DOCSLIB.ORG

Towards Security Climate Forecasts1

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Towards Security Climate Forecasts1 Towards the Future Internet 41 G. Tselentis et al. (Eds.) IOS Press, 2010 © 2010 The authors and IOS Press. All rights reserved. doi:10.3233/978-1-60750-539-6-41 Towards Security Climate Forecasts1 Stephan NEUHAUS 2 and Fabio MASSACCI Università degli Studi di Trento, Trento, Italy Abstract. The complexity and interdependencies of deployed software systems has grown to the point where we can no longer make confident predictions about the security properties of those systems from first principles alone. Also, it is very com- plex to state correctly all relevant assumptions that underlie proofs of security, so that attackers constantly seek to undermine these assumptions. Complexity metrics generally do not correlate with vulnerabilities and security best practices are usu- ally founded on anecdotes rather than empirical data. In this paper, we argue that we will therefore need to embrace empirical methods from other sciences that also face this problem, such as physics, meteorology, or medicine. Building on previous promising work, we suggest a system that can deliver security forecasts just like climate forecasts. Keywords. Large System Security, Empirical research, Climate forecasts Introduction Software systems have become so complex that we can no longer effectively understand the behaviour of the entire system from the behaviour of its smallest parts alone: in order to find out about the security of a complex system, it is no longer sufficient to know the precise semantics of an if or while statement. This is not because such knowledge is useless, but rather because the amount of interaction between program statements, interpreters, compilers, libraries, operating systems and the run-time environment creates an explosion in interconnection that makes predicting system behaviour uncertain at best and impossible at worst. This situation is worsening as we progress towards the Future Internet, where applications will consist of large numbers of interacting components, written by different organisations according to different development standards. Physicists face a similar problem when asked to describe the behaviour of an ideal gas: from Newtonian mechanics, it should be possible to compute the temperature or pressure of a gas by calculating the movements of individual gas moecules, but in prac- tice there are so many that this is impossible. Thus, high-level gas laws describing the behaviour of a gas as a whole were invented. In a similar way, medical researchers and meteorologists use models based on differential equations to forecast the spread of in- fectious diseases and to make climate forecasts, respectively. We propose to use a similar approach, where we no longer infer the macroscopic be- haviour of a system from properties of its microscopic constituents such as library com- 1Research supported by the EU under the project EU-IST-IP-MASTER (FP7-216917) 2Corresponding author 42 S. Neuhaus and F. Massacci / Towards Security Climate Forecasts ponents, programming language statements or even machine instructions, but where we make statistical predictions about the system’s behaviour from simpler, higher-level met- rics. Note that our point is not that it is only complexity, as understood by software engi- neers and expressed in complexity metrics, that is causing the inability to predict system behaviour. If that were the case, adding more computing power would make predictions possible again. Rather, it is that causes and effects of vulnerabilities are non-local (i.e., can occur at widely separated points in the same source code, in different source codes, between code in one system and code in a library, in the interaction between some code and the operating system, etc.) and are hence not accessible to source code complexity metrics. Vulnerability is a systemic issue. In the rest of this paper, we will first show case studies of two very large and widely deployed software systems (Section 1) in order to make the point that the sheer size of software makes it important to make reasonably precise predictions about the location of vulnerabilities: otherwise, quality assurance teams won’t know where to look. Next, we briefly review the state of the art in software security (Section 2), and then propose our solution to the problems that we identified (Section 3). We finish with the outline of a research program that could address these points, and conclude (Section 4). 1. Case Studies 1.1. Mozilla Mozilla3 is a large software system: As of 4 January 2007, Mozilla contained 1,799 directories and 13,111 C/C++ files, which can be combined into 10,452 components, which are files whose names only differ in their suffixes. These files have a large degree of interconnection: there are over ten thousand unique #include statements, and over ninety thousand unique function calls. At the same time, the Mozilla Foundation has published 134 Mozilla Foundation Security Advisories (MFSAs), which caused 302 bug reports. Of all 10,452 components, 424 or 4.05% were found to be vulnerable. [16] Studies by Shin and Williams [19] have looked at a particularly vulnerability-ridden part of Mozilla: the JavaScript engine. JavaScript is a way to execute code from within Web pages; it is executed inside a sandbox, which regulates all access attempts by the JavaScript program to the outside world. Still, attacks using JavaScript have shown an remarkable ability to break out of their sandboxes into the execution environment. Shin and Williams have looked at the correlation between code complexity metrics and vulnerabilities inside Mozilla’s JavaScript engine and found only low correlations; such correlations would not be enough to predict which components inside the JavaScript engine had as yet undiscovered vulnerabilities. This supports our point, since code com- plexity metrics operate under the assumption that vulnerabilities are local phenomena; after all, code complexity metrics are, by definition, computed at the source code level. Let us now put ourselves in the shoes of a Mozilla QA engineer. The new release is days away and we have the suspicion that there are components with undetected vul- nerabilities. Yet, even with a large staff, we cannot hope to inspect comprehensively all 10,000 components: we have to make a choice, since our QA resources are finite. Out of 3http://www.mozilla.org/ S. Neuhaus and F. Massacci / Towards Security Climate Forecasts 43 Figure 1. Location of vulnerabilities in Mozilla source code. those 10,000 components we can perhaps choose ten for a thorough inspection. Which ten are going to be the lucky ones? Going only by personal experience, we would probably tend to use the anecdotal knowledge floating around in our QA team and look closely at those modules that already have reported vulnerabilities and are therefore known troublemakers. How good would such an approach be? In our own study of Mozilla [16], we we first mapped Mozilla Foundation Secu- rity Advisories (MFSAs) back to those source files that were fixed as a consequence of these MFSAs. From this purely empirical approach, we got two main results. The first is shown in Figure 1, which contains a graphical depiction of the distribution of vulnerabil- ities in Mozilla’s source code. There, named rectangles represent directories, unnamed rectangles represent components. The size of a rectangle is proportional to the size of the component in bytes, and a rectangle is shaded the darker the more vulnerabilities it has had. The JavaScript engine, the object of Shin and Williams’s study above, occu- pies the lower left-hand corner of the picture, and it is apparent that JavaScript is indeed vulnerability-ridden. But what can also be seen from the picture is that there are subsys- tems that are almost as bad, such as the “layout” subsystem (above the JavaScript rectan- gle), which is concerned with cascading style sheets and the like. Overall, the distribution of vulnerabilities is very uneven: there are also large parts that have no vulnerabilities. The second result is shown in Figure 2 (left). In this figure, we counted how many MFSAs applied to a vulnerable component. The most striking feature is that there are more than twice as many components with one fix than there are components with two or more fixes. This is apparent from the tall spike at the left, and the subsequent series of bars that decrease so rapidly in height that there is be no discernible height difference for 6 and 14 MFSAs. To return to our QA perspective, components with many vulnerabilities 44 S. Neuhaus and F. Massacci / Towards Security Climate Forecasts Distribution of MFSAs Distribution of RHSAs Number of Packages Number of Components 0 50 100 200 300 0 100 200 300 400 500 600 135791113 1 9 19 30 41 73 88 112 129 Number of MFSAs Number of RHSAs Figure 2. The number of components versus the number of MFSAs in Mozilla (left), and distribution of Red Har Security Advisories (right) are rare whereas components with only one vulnerability are common. Therefore, if we looked only at components with an established history of vulnerabilities, we would waste effort: past history of vulnerabilities is not a good predictor for future vulnerabilities. 1.2. Red Hat We also looked at the packages in Red Hat Linux [15]. It showed that out of a total of 3,241 packages, 1,133 or 35% had vulnerabilities reported in 1,646 Red Hat Security Advisories (RHSAs) between January 2000 and August 2008, inclusive. Again, there is no evidence that the developers of those packages were negligent, and again, the study shows that most vulnerable packages have one or two vulnerabilties, so again, finding promising candidates for QA measures will be difficult; see Figure 2 (right). For Red Hat, the situation is even more dire than for Mozilla. Mozilla is at least developed in a single language, C++.
Load more

Recommended publications
  • Pipenightdreams Osgcal-Doc Mumudvb Mpg123-Alsa Tbb
    pipenightdreams osgcal-doc mumudvb mpg123-alsa tbb-examples libgammu4-dbg gcc-4.1-doc snort-rules-default davical cutmp3 libevolution5.0-cil aspell-am python-gobject-doc openoffice.org-l10n-mn libc6-xen xserver-xorg trophy-data t38modem pioneers-console libnb-platform10-java libgtkglext1-ruby libboost-wave1.39-dev drgenius bfbtester libchromexvmcpro1 isdnutils-xtools ubuntuone-client openoffice.org2-math openoffice.org-l10n-lt lsb-cxx-ia32 kdeartwork-emoticons-kde4 wmpuzzle trafshow python-plplot lx-gdb link-monitor-applet libscm-dev liblog-agent-logger-perl libccrtp-doc libclass-throwable-perl kde-i18n-csb jack-jconv hamradio-menus coinor-libvol-doc msx-emulator bitbake nabi language-pack-gnome-zh libpaperg popularity-contest xracer-tools xfont-nexus opendrim-lmp-baseserver libvorbisfile-ruby liblinebreak-doc libgfcui-2.0-0c2a-dbg libblacs-mpi-dev dict-freedict-spa-eng blender-ogrexml aspell-da x11-apps openoffice.org-l10n-lv openoffice.org-l10n-nl pnmtopng libodbcinstq1 libhsqldb-java-doc libmono-addins-gui0.2-cil sg3-utils linux-backports-modules-alsa-2.6.31-19-generic yorick-yeti-gsl python-pymssql plasma-widget-cpuload mcpp gpsim-lcd cl-csv libhtml-clean-perl asterisk-dbg apt-dater-dbg libgnome-mag1-dev language-pack-gnome-yo python-crypto svn-autoreleasedeb sugar-terminal-activity mii-diag maria-doc libplexus-component-api-java-doc libhugs-hgl-bundled libchipcard-libgwenhywfar47-plugins libghc6-random-dev freefem3d ezmlm cakephp-scripts aspell-ar ara-byte not+sparc openoffice.org-l10n-nn linux-backports-modules-karmic-generic-pae
    [Show full text]
  • Red Hat Enterprise Linux 7 Migration Planning Guide
    Red Hat Enterprise Linux 7 Migration Planning Guide Key differences between Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7 Last Updated: 2021-09-21 Red Hat Enterprise Linux 7 Migration Planning Guide Key differences between Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7 Legal Notice Copyright © 2021 Red Hat, Inc. The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/ . In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version. Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law. Red Hat, Red Hat Enterprise Linux, the Shadowman logo, the Red Hat logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries. Linux ® is the registered trademark of Linus Torvalds in the United States and other countries. Java ® is a registered trademark of Oracle and/or its affiliates. XFS ® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries. MySQL ® is a registered trademark of MySQL AB in the United States, the European Union and other countries. Node.js ® is an official trademark of Joyent.
    [Show full text]
  • The Taskjuggler Manual
    The TaskJuggler Manual Chris Schläger Marc Rührschneck The TaskJuggler Manual by Chris Schläger and Marc Rührschneck Copyright © 2001, 2002, 2003, 2004, 2005 Chris Schläger This document describes TaskJuggler version 2.1.1 Table of Contents About this document.............................................................................................................................. viii 1. Introduction............................................................................................................................................1 1.1. About TaskJuggler ......................................................................................................................1 1.2. Features and Highlights ..............................................................................................................1 1.3. TaskJuggler on the Web ..............................................................................................................2 1.4. Change Log .................................................................................................................................2 1.4.1. Version 1.0.0 (2002-03-14).............................................................................................2 1.4.2. Version 1.0.1 (2002-03-15).............................................................................................2 1.4.3. Version 1.1 (2002-05-27)................................................................................................3 1.4.4. Version 1.2 (2002-06-17)................................................................................................3
    [Show full text]
  • The Beauty and the Beast: Vulnerabilities in Red Hat's Packages
    The Beauty and the Beast: Vulnerabilities in Red Hat’s Packages Stephan Neuhaus Thomas Zimmermann Dipartimento di Informatica e Telecomunicazioni Microsoft Research Universita` degli Studi di Trento One Microsoft Way I-38100 Trento, Italy Redmond, Washington, USA [email protected] [email protected] Abstract In this paper, we show that vulnerabilities correlate In an empirical study of 3241 Red Hat packages, we with dependencies between software packages. For ex- show that software vulnerabilities correlate with depen- ample, when depending on Python the risk of an applica- dencies between packages. With formal concept analy- tion being vulnerable decreases, while the risk increases sis and statistical hypothesis testing, we identify depen- when depending on PHP or Perl. In addition, we demon- dencies that decrease the risk of vulnerabilities (“beau- strate how to use dependencies to build prediction mod- ties”) or increase the risk (“beasts”). Using support vec- els for vulnerabilities. More specifically, our contribu- tor machines on dependency data, our prediction models tions are as follows: successfully and consistently catch about two thirds of vulnerable packages (median recall of 0.65). When our 1. Empirical evidence that vulnerabilities correlate models predict a package as vulnerable, it is correct more with dependencies. Our study of 3241 Red Hat than eight times out of ten (median precision of 0.83). packages is the largest study of vulnerabilities ever Our findings help developers to choose new dependen- conducted in terms of number of investigated appli- cies wisely and make them aware of risky dependencies. cations. 2. Identification of dependencies with positive or neg- 1 Introduction ative impact on vulnerabilities.
    [Show full text]
  • Herramienta De Soporte a La Generación De Planificaciones De Proyectos Enriquecidas Con Patrones De Producto”
    UNIVERSIDAD CARLOS III DE MADRID ESCUELA POLITÉCNICA SUPERIOR INGENIERÍA TÉCNICA INFORMÁTICA DE GESTIÓN PROYECTO FIN DE CARRERA “Herramienta de soporte a la generación de planificaciones de proyectos enriquecidas con Patrones de Producto” Autor: David Gómez Pedrero Tutores: Fuensanta Medina Domínguez Fecha: Diciembre, 2009 Mi infinito agradecimiento a M.G.P, quien estuvo en el momento y lugar adecuados, a pesar de la distancia. Un viaje entre los sueños y los recuerdos. Tvb. Dedicado a todos los que ya no están, especialmente a Ron. así como a los familiares, amigos y viajeros, por su apoyo, paciencia y consejos. Ast. Índice ÍNDICE DE CONTENIDOS 1 INTRODUCCIÓN ............................................................................................................... 14 1.1 DESCRIPCIÓN GENERAL DEL PROYECTO ..................................................... 14 1.2 EL PROCESO DE GESTIÓN DE PROYECTOS ................................................... 17 1.2.1 Ubicación de la Gestión de Proyectos en el proceso de la construcción del Software......... 17 1.2.2 Procesos/Actividades de la Gestión de Proyectos ................................................................ 18 1.3 EL PROCESO DE PLANIFICACIÓN ..................................................................... 26 1.4 MOTIVACIÓN ............................................................................................................ 27 1.5 METODOLOGÍAS Y TÉCNICAS PARA EL PROCESO DE PLANIFICACIÓN .....................................................................................................
    [Show full text]
  • Tabla De Aplicaciones Equivalentes Windows / GNU Linux Orientada Al Usuario En General O Promedio
    Tabla de aplicaciones equivalentes Windows / GNU Linux Orientada al usuario en general o promedio. Imágen Nomacs http://www.nomacs.org/ ​ Viewnior http://siyanpanayotov.com/project/viewnior/ Visor de imágnes ​ Eye of GNOME (http://www.gnome.org/projects/eog/) ACDSee etc. ​ ​ Gwenview (http://gwenview.sourceforge.net/) ​ ​ XnView http://www.xnview.com/ ​ digiKam (http://www.digikam.org/) Albums de fotos ​ ​ F-Spot (http://f-spot.org/Main_Page) Picasa, CyberLink ​ ​ gThumb (http://live.gnome.org/gthumb/) PhotoDirector, etc ​ ​ Shotwell (http://www.yorba.org/shotwell/) ​ ​ Editor de metadatos de FotoTagger (http://sourceforge.net/projects/fototagger/) imágnes ​ ​ ExifTool http://www.sno.phy.queensu.ca/~phil/exiftool/ PhotoME ​ Inkscape (http://www.inkscape.org/) ​ ​ Skencil (http://www.skencil.org/) Editor de gráficos vectoriales ​ ​ SK1 http://sk1project.org/ Adobe Illustrator ​ Xara Xtreme (http://www.xaraxtreme.org/) Corel Draw ​ ​ Alchemy (http://al.chemy.org/gallery/) ​ ​ Libre Office Draw (https://es.libreoffice.org/descubre/draw/) ​ ​ Blender (http://www.blender.org/) ​ ​ Natron https://natron.fr/ Gráficos 3D ​ K-3D (http://www.k-3d.org/) 3D Studio Max ​ ​ Wings 3D http://www.wings3d.com/ After Effects ​ Art of Illusion (http://www.artofillusion.org/) ​ ​ Jahshaka http://www.jahshaka.com/ ​ KolourPaint (http://kolourpaint.sourceforge.net/) Pintura digital ​ ​ Pinta (http://pinta-project.com/) MS Paint ​ ​ TuxPaint (http://tuxpaint.org/) ​ ​ Pintura digital profesional Kitra (https://krita.org/) ​ ​ Corel PaintShopPro Pencil (http://www.pencil-animation.org/)
    [Show full text]
  • Descargar Archivos Privativo M$ Project
    Número 16 SEPTIEMBRE 2008 La Revista de Software Libre y Código Abierto ¿ Qué se puede hacer en Linux ? Eventos Saboreando OpenOffice.org 3 Crear tu servidor casero con no-ip.com e infinitum de Telmex con Debian Etch Entendiendo Web Services con MonoDevelop II de IV Ojo del Novato Bluetooth Inyección con ipw2200 sobre 2Wire de Telmex con wep de 64 bits MINIAPLICACIONES Framework para el desarrollo GRAILS: EN TU ESCRITORIO de aplicaciones web (Parte II) CON GDESKLETS Editorial Redacción Rodrigo Ramírez [email protected] Nueva edición y nuevos desafíos, el equipo de Begins está Álex Sandoval Morales [email protected] con sentimientos encontrados, por una parte felices de Artz Neo [email protected] Dionisio Fernández [email protected] poder entregar una vez más el fruto de un grupo de amigos Jorge Forero Rodríguez [email protected] Ricardo Gabriel Berlasso [email protected] repartidos por todo el mundo que colaboran entregando su Mario González [email protected] Esteban Saavedra López [email protected] talento y buen ánimo generando contenidos para Begins, y Martín Márquez [email protected] por otra parte tristes porque un amigo y miembro del Equipo Revisión y corrección Begins nos deja, sus razones son válidas y las respetamos, Luis Álvarez Alday [email protected] Guillermo Molleda [email protected] pero eso no quita la pena y el vacío que deja nuestro querido amigo Oscar Calle (España), sabemos que en gran Staff y Coordinación parte es consecuencia de todos nosotros, nuestros ritmos Luis Álvarez Alday [email protected] Dionisio Fernández [email protected] de trabajo y vida han cambiado, y eso nos ha llevado a Rodrigo Ramírez [email protected] Álex Sandoval Morales [email protected] reorganizar nuestros tiempos.
    [Show full text]
  • Red Hat Enterprise Linux 7 移行計画ガイド
    Red Hat Enterprise Linux 7 移行計画ガイド Red Hat Enterprise Linux 7 への移行 Laura Bailey Red Hat Enterprise Linux 7 移行計画ガイド Red Hat Enterprise Linux 7 への移行 Laura Bailey 法律上の通知 Copyright © 2014 Red Hat, Inc. This document is licensed by Red Hat under the Creative Commons Attribution-ShareAlike 3.0 Unported License. If you distribute this document, or a modified version of it, you must provide attribution to Red Hat, Inc. and provide a link to the original. If the document is modified, all Red Hat trademarks must be removed. Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law. Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, MetaMatrix, Fedora, the Infinity Logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries. Linux ® is the registered trademark of Linus Torvalds in the United States and other countries. Java ® is a registered trademark of Oracle and/or its affiliates. XFS ® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries. MySQL ® is a registered trademark of MySQL AB in the United States, the European Union and other countries. Node.js ® is an official trademark of Joyent. Red Hat Software Collections is not formally related to or endorsed by the official Joyent Node.js open source or commercial project. The OpenStack ® Word Mark and OpenStack Logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission.
    [Show full text]
  • C4C Lubuntu 18.04.4 Respin User Guide & Manual
    C4C Lubuntu 18.04.4 ReSpin User Guide & Manual C4C Lubuntu 18.04.4 ReSpin User Guide & Manual About Your Christian Linux Distribution You are the light of the world. A city located on a hill can’t be hidden. Neither do you light a lamp and put it under a measuring basket, but on a stand; and it shines to all who are in the house. Even so, let your light shine before men, that they may see your good works and glorify your Father who is in heaven. Matthew 5:14-16 The C4C Lubuntu 18.04.4 ReSpin User Guide & Manual is Copyright © 2020 Computers4Christians. Computers4Christians accepts no responsibility for the accuracy, or use, of the information presented in the guide for any purpose and makes no commitment as to support for the computers, computer equipment and/or software, files or data it gives away. Only the Bible is infallible. TABLE OF CONTENTS C4C Lubuntu 18.04.4 ReSpin User Guide & Manual Table of Contents ABOUT , C4C, Statement of Faith, Disclaimer/Copyright Information .............................................3 Artistic License 2.0.................................................................................................................... 4 Christian Purpose [and Objectives], Secular Purpose, Linux, Chapters......................................6 Biblical Purpose, Why Free, Witness..........................................................................................7 C4C Lubuntu ReSpin................................................................................................................. 8 BEGIN..........................................................................................................................................
    [Show full text]
  • SUSE Linux Enterprise Desktop
    SUSE Linux Enterprise Desktop 11 www.novell.com 2009 5 12 应用程序指南 应用程序指南 所有内容的版权都属于 © 2006- 2009 Novell, Inc. 法律声明 本手册受 Novell 知识产权的保护。复制、复印或分发本手册,表示您明确同意遵守本许可协 议的条款。 本手册可如上或作为捆绑包的一部分免费复制、复印或分发(电子和/或打印格式),前提是 满足以下条件: 本版权声明及作者和贡献者姓名清晰明确地出现在复制、复印和分发的所有副本上。复制和/ 或分发本手册(尤其是打印格式)仅限于非商业用途。将本手册或其一部分用于任何其他用 途,都必须事先获得 Novell, Inc 的明确授权。 有关 Novell 商标的列表,请参见 Novell 商标和服务标记列表 (http://www.novell.com/company/legal/trademarks/tmlist.html) [http://www.novell.com/ company/legal/trademarks/tmlist.html]。 * Linux 是 Linus Torvalds 的注册商标。 所有第三方商标均属其各自所有者的财产。商标符号(®、™ 等)代表 Novell 商标;星号 (*) 代表第三方商标。 本指南力求涵盖所有细节。但这并不确保本指南准确无误。 无论是 Novell, Inc.、SUSE LINUX 产品 GmbH、作者还是翻译人员都不对任何可能的错误或因错误造成的任何后果负责。 目录 关于本指南 xi 部分 I OpenOffice.org Novell 版本 1 1 OpenOffice.org 办公套件 3 1.1 OpenOffice.org 模块 . 3 1.2 OpenOffice.org 3.0 中有哪些新增功能? . 4 1.3 Novell 版本的 OpenOffice.org . 4 1.4 与其他办公应用程序的兼容性 . 5 1.5 启动 OpenOffice.org . 7 1.6 用密码保存 OpenOffice.org 文件 . 8 1.7 对文档进行签名 . 8 1.8 自定义 OpenOffice.org . 9 1.9 更改全局设置 . 11 1.10 使用模板 . 13 1.11 更多信息 . 14 2 OpenOffice.org Writer 17 2.1 Writer 中有哪些新增功能? . 17 2.2 新建文档 . 18 2.3 与其他文字处理器共享文档 . 19 2.4 用样式设置格式 . 20 2.5 处理大文档 . 23 2.6 使用 Writer 作为 HTML 编辑器 . 25 3 OpenOffice.org Calc 27 3.1 Calc 中有哪些新增功能? . 27 3.2 新建文档 . 29 3.3 在 Calc 中使用格式设置和样式 . 29 4 其他 OpenOffice.org 模块 31 4.1 通过 Impress 使用演示文稿 . 31 4.2 通过 Base 使用数据库 . 34 4.3 使用 Draw 创建图形 . 38 4.4 使用 Math 创建数学公式 . 39 部分 II 信息管理 41 5 Kontact:处理电子邮件和日历 43 5.1 Kontact 概述 .
    [Show full text]
  • University of Ljubljana Faculty of Economics
    UNIVERSITY OF LJUBLJANA FACULTY OF ECONOMICS DIPLOMA THESIS ANALYSIS OF PROJECT MANAGEMENT INFORMATION TOOLS Ljubljana, September 2010 MARTINOVIĆ DAVOR DECLARATION I, Davor Martinović, hereby declare that I am the author of this undergraduate thesis written under the mentorship of dr. Aljaž Stare. I permit the publication of this thesis on the faculty's web pages. In Ljubljana, ____September 2010_____ Signature: _________________ TABLE OF CONTENTS INTRODUCTION....................................................................................................................................................... 1 1 PROJECT MANAGEMENT AND ITS TOOLS ...................................................................................................... 2 1.1 WHAT IS PROJECT MANAGEMENT ............................................................................................................ 2 1.2 PROJECT MANAGEMENT INFORMATION SYSTEM..................................................................................... 4 1.3 PROJECT MANAGEMENT SOFTWARE........................................................................................................ 6 1.4 PROJECT MANAGEMENT 2.0..................................................................................................................... 7 2 MARKET ANALYSIS ......................................................................................................................................... 8 2.1 SURVEYS ON THE TOPIC .........................................................................................................................
    [Show full text]
  • Herramientas Software Para Una Optima Gestión Del Proceso De Desarrollo De Software, a Utilizarse En Las Empresas De Software De La Provincia De Catamarca
    Herramientas Software Para Una Optima Gestión del Proceso de desarrollo de software, a utilizarse en las Empresas de Software de la Provincia de Catamarca María Carolina Haustein, Diana Palliotto, María Isabel Korzenieswki Departamento Informática/Facultad de Tecnología/Universidad Nacional de Catamarca Maximio Victoria N° 55- San Fernando del Valle de Catamarca 0383 4435112,int 165 [email protected]; [email protected]; [email protected] tareas y subtareas, la asignación de recursos financieros, Resumen humanos y temporales. Una de las metas siempre vigente en las empresas Toda empresa desarrolladora de software debe definir sus desarrolladoras de software, es mejorar el proceso de objetivos y las estrategias para alcanzar los mismos. Al desarrollo, para lo cual, se fueron fijando y ejecutando momento de definir sus estrategias, es sumamente distintas estrategias, la más recurrente fue la creación de importante, que las autoridades de las empresas transmitan nuevas metodologías. Hasta que a principios del siglo XXI, las mismas hacia todos los integrantes del equipo, o de la se advirtió que lo que fallaba en la gran parte de las empresa. El uso de herramientas para ayudar a la gestión de empresas, era la gestión en el desarrollo de software, tarea un proceso de desarrollo, son muy importante, ya que, esta, sumamente importante, ya que se encarga de la ayudan a las autoridades a llevar un control de los procesos. planificación, asignación de recursos, la documentación y Se define a una aplicación de administración de proyecto, fundamentalmente el control en el proceso desarrollo. áquella que ayuda a crear y realizar el seguimiento de los Existen varias herramientas que ayudan a un jefe de equipo planes de proyectos, a la asignación de recursos, a realizar la de proyecto de desarrollo de software, a realizar una la planificación temporal, de manera que se pueda cumplir con gestión del mismo.
    [Show full text]