Computer Sciences Commons^™

Improving Developers' Understanding Of Regex Denial Of Service Tools Through Anti-Patterns And Fix Strategies, Sk Adnan Hassan, Zainab Aamir, Dongyoon Lee, James C. Davis, Francisco Servant

Department of Electrical and Computer Engineering Faculty Publications

Regular expressions are used for diverse purposes, including input validation and firewalls. Unfortunately, they can also lead to a security vulnerability called ReDoS (Regular Expression Denial of Service), caused by a super-linear worst-case execution time during regex matching. Due to the severity and prevalence of ReDoS, past work proposed automatic tools to detect and fix regexes. Although these tools were evaluated in automatic experiments, their usability has not yet been studied; usability has not been a focus of prior work. Our insight is that the usability of existing tools to detect and fix regexes will improve if we complement them …

Exploiting Input Sanitization For Regex Denial Of Service, Efe Barlas, Xin Du, James C. Davis

Department of Electrical and Computer Engineering Faculty Publications

Web services use server-side input sanitization to guard against harmful input. Some web services publish their sanitization logic to make their client interface more usable, e.g., allowing clients to debug invalid requests locally. However, this usability practice poses a security risk. Specifically, services may share the regexes they use to sanitize input strings — and regex-based denial of service (ReDoS) is an emerging threat. Although prominent service outages caused by ReDoS have spurred interest in this topic, we know little about the degree to which live web services are vulnerable to ReDoS.

In this paper, we conduct the first black-box …

A Divide-And-Conquer Approach To Syntax-Guided Synthesis, Peiyuan Shen, Xiaokang Qiu

The Summer Undergraduate Research Fellowship (SURF) Symposium

Program synthesis aims to generate programs automatically from user-provided specifications. One critical research thrust is called Syntax-Guideds Synthesis. In addition to semantic specifications, the user should also provide a syntactic template of the desired program, which helps the synthesizer reduce the search space. The traditional symbolic approaches, such as CounterExample-Guided Inductive Synthesis (CEGIS) framework, does not scale to large search spaces. The goal of this project is to explore a compositional, divide-n-conquer approach that heuristically divides the synthesis task into subtasks and solves them separately. The idea is to decompose the function to be synthesized by creating a set of …

Mass Spectrometry Image Creator (Msic): Ion Mobility / Mass Spectrometry Imaging Workflow In Python, Stephen Creger, Julia Laskin, Daniela Mesa Sanchez

The Summer Undergraduate Research Fellowship (SURF) Symposium

Mass spectrometry (MS) is a powerful characterization technique that enables identification of compounds in complex mixtures. Acquiring mass spectra in a spatially-resolved manner (i.e. over a grid), allows the data to be used to generate images that show the spatial distribution and relative intensities of every compound in a sample. These images can be used to monitor and identify biomarkers, explore the metabolism of compounds within tissues, and much more. However, the limitations of mass spectrometry can result in ambiguous compound identifications. Another characterization tool, ion mobility spectrometry (IM) can be integrated into existing MS routines to address this problem; …

Wrangle Your Data Like A Pro With The Data Processing Power Of Python, Geoffrey P. Timms, Jeremy M. Brown

Charleston Library Conference

Management, delivery, and marketing of library resources and collections necessitate interaction with a plethora of data from many sources and in many forms. Accessing and transforming data into meaningful information or different formats used in library automation can be time consuming, but a working knowledge of a programming language can improve efficiency in many facets of librarianship. From processing lists to creating extensible markup language (XML), from editing machine-readable cataloging (MARC) records before upload to automating statistical reports, the Python programming language and third-party application programming interfaces (APIs) can be used to accomplish both behind-the-scenes tasks and end-user facing projects. …

The Introduction Of Informal Cooperative Learning Into Our Programming Laboratories, Guity Ravai, Ludmila Nunes, Ronald Erdei

IMPACT Presentations

Presented at the Women in Engineering ProActive Network (WEPAN) Change Leader Forum: Creating a Mindset for Action in Westminster, CO, USA

A Parallel 3d Phase-Field Simulation Of Multi-Grain Growth Based On The Full Thread Tree, Ya-Jun Yin, Min Wang, Jian-Xin Zhou, Dun-Ming Liao, Xu Shen, Tao Chen

The 8th International Conference on Physical and Numerical Simulation of Materials Processing

No abstract provided.

Improved Microrobotic Control Through Image Processing And Automated Hardware Interfacing, Archit R. Aggarwal, Wuming Jing, David J. Cappelleri

The Summer Undergraduate Research Fellowship (SURF) Symposium

Untethered submilliliter-sized robots (microrobots) are showing potential use in different industrial, manufacturing and medical applications. A particular type of these microrobots, magnetic robots, have shown improved performance in power and control capabilities compared to the other thermal and electrostatic based robots. However, the magnetic robot designs have not been assessed in a robust manner to understand the degree of control in different environments and their application feasibility. This research project seeks to develop a custom control software interface to provide a holistic tool for researchers to evaluate the microrobotic performance through advance control features. The software deliverable involved two main …

Driftwatch Pollinator Mapping Application, Shreyas G. Sundararaman, Larry Theller, Bernard Engel

The Summer Undergraduate Research Fellowship (SURF) Symposium

Over 65% percent of food consumed in the United States is pollinated by bees. Unfortunately, due to poor farming practices, pesticides are sprayed in bee sensitive areas unknowingly and as a result, the bee population is dwindling at an alarming rate. With lesser bees to pollinate crops, produce is compromised on a very large scale and this could have disastrous impacts on the nation's needs for food. Apiarists and beehive owners face the major responsibility of ensuring that their hives aren't affected by dangerous insecticides and pesticides from the farming areas that they might visit during their crop pollination cycles …

Nanohub - Crystal Viewer 2.0, Kevin Margatan, Gerhard Klimeck

The Summer Undergraduate Research Fellowship (SURF) Symposium

nanoHUB is an online compilation of tools for simulations. Equipped with 3-D simulations and a capability to solve very complex calculations, nanoHUB provides its users worldwide with various tools to help them finish their assignments. One of the tools available is called a Crystal Viewer Tool, an advanced crystal visualization tool. This tool allows users to generate various crystal types including their every single detail. Currently, a newer version, called Crystal Viewer 2.0, is being tested prior to its release. However, this tool is lacking some important features and a GUI that is not as user friendly as expected. The …