Computer Engineering Commons^™

Improving Developers' Understanding Of Regex Denial Of Service Tools Through Anti-Patterns And Fix Strategies, Sk Adnan Hassan, Zainab Aamir, Dongyoon Lee, James C. Davis, Francisco Servant

Department of Electrical and Computer Engineering Faculty Publications

Regular expressions are used for diverse purposes, including input validation and firewalls. Unfortunately, they can also lead to a security vulnerability called ReDoS (Regular Expression Denial of Service), caused by a super-linear worst-case execution time during regex matching. Due to the severity and prevalence of ReDoS, past work proposed automatic tools to detect and fix regexes. Although these tools were evaluated in automatic experiments, their usability has not yet been studied; usability has not been a focus of prior work. Our insight is that the usability of existing tools to detect and fix regexes will improve if we complement them …

An Empirical Study Of Pre-Trained Model Reuse In The Hugging Face Deep Learning Model Registry, Wenxin Jiang, Nicholas Synovic, Matt Hyatt, Taylor R. Schorlemmer, Rohan Sethi, Yung-Hsiang Lu, George K. Thiruvathukal, James C. Davis

Department of Electrical and Computer Engineering Faculty Publications

Deep Neural Networks (DNNs) are being adopted as components in software systems. Creating and specializing DNNs from scratch has grown increasingly difficult as state-of-the-art architectures grow more complex. Following the path of traditional software engineering, machine learning engineers have begun to reuse large-scale pre-trained models (PTMs) and fine-tune these models for downstream tasks. Prior works have studied reuse practices for traditional software packages to guide software engineers towards better package maintenance and dependency management. We lack a similar foundation of knowledge to guide behaviors in pre-trained model ecosystems.

In this work, we present the first empirical investigation of PTM reuse. …

Redefining Research In Nanotechnology Simulations: A New Approach To Data Caching And Analysis, Darin Tsai, Alan Zhang, Aloysius Rebeiro

The Journal of Purdue Undergraduate Research

No abstract provided.

Sok: Analysis Of Software Supply Chain Security By Establishing Secure Design Properties, Chinenye Okafor, Taylor R. Schorlemmer, Santiao Torres-Arias, James C. Davis

Department of Electrical and Computer Engineering Faculty Publications

This paper systematizes knowledge about secure software supply chain patterns. It identifies four stages of a software supply chain attack and proposes three security properties crucial for a secured supply chain: transparency, validity, and separation. The paper describes current security approaches and maps them to the proposed security properties, including research ideas and case studies of supply chains in practice. It discusses the strengths and weaknesses of current approaches relative to known attacks and details the various security frameworks put out to ensure the security of the software supply chain. Finally, the paper highlights potential gaps in actor and operation-centered …

Reflecting On Recurring Failures In Iot Development, Dharun Anandayuvaraj, James C. Davis

Department of Electrical and Computer Engineering Faculty Publications

As IoT systems are given more responsibility and autonomy, they offer greater benefits, but also carry greater risks. We believe this trend invigorates an old challenge of software engineering: how to develop high-risk software-intensive systems safely and securely under market pressures? As a first step, we conducted a systematic analysis of recent IoT failures to identify engineering challenges. We collected and analyzed 22 news reports and studied the sources, impacts, and repair strategies of failures in IoT systems. We observed failure trends both within and across application domains. We also observed that failure themes have persisted over time. To alleviate …

Exploiting Input Sanitization For Regex Denial Of Service, Efe Barlas, Xin Du, James C. Davis

Department of Electrical and Computer Engineering Faculty Publications

Web services use server-side input sanitization to guard against harmful input. Some web services publish their sanitization logic to make their client interface more usable, e.g., allowing clients to debug invalid requests locally. However, this usability practice poses a security risk. Specifically, services may share the regexes they use to sanitize input strings — and regex-based denial of service (ReDoS) is an emerging threat. Although prominent service outages caused by ReDoS have spurred interest in this topic, we know little about the degree to which live web services are vulnerable to ReDoS.

In this paper, we conduct the first black-box …

Discrepancies Among Pre-Trained Deep Neural Networks: A New Threat To Model Zoo Reliability, Diego Montes, Pongpatapee Peerapatanapokin, Jeff Schultz, Chengjun Guo, Wenxin Jiang, James C. Davis

Department of Electrical and Computer Engineering Faculty Publications

Training deep neural networks (DNNs) takes significant time and resources. A practice for expedited deployment is to use pre-trained deep neural networks (PTNNs), often from model zoos.collections of PTNNs; yet, the reliability of model zoos remains unexamined. In the absence of an industry standard for the implementation and performance of PTNNs, engineers cannot confidently incorporate them into production systems. As a first step, discovering potential discrepancies between PTNNs across model zoos would reveal a threat to model zoo reliability. Prior works indicated existing variances in deep learning systems in terms of accuracy. However, broader measures of reliability for PTNNs from …

An Empirical Study On The Impact Of Deep Parameters On Mobile App Energy Usage, Qiang Xu, James C. Davis, Y Charlie Hu, Abhilash Jindal

Department of Electrical and Computer Engineering Faculty Publications

Improving software performance through configuration parameter tuning is a common activity during software maintenance. Beyond traditional performance metrics like latency, mobile app developers are interested in reducing app energy usage. Some mobile apps have centralized locations for parameter tuning, similar to databases and operating systems, but it is common for mobile apps to have hundreds of parameters scattered around the source code. The correlation between these "deep" parameters and app energy usage is unclear. Researchers have studied the energy effects of deep parameters in specific modules, but we lack a systematic understanding of the energy impact of mobile deep parameters. …

Reflections On Software Failure Analysis, Paschal C. Amusuo, Aishwarya Sharma, Siddharth R. Rao, Abbey Vincent, James C. Davis

Department of Electrical and Computer Engineering Faculty Publications

Failure studies are important in revealing the root causes, behaviors, and life cycle of defects in software systems. These studies either focus on understanding the characteristics of defects in specific classes of systems or the characteristics of a specific type of defect in the systems it manifests in. Failure studies have influenced various software engineering research directions, especially in the area of software evolution, defect detection, and program repair.

In this paper, we reflect on the conduct of failure studies in software engineering. We reviewed a sample of 52 failure study papers. We identified several recurring problems in these studies, …

Implementation Of A Speech Recognition Algorithm To Facilitate Verbal Commands For Visual Analytics Law Enforcement Toolkit, Shubham S. Rastogi, David L. Wiszowaty, Hanye Xu, Abish Malik, David S. Ebert

The Summer Undergraduate Research Fellowship (SURF) Symposium

The VALET (Visual Analytics Law Enforcement Toolkit) system allows the user to visualize and predict crime hotspots and analyze crime data. Police officers have difficulty in using VALET in a mobile situation, since the system allows only conventional input interfaces (keyboard and mouse). This research focuses on introducing a new input interface to VALET in the form of speech recognition, which allows the user to interact with the software without losing functionality. First an Application Program Interface (API) that was compatible with the VALET system was found and initial code scripts to test its functionality were written. Next, the code …

Gpu/Cpu Performance Of Image Processing Tasks For Use In The Cam 2 System, Jonathan Cottom, Yung-Hsiang Lu, Young-Sol Koh

The Summer Undergraduate Research Fellowship (SURF) Symposium

Over the past several years, graphics processing units (GPU) have increasingly been viewed as the future of image processing engines. Currently, the Continuous Analysis of Many CAMeras (CAM²) project performs its processing on CPUs, which will potentially be more costly as the system scales to service more users. This study seeks to analyze the performance gains of GPU processing and evaluate the advantage of supporting GPU-accelerated analysis for CAM² users. The platform for comparing the CPU and GPU performance has been the NVIDIA Jetson TK1. The target hardware implementation is an Amazon cloud instance, where final cost …

Improved Microrobotic Control Through Image Processing And Automated Hardware Interfacing, Archit R. Aggarwal, Wuming Jing, David J. Cappelleri

The Summer Undergraduate Research Fellowship (SURF) Symposium

Untethered submilliliter-sized robots (microrobots) are showing potential use in different industrial, manufacturing and medical applications. A particular type of these microrobots, magnetic robots, have shown improved performance in power and control capabilities compared to the other thermal and electrostatic based robots. However, the magnetic robot designs have not been assessed in a robust manner to understand the degree of control in different environments and their application feasibility. This research project seeks to develop a custom control software interface to provide a holistic tool for researchers to evaluate the microrobotic performance through advance control features. The software deliverable involved two main …