Software Engineering Commons^™

Nodemedic: End-To-End Analysis Of Node.Js Vulnerabilities With Provenance Graphs, Darion Cassel, Wai Tuck Wong, Limin Jia

Research Collection School Of Computing and Information Systems

Packages in the Node.js ecosystem often suffer from serious vulnerabilities such as arbitrary command injection and code execution. Existing taint analysis tools fall short in providing an end-to-end infrastructure for automatically detecting and triaging these vulnerabilities.We develop NodeMedic, an end-to-end analysis infrastructure that automates test driver creation, performs precise yet scalable dynamic taint propagation via algorithmically tuned propagation policies, and exposes taint provenance information as a provenance graph. Using provenance graphs we develop two post-detection analyses: automated constraint-based exploit synthesis to confirm vulnerabilities; Attack-defense-tree-based rating of flow exploitability.We demonstrate the effectiveness of NodeMedic through a large-scale evaluation of 10,000 Node.js …

Context-Aware Neural Fault Localization, Zhuo Zhang, Xiaoguang Mao, Meng Yan, Xin Xia, David Lo, David Lo

Research Collection School Of Computing and Information Systems

Numerous fault localization techniques identify suspicious statements potentially responsible for program failures by discovering the statistical correlation between test results (i.e., failing or passing) and the executions of the different statements of a program (i.e., covered or not covered). They rarely incorporate a failure context into their suspiciousness evaluation despite the fact that a failure context showing how a failure is produced is useful for analyzing and locating faults. Since a failure context usually contains the transitive relationships among the statements of causing a failure, its relationship complexity becomes one major obstacle for the context incorporation in suspiciousness evaluation of …

Mitigating Adversarial Attacks On Data-Driven Invariant Checkers For Cyber-Physical Systems, Rajib Ranjan Maiti, Cheah Huei Yoong, Venkata Reddy Palleti, Arlindo Silva, Christopher M. Poskitt

Research Collection School Of Computing and Information Systems

The use of invariants in developing security mechanisms has become an attractive research area because of their potential to both prevent attacks and detect attacks in Cyber-Physical Systems (CPS). In general, an invariant is a property that is expressed using design parameters along with Boolean operators and which always holds in normal operation of a system, in particular, a CPS. Invariants can be derived by analysing operational data of various design parameters in a running CPS, or by analysing the system's requirements/design documents, with both of the approaches demonstrating significant potential to detect and prevent cyber-attacks on a CPS. While …

Framework For Assessing Information System Security Posture Risks, Syed Waqas Hamdani

Electronic Thesis and Dissertation Repository

In today’s data-driven world, Information Systems, particularly the ones operating in regulated industries, require comprehensive security frameworks to protect against loss of confidentiality, integrity, or availability of data, whether due to malice, accident or otherwise. Once such a security framework is in place, an organization must constantly monitor and assess the overall compliance of its systems to detect and rectify any issues found. This thesis presents a technique and a supporting toolkit to first model dependencies between security policies (referred to as controls) and, second, devise models that associate risk with policy violations. Third, devise algorithms that propagate risk when …

Evaluating The Likelihood Of Bug Inducing Commits Using Metrics Trend Analysis, Parul Parul

Electronic Thesis and Dissertation Repository

Continuous software engineering principles advocate a release-small, release-often process model, where new functionality is added to a system, in small increments and very frequently. In such a process model, every time a change is introduced it is important to identify as early as possible, whether the system has entered a state where faults are more likely to occur. In this paper, we present a method that is based on process, quality, and source code metrics to evaluate the likelihood that an imminent bug-inducing commit is highly probable. More specifically, the method analyzes the correlations and the rate of change of …

Job Management Portal Software Review, Ruchir Elukurthy

University Honors Theses

This essay provides an overview of a computer science capstone project focused on developing a website for Abilities At Work, a non-profit organization. The website aims to assist employment specialists in managing clients' information and tracking their job application in finding meaningful employment. The essay highlights the various stages of the project, understanding requirements, selecting tools and technologies, creating an application architecture, and writing code. Also, this essay focuses on the challenges encountered during the project, along with the valuable lessons learned. This essay emphasizes how the project closely resembles real-world software development, offering insights for prospective students and professionals. …

Stream-Evolving Bot Detection Framework Using Graph-Based And Feature-Based Approaches For Identifying Social Bots On Twitter, Eiman Alothali

Dissertations

This dissertation focuses on the problem of evolving social bots in online social networks, particularly Twitter. Such accounts spread misinformation and inflate social network content to mislead the masses. The main objective of this dissertation is to propose a stream-based evolving bot detection framework (SEBD), which was constructed using both graph- and feature-based models. It was built using Python, a real-time streaming engine (Apache Kafka version 3.2), and our pretrained model (bot multi-view graph attention network (Bot-MGAT)). The feature-based model was used to identify predictive features for bot detection and evaluate the SEBD predictions. The graph-based model was used to …

Blockchain-Enabled Ehr Sharing In Healthcare Federation: Sharding And Interblockchain Communication, Faiza Hashim

Dissertations

Electronic Health Records (EHRs) are crucial components of the healthcare system, facilitating accurate and efficient diagnosis. Blockchain technology has emerged as a promising solution to improve EHRs sharing among medical practitioners while ensuring privacy and security. By leveraging its decentralized, distributed, immutable, and secure architecture, blockchain has the potential to revolutionize the healthcare system. However, due to security concerns, blockchain networks in healthcare typically operate in private or consortium modes, resulting in isolated networks within a federation. Scalability remains a significant challenge for blockchain networks, as the number of participating nodes increases within each network of the federation. Consensus mechanisms …

Scanet: Self-Paced Semi-Curricular Attention Network For Non-Homogeneous Image Dehazing, Yu Guo, Yuan Gao, Ryan Wen Liu, Yuxu Lu, Jingxiang Qu, Shengfeng He, Ren Wenqi

Research Collection School Of Computing and Information Systems

The presence of non-homogeneous haze can cause scene blurring, color distortion, low contrast, and other degradations that obscure texture details. Existing homogeneous dehazing methods struggle to handle the non-uniform distribution of haze in a robust manner. The crucial challenge of non-homogeneous dehazing is to effectively extract the non-uniform distribution features and reconstruct the details of hazy areas with high quality. In this paper, we propose a novel self-paced semi-curricular attention network, called SCANet, for non-homogeneous image dehazing that focuses on enhancing haze-occluded regions. Our approach consists of an attention generator network and a scene re-construction network. We use the luminance …

Mapping Programs To Equations, Hessamaldin Mohammadi

Dissertations

Extracting the function of a program from a static analysis of its source code is a valuable capability in software engineering; at a time when there is increasing talk of using AI (Artificial Intelligence) to generate software from natural language specifications, it becomes increasingly important to determine the exact function of software as written, to figure out what AI has understood the natural language specification to mean. For all its criticality, the ability to derive the domain-to-range function of a program has proved to be an elusive goal, due primarily to the difficulty of deriving the function of iterative statements. …

Algorithmic Bias: Causes And Effects On Marginalized Communities, Katrina M. Baha

Undergraduate Honors Theses

Individuals from marginalized backgrounds face different healthcare outcomes due to algorithmic bias in the technological healthcare industry. Algorithmic biases, which are the biases that arise from the set of steps used to solve or analyze a problem, are evident when people from marginalized communities use healthcare technology. For example, many pulse oximeters, which are the medical devices used to measure oxygen saturation in the blood, are not able to accurately read people who have darker skin tones. Thus, people with darker skin tones are not able to receive proper health care due to their pulse oximetry data being inaccurate. This …

Explainable Software Defect Prediction From Cross Company Project Metrics Using Machine Learning, Susmita Haldar, Luiz Fernando Capretz

Electrical and Computer Engineering Publications

Predicting the number of defects in a project is critical for project test managers to allocate budget, resources, and schedule for testing, support and maintenance efforts. Software Defect Prediction models predict the number of defects in given projects after training the model with historical defect related information. The majority of defect prediction studies focused on predicting defect-prone modules from methods, and class-level static information, whereas this study predicts defects from project-level information based on a cross-company project dataset. This study utilizes software sizing metrics, effort metrics, and defect density information, and focuses on developing defect prediction models that apply various …

Visualized Algorithm Engineering On Two Graph Partitioning Problems, Zizhen Chen

Computer Science and Engineering Theses and Dissertations

Concepts of graph theory are frequently used by computer scientists as abstractions when modeling a problem. Partitioning a graph (or a network) into smaller parts is one of the fundamental algorithmic operations that plays a key role in classifying and clustering. Since the early 1970s, graph partitioning rapidly expanded for applications in wide areas. It applies in both engineering applications, as well as research. Current technology generates massive data (“Big Data”) from business interactions and social exchanges, so high-performance algorithms of partitioning graphs are a critical need.

This dissertation presents engineering models for two graph partitioning problems arising from completely …

Beyond Algorithms: A User-Centered Evaluation Of A Feature Recommender System In Requirements Engineering, Oluwatobi Lasisi

Theses and Dissertations

Several studies have applied recommender technologies to support requirements engineering activities. As in other application areas of recommender systems (RS), many studies have focused on the algorithms’ prediction accuracy, while there have been limited discussions around users’ interactions with the systems. Since recommender systems are designed to aid users in information retrieval, they should be assessed not just as recommendation algorithms but also from the users’ perspective. In contrast to accuracy measures, user-related issues can only be effectively investigated via empirical studies involving real users. Furthermore, researchers are becoming increasingly aware that the effectiveness of the systems goes beyond recommendation …

Procedural Level Generation For A Top-Down Roguelike Game, Kieran Ahn, Tyler Edmiston

Honors Thesis

In this file, I present a sequence of algorithms that handle procedural level generation for the game Fragment, a game designed for CMSI 4071 and CMSI 4071 in collaboration with students from the LMU Animation department. I use algorithms inspired by graph theory and implementing best practices to the best of my ability. The full level generation sequence is comprised of four algorithms: the terrain generation, boss room placement, player spawn point selection, and enemy population. The terrain generation algorithm takes advantage of tree traversal methods to create a connected graph of walkable tiles. The boss room placement algorithm randomly …

Designing Programming Languages For Writing Maintainable Software, Aaron Friesen

Honors Theses

Maintainability is crucial to the long-term success of software projects. Among other factors, it is affected by the programming language in which the software is written. Programming language designers should be conscious of how their design decisions can influence software maintainability. Non-functional properties of a language can affect the readability of source code in ways beyond the control of programmers. Language features can cause or prevent certain classes of bugs, and runtime issues especially can require significant maintenance effort. Tools external to the language, especially those developed and distributed by language implementers, can aid in the creation of maintainable software. …

A Study Of Variable-Role-Based Feature Enrichment In Neural Models Of Code, Aftab. Hussain, Md. Rafiqul Islam. Rabin, Bowen. Xu, David Lo, Mohammad Amin. Alipour

Research Collection School Of Computing and Information Systems

Although deep neural models substantially reduce the overhead of feature engineering, the features readily available in the inputs might significantly impact training cost and the performance of the models. In this paper, we explore the impact of an unsuperivsed feature enrichment approach based on variable roles on the performance of neural models of code. The notion of variable roles (as introduced in the works of Sajaniemi et al. [1], [2]) has been found to help students' abilities in programming. In this paper, we investigate if this notion would improve the performance of neural models of code. To the best of …

What Do Users Ask In Open-Source Ai Repositories? An Empirical Study Of Github Issues, Zhou Yang, Chenyu Wang, Jieke Shi, Thong Hoang, Pavneet Singh Kochhar, Qinghua Lu, Zhenchang Xing, David Lo

Research Collection School Of Computing and Information Systems

Artificial Intelligence (AI) systems, which benefit from the availability of large-scale datasets and increasing computational power, have become effective solutions to various critical tasks, such as natural language understanding, speech recognition, and image processing. The advancement of these AI systems is inseparable from open-source software (OSS). Specifically, many benchmarks, implementations, and frameworks for constructing AI systems are made open source and accessible to the public, allowing researchers and practitioners to reproduce the reported results and broaden the application of AI systems. The development of AI systems follows a data-driven paradigm and is sensitive to hyperparameter settings and data separation. Developers …

Interactive Data Analysis Of Multi-Run Performance Data, Vanessa Lama

Masters Theses

Multi-dimensional performance data analysis presents challenges for programmers, and users. Developers have to choose library and compiler options for each platform, analyze raw performance data, and keep up with new technologies. Users run codes on different platforms, validate results with collaborators, and analyze performance data as applications scale up. Site operators use multiple profiling tools to optimize performance, requiring the analysis of multiple sources and data types. There is currently no comprehensive tool to support the structured analysis of unstructured data, when holistic performance data analysis can offer actionable insights and improve performance. In this work, we present thicket, a …

Automating Arduino Programming: From Hardware Setups To Sample Source Code Generation, Imam Nur Bani Yusuf, Diyanah Binte Abdul Jamal, Lingxiao Jiang

Research Collection School Of Computing and Information Systems

An embedded system is a system consisting of software code, controller hardware, and I/O (Input/Output) hardware that performs a specific task. Developing an embedded system presents several challenges. First, the development often involves configuring hardware that requires domain-specific knowledge. Second, the library for the hardware may have API usage patterns that must be followed. To overcome such challenges, we propose a framework called ArduinoProg towards the automatic generation of Arduino applications. ArduinoProg takes a natural language query as input and outputs the configuration and API usage pattern for the hardware described in the query. Motivated by our findings on the …