Software Engineering Commons^™

Modeling Security And Privacy Requirements: A Use Case-Driven Approach, Phu Xuan Mai, Arda Goknil, Lwin Khin Shar, Fabrizio Pastore, Lionel Briand, Shaban Shaame

Research Collection School Of Computing and Information Systems

Context: Modern internet-based services, ranging from food-delivery to home-caring, leverage the availability of multiple programmable devices to provide handy services tailored to end-user needs. These services are delivered through an ecosystem of device-specific software components and interfaces (e.g., mobile and wearable device applications). Since they often handle private information (e.g., location and health status), their security and privacy requirements are of crucial importance. Defining and analyzing those requirements is a significant challenge due to the multiple types of software components and devices integrated into software ecosystems. Each software component presents peculiarities that often depend on the context and the devices …

Domain-Specific Cross-Language Relevant Question Retrieval, Bowen Xu, Zhenchang Xing, Xin Xia, David Lo, Shanping Li

Research Collection School Of Computing and Information Systems

Chinese developers often cannot effectively search questions in English, because they may have difficulties in translating technical words from Chinese to English and formulating proper English queries. For the purpose of helping Chinese developers take advantage of the rich knowledge base of Stack Overflow and simplify the question retrieval process, we propose an automated cross-language relevant question retrieval (CLRQR) system to retrieve relevant English questions for a given Chinese question. CLRQR first extracts essential information (both Chinese and English) from the title and description of the input Chinese question, then performs domain-specific translation of the essential Chinese information into English, …

Combined Classifier For Cross-Project Defect Prediction: An Extended Empirical Study, Yun Zhang, David Lo, Xin Xia, Jianling Sun

Research Collection School Of Computing and Information Systems

To help developers better allocate testing and debugging efforts, many software defect prediction techniques have been proposed in the literature. These techniques can be used to predict classes that are more likely to be buggy based on past history of buggy classes. These techniques work well as long as a sufficient amount of data is available to train a prediction model. However, there is rarely enough training data for new software projects. To deal with this problem, cross-project defect prediction, which transfers a prediction model trained using data from one project to another, has been proposed and is regarded as …

A Utp Semantics For Communicating Processes With Shared Variables And Its Formal Encoding In Pvs, Ling Shi, Yongxin Zhao, Yang Liu, Jun Sun, Jin Song Dong, Shengchao Qin

Research Collection School Of Computing and Information Systems

CSP# (communicating sequential programs) is a modelling language designed for specifying concurrent systems by integrating CSP-like compositional operators with sequential programs updating shared variables. In this work, we define an observation-oriented denotational semantics in an open environment for the CSP# language based on the UTP framework. To deal with shared variables, we lift traditional event-based traces into mixed traces which consist of state-event pairs for recording process behaviours. To capture all possible concurrency behaviours between action/channel-based communications and global shared variables, we construct a comprehensive set of rules on merging traces from processes which run in parallel/interleaving. We also define …

Automated Man-In-The-Middle Attack Against Wi‑Fi Networks, Martin Vondráček, Jan Pluskal, Ondřej Ryšavý

Journal of Digital Forensics, Security and Law

Currently used wireless communication technologies suffer security weaknesses that can be exploited allowing to eavesdrop or to spoof network communication. In this paper, we present a practical tool that can automate the attack on wireless security. The developed package called wifimitm provides functionality for the automation of MitM attacks in the wireless environment. The package combines several existing tools and attack strategies to bypass the wireless security mechanisms, such as WEP, WPA, and WPS. The presented tool can be integrated into a solution for automated penetration testing. Also, a popularization of the fact that such attacks can be easily automated …

Rethinking The I/O Stack For Persistent Memory, Mohammad Ataur Rahman Chowdhury

FIU Electronic Theses and Dissertations

Modern operating systems have been designed around the hypotheses that (a) memory is both byte-addressable and volatile and (b) storage is block addressable and persistent. The arrival of new Persistent Memory (PM) technologies, has made these assumptions obsolete. Despite much of the recent work in this space, the need for consistently sharing PM data across multiple applications remains an urgent, unsolved problem. Furthermore, the availability of simple yet powerful operating system support remains elusive.

In this dissertation, we propose and build The Region System – a high-performance operating system stack for PM that implements usable consistency and persistence for application …

Poster: Towards Safe Refactoring For Intelligent Parallelization Of Java 8 Streams, Yiming Tang, Raffi T. Khatchadourian, Mehdi Bagherzadeh, Syed Ahmed

Publications and Research

The Java 8 Stream API sets forth a promising new programming model that incorporates functional-like, MapReduce-style features into a mainstream programming language. However, using streams correctly and efficiently may involve subtle considerations. In this poster, we present our ongoing work and preliminary results to- wards an automated refactoring approach that assists developers in writing optimal stream code. The approach, based on ordering and typestate analysis, determines when it is safe and advantageous to convert streams to parallel and optimize a parallel streams.

Progressive Network Deployment, Performance, And Control With Software-Defined Networking, Daniel J. Casey

Theses and Dissertations

The inflexible nature of traditional computer networks has led to tightly-integrated systems that are inherently difficult to manage and secure. New designs move low-level network control into software creating software-defined networks (SDN). Augmenting an existing network with these enhancements can be expensive and complex. This research investigates solutions to these problems. It is hypothesized that an add-on device, or "shim" could be used to make a traditional switch behave as an OpenFlow SDN switch while maintaining reasonable performance. A design prototype is found to cause approximately 1.5% reduction in throughput for one ow and less than double increase in latency, …

An Analysis Of Multi-Domain Command And Control And The Development Of Software Solutions Through Devops Toolsets And Practices, Mason R. Bruza

Theses and Dissertations

Multi-Domain Command and Control (MDC2) is the exercise of command and control over forces in multiple operational domains (namely air, land, sea, space, and cyberspace) in order to produce synergistic effects in the battlespace, and enhancing this capability has become a major focus area for the United States Air Force (USAF). In order to meet demands for MDC2 software, solutions need to be acquired and/or developed in a timely manner, information technology infrastructure needs to be adaptable to new software requirements, and user feedback needs to drive iterative updates to fielded software. In commercial organizations, agile software development methodologies and …

Quality Of Service Impacts Of A Moving Target Defense With Software-Defined Networking, Samuel A. Mayer

Theses and Dissertations

An analysis of the impact a defensive network technique implemented with software-defined networking has upon quality of service experienced by legitimate users. The research validates previous work conducted at AFIT to verify claims of defensive efficacy and then tests network protocols in common use (FTP, HTTP, IMAP, POP, RTP, SMTP, and SSH) on a network that uses this technique. Metrics that indicate the performance of the protocols under test are reported with respect to data gathered in a control network. The conclusions of these experiments enable network engineers to determine if this defensive technique is appropriate for the quality of …

Cora: Commingled Remains And Analytics – An Open Community Ecosystem, Nicole Mcelroy, Ryan Ernst

UNO Student Research and Creative Activity Fair

Anthropologists at organizations such as the DPAA (Defense POW/MIA Accounting Agency) have the tough job of sorting through commingled remains of fallen soldiers. Under the direction of Professor Pawaskar at the College of IS&T, Ryan Ernst and I are currently developing a web application for the DPAA that will help them inventory the bones and record all the appropriate associations. After the inventory web application is built we will begin the analysis process using graph theory and other mathematical algorithms. This will ultimately help organizations like the DPAA get closer to the end goal of identifying fallen soldiers from commingled …

Visualize To Realize: Improving Safety Of First Responders, Vikas Sahu

UNO Student Research and Creative Activity Fair

The goal of this study is to improve the safety of first responders during an emergency hazardous material (hazmat) incident.

• A first responder (FR) is an individual who arrives first during a hazmat incident and takes the initiative to act in order to minimize the risk to public health and property from such incidents. Often first responders are firefighters.
• The reports of National Fire Protection Association recorded a national average of more than 30,000 firefighter injuries between 2010-16 (National Fire Protection Association, 2017).
• According to the US Fire Administration, an average fatality of 120 firefighters were recorded between 2010-16 throughout …

Crowdservice: Optimizing Mobile Crowdsourcing And Service Composition, Xin Peng, Jingxiao Gu, Tian Huat Tan, Jun Sun, Yijun Yu, Bashar Nuseibeh, Wenyun Zhao Zhao

Research Collection School Of Computing and Information Systems

Some user needs can only be met by leveraging the capabilities of others to undertake particular tasks that require intelligence and labor. Crowdsourcing such capabilities is one way to achieve this. But providing a service that leverages crowd intelligence and labor is a challenge, since various factors need to be considered to enable reliable service provisioning. For example, the selection of an optimal set of workers from those who bid to perform a task needs to be made based on their reliability, expected reward, and distance to the target locations. Moreover, for an application involving multiple services, the overall cost …

An Empirical Study Of Css Code Smells In Web Frameworks, Tobias Paul Bleisch

Master's Theses

Cascading Style Sheets (CSS) has become essential to front-end web development for the specification of style. But despite its simple syntax and the theoretical advantages attained through the separation of style from content and behavior, CSS authoring today is regarded as a complex task. As a result, developers are increasingly turning to CSS preprocessor languages and web frameworks to aid in development. However, previous studies show that even highly popular websites which are known to be developed with web frameworks contain CSS code smells such as duplicated rules and hard-coded values. Such code smells have the potential to cause adverse …

W-Air: Enabling Personal Air Pollution Monitoring On Wearables, Balz Maag, Zimu Zhou, Lothar Thiele

Research Collection School Of Computing and Information Systems

Accurate, portable and personal air pollution sensing devices enable quantification of individual exposure to air pollution, personalized health advice and assistance applications. Wearables are promising (e.g., on wristbands, attached to belts or backpacks) to integrate commercial off-the-shelf gas sensors for personal air pollution sensing. Yet previous research lacks comprehensive investigations on the accuracies of air pollution sensing on wearables. In response, we proposed W-Air, an accurate personal multi-pollutant monitoring platform for wearables. We discovered that human emissions introduce non-linear interference when low-cost gas sensors are integrated into wearables, which is overlooked in existing studies. W-Air adopts a sensor-fusion calibration scheme …

Visualizing Research Impact Through Citation Data, Yong Wang, Conglei Shi, Liangyue Li, Hanghang Tong, Huamin Qu

Research Collection School Of Computing and Information Systems

Research impact plays a critical role in evaluating the research quality and influence of a scholar, a journal, or a conference. Many researchers have attempted to quantify research impact by introducing different types of metrics based on citation data, such as h-index, citation count, and impact factor. These metrics are widely used in the academic community. However, quantitative metrics are highly aggregated in most cases and sometimes biased, which probably results in the loss of impact details that are important for comprehensively understanding research impact. For example, which research area does a researcher have great research impact on? How does …

Obfuscation At-Source: Privacy In Context-Aware Mobile Crowd-Sourcing, Thivya Kandappu, Archan Misra, Shih-Fen Cheng, Randy Tandriansyah, Hoong Chuin Lau

Research Collection School Of Computing and Information Systems

By effectively reaching out to and engaging larger population of mobile users, mobile crowd-sourcing has become a strategy to perform large amount of urban tasks. The recent empirical studies have shown that compared to the pull-based approach, which expects the users to browse through the list of tasks to perform, the push-based approach that actively recommends tasks can greatly improve the overall system performance. As the efficiency of the push-based approach is achieved by incorporating worker's mobility traces, privacy is naturally a concern. In this paper, we propose a novel, 2-stage and user-controlled obfuscation technique that provides a trade off-amenable …

Engagemon: Multi-Modal Engagement Sensing For Mobile Games, Sinh Huynh, Seungmin Kim, Jeonggil Ko, Rajesh Krishna Balan, Youngki Lee

Research Collection School Of Computing and Information Systems

Understanding the engagement levels players have with a game is a useful proxy for evaluating the game design and user experience. This is particularly important for mobile games as an alternative game is always just an easy download away. However, engagement is a subjective concept and usually requires fine-grained highly disruptive interviews or surveys to determine accurately. In this paper, we present EngageMon, a first-of-its-kind system that uses a combination of sensors from the smartphone (touch events), a wristband (photoplethysmography and electrodermal activity sensor readings), and an external depth camera (skeletal motion information) to accurately determine the engagement level of …

A New Revocable And Re-Delegable Proxy Signature And Its Application, Shengmin Xu, Guomin Yang, Yi Mu

Research Collection School Of Computing and Information Systems

With the popularity of cloud computing and mobile Apps, on-demand services such as on-line music or audio streaming and vehicle booking are widely available nowadays. In order to allow efficient delivery and management of the services, for large-scale on-demand systems, there is usually a hierarchy where the service provider can delegate its service to a top-tier (e.g., countrywide) proxy who can then further delegate the service to lower level (e.g., region-wide) proxies. Secure (re-)delegation and revocation are among the most crucial factors for such systems. In this paper, we investigate the practical solutions for achieving re-delegation and revocation utilizing proxy …

A Call To Promote Soft Skills In Software Engineering, Luiz Fernando Capretz, Fahem Ahmed

Electrical and Computer Engineering Publications

We have been thinking about other aspects of software engineering for many years; the missing link in engineering software is the soft skills set, essential in the software development process. Although soft skills are among the most important aspects in the creation of software, they are often overlooked by educators and practitioners. One of the main reasons for the oversight is that soft skills are usually related to social and personality factors, i.e., teamwork, motivation, commitment, leadership, multi-culturalism, emotions, interpersonal skills, etc. This editorial is a manifesto declaring the importance of soft skills in software engineering with the intention to …