Web Application Vulnerability Prediction Using Hybrid Program Analysis And Machine Learning, 2014 Singapore Management University
Web Application Vulnerability Prediction Using Hybrid Program Analysis And Machine Learning, Lwin Khin Shar, Lionel Briand, Hee Beng Kuan Tan
Research Collection School Of Computing and Information Systems
Due to limited time and resources, web software engineers need support in identifying vulnerable code. A practical approach to predicting vulnerable code would enable them to prioritize security auditing efforts. In this paper, we propose using a set of hybrid (staticþdynamic) code attributes that characterize input validation and input sanitization code patterns and are expected to be significant indicators of web application vulnerabilities. Because static and dynamic program analyses complement each other, both techniques are used to extract the proposed attributes in an accurate and scalable way. Current vulnerability prediction techniques rely on the availability of data labeled with vulnerability …
A Catalog Of While Loop Specification Patterns, 2014 The University of Texas at El Paso
A Catalog Of While Loop Specification Patterns, Aditi Barua, Yoonsik Cheon
Departmental Technical Reports (CS)
This document provides a catalog of while loop patterns along with their skeletal specifications. The specifications are written in a functional form known as intended functions. The catalog can be used to derive specifications of while loops by first matching the loops to the cataloged patterns and then instantiating the skeletal specifications of the matched patterns. Once their specifications are formulated and written, the correctness of while loops can be proved rigorously or formally using the functional program verification technique in which a program is viewed as a mathematical function from one program state to another.
Safe Zero-Cost Coercions For Haskell, 2014 Bryn Mawr College
Safe Zero-Cost Coercions For Haskell, Joachim Breitner, Richard A. Eisenberg, Simon Peyton Jones, Stephanie Weirich
Computer Science Faculty Research and Scholarship
Generative type abstractions – present in Haskell, OCaml, and other languages – are useful concepts to help prevent programmer errors. They serve to create new types that are distinct at compile time but share a run-time representation with some base type. We present a new mechanism that allows for zero-cost conversions between generative type abstractions and their representations, even when such types are deeply nested. We prove type safety in the presence of these conversions and have implemented our work in GHC.
Event Analytics, 2014 Singapore Management University
Event Analytics, Jin Song Dong, Jun Sun, Yang Liu, Yuan-Fang Li
Research Collection School Of Computing and Information Systems
The process analysis toolkit (PAT) integrates the expressiveness of state, event, time, and probability-based languages with the power of model checking. PAT is a self-contained reasoning system for system specification, simulation, and verification. PAT currently supports a wide range of 12 different expressive modeling languages with many application domains and has attracted thousands of registered users from hundreds of organizations. In this invited talk, we will present the PAT system and its vision on “Event Analytics” (EA) which is beyond “Data Analytics”. The EA research is based on applying model checking to event planning, scheduling, prediction, strategy analysis and decision …
Reliable And Efficient Multithreading, 2014 University of Massachusetts Amherst
Reliable And Efficient Multithreading, Tongping Liu
Doctoral Dissertations
The advent of multicore architecture has increased the demand for multithreaded programs. It is notoriously far more challenging to write parallel programs correctly and efficiently than sequential ones because of the wide range of concurrency errors and performance problems. In this thesis, I developed a series of runtime systems and tools to combat concurrency errors and performance problems of multithreaded programs. The first system, Dthreads, automatically ensures determinism for unmodified C/C++ applications using the pthreads library without requiring programmer intervention and hardware support. Dthreads greatly simplifies the understanding and debugging of multithreaded programs. Dthreads often matches or even exceeds the …
Applying Genetic Programming To Bytecode And Assembly, 2014 University of Minnesota, Morris
Applying Genetic Programming To Bytecode And Assembly, Eric Collom
Scholarly Horizons: University of Minnesota, Morris Undergraduate Journal
Traditional genetic programming (GP) is typically not used to perform unrestricted evolution on entire programs at the source code level. Instead, only small sections within programs are usually evolved. Not being able to evolve whole programs is an issue since it limits the flexibility of what can be evolved. Evolving programs in either bytecode or assembly language is a method that has been used to perform unrestricted evolution. This paper provides an overview of applying genetic programming to Java bytecode and x86 assembly. Two examples of how this method has been implemented will be explored. We will also discuss experimental …
An Overview Of The Current State Of The Test-First Vs. Test-Last Debate, 2014 University of Minnesota, Morris
An Overview Of The Current State Of The Test-First Vs. Test-Last Debate, Christopher M. Thomas
Scholarly Horizons: University of Minnesota, Morris Undergraduate Journal
When it comes to software development, perhaps one of the most important and time consuming processes is that of software testing. In fact, early studies on software testing estimated that it could consume fifty percent or more of development costs for a product. Because of this, the ability to optimize testing to reduce testing costs can be very valuable. In this paper we compare two popular methods, test-last testing, often used in waterfall software development processes, and test-first testing, often used in Agile test driven software development methods, by reviewing recent studies on the subject. In this review we discuss …
Improved Microrobotic Control Through Image Processing And Automated Hardware Interfacing, 2014 Purdue University
Improved Microrobotic Control Through Image Processing And Automated Hardware Interfacing, Archit R. Aggarwal, Wuming Jing, David J. Cappelleri
The Summer Undergraduate Research Fellowship (SURF) Symposium
Untethered submilliliter-sized robots (microrobots) are showing potential use in different industrial, manufacturing and medical applications. A particular type of these microrobots, magnetic robots, have shown improved performance in power and control capabilities compared to the other thermal and electrostatic based robots. However, the magnetic robot designs have not been assessed in a robust manner to understand the degree of control in different environments and their application feasibility. This research project seeks to develop a custom control software interface to provide a holistic tool for researchers to evaluate the microrobotic performance through advance control features. The software deliverable involved two main …
A Palm Vein Identification System Based On Gabor Wavelet Features, 2014 Singapore Management University
A Palm Vein Identification System Based On Gabor Wavelet Features, Ran Wang, Guoyou Wang, Zhong Chen, Zhigang Zeng, Yong Wang
Research Collection School Of Computing and Information Systems
As a new and promising biometric feature, thermal palm vein pattern has drawn lots of attention in research and application areas. Many algorithms have been proposed for authentication since palm vein has special characteristics, such as liveness detection and hard to forgery. However, the detection accuracy of palm vein quite depends on the preprocessing and feature representation, which is supposed to be translation and rotation invariant to some extent. In this paper, we proposed an effective method for palm vein identification based on Gabor wavelet features which contains five steps: image acquisition, ROI detection, image preprocessing, features extraction, and matching. …
Personalizing Software Development Practice Using Mastery-Based Coaching, 2014 Singapore Management University
Personalizing Software Development Practice Using Mastery-Based Coaching, Chris Boesch, Sandra Boesch
Chris BOESCH
The authors previously developed a system to facilitate the self-directed learning and practicing of software languages in Singapore. One of the goals of this self-directed learning was to enable the development of student mentors who would then be able to assist other students during classroom sessions. Building on this work, the authors extended the platform to support personalized coaching with the goals of further enabling and preparing students to mentor their peers. This paper covers the challenges, insights, and features that were developed in order to develop and deploy this mastery-based coaching feature.
Structure Preserving Large Imagery Reconstruction, 2014 University of Dayton
Structure Preserving Large Imagery Reconstruction, Ju Shen, Jianjun Yang, Sami Taha Abu Sneineh, Bryson Payne, Markus Hitz
Computer Science Faculty Publications
With the explosive growth of web-based cameras and mobile devices, billions of photographs are uploaded to the internet. We can trivially collect a huge number of photo streams for various goals, such as image clustering, 3D scene reconstruction, and other big data applications. However, such tasks are not easy due to the fact the retrieved photos can have large variations in their view perspectives, resolutions, lighting, noises, and distortions. Furthermore, with the occlusion of unexpected objects like people, vehicles, it is even more challenging to find feature correspondences and reconstruct realistic scenes. In this paper, we propose a structure-based image …
Diamonds Are A Girl's Best Friend: Partial Order Reduction For Timed Automata With Abstractions, 2014 Singapore Management University
Diamonds Are A Girl's Best Friend: Partial Order Reduction For Timed Automata With Abstractions, Henri Hansen, Shang-Wei Lin, Yang Liu, Truong Khanh Nguyen, Jun Sun
Research Collection School Of Computing and Information Systems
A major obstacle for using partial order reduction in the context of real time verification is that the presence of clocks and clock constraints breaks the usual diamond structure of otherwise independent transitions. This is especially true when information of the relative values of clocks is preserved in the form of diagonal constraints. However, when diagonal constraints are relaxed by a suitable abstraction, some diamond structure is re-introduced in the zone graph. In this article, we introduce a variant of the stubborn set method for reducing an abstracted zone graph. Our method works with all abstractions, but especially targets situations …
Romeo: A System For More Flexible Binding-Safe Programming, 2014 Northeastern University
Romeo: A System For More Flexible Binding-Safe Programming, Paul Stansifer, Mitchell Wand
Mitchell Wand
Current languages for safely manipulating values with names only support term languages with simple binding syntax. As a result, no tools exist to safely manipulate code written in those languages for which name problems are the most challenging. We address this problem with Romeo, a language that respects α-equivalence on its values, and which has access to a rich specification language for binding, inspired by attribute grammars. Our work has the complex-binding support of David Herman's λm, but is a full-fledged binding-safe language like Pure FreshML.
Understanding The Genetic Makeup Of Linux Device Drivers, 2014 SMU
Understanding The Genetic Makeup Of Linux Device Drivers, Peter Senna Tschudin, Laurent Reveillere, Lingxiao Jiang, David Lo, Julia Lawall
David LO
No abstract provided.
Popularity, Interoperability, And Impact Of Programming Languages In 100,000 Open Source Projects, 2014 Singapore Management University
Popularity, Interoperability, And Impact Of Programming Languages In 100,000 Open Source Projects, Tegawende F. Bissyande, Ferdian Thung, David Lo, Lingxiao Jiang, Laurent Réveillère
David LO
Programming languages have been proposed even before the era of the modern computer. As years have gone, computer resources have increased and application domains have expanded, leading to the proliferation of hundreds of programming languages, each attempting to improve over others or to address new programming paradigms. These languages range from procedural languages like C, object oriented languages like Java, and functional languages such as ML and Haskell. Unfortunately, there is a lack of large scale and comprehensive studies that examine the “popularity”, “interoperability”, and “impact” of various programming languages. To fill this gap, this study investigates a hundred thousands …
An Example Derivation For =R, 2014 Northeastern University
An Example Derivation For =R, Paul Stansifer, Mitchell Wand
Mitchell Wand
No abstract provided.
Some Definitions And Proofs Regarding Romeo, 2014 Northeastern University
Some Definitions And Proofs Regarding Romeo, Paul Stansifer, Mitchell Wand
Mitchell Wand
No abstract provided.
Private Void Death / Death, 2014 University of Massachusetts, Amherst
Introducing Non-Determinism To The Parallel C Compiler, 2014 California State University - San Bernardino
Introducing Non-Determinism To The Parallel C Compiler, Rowen Concepcion
Electronic Theses, Projects, and Dissertations
The Planguages project is the birthplace of the Planguage programming
approach, which is designed to alleviate the task of writing parallel
programs and harness massively parallel computers and networks of workstations.
Planguage has two existing translators, Parallel C (PC) and Pfortran,
which is used for their base languages, C and Fortran77. The translators
work with MPI (Message Passing Interface) for communications. SOS
(ipStreams, Overlapping and Shortcutting), a function library that supports
the three named functionalities, can be used to further optimize parallel algorithms.
This project is the next step in the continuing project of updating
the PC Compiler. The goal …
Scc-Based Improved Reachability Analysis For Markov Decision Processes, 2014 Singapore Management University
Scc-Based Improved Reachability Analysis For Markov Decision Processes, Lin Gui, Jun Sun, Songzheng Song, Yang Liu, Jin Song Dong
Research Collection School Of Computing and Information Systems
Markov decision processes (MDPs) are extensively used to model systems with both probabilistic and nondeterministic behavior. The problem of calculating the probability of reaching certain system states (hereafter reachability analysis) is central to the MDP-based system analysis. It is known that existing approaches on reachability analysis for MDPs are often inefficient when a given MDP contains a large number of states and loops, especially with the existence of multiple probability distributions. In this work, we propose a method to eliminate strongly connected components (SCCs) in an MDP using a divide-and-conquer algorithm, and actively remove redundant probability distributions in the MDP …