Informatica Economica Vol. 13 No. 1/2009

Issue Topic: Information Security

CONTENTS

2008 Grigore C. Moisil Award 5

Forecasting Demand of Potential Factors in Data Centers
Alexander PINNOW, Stefan OSTERBURG, Lars HANISCH 9
This paper deals with forecasting demand of potential factors in data centers. Firstly it will define factors themselves and their importance in the process of data centers. Then it will be shown how three standard forecasting methods can be applied for predicting capacity needs in data centers.
Keywords: data center, forecast, capacity planning.

Security Issues of the Digital Certificates within Public Key Infrastructures
Cristian TOMA 16
The paper presents the basic byte level interpretation of an X.509 v3 digital certificate according to ASN.1 DER/BER encoding. The reasons for byte level analysis are various and important. For instance, a research paper has mentioned how a PKI security may be violated by MD5 collision over information from the certificates. In order to develop further studies on the topic a serious knowledge about certificate structure is necessary.
Keywords: digital certificates, certificates authority, ASN.1 DER/BER, PKI

Using Very Large Volume Data Sets for Collaborative Systems Study
Ion IVAN, Cristian CIUREA 29
This article presents the study requests for collaborative systems, the structure and volume of data necessary for collaborative systems analysis. The paper defines procedures for collecting and validating data. This article identifies algorithms to construct homogeneous collectivities. Calculations are carried out with very large data sets and the results are interpreted.
Keywords: collaborative systems, data sets, metric.

V-Model Role Engineering
Radu CONSTANTINESCU 38
The paper focuses on role engineering which is an important topic in the development of access control system, particularly when considering Role Based Access Control – RBAC models. Despite the wide use of RBAC in various applications, the role engineering process is not a standardized approach. The paper aims to define a methodology and a process model for role engineering.
Keywords: Information security, access control systems, role based access control systems – RBAC, engineering methodologies, security policies, access control models.

Business Process Management Integration Solution in Financial Sector
Silviu Florin TEODORU 47
It is vital for financial services companies to ensure the rapid implementation of new processes to meet speed-to-market, service quality and compliance requirements. This has to be done against a background of increased complexity. An integrated approach to business processes allows products, processes, systems, data and the applications that underpin them to evolve quickly. Whether it’s providing a loan, setting up an insurance policy, or executing an investment instruction, optimizing the sale-to-fulfillment process will always win new business, cement customer loyalty, and reduce costs. Lack of integration across lending, payments and trading, on the other hand, simply presents competitors who are more efficient with a huge profit opportunity.
Keywords: Web Service, business process, integration, financial services, integration, modeling.

Biometric Security for Cell Phones
Adrian POCOVNICU 57
Cell phones are already prime targets for theft. The increasing functionality of cell phones is making them even more attractive. With the increase of cell phone functionality including personal digital assistance, banking, e-commerce, remote work, internet access and entertainment, more and more confidential data is stored on these devices. What is protecting this confidential data stored on cell phones? Studies have shown that even though most of the cell phone users are aware of the PIN security feature more than 50% of them are not using it either because of the lack of confidence in it or because of the inconvenience. A large majority of those users believes that an alternative approach to security would be a good idea.
Keywords: biometrics, security, fingerprint, face recognition, cell phones

Structure Refinement for Vulnerability Estimation Models using Genetic Algorithm Based Model Generators
Adrian VISOIU 64
In this paper, a method for model structure refinement is proposed and applied in estimation of cumulative number of vulnerabilities according to time. Security as a quality characteristic is presented and defined. Vulnerabilities are defined and their importance is assessed. Existing models used for number of vulnerabilities estimation are enumerated, inspecting their structure. The principles of genetic model generators are inspected. Model structure refinement is defined in comparison with model refinement and a method for model structure refinement is proposed. A case study shows how the method is applied and the obtained results.
Keywords: model structure refinement, model generators, gene expression programming, software vulnerabilities, performance criteria, software metrics.

Guide to Good Practice in using Open Source Compilers with the AGCC Lexical Analyzer
Rocsana BUCEA-MANEA-ŢONIŞ 75
Quality software always demands a compromise between users' needs and hardware resources. To be faster means expensive devices like powerful processors and virtually unlimited amounts of RAM memory. Or you just need reengineering of the code in terms of adapting that piece of software to the client's hardware architecture. This is the purpose of optimizing code in order to get the utmost software performance from a program in certain given conditions. There are tools for designing and writing the code but the ultimate tool for optimizing remains the modest compiler, this often neglected software jewel the result of hundreds working hours by the best specialists in the world. Even though, only two compilers fulfill the needs of professional developers, a proprietary solution from a giant in the IT industry, and the Open source GNU compiler, for which we develop the AGCC lexical analyzer that helps producing even more efficient software applications. It relies on the most popular hacks and tricks used by professionals and discovered by the author who is proud to present them further below.
Keywords: registers, dynamic linkage, cache, null pointers, tweaking.

Database Systems – Present and Future
Ion LUNGU, Manole VELICANU, Iuliana BOTHA 84
The database systems have nowadays an increasingly important role in the knowledge-based society, in which computers have penetrated all fields of activity and the Internet tends to develop worldwide. In the current informatics context, the development of the applications with databases is the work of the specialists. Using databases, reach a database from various applications, and also some of related concepts, have become accessible to all categories of IT users. This paper aims to summarize the curricular area regarding the fundamental database systems issues, which are necessary in order to train specialists in economic informatics higher education. The database systems integrate and interfere with several informatics technologies and therefore are more difficult to understand and use. Thus, students should know already a set of minimum, mandatory concepts and their practical implementation: computer systems, programming techniques, programming languages, data structures. The article also presents the actual trends in the evolution of the database systems, in the context of economic informatics.
Keywords: database systems - DBS, database management systems – DBMS, database – DB, programming languages, data models, database design, relational database, object-oriented systems, distributed systems, advanced database systems.

Enhancing Privacy for Biometric Identification Cards
Paul BĂLĂNOIU 100
Most developed countries have started the implementation of biometric electronic identification cards, especially passports. The European Union and the United States of America struggle to introduce and standardize these electronic documents. Due to the personal nature of the biometric elements used for the generation of these cards, privacy issues were raised on both sides of the Atlantic Ocean, leading to civilian protests and concerns. The lack of transparency from the public authorities responsible with the implementation of such identification systems, and the poor technological approaches chosen by these authorities, are the main reasons for the negative popularity of the new identification methods. The following article shows an approach that provides all the benefits of modern technological advances in the fields of biometrics and cryptography, without sacrificing the privacy of those that will be the beneficiaries of the new system.
Keywords: security, smart card, identification, passport, biometrics, public key infrastructure, government, identification.

Implementing a Copyright Management System
Andrei TOMA, Emanuil REDNIC 108
While Copyright Management Information (CMI) is not a new concept, it has not been a universally applied one. This article aims to review the different ways CMI's can be represented as well as the possibility of implementing them via Oracle technologies. Such an approach is justified in the absence of any wide scale, industry accepted, standard for implementation.
Keywords: Copyright Management Information, metadata, document identifiers, watermarking.

IT & C Projects Duration Assessment Based on Audit and Software Reengineering
Cosmin TOMOZEI, Marius VETRICI, Cristian AMANCEI 117
This paper analyses the effect of applying the core elements of software engineering and reengineering, probabilistic simulations and system development auditing to software development projects. Our main focus is reducing software development project duration. Due to the fast changing economy, the need for efficiency and productivity is greater than ever. Optimal allocation of resources has proved to be the main element contributing to an increase in efficiency.
Keywords: Reengineering, audit, project duration assessment, Monte Carlo simulation.

Detection of the Security Vulnerabilities in Web Applications
Marius POPA 127
The contemporary organizations develop business processes in a very complex environment. The IT&C technologies are used by organizations to improve their competitive advantages. But, the IT&C technologies are not perfect. They are developed in an iterative process and their quality is the result of the lifecycle activities. The audit and evaluation processes are required by the increased complexity of the business processes supported by IT&C technologies. In order to organize and develop a high-quality audit process, the evaluation team must analyze the risks, threats and vulnerabilities of the information system. The paper highlights the security vulnerabilities in web applications and the processes of their detection. The web applications are used as IT&C tools to support the distributed information processes. They are a major component of the distributed information systems. The audit and evaluation processes are carried out in accordance with the international standards developed for information system security assurance.
Keywords: security, vulnerability, web application, audit.

E-Business Security Architectures
Mihai DOINEA 137
By default the Internet is an open high risk environment and also the main place where the e-business is growing. As result of this fact, the paper aims to highlight the security aspects that relate to distributed applications [3], with reference to the concept of e-business. In this direction will analyze the quality characteristics, considered to be important by the author. Based on these and on existing e-business architectures will be presented a particularly diagram which will reflect a new approach to the concept of future e-business. The development of the new architecture will have its stands based on technologies that are used to build the applications of tomorrow.
Keywords: e-business, distributed applications, security, architecture, technology.

PhD Thesis Review: Business Management in Digital Economy
Bogdan GHILIC-MICU 146

Book review: Data Structures – Structuri de date
Ion Gh. ROŞCA 147

Survey on the International Conference on Economic Informatics
Ion IVAN 150

Publishing Guide for Authors 154

Inforec Association 156