generations.

  • 2021-06-17 kl 13:00 i Teams

    Evaluation of methods for automatically deciding article type for newspapers

    Författare: Adam Eriksson
    Opponent: Patrick Lundberg
    Handledare: Rita Kovordanyi
    Examinator: Jalal Maleki
    Nivå: Grundnivå (16hp)

    Metadata is becoming more and more important in the
    media industry [1], both for decisions of where to show the
    content as well as for statistical analysis of live and historic
    articles. The burden of creating even more metadata is often
    given to the journalist writing the article which leads to
    metadata taking up more of the journalist’s time without
    them in many cases getting a clear explanation of why this
    is important. This often leads to wasting the journalist's
    time and low quality of the metadata being produced since
    the ones doing it are not experts in metadata.
    To solve this problem an increasing number of media
    houses are looking at automating this process, either
    through developing their solutions in-house or hiring
    external help to help analyze their content.
    In this thesis, I take a closer look at evaluating different
    methods for automatically deciding which type of
    commonly occurring newspaper text (e.g., news reports,
    feature articles, editorials, and opinion pieces) an article is.
    This can help to save a small amount of time for each newly
    written article or a large amount of time when a newspaper
    wants to add metadata to all their old articles to index them
    in their modern metadata-driven systems. Without good
    automation, they would potentially need to read through
    and add metadata to millions of articles which could take
    years and cost a lot of money.

  • 2021-06-17 kl 13:15 i https://liu-se.zoom.us/j/69721466537?pwd=OStqRDlGeXl4c1dyRndNOS9pclFndz09

    Monitoring of Cyber Security Exercise Environments in Cyber Ranges – with an Implementation for CRATE

    Författare: Matildha Sjöstedt
    Opponent: David Åström
    Handledare: Rouhollah Mahfouzi
    Examinator: Ahmed Rezine
    Nivå: Avancerad (30hp)

    In a world where much of society is dependent on digital infrastructure, various cyber threats can pose a great risk to businesses, critical infrastructure and potentially entire nations. For this reason, research and education as well as the preparation of strategies, training of personnel etc., is imperative. Cyber ranges can provide ''safe environments'' in which for example cyber security exercises and experiments can be conducted. While easier to deploy and configure than ''real'' infrastructures, monitoring of such environments during ongoing exercises/experiments poses a number of challenges. During this thesis work, the question of what types of data and information could be relevant to provide in a monitoring system for this context was investigated, with regard to aspects such as providing technical support or gaining situational awareness during exercises. Results gained from a survey with participants from relevant organizations, contributed greatly to this question. The survey and literature study also provided insights into challenges and potential problems of developing and running such monitoring. CRATE is a cyber range developed and maintained by the Swedish Defence Research Agency (FOI). In this thesis work, some of the challenges and potential problems found are tackled with a suggested design and an implemented monitoring system prototype for CRATE. Apart from providing functionality to retrieve information about accounts and privileges as well as status of services, the design of the prototype also lays the foundation for a flexible and extensible monitoring system -- fully adapted for use within a cyber range. With cyber exercises becoming both more prevalent and extensive, the need for capable monitoring of exercise environments will naturally arise. While the developed prototype may facilitate future cyber exercises/experiments in CRATE, the results of this thesis work are also ready to be used as a source of inspiration for other cyber range operators.

  • 2021-06-17 kl 13:15 i https://liu-se.zoom.us/j/65113679000?pwd=c3NrcTl6cnEwQlFnQVM5QjhDRTh5UT09

    Characterizing the Third-partyAuthentication Landscape - A Longitudinal Study of how Identity Providers are Used inModern Websites

    Författare: Fredrik Josefsson Ågren, Oscar Järpehult
    Opponent: Martin Lindblom
    Handledare: Patrick Lambrix
    Examinator: Niklas Carlsson
    Nivå: Avancerad (30hp)

    Third-party authentication services are becoming more common since it eases the login procedure as well as users do not need to create a new login for every website that uses authentication. Even though it simplifies the login procedure the users still have to be conscious about what data are being shared between the identity provider (IDP) and relying party (RP) about them. This thesis presents a tool for collecting data about third-party authentication that outperforms previously made tools with regards to accuracy, precision and recall. The developed tool was used to collect information about third-party authentication on a set of websites. The collected data reveals that third-party login services offered by Facebook and Google are most common and that Twitters login service is significantly less common. Twitters login service shares the most data about the users to the RPs and often gives the RPs permissions to do write actions on the users Twitter account.

    In addition to our large-scale data collection, three manual data collections were performed and compared with previously made manual data collection over a nine-year period. The longitudinal comparison showed that over the nine-year period the login service by Facebook and Google have been dominant. It is clear that less information about the users are being shared today compared to earlier years for Apple, Facebook and Google. The Twitter login service is the only IDP that have not changed their permission policies. This could be the reason why the usage of the Twitter login service on websites have decreased.

    The results presented in this thesis helps provide a better understanding of what personal information is exchanged by IDPs which can guide users to take well measured decisions on the web.

  • 2021-06-18 kl 10:00

    Evolving digital 3D models using interactive genetic algorithm

    Författare: Simon Sundberg
    Opponent: Björn Möller Ehrnlund
    Handledare: Anders Fröberg
    Examinator: Erik Berglund
    Nivå: Avancerad (30hp)

    Genetic algorithms (GA) reflect the process of natural selection where the fittest individuals are more likely to pass on their genes to the next generation. In GAs, a population of possible solutions is evolved by mutation, crossover, and a fitness function. The fitness function determines the quality of each solution which influence how likely they are to be selected to pass on its genes to the next generation. The algorithm uses these genetic operators, fitness function and multiple generations to progressively make solutions better at solving a specific task.

    However, for many problems it is difficult, if not impossible, to formulate the quality criterion (fitness function) of solutions mathematically. This happens, for example, in computer graphics when the quality criterion is based on a user's aesthetic preferences and there's no definite solution to a problem. For such problems, it is helpful to use human evaluation to determine the quality of solutions. This class of genetic algorithms is called interactive genetic algorithms (IGA) and is when the fitness function is replaced by human evaluation. The motivation behind this work is to see how an IGA can be implemented in a system to aid in the design space exploration of digital 3D models.

  • 2021-06-18 kl 10:15 i https://liu-se.zoom.us/j/66462575640?pwd=cW9kdDVFQlhCV0pEalFFdmQ4RGZ3dz09

    Which News Article are You Reading? Using Fingerprinting to Attack Internal Pages of News Websites

    Författare: Martin Lindblom
    Opponenter: Martin Christensson, William Holmgren
    Handledare: Patrick Lambrix
    Examinator: Niklas Carlsson
    Nivå: Avancerad (30hp)

    When performing fingerprinting attacks against websites in a controlled environment a study may achieve very promising results. However, these can be miss leading as the closed-world setting may not accurately represent the real-world. This is a problem many prior works have been critiqued for, the inability to transfer their results from the closed-world setting to the real-world. Being able to do so is of great importance to establish what the real-world consequences would be of fingerprint attacks. If unable to apply one's findings outside of a tightly controlled environment it is difficult to gauge if theses attack types pose a real threat or not. Thereby, this thesis has, contrary to previous work, based its setting on a real-world scenario to provide tangible insights into vulnerabilities of news websites. Furthermore, it targeted internal pages of websites, something under studied by previous literature. All of this while presenting a novel classifier that is lightweight and requires little training, and a framework for automatically collecting and labelling encrypted TCP traffic without the use of a proxy.

  • 2021-06-18 kl 13:15 i https://liu-se.zoom.us/j/65906126712?pwd=SkxIS3lERjdxYVVzOHhncEhrYmhlZz09

    GoalMate - An Application for Visualization of Ice Hockey Statistics

    Författare: Tim Carsting, Jens Gummesson
    Opponenter: Felix Stjernberg, Joel Tell
    Handledare: Niklas Carlsson
    Examinator: Patrick Lambrix
    Nivå: Grundnivå (16hp)

  • 2021-06-18 kl 13:15 i https://liu-se.zoom.us/j/68379242778?pwd=SS9VQnRna29KYkZMNmdhVmtwQm5yZz09

    Discovering what makes news tweets popular when controlling for content

    Författare: Martin Christensson, William Holmgren
    Opponenter: Fredrik Josefsson Ågren, Oscar Järpehult
    Handledare: Patrick Lambrix
    Examinator: Niklas Carlsson
    Nivå: Avancerad (30hp)

    Twitter is one of the largest social networks with over 330 million active users. Therefore, by being able to better create tweets that spread further, the message of the tweet can reach more people. It is also a social platform that is widely used by news networks to share news and is the main source of news for many people. Twitter also has an API that researchers can use to easily extract data from the website. This in combination with the reasons above has made Twitter into a hot research topic.
    This study has, to the best of the knowledge of the authors, introduced a novel approach of analyzing twitter data. It has focused on tweets containing links to news articles and groups these into clusters based on the contents of said news articles. Tweets that share near identical news articles, will be grouped into clone sets, which allows to only analyze tweets that share the same content. This eliminates content as a factor that could impact the popularity and allows to better understand the underlying factors that make a tweet popular. While only subtle differences were found in this study when controlling for content (e.g., regardless if we control for content, we found that followers, following, and whether a user was verified were the most important predictive factors), the approach provided new insights into the timing of when tweets are being posted. Tweets posted early on had a great majority of total retweets as well as the most successful tweet. While tweets posted late had a great majority of the least successful tweets. The methodology of controlling for content gave interesting insights and the authors believe it deserves further attention when doing similar research.

  • 2021-06-18 kl 13:15 i https://liu-se.zoom.us/j/68162518605

    IT’S IN THE DATA 2 - Improving user retention through effective design of the user onboarding experience

    Författare: Gustav Fridell
    Opponenter: Mitesh Suresh Tavade, Serkan Yaman
    Handledare: Sahand Sadjadee
    Examinator: Erik Berglund
    Nivå: Avancerad (30hp)

    User retention is a key factor for Software as a Service (SaaS) companies to ensure long-term growth and profitability. One area which can have a lasting impact on a digital product’s user retention is its user onboarding experience, that is, the methods and elements that guide new users to become familiar with the product and activate them to become fully registered users.

    Within the area of user onboarding, multiple authors discuss “best practice” design patterns which are stated to positively influence the user retention of new users. However, none of the sources reviewed showcase any statistically significant proof of this claim. Thus, the objective of this study was to:

    Design and implement a set of commonly applied design patterns within a web application’s user onboarding experience and evaluate their effects on user retention

    Through A/B testing on the SaaS product GetAccept, the following two design patterns were evaluated:
    1. Reduce friction – reducing the number of barriers and steps for a new user when first using a digital product; and
    2. Monitor progress – monitoring and clearly showcasing the progress of a new user’s journey when first using a digital product.
    The retention metric used to evaluate the two design patterns was first week user retention, defined as the share of customers who after signing up, sign in again at least once within one week. This was tested by randomly assigning new users into different groups: groups that did receive changes related to the design patterns, and one group did not receive any changes. By then comparing the first week user retention data between the groups using Fisher’s exact test, the conclusion could be drawn that with statistical significance, both of the evaluated design patterns positively influenced user retention for GetAccept.

    Furthermore, due to the generalizable nature of GetAccept’s product and the aspects evaluated, this conclusion should also be applicable to other companies and applications with similar characteristics, and the method used to evaluate the impact of implementing the design patterns should be applicable for evaluating other design patterns and/or changes in digital products.

    However, due to the method used for collecting the data supporting the conclusions, full validity of it could not guaranteed. Thus, to get further evidence supporting the statements, the study should be repeated with a better method of data collection.

  • 2021-06-18 kl 15:15 i https://liu-se.zoom.us/j/64054117243?pwd=Qk43dlVqMUlyRHd2SjJaUW5HTXNRQT09

    Scout Enhancer - En applikation som visualiserar spelardata för att förbättra scouting processer

    Författare: Felix Stjernberg, Joel Tell
    Opponenter: Tim Carsting, Jens Gummesson
    Handledare: Niklas Carlsson
    Examinator: Patrick Lambrix
    Nivå: Grundnivå (16hp)

  • 2021-06-21 kl 08:15 i https://liu-se.zoom.us/j/69321947842?pwd=MjVwZWhzTWxYd2Vhbmt6Vyt3R0h0UT09&from=addon

    An Exploratory Study of Micro Frontends

    Författare: Anna Montelius
    Opponent: My Norsbo
    Handledare: Chih-Yuan Lin
    Examinator: Kristian Sandahl
    Nivå: Avancerad (30hp)

    Microservices has become a real buzz word in the software development community during the last couple of years. Most developers are familiar with the architectural concept which solves the problem of systems growing to large monoliths too complex to handle. This architectural style has however mostly been used in backend development, even though many companies are struggling with large, monolithic frontend codebases. This is where micro frontends come in, an architectural as well as organisational approach to developing web applications all the way from presentation to data layer. The micro frontends approach is relatively new, and even though there is some talk about it in the software community, many companies are unfamiliar with it, and there is very limited scientific work performed on the topic. The aim of this study was to investigate strengths of and challenges with micro frontends, and specifically how the modifiability of a web application is affected by developing it as a micro frontends project. The method for fulfilling the aim consisted of several parts. One part consisted of implementing two frontend prototypes of a web application, one using an SPA technique and one using a micro frontends technique. Another part consisted of interviewing practitioners in the software field with relevant backgrounds to gain their perspective on micro frontends. The results were also used to evaluate which prototype would be most suitable for the specific web application. The last part of the method consisted of performing measurements on the implemented prototypes to be used to estimate the modifiability of the prototypes using a mathematical model of modifiability.

  • 2021-06-21 kl 09:15 i https://liu-se.zoom.us/j/69321947842?pwd=MjVwZWhzTWxYd2Vhbmt6Vyt3R0h0UT09&from=addon

    System Architecture for Positioned Data Collection

    Författare: Adrian Royo
    Opponenter: Jonatan Bjurenfalk, August Johnsson
    Handledare: Chih-Yuan Lin
    Examinator: Kristian Sandahl
    Nivå: Avancerad (30hp)

    With the location based service market being estimated to drastically increase in value to over 77 billion dollars in 2021, novel approaches to amass and combine data are being explored. One such novel approach is that of collecting positioned data (PD), which in turn consists of data gathered from radio signals associated to ground truth positions (GTP). This type of PD can be used to benefit such things as spatial network analysis or supportive data for positioning algorithms. In this thesis we investigate how such PD can be collected, managed and stored in an effective manner regardless of environment. As a means to investigate this, we have proposed a positioned data collection (PDC) system architecture.
    The proposed PDC system architecture has been designed based on documentation related to six different PDC related systems, the ADD method, the ATAM method, the three-tier architecture pattern and a proposed PDC system definition. Parts of the proposed architecture have been chosen for implementation and testing. The chosen parts were those which were designed to collect PD within indoor environments, as it is more scientifically interesting compared to outdoor environments. The results gathered from the tests proved that the implemented PDC system parts worked as intended, successfully associating radio signal data values to both local- and geographical GTP. Ways of altering the association between radio signal data and GTP were also explored and tested, with the most prominent alteration approach being that of spatial filtration. Both the proposed architecture and the results gathered from testing the implemented parts were assessed by stakeholders. The thesis work was generally well accepted by the stakeholders, meeting little criticism and providing valuable insights.

  • 2021-06-21 kl 10:15 i https://liu-se.zoom.us/j/69321947842?pwd=MjVwZWhzTWxYd2Vhbmt6Vyt3R0h0UT09&from=addon

    Automated error matching system using machine learning and data clustering

    Författare: Jonatan Bjurenfalk, August Johnson
    Opponent: Adrian Royo
    Handledare: Chih-Yuan Lin
    Examinator: Kristian Sandahl
    Nivå: Avancerad (30hp)

    For large and complex software systems, it is a time-consuming process to manually inspect error logs produced from the test suites of such systems. Whether it is for identifying abnormal faults, or finding bugs; it is a process that limits development progress, and requires experience. An automated solution for such processes could potentially lead to efficient fault identification and bug reporting, while also enabling developers to spend more time on improving system functionality. Three unsupervised clustering algorithms are evaluated for the task, HDBSCAN, DBSCAN, and X-Means. Where error logs from a robotic test system are cleaned and pre-processed using Latent Semantic Analysis (LSA). In addition, HDBSCAN, DBSCAN and an LSTM-based autoencoder are evaluated for outlier detection. A team of domain experts are tasked with evaluating the results produced from clustering and outlier detection. Results indicate that X-Means outperform the other clustering algorithms when tasked with automatically categorizing error types, and capturing bugs. Furthermore, none of the outlier detection methods yielded sufficient results. However, it was found that X-Means's clusters with a size of one data point yielded an accurate representation of outliers occuring in the error log dataset.

  • 2021-06-21 kl 13:00 i https://liu-se.zoom.us/j/61314351444?pwd=ZDBqNUp6T1BtNnlJWXRuMUE1eHh3QT09

    Randomness as a Cause of Test Flakiness

    Författare: Daniel Mastell, Jesper Mjörnman
    Opponenter: Sixten König, Joel Nilsson
    Handledare: Azeem Ahmad
    Examinator: Ola Leifler
    Nivå: Grundnivå (16hp)

    With today’s focus on Continuous Integration, test cases are used to ensure the software's reliability when integrating and developing code.
    Test cases that behave in an undeterministic manner are known as flaky tests, which threatens the software's reliability. Because of flaky test's undeterministic nature, they can be troublesome to detect and correct.
    This is causing companies to spend great amount of resources on flaky tests since they can reduce the quality of their products and services.

    The aim of this thesis was to develop a usable tool that can automatically detect flakiness in the Randomness category.
    This was done by initially locating and rerunning flaky tests found in public Git repositories.
    By scanning the resulting pytest logs from the tests that manifested flaky behaviour, noting indicators of how flakiness manifests in the Randomness category.
    From these findings we determined tracing to be a viable option of detecting Randomness as a cause of flakiness.
    The findings were implemented into the proposed tool FlakyReporter, which reruns flaky tests to determine if they pertain to the Randomness category.

    The FlakyReporter tool was found to accurately categorise flaky tests into the Randomness category when tested against 25 different flaky tests. This proves the viability of utilizing tracing as a method of categorizing flakiness.

  • 2021-06-21 kl 13:15 i https://liu-se.zoom.us/j/67558148904?pwd=SkVqS2ZsRlZpc1AzZHZLWkNQZ1duUT09

    Evaluation of BERT-like models for small scale ad-hoc information retrieval

    Författare: Daniel Roos
    Opponenter: Joakim Tao, David Thimrén
    Handledare: George Osipov
    Examinator: Cyrille Berger
    Nivå: Avancerad (30hp)

    Measuring semantic similarity between two sentences is an ongoing research field with big leaps being taken every year. This thesis looks at using modern methods of semantic similarity measurement for an ad-hoc information retrieval (IR) system. The main challenge tackled is answering the question "What happens when you don’t have situation-specific data?". Using encoder-based transformer architectures pioneered by Devlin et al., which excel at fine-tuning to situationally specific domains, this thesis shows just how well the presented methodology can work and makes recommendations for future attempts at similar domain-specific tasks. It also shows an example of how a web application can be created to make use of these fast-learning architectures.

  • 2021-06-21 kl 13:15 i https://liu-se.zoom.us/j/69559988751?pwd=OG15WW4zSUhEczlsNFVnb0VkTVlWQT09&from=addon

    Digitalizing the workplace: improving internal processes using digital services - A process improvement by digitalization, emphasizing chosen quality factors

    Författare: Madeleine Bäckström, Nicklas Silversved
    Opponenter: Mimmi Cromsjö, Linn Hallonqvist
    Handledare: Jonas Wallgren
    Examinator: Kristian Sandahl
    Nivå: Avancerad (30hp)

    In recent years, the number of digital services and tools available has increased rapidly. When companies want to digitalize their business, they have the opportunity to browse a large number of existing platforms and applications available on the market to find a good match for their specific needs. However, when a company wishes to digitalize a work task that already has a well-established workflow, problems may arise. Due to this, a tailored digital solution may in some cases be the better suited option, rather than the ones available on the market.

    The intention of this work was to investigate the challenges that companies face in relation to digitalization of the workplace in general, and the challenges of a company’s expense management process in particular. As an example of how a workplace digitalization can take place, a collaboration with a forest industry company was conducted. An evaluation of their analog and internal expense management process was done, where the found challenges were assessed with respect to chosen quality factors. The evaluation and the found challenges regarding digitalization constituted the basis for a process mapping and a digital solution aiming to improve the company’s expense management process. The resulting work emphasizes how a digital solution can be tailored with simple means within a limited time frame, taking specific needs and existing challenges into account in order to digitalize the workplace. In addition, the work presents what challenges that exists within the concept of digitalizing the workplace and regarding expense management, and how quality factors can be used in combination with a process improvement in order to relieve and eliminate them.

  • 2021-06-21 kl 14:00

    A performance analysis of intrusion detection with Snort and security information management

    Författare: Christian Thorarensen
    Opponent: Daniel Eriksson
    Handledare: Mohammad Borhani
    Examinator: Andrei Gurtov
    Nivå: Avancerad (30hp)

    Network intrusion detection systems (NIDSs) are a major component in cybersecurity
    and can be implemented with open-source software. Active communities and researchers
    continue to improve projects and rulesets used for detecting threats to keep up with the
    rapid development of the internet. With the combination of security information management,
    automated threat detection updates and existing open-source software, the NIDS
    security can be maximized. However, it is not clear how different combinations of software
    and basic settings affect network performance.

    The main purpose in this thesis was to find out how multithreading, standard ruleset
    configurations and near real-time data shipping affect Snort IDS’ online and offline performance.
    Software used in performance testing was limited to Snort 2.9.17.1-WIN64 (IDS),
    Snort 3.1.0.0 (IDS), PulledPork (rule management) and Open Distro for Elasticsearch (information
    management). To increase the replicability of this study, the experimentation
    method was used, and network traffic generation was limited to 1.0 Gbit/s hardware. Offline
    performance was tested with traffic recorded from a webserver during February 2021
    to increase the validity of test results, but detection of attacks was not the focus.

    Through experimentation it was found that multithreading enabled 68-74% less runtime
    for offline analysis on an octa-thread system. On the same system, Snort’s drop rate
    was reduced from 8.966% to 1.091% by configuring multiple packet threads. Secondly,
    Snort Community and Proofpoint ET Open rulesets showed approximately 1% and 31%
    dropped packets, respectively. This was tested with 1252 Mbit/s generated network traffic
    consisting of 16 TCP flows. Finally, enabling data shipping services to integrate Snort
    with Open Distro for Elasticsearch (ODFE) did not have any negative impact on throughput,
    network delay or Snort’s drop rate. However, the usability of ODFE needs further
    investigation.

    In conclusion, PulledPork, which enables automatic rule updates to protect against
    emerging threats, could not be used to configure open-source rulesets and policies for Snort
    3. On the other hand, the performance benefits from the new multithreaded architecture
    make Snort 3 preferred for future research. Additionally, if a company has chosen to use
    the Snort Registered or Subscriber rulesets, Snort 3 can be used in practice with PulledPork
    enabled and benefit greatly from multithreading.

  • 2021-06-22 kl 08:15 i https://liu-se.zoom.us/j/64216556484?pwd=WEdRVWFqaitRTXZ5SElHT2pjSTZQZz09

    Arguing assurance in Trusted Execution Environments using Goal Structuring Notation – A remote attestation assurance use case for Keystone

    Författare: Nigel Cole
    Opponent: Anton Andell
    Handledare: Felipe Boeira
    Examinator: Mikael Asplund
    Nivå: Avancerad (30hp)

    A trusted execution environment (TEE) is an isolated environment used for trusted execution. TEE solutions are usually proprietary and specific for a certain hardware specification, thereby limiting developers that use those TEEs. A potential solution to this issue is the use of open-source alternatives such as the TEE framework Keystone and the reduced instruction set computer V (RISC-V) hardware. These alternatives are rather young and are not as well established as the variants developed by ARM and Intel. To this end, the assurance in Keystone and RISC-V are analysed by studying a remote attestation assurance use case using the goal structuring notation (GSN) method. The aim is to investigate how GSN can be utilised to build assurance cases for TEEs on RISC-V. This thesis presents a process of how GSNs can be created to argue assurance for a TEE solution. Furthermore, Keystone operates under a specific threat model with made assumptions that may have a large impact depending on the use case. Therefore, Keystone is analysed to understand whether the framework mitigates existing vulnerabilities in TEEs. It is concluded that GSN is a viable method for arguing assurance in TEEs, providing great freedom in the creation of the GSN model. The freedom is also its weakness since the argument composition has a high impact on the argument. Furthermore, we conclude that Keystone mitigates multiple known vulnerabilities primarily through made assumptions in its threat model. These cases need to be considered by developers utilising Keystone to determine whether or not the assumptions are valid for their use case.

  • 2021-06-22 kl 10:00 i https://liu-se.zoom.us/j/64216556484?pwd=WEdRVWFqaitRTXZ5SElHT2pjSTZQZz09

    Detection of side-channel attacks targeting Intel SGX

    Författare: David Lantz
    Opponent: Oliver Johns
    Handledare: Felipe Boeira
    Examinator: Mikael Asplund
    Nivå: Avancerad (30hp)

    In recent years, trusted execution environments like Intel SGX have allowed developers to protect sensitive code inside so called enclaves. These enclaves protect its code and data even in the cases of a compromised OS. However, SGX enclaves have been shown to be vulnerable to numerous side-channel attacks. Therefore, there is a need to investigate ways that such attacks against enclaves can be detected.This thesis investigates the viability of using performance counters to detect an SGX-targeting side-channel attack, specifically the recent Load Value Injection (LVI) class of attacks. A case study is thus presented where performance counters and a threshold-based detection method is used to detect variants of the LVI attack. The results show that certain attack variants could be reliably detected using this approach without false positives fora range of benign applications. The results also demonstrate reasonable levels of speed and overhead for the detection tool. Some of the practical limitations of using performance counters, particularly in an SGX-context, are also brought up and discussed.

  • 2021-06-22 kl 10:15 i https://liu-se.zoom.us/j/61898817801?pwd=Q21PamFKL1hSVTUvbi9tdnZRcFFmUT09

    Evaluating the Personalisation Potential in Local News

    Författare: Fredrik Angström, Petra Faber
    Opponenter: Ludvig Carlemar, Niklas Larsson
    Handledare: John Tinnerholm
    Examinator: Jonas Wallgren
    Nivå: Grundnivå (16hp)

    : Personalisation of content is a frequently used technique intended to improve user engagement and provide more value to users. Systems designed to provide recommendations to users are called recommender systems and are used in many different industries. This study evaluates the potential of personalisation in a media group primarily publishing local news, and studies how information stored by the group may be used for recommending content. Specifically, the study focuses primarily on content-based filtering by article tags and user grouping by demographics. This study first analyses the data stored by a media group to evaluate what information, data structures, and trends have potential use in recommender systems. These insights are then applied in the implementation of recommender systems, leveraging that data to perform personalised recommendations. When evaluating the performance of these recommender systems, it was found that tag-based content selection and demographic grouping each contribute to accurately recommending content, but that neither method is sufficient for providing fully accurate recommendations.

  • 2021-06-22 kl 13:00 i https://teams.microsoft.com/l/team/19%3aACPylt-PDC252_tk2z4DX8SWNcVeeXc5M2OgCRt6jPQ1%40thread.tacv2/conversations?groupId=350244bd-18cd-4cbf-89e0-9a8a2ddc4b72&tenantId=913f18ec-7f26-4c5f-a816-784fe9a58edd

    Smoothening of Software documentation

    Författare: Joakim Tao, David Thimrén
    Opponent: Daniel Roos
    Handledare: Arne Jönsson
    Examinator: Lars Ahrenberg
    Nivå: Avancerad (30hp)

    This thesis was done in collaboration with Ericsson AB with the goal of researching the possibility of creating a machine learning model that can transfer the style of a text into another arbitrary style depending on the data used. This had the purpose of making their technical documentation appear to have been written with one cohesive style for a better reading experience. Two approaches to solve this task was tried, the first one was to implement an encoder-decoder model from scratch, and the second was to use the pre-trained model GPT-2 created by a team from OpenAI and fine-tune the model on the specific task. Both of these models was trained on data provided by Ericsson, sentences were extracted from their documentation. To evaluate the model both training loss, test sentences and BLEU score was used and these were compared to each other and with other state-of-the-art models. The models did not succeed in transforming text into a general technical documentation style but a good understanding about what would need to be improved and adjusted to improve the results was obtained.

  • 2021-06-22 kl 13:15 i https://liu-se.zoom.us/j/64216556484?pwd=WEdRVWFqaitRTXZ5SElHT2pjSTZQZz09

    TUF on the Tangle – Securing sofware updates using a distributed ledger

    Författare: Anton Andell, Oliver Johns
    Opponenter: Nigel Cole, David Lantz
    Handledare: Felipe Boeira
    Examinator: Mikael Asplund
    Nivå: Avancerad (30hp)

    This study investigates the viability of revising The Update Framework (TUF) to be implemented on a distributed ledger called IOTA. TUF is a framework that is becoming the de facto standard for securing update systems and which mitigates security vulnerabilities through the use of different roles. The design for the revised Update Framework, called TUFT, is thoroughly explained and examined. A security analysis as well as a performance analysis are made for the proposed design and prototype respectively. Security-wise, TUFT is determined to be more secure than the original framework. On the other hand TUFT is shown to be slower than the original TUF, with some scalability issues due to the requirement to fetch the whole update history for a repository. To accompany a wider range of software we also introduce new features in TUFT that provide versioning and mapping.The work done shows that a distributed ledger can improve a system like TUF in regards to security, auditability, and immutability. In summary, the proposed TUFT design is promising with its new features although it is limited performance-wise in some regards. With the updates being done to the IOTA ledger, a system like TUFT could be further improved upon to reduce the performance impact.

  • 2021-06-22 kl 13:15 i https://liu-se.zoom.us/j/66925041431?pwd=SzhEV28vU3VwaHNHY2pnVmRNaGk0UT09

    Ett scoutingverktyg åt Linköping Hockey Club

    Författare: Jesper Persson, Rasmus Rynell
    Opponenter: Erik Asklöf, Dutsadi Bunliang
    Handledare: Niklas Carlsson
    Examinator: Patrick Lambrix
    Nivå: Grundnivå (16hp)

    Linköpings hockey club (LHC) arbetar idag tillsammans med Sports Analytics Group vid Linköpings Universitet, de har tillsammans bett oss ta fram ett verktyg för att underlätta LHC:s scoutingprocess. Projektet inleddes med flera möten tillsammans med LHC där vi diskuterade hur projektet skulle drivas framåt och vad som behövde göras. Under mötena fick vi reda på att fokus låg på jämförelsen mellan spelarna, dels att hitta liknande spelare för att kunna ta reda på rimliga löner, dels att kunna hitta nya spelare. Electron valdes som ramverk dels på grund av tidigare erfarenheter, dels för att i framtiden ha stöd för många olika enheter. Vi arbetade sedan agilt med kontinuerlig kontakt med LHC varje vecka för att utveckla just den funktionalitet som just de var ute efter. Tillslut fick verktyget funktionalitet så som att hitta och jämföra spelares löner kontra dess spelarstatistik, en detaljjämförelse där spelares statistik kan jämföras mer noggrant samt en lagbyggesfunktion för att ge en överblick över alla ens valda spelare. Även designen på verktyget arbetades kontinuerlig fram och blev tillslut en minimalistisk sådan. I slutet av projektet besvarade även personal på LHC på en enkät enligt “The System Usability Scale (SUS)” angående användbarheten, användarvänligheten, och önskvärdheten för verktyget. Svaren blev väldigt positiva och vi anser därför att detta är ett optimerat och näst intill optimalt verktyg för just LHC.

  • 2021-06-22 kl 15:30 i https://liu-se.zoom.us/j/64614596624?pwd=TUw5YWtYcisrdTN1dTFMeUNOdUI4QT09

    Possibilities of Automatic Detection of Async Wait Flaky Tests in Python Applications

    Författare: Joel Nilsson
    Opponent: Daniel Mastell
    Handledare: Azeem Ahmad
    Examinator: Ola Leifler
    Nivå: Grundnivå (16hp)

    Flaky tests are defined as tests that show non-determinstic outcomes, meaning they can show both passing and failing results without changes to the code. These tests cause a major problem in the software development process since it can be difficult to know if the cause of a failure originates from the production- or test code. Developers may choose to ignore failing tests known to be flaky when they might actually hide real bugs in the production code.

    This thesis investigates a specific category of flaky tests known as "Async Wait", which are tests that makes asynchronous calls to servers and other remote resources and fails to properly wait for the results to be returned. There are tools available for detecting flaky tests, but most of these need the test to be executed and operate on run time information. In order to detect potential flakiness in an even earlier state, this thesis looks in to if it is possible to predict flaky outcomes by analyzing only at the test code itself without running it. The scope is limited to the Async Wait only to determine in which cases and under what circumstances developing an algorithm to automatically detect these flaky tests would be possible in this category.

    Commits from open source projects on GitHub were scanned for Async Wait flaky tests with the intention of finding the characteristics of the asynchronous calls and how the waiting for them is handled as well as how the flakiness is resolved by developers in practice in order to see if the information in only the test code is enough to predict flaky behavior.

  • 2021-06-24 kl 10:00 i https://liu-se.zoom.us/j/69300770889?pwd=a2xFT205Y1BGaVZJblN6aEJKdVJkZz09

    Påverkan på miljö och tidseffektivitet vid övergång från pappersbaserat till digitalt system för hantering av egenkontroller

    Författare: Ludvig Carlemar, Niklas Larsson
    Opponenter: Fredrik Angström, Petra Faber
    Handledare: John Tinnerholm
    Examinator: Jonas Wallgren
    Nivå: Grundnivå (16hp)

    Digitalisering leder i många fall till att arbetsuppgifter kan utföras på ett effektivare sätt och kan leda till en minskad användning av resurser som påverkar miljön. I det här arbetet beskrivs digitaliseringen av egenkontroller för elinstallationsföretaget PLW Gruppen AB och tester för att beräkna möjliga tidsvinster och miljöbesparingar. Resultatet av utvecklingen är en webbsida som kan skapa och utföra kontroller där delen för utförande har anpassats för mobilanvändning. Vissa funktioner, som PDF-exportering och digital signatur, har lagts till för att förenkla det administrativa arbetet. Resultatet av de tester som utförts visar att det digitaliserade systemet ger ökad tidseffektivitet och ett mindre koldioxidutsläpp gentemot det pappersbaserade systemet.

  • 2021-06-24 kl 10:00

    Data Analysis of Electric Vehicle User Charging Behavior

    Författare: Erik Asklöf, Dutsadi Bunliang
    Opponenter: Jesper Persson, Rasmus Rynell
    Handledare: Felipe Boeira
    Examinator: Simin Nadjm-Tehrani
    Nivå: Grundnivå (16hp)

    As the electric vehicle market is growing, so does the effects of electric vehicles on the grid. This growth is an incentive to improve and expand the charging infrastructure. To make the infrastructure better, one first needs to analyze key elements associated with the infrastructure. This thesis, therefore, aims to illuminate trends in user behaviors of charging points and the grid load that these behaviors result in. This thesis aims to be the first step towards improving and expanding the charging point infrastructure. To accomplish this, the thesis determined the power demand of charging points and common charging behaviors by analyzing a dataset consisting of charging sessions from a seven-year period. The analysis resulted in findings that show that users tend to do most of their charging during midday, during regular office hours, and that postponing weekday plug-in events after 17:00 could reduce plug-in activity during peak energy consumption in Sweden by 24 %. The thesis concludes that the market is growing; therefore, improvements to the infrastructure have to be made. These include improved load-balancing and improved quality of service for customers, such as expansions to the fast-charging infrastructure.

  • 2021-06-24 kl 10:15

    Analysera hur digitalisering av undervisning kan implementeras genom webb-teknik

    Författare: Björn Möller Ehrnlund
    Opponent: Simon Sundberg
    Handledare: Aseel Berglund
    Examinator: Mikael Asplund
    Nivå: Avancerad (30hp)

    The use of online applications has grown rapidly during the last years, where 91\% of the Swedish population uses internet on a daily basis, both on computers and mobile devices. Naturally, this has come to affect multiple sectors, including the educational one. The usage of online applications as tools for education, can further benefit its availability as its material is available independent of both time and location. This study aims to analyze how e-learning platforms should be designed for high responsivity, to be available for multiple device types, and connection qualities.

    The work was conducted as a case study, where an e-learning platform was developed to be used for courses held at Linköping University. To evaluate the platform, user tests were conducted on six students, along with performance measurements, to analyse the platform both on a subjective, and technical level.

    The results showed that consistency plays a significant part of the responsivity of e-learning platforms, both internally and in relation to similar applications. In a consistent design, users can reuse their developed habits, both from other applications, and across devices, making users more effective, and lower the learning curve of the platform.

    To mitigate loading times of heavier assets such as images, results indicates that lazy loading may benefit the user experience, if further developed along with loading indications.

  • 2021-06-24 kl 13:15 i https://liu-se.zoom.us/j/9815367467

    Utveckling av webbaserat lek-och-lärspel inom matematik för barn i förskolan

    Författare: David Norell
    Opponent: Primus Silverhult
    Handledare: Agneta Gulz
    Examinator: Annika Silvervarg
    Nivå: Grundnivå (16hp)

    Magiska Trädgården är ett webbaserat lek-och-lärspel i matematik för barn i förskolan. Spelet består av fem mindre delspel, där detta projekt gick ut på att utveckla och implementera ett sjätte sådant, kallat ‘Gömspelet’. Konceptet för Gömspelet var att den skulle innehålla mer variation än de andra delspelen, vilket uppnåddes genom att bland annat implementera flera olika karaktärer och miljöer som spelet utspelar sig i. För att även göra spelet mer unikt implementerades flera nya koncept, som inte fanns i de tidigare delspel, för att förbättra användbarheten och lärbarheten av spelet. Testningen av spelet visade att en del av koncepten behöver studeras vidare och kanske förbättras, vilket lämnas till vidareutvecklingen av detta spel.



Page responsible: Ola Leifler
Last updated: 2020-06-11