Securing software development lifecycle using artificial intelligence and security chaos engineering
Aunque los procesos de desarrollo de software se han optimizado sustancialmente en los últimos años, las brechas de seguridad siguen representando un factor de riesgo importante para las organizaciones. Los procesos de transformación digital que no implementan la seguridad como pilar tienden a gener...
- Autores:
- Tipo de recurso:
- Fecha de publicación:
- 2024
- Institución:
- Universidad del Rosario
- Repositorio:
- Repositorio EdocUR - U. Rosario
- Idioma:
- eng
- OAI Identifier:
- oai:repository.urosario.edu.co:10336/43178
- Acceso en línea:
- https://repository.urosario.edu.co/handle/10336/43178
- Palabra clave:
- Security Chaos Engineering
DevSecOps
Inteligencia Artificial
Modelado de Amenazas
Seguridad en Aplicaciones
Large Langage Models
Árboles de Ataque
Application Security
DevSecOps
Artificial Intelligence
Security Chaos Engineering
Large Language Models
Threat Modeling
Attack Trees
- Rights
- License
- Attribution 4.0 International
| id |
EDOCUR2_538fbdcd5d886a470d57a1d3a67bfc94 |
|---|---|
| oai_identifier_str |
oai:repository.urosario.edu.co:10336/43178 |
| network_acronym_str |
EDOCUR2 |
| network_name_str |
Repositorio EdocUR - U. Rosario |
| repository_id_str |
|
| dc.title.none.fl_str_mv |
Securing software development lifecycle using artificial intelligence and security chaos engineering |
| dc.title.TranslatedTitle.none.fl_str_mv |
Aseguramiento del ciclo de vida del software utilizando Inteligencia Artificial y Security Chaos Engineering |
| title |
Securing software development lifecycle using artificial intelligence and security chaos engineering |
| spellingShingle |
Securing software development lifecycle using artificial intelligence and security chaos engineering Security Chaos Engineering DevSecOps Inteligencia Artificial Modelado de Amenazas Seguridad en Aplicaciones Large Langage Models Árboles de Ataque Application Security DevSecOps Artificial Intelligence Security Chaos Engineering Large Language Models Threat Modeling Attack Trees |
| title_short |
Securing software development lifecycle using artificial intelligence and security chaos engineering |
| title_full |
Securing software development lifecycle using artificial intelligence and security chaos engineering |
| title_fullStr |
Securing software development lifecycle using artificial intelligence and security chaos engineering |
| title_full_unstemmed |
Securing software development lifecycle using artificial intelligence and security chaos engineering |
| title_sort |
Securing software development lifecycle using artificial intelligence and security chaos engineering |
| dc.contributor.advisor.none.fl_str_mv |
Díaz López, Daniel Orlando |
| dc.subject.none.fl_str_mv |
Security Chaos Engineering DevSecOps Inteligencia Artificial Modelado de Amenazas Seguridad en Aplicaciones Large Langage Models Árboles de Ataque |
| topic |
Security Chaos Engineering DevSecOps Inteligencia Artificial Modelado de Amenazas Seguridad en Aplicaciones Large Langage Models Árboles de Ataque Application Security DevSecOps Artificial Intelligence Security Chaos Engineering Large Language Models Threat Modeling Attack Trees |
| dc.subject.keyword.none.fl_str_mv |
Application Security DevSecOps Artificial Intelligence Security Chaos Engineering Large Language Models Threat Modeling Attack Trees |
| description |
Aunque los procesos de desarrollo de software se han optimizado sustancialmente en los últimos años, las brechas de seguridad siguen representando un factor de riesgo importante para las organizaciones. Los procesos de transformación digital que no implementan la seguridad como pilar tienden a generar reprocesos y costos adicionales por remediación; en el peor de los casos, fugas de información, ataques de ransomware, denegación de servicio y otros ciberataques que generan fuerte impacto reputacional, legal o monetario. A lo largo de los años, las prácticas de desarrollo seguro han evolucionado, y hoy en día los frameworks de desarrollo ayudan a prevenir intrínsecamente las vulnerabilidades. También han surgido los Programas de Seguridad de Aplicaciones, que son un mecanismo que engloba las políticas, directrices, procesos, herramientas y personas que las organizaciones implementan para proteger sus aplicaciones. Aumentar el nivel de madurez de un programa de seguridad de aplicaciones requiere automatizar actividades y definir formas novedosas de desafiar la seguridad de las aplicaciones. Uno de los mecanismos en auge para automatizar las actividades de seguridad es la Inteligencia Artificial, con el surgimiento de los Large Language Models es posible resolver tareas en cada fase del ciclo de vida del software, reduciendo el tiempo empleado por las organizaciones para generar sistemas seguros. Por otro lado, a través de Security Chaos Engineering es posible descubrir nuevas formas de riesgo que no son fácilmente descubiertas a través de métodos tradicionales de pen-testing o herramientas automatizadas, lo que mejora la postura de seguridad de las aplicaciones. Esta tesis de máster genera una serie de aportaciones que permiten a las organizaciones mejorar sus Programas de Seguridad de Aplicaciones. Este trabajo introduce ideas sobre la identificación temprana de amenazas aplicando Procesamiento del Lenguaje Natural sobre historias de usuario, demuestra la automatización de modelos de amenazas basados en árboles de ataque-defensa utilizando Large Language Models, y propone casos de uso de Security Chaos Engineering aplicables a prácticas DevSecOps. |
| publishDate |
2024 |
| dc.date.accessioned.none.fl_str_mv |
2024-07-31T16:03:04Z |
| dc.date.available.none.fl_str_mv |
2024-07-31T16:03:04Z |
| dc.date.created.none.fl_str_mv |
2024-04-16 |
| dc.date.embargoEnd.none.fl_str_mv |
info:eu-repo/date/embargoEnd/2026-08-01 |
| dc.type.none.fl_str_mv |
bachelorThesis |
| dc.type.coar.fl_str_mv |
http://purl.org/coar/resource_type/c_7a1f |
| dc.type.spa.none.fl_str_mv |
Trabajo de grado |
| dc.identifier.uri.none.fl_str_mv |
https://repository.urosario.edu.co/handle/10336/43178 |
| url |
https://repository.urosario.edu.co/handle/10336/43178 |
| dc.language.iso.none.fl_str_mv |
eng |
| language |
eng |
| dc.rights.*.fl_str_mv |
Attribution 4.0 International |
| dc.rights.coar.fl_str_mv |
http://purl.org/coar/access_right/c_f1cf |
| dc.rights.acceso.none.fl_str_mv |
Restringido (Temporalmente bloqueado) |
| dc.rights.uri.*.fl_str_mv |
http://creativecommons.org/licenses/by/4.0/ |
| rights_invalid_str_mv |
Attribution 4.0 International Restringido (Temporalmente bloqueado) http://creativecommons.org/licenses/by/4.0/ http://purl.org/coar/access_right/c_f1cf |
| dc.format.extent.none.fl_str_mv |
54 pp |
| dc.format.mimetype.none.fl_str_mv |
application/pdf |
| dc.publisher.spa.fl_str_mv |
Universidad del Rosario |
| dc.publisher.department.spa.fl_str_mv |
Escuela de Ingeniería, Ciencia y Tecnología |
| dc.publisher.program.spa.fl_str_mv |
Maestría en Matemáticas Aplicadas y Ciencias de la Computación |
| institution |
Universidad del Rosario |
| dc.source.bibliographicCitation.none.fl_str_mv |
United States Code. Sarbanes-oxley act of 2002, pl 107-204, 116 stat 745. Codified in Sections 11, 15, 18, 28, and 29 USC, July 2002. Centers for Medicare & Medicaid Services. The Health Insurance Portability and Accountability Act of 1996 (HIPAA). Online at http://www.cms.hhs.gov/hipaa/, 1996. Edward A. Morse and Vasant Raval. Pci dss: Payment card industry data security standards in context. Computer Law & Security Review, 24(6):540–554, 2008. OWASP Foundation. The owasp application security program quick start guide. Accessed: 12-01-2024. OWASP Foundation. Opensamm. Online at https://www.opensamm.org/, Mar 2011. Accessed: 12-01-2024. Herb Krasner. The cost of poor software quality in the us: A 2020 report. Proc. Consortium Inf. Softw. QualityTM (CISQTM), pages 1–46, 2021. OWASP Foundation. The zap homepage. Online at https://www.zaproxy.org/. Accessed: 19-01-2024. PortSwigger. Burpsuite - application security testing software. Online at https://portswigger.net/burp. Accessed: 19-01-2024. Snyk. Developer security: Develop fast. stay secure. Online at https://snyk.io/. Accessed: 19-01-2024. Opentext. Fortify application security. Online at https://www.microfocus.com/eses/cyberres/application-security. Accessed: 19-01-2024. Sara Palacios Chavarro, Pantaleone Nespoli, Daniel D´ıaz-L´opez, and Yury Ni˜no Roa. On the Way to Automatic Exploitation of Vulnerabilities and Validation of Systems Security through Security Chaos Engineering. Big Data and Cognitive Computing, 7(1), 2023. OWASP Foundation. Owasp top ten. Online at https://owasp.org/www-project-topten/. Accessed: 23-01-2024. Mark E. Haase. Top 25 software errors — sans institute. Online at https://www.sans.org/top25-software-errors/. Accessed: 23-01-2024. Guntur Budi Herwanto, Gerald Quirchmayr, and A Min Tjoa. A named entity recognition based approach for privacy requirements engineering. In 2021 IEEE 29th International Requirements Engineering Conference Workshops (REW), pages 406–411. IEEE, 2021. Google. Google bard: A conversational ai tool by google. Online at https://bard.google.com/. Accessed: 28-01-2024. Huggingface. Bigscience large open-science open-access multilingual language model. Online at https://huggingface.co/bigscience/bloom. Accessed: 28-01-2024. Jose Antonio Lanz. Gpt-5 is officially on the openai roadmap despite prior hesitation. Online at https://decrypt.co/206044/gpt-5-openai-development-roadmap-gpt-4, Nov 2023. Accessed: 28-01-2024. Shawn Hernan, Scott Lambert, Tomasz Ostwald, and Adam Shostack. Uncover security design flaws using the STRIDE approach. MSDN Magazine, Nov. 2006. Tony UcedaVelez and Marco M Morana. Risk Centric Threat Modeling: process for attack simulation and threat analysis. John Wiley & Sons, 2015. Paul Saitta, Brenda Larcom, and Michael Eddington. Trike v. 1 methodology document [draft]. URL: http://dymaxion. org/trike/Trike v1 Methodology Documentdraft. pdf, 2005. Archana Singhal, Hema Banati, et al. Fuzzy logic approach for threat prioritization in agile security framework using dread model. arXiv preprint arXiv:1312.6836, 2013. |
| dc.source.instname.none.fl_str_mv |
instname:Universidad del Rosario |
| dc.source.reponame.spa.fl_str_mv |
reponame:Repositorio Institucional EdocUR |
| bitstream.url.fl_str_mv |
https://repository.urosario.edu.co/bitstreams/75403eed-8831-478b-970e-dd91b7d8ab47/download https://repository.urosario.edu.co/bitstreams/135e905d-dd6f-4ea1-9cef-d3e9a62c8826/download https://repository.urosario.edu.co/bitstreams/dea7d680-7628-419f-a931-c4c7ea4eee47/download https://repository.urosario.edu.co/bitstreams/bcc5335f-29f0-445c-96d5-cab34a11e03c/download https://repository.urosario.edu.co/bitstreams/d32f3eee-aef2-4968-afc3-9d528e4737a6/download |
| bitstream.checksum.fl_str_mv |
663b40ee8f2b815c56e69d5b5f5312f5 b2825df9f458e9d5d96ee8b7cd74fde6 313ea3fe4cd627df823c57a0f12776e5 252ab0a233d366f10e1fab0cbeb33af8 4ea9bca083a7e7224681944666f86f9f |
| bitstream.checksumAlgorithm.fl_str_mv |
MD5 MD5 MD5 MD5 MD5 |
| repository.name.fl_str_mv |
Repositorio institucional EdocUR |
| repository.mail.fl_str_mv |
edocur@urosario.edu.co |
| _version_ |
1814167647783223296 |
| spelling |
Díaz López, Daniel Orlando1061695713600Bedoya Rodríguez, Martín StevenMagíster en Matemáticas Aplicadas y Ciencias de la ComputaciónFull time996b45c5-776c-4797-9b1a-bb3fa9375828-12024-07-31T16:03:04Z2024-07-31T16:03:04Z2024-04-16info:eu-repo/date/embargoEnd/2026-08-01Aunque los procesos de desarrollo de software se han optimizado sustancialmente en los últimos años, las brechas de seguridad siguen representando un factor de riesgo importante para las organizaciones. Los procesos de transformación digital que no implementan la seguridad como pilar tienden a generar reprocesos y costos adicionales por remediación; en el peor de los casos, fugas de información, ataques de ransomware, denegación de servicio y otros ciberataques que generan fuerte impacto reputacional, legal o monetario. A lo largo de los años, las prácticas de desarrollo seguro han evolucionado, y hoy en día los frameworks de desarrollo ayudan a prevenir intrínsecamente las vulnerabilidades. También han surgido los Programas de Seguridad de Aplicaciones, que son un mecanismo que engloba las políticas, directrices, procesos, herramientas y personas que las organizaciones implementan para proteger sus aplicaciones. Aumentar el nivel de madurez de un programa de seguridad de aplicaciones requiere automatizar actividades y definir formas novedosas de desafiar la seguridad de las aplicaciones. Uno de los mecanismos en auge para automatizar las actividades de seguridad es la Inteligencia Artificial, con el surgimiento de los Large Language Models es posible resolver tareas en cada fase del ciclo de vida del software, reduciendo el tiempo empleado por las organizaciones para generar sistemas seguros. Por otro lado, a través de Security Chaos Engineering es posible descubrir nuevas formas de riesgo que no son fácilmente descubiertas a través de métodos tradicionales de pen-testing o herramientas automatizadas, lo que mejora la postura de seguridad de las aplicaciones. Esta tesis de máster genera una serie de aportaciones que permiten a las organizaciones mejorar sus Programas de Seguridad de Aplicaciones. Este trabajo introduce ideas sobre la identificación temprana de amenazas aplicando Procesamiento del Lenguaje Natural sobre historias de usuario, demuestra la automatización de modelos de amenazas basados en árboles de ataque-defensa utilizando Large Language Models, y propone casos de uso de Security Chaos Engineering aplicables a prácticas DevSecOps.Although software development processes have been substantially optimized in recent years, security breaches continue to represent a major risk factor for companies. Digital transformation processes that do not implement security as a pillar tend to generate reprocesses and additional costs for remediation, in the worst cases, information leaks, ransomware attacks, denials of service, and other cyber-attacks that generate strong reputational, legal, or monetary impact. Over the years, secure development practices have evolved, and today frameworks help to intrinsically prevent vulnerabilities. Application Security Programs have also emerged, which are a mechanism that encompasses the policies, guidelines, processes, tools, and people that companies implement to protect their applications. Increasing the maturity level of an application security program requires automating activities and defining novel ways to challenge application security. One of the mechanisms in ague to automate security activities is Artificial Intelligence, with the advent of Large Language Models it is possible to solve tasks in each phase of the software life cycle, reducing the time spent by companies to generate secure systems. On the other hand, through Security Chaos Engineering it is possible to discover new forms of risk that are not easily discovered through traditional pen-testing methods or automated tools, which improves the security posture of applications. This master thesis generates a series of contributions that allow companies to improve their Application Security Programs. This work introduces ideas on early threat identification by applying Natural Language Processing on user stories, demonstrates the automation of threat models based on attack-defense trees using Large Language Models, and proposes Security Chaos Engineering use cases applicable to DevSecOps practices.54 ppapplication/pdfhttps://repository.urosario.edu.co/handle/10336/43178engUniversidad del RosarioEscuela de Ingeniería, Ciencia y TecnologíaMaestría en Matemáticas Aplicadas y Ciencias de la ComputaciónAttribution 4.0 InternationalRestringido (Temporalmente bloqueado)http://creativecommons.org/licenses/by/4.0/http://purl.org/coar/access_right/c_f1cfUnited States Code. Sarbanes-oxley act of 2002, pl 107-204, 116 stat 745. Codified in Sections 11, 15, 18, 28, and 29 USC, July 2002.Centers for Medicare & Medicaid Services. The Health Insurance Portability and Accountability Act of 1996 (HIPAA). Online at http://www.cms.hhs.gov/hipaa/, 1996.Edward A. Morse and Vasant Raval. Pci dss: Payment card industry data security standards in context. Computer Law & Security Review, 24(6):540–554, 2008.OWASP Foundation. The owasp application security program quick start guide. Accessed: 12-01-2024.OWASP Foundation. Opensamm. Online at https://www.opensamm.org/, Mar 2011. Accessed: 12-01-2024.Herb Krasner. The cost of poor software quality in the us: A 2020 report. Proc. Consortium Inf. Softw. QualityTM (CISQTM), pages 1–46, 2021.OWASP Foundation. The zap homepage. Online at https://www.zaproxy.org/. Accessed: 19-01-2024.PortSwigger. Burpsuite - application security testing software. Online at https://portswigger.net/burp. Accessed: 19-01-2024.Snyk. Developer security: Develop fast. stay secure. Online at https://snyk.io/. Accessed: 19-01-2024.Opentext. Fortify application security. Online at https://www.microfocus.com/eses/cyberres/application-security. Accessed: 19-01-2024.Sara Palacios Chavarro, Pantaleone Nespoli, Daniel D´ıaz-L´opez, and Yury Ni˜no Roa. On the Way to Automatic Exploitation of Vulnerabilities and Validation of Systems Security through Security Chaos Engineering. Big Data and Cognitive Computing, 7(1), 2023.OWASP Foundation. Owasp top ten. Online at https://owasp.org/www-project-topten/. Accessed: 23-01-2024.Mark E. Haase. Top 25 software errors — sans institute. Online at https://www.sans.org/top25-software-errors/. Accessed: 23-01-2024.Guntur Budi Herwanto, Gerald Quirchmayr, and A Min Tjoa. A named entity recognition based approach for privacy requirements engineering. In 2021 IEEE 29th International Requirements Engineering Conference Workshops (REW), pages 406–411. IEEE, 2021.Google. Google bard: A conversational ai tool by google. Online at https://bard.google.com/. Accessed: 28-01-2024.Huggingface. Bigscience large open-science open-access multilingual language model. Online at https://huggingface.co/bigscience/bloom. Accessed: 28-01-2024.Jose Antonio Lanz. Gpt-5 is officially on the openai roadmap despite prior hesitation. Online at https://decrypt.co/206044/gpt-5-openai-development-roadmap-gpt-4, Nov 2023. Accessed: 28-01-2024.Shawn Hernan, Scott Lambert, Tomasz Ostwald, and Adam Shostack. Uncover security design flaws using the STRIDE approach. MSDN Magazine, Nov. 2006.Tony UcedaVelez and Marco M Morana. Risk Centric Threat Modeling: process for attack simulation and threat analysis. John Wiley & Sons, 2015.Paul Saitta, Brenda Larcom, and Michael Eddington. Trike v. 1 methodology document [draft]. URL: http://dymaxion. org/trike/Trike v1 Methodology Documentdraft. pdf, 2005.Archana Singhal, Hema Banati, et al. Fuzzy logic approach for threat prioritization in agile security framework using dread model. arXiv preprint arXiv:1312.6836, 2013.instname:Universidad del Rosarioreponame:Repositorio Institucional EdocURSecurity Chaos EngineeringDevSecOpsInteligencia ArtificialModelado de AmenazasSeguridad en AplicacionesLarge Langage ModelsÁrboles de AtaqueApplication SecurityDevSecOpsArtificial IntelligenceSecurity Chaos EngineeringLarge Language ModelsThreat ModelingAttack TreesSecuring software development lifecycle using artificial intelligence and security chaos engineeringAseguramiento del ciclo de vida del software utilizando Inteligencia Artificial y Security Chaos EngineeringbachelorThesisTrabajo de gradohttp://purl.org/coar/resource_type/c_7a1fEscuela de Ingeniería, Ciencia y TecnologíaBogotáORIGINALSecuring-software-development-lifecycle-using.pdfSecuring-software-development-lifecycle-using.pdfapplication/pdf2713747https://repository.urosario.edu.co/bitstreams/75403eed-8831-478b-970e-dd91b7d8ab47/download663b40ee8f2b815c56e69d5b5f5312f5MD51LICENSElicense.txtlicense.txttext/plain1483https://repository.urosario.edu.co/bitstreams/135e905d-dd6f-4ea1-9cef-d3e9a62c8826/downloadb2825df9f458e9d5d96ee8b7cd74fde6MD52CC-LICENSElicense_rdflicense_rdfapplication/rdf+xml; charset=utf-81019https://repository.urosario.edu.co/bitstreams/dea7d680-7628-419f-a931-c4c7ea4eee47/download313ea3fe4cd627df823c57a0f12776e5MD53TEXTSecuring-software-development-lifecycle-using.pdf.txtSecuring-software-development-lifecycle-using.pdf.txtExtracted texttext/plain100330https://repository.urosario.edu.co/bitstreams/bcc5335f-29f0-445c-96d5-cab34a11e03c/download252ab0a233d366f10e1fab0cbeb33af8MD54THUMBNAILSecuring-software-development-lifecycle-using.pdf.jpgSecuring-software-development-lifecycle-using.pdf.jpgGenerated Thumbnailimage/jpeg2904https://repository.urosario.edu.co/bitstreams/d32f3eee-aef2-4968-afc3-9d528e4737a6/download4ea9bca083a7e7224681944666f86f9fMD5510336/43178oai:repository.urosario.edu.co:10336/431782024-08-01 03:03:32.565http://creativecommons.org/licenses/by/4.0/Attribution 4.0 Internationalhttps://repository.urosario.edu.coRepositorio institucional EdocURedocur@urosario.edu.coRUwoTE9TKSBBVVRPUihFUyksIG1hbmlmaWVzdGEobWFuaWZlc3RhbW9zKSBxdWUgbGEgb2JyYSBvYmpldG8gZGUgbGEgcHJlc2VudGUgYXV0b3JpemFjacOzbiBlcyBvcmlnaW5hbCB5IGxhIHJlYWxpesOzIHNpbiB2aW9sYXIgbyB1c3VycGFyIGRlcmVjaG9zIGRlIGF1dG9yIGRlIHRlcmNlcm9zLCBwb3IgbG8gdGFudG8gbGEgb2JyYSBlcyBkZSBleGNsdXNpdmEgYXV0b3LDrWEgeSB0aWVuZSBsYSB0aXR1bGFyaWRhZCBzb2JyZSBsYSBtaXNtYS4KPGJyLz4KUEFSQUdSQUZPOiBFbiBjYXNvIGRlIHByZXNlbnRhcnNlIGN1YWxxdWllciByZWNsYW1hY2nDs24gbyBhY2Npw7NuIHBvciBwYXJ0ZSBkZSB1biB0ZXJjZXJvIGVuIGN1YW50byBhIGxvcyBkZXJlY2hvcyBkZSBhdXRvciBzb2JyZSBsYSBvYnJhIGVuIGN1ZXN0acOzbiwgRUwgQVVUT1IsIGFzdW1pcsOhIHRvZGEgbGEgcmVzcG9uc2FiaWxpZGFkLCB5IHNhbGRyw6EgZW4gZGVmZW5zYSBkZSBsb3MgZGVyZWNob3MgYXF1w60gYXV0b3JpemFkb3M7IHBhcmEgdG9kb3MgbG9zIGVmZWN0b3MgbGEgdW5pdmVyc2lkYWQgYWN0w7phIGNvbW8gdW4gdGVyY2VybyBkZSBidWVuYSBmZS4KPGhyLz4KRUwgQVVUT1IsIGF1dG9yaXphIGEgTEEgVU5JVkVSU0lEQUQgREVMIFJPU0FSSU8sICBwYXJhIHF1ZSBlbiBsb3MgdMOpcm1pbm9zIGVzdGFibGVjaWRvcyBlbiBsYSBMZXkgMjMgZGUgMTk4MiwgTGV5IDQ0IGRlIDE5OTMsIERlY2lzacOzbiBhbmRpbmEgMzUxIGRlIDE5OTMsIERlY3JldG8gNDYwIGRlIDE5OTUgeSBkZW3DoXMgbm9ybWFzIGdlbmVyYWxlcyBzb2JyZSBsYSBtYXRlcmlhLCAgdXRpbGljZSB5IHVzZSBsYSBvYnJhIG9iamV0byBkZSBsYSBwcmVzZW50ZSBhdXRvcml6YWNpw7NuLgoKLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0KClBPTElUSUNBIERFIFRSQVRBTUlFTlRPIERFIERBVE9TIFBFUlNPTkFMRVMuIERlY2xhcm8gcXVlIGF1dG9yaXpvIHByZXZpYSB5IGRlIGZvcm1hIGluZm9ybWFkYSBlbCB0cmF0YW1pZW50byBkZSBtaXMgZGF0b3MgcGVyc29uYWxlcyBwb3IgcGFydGUgZGUgTEEgVU5JVkVSU0lEQUQgREVMIFJPU0FSSU8gIHBhcmEgZmluZXMgYWNhZMOpbWljb3MgeSBlbiBhcGxpY2FjacOzbiBkZSBjb252ZW5pb3MgY29uIHRlcmNlcm9zIG8gc2VydmljaW9zIGNvbmV4b3MgY29uIGFjdGl2aWRhZGVzIHByb3BpYXMgZGUgbGEgYWNhZGVtaWEsIGNvbiBlc3RyaWN0byBjdW1wbGltaWVudG8gZGUgbG9zIHByaW5jaXBpb3MgZGUgbGV5LiBQYXJhIGVsIGNvcnJlY3RvIGVqZXJjaWNpbyBkZSBtaSBkZXJlY2hvIGRlIGhhYmVhcyBkYXRhICBjdWVudG8gY29uIGxhIGN1ZW50YSBkZSBjb3JyZW8gaGFiZWFzZGF0YUB1cm9zYXJpby5lZHUuY28sIGRvbmRlIHByZXZpYSBpZGVudGlmaWNhY2nDs24gIHBvZHLDqSBzb2xpY2l0YXIgbGEgY29uc3VsdGEsIGNvcnJlY2Npw7NuIHkgc3VwcmVzacOzbiBkZSBtaXMgZGF0b3MuCg== |