Identifying error code misuses in complex system.

NLP is used to identify the activities performed by the malicious user and the control flow of misuse case specifications. ... MCP matches the malicious user's activities to the methods of the provided test driver API in order to generate executable security test cases that perform the activities described in the misuse case specifications ... The generated test cases do not contain any programming errors despite the generated code being not trivial (791 lines of code in total, 172 method calls, 44 assignments, and 260 method arguments). ...

doi:10.1109/icse-companion.2019.00037 dblp:conf/icse/MaiPGB19 fatcat:dv5fzkawyncvzlgdavko2lev7i

We present an anti-pattern for applying misuse cases, dubbed "orphan misuses." Orphan misuse cases by and large ignore the system at hand, thus providing little insight into its security. ... We illustrate orphan misuse cases through examples, explain their negative consequences in detail, and give guidelines for avoiding them. ... Clearly, this mitigation comes at the cost of a more complex, stateful error handling mechanism. The resulting diagram is shown in Figure 3 . ...

doi:10.1007/978-3-319-72817-9_16 fatcat:cj2si5d6hjcapl6enjbnvzy2sa

Ada programs with exceptions can be difficult to understand, develop, modify and analyse, and the exception handling features can be misused in a number of ways. ... It allows for the propagation of unhandled and anonymous exceptions, it is error-prone and it is inappropriate for some language features such as tasking and tagged types. ... In complex modern systems often more than half of the application code is devoted to dealing with abnor-mal system events [7] . ...

doi:10.1145/568671.568678 fatcat:ppqqudlrqzchli6ez64oyztcy4

To facilitate communication among stakeholders, software security requirements are typically written in natural language and capture both positive requirements (i.e., what the system is supposed to do ... We propose, apply and assess Misuse Case Programming (MCP), an approach that automatically generates security test cases from misuse case specifications (i.e., use case specifications capturing the behavior ... In the third phase, Identify test inputs, MCP determines the inputs to be sent to the system. ...

doi:10.1109/issre.2018.00017 dblp:conf/issre/MaiPGB18 fatcat:zhewumrtbjckjg26h2iw76ip7m

As an alternative to relying on de-identification systems, we propose the following solutions: (1) Mapping the corpus of documents to standardized medical vocabulary (concept unique identifier [CUI] codes ... The top weighted CUI codes in logistic regression has the related terms 'Heroin' and 'Victim of abuse'. ... Acknowledgements We would like to thank Susan Zelisko, and Jason Boyda at Loyola's Systems Development and IT Department for providing the data from the clinical data warehouse. ...

doi:10.1186/s12911-020-1099-y pmid:32349766 pmcid:PMC7191715 fatcat:yr3s4dpcqfaxtjiboawhz76tsm

DOAJ

For representative misuses of Web APIs defined by software quality assurance engineers, our SAFE WAPI detects such misuses in real-world JavaScript web applications. ... While one of the driving technologies of web applications is JavaScript, the extremely dynamic features of JavaScript make it very difficult to define and detect errors in JavaScript applications. ... Because the JavaScript errors defined in the language specification are too weak to find API misuses, and the dynamic features allow developers to intentionally write seemingly incorrect code, identifying ...

doi:10.1145/2635868.2635916 dblp:conf/sigsoft/BaeCLR14 fatcat:r5x2knwzw5halowt3on3tcn4qy

As a consequence, one may identify various reengineering patterns that capture best practice in reverse-and re-engineering object-oriented legacy systems. ... The opportunities are class misuse, violation of the principle of encapsulation, lack of use of inheritance concept, misuse of inheritance, misplaced polymorphism. ... Errors may be made in system specification; development problems; financial risk may be high; etc. ii. ...

doi:10.7763/ijcte.2012.v4.461 fatcat:ndhhu27mknckrgtqeryd3n3vye

Diagnostic codes were used to identify opioid misuse disorder; sampling weights were used to adjust standard estimates of the errors. ... ED visits by older adults with opioid misuse identified in the ED increased sharply from 2006 to 2014, representing a nearly 220% increase over the study period. ... coded for opioid misuse. ...

doi:10.1093/geroni/igz002 pmid:30863796 pmcid:PMC6404687 fatcat:4kvtgtqahzh53lka5d5mxsxjxy

DOAJ

In this paper, we present TFix+, a self-configuring timeout bug fixing framework for automatically correcting two major kinds of timeout bugs (i.e., misused timeout bugs and missing timeout bugs) with ... TFix+ provides two new hybrid schemes for fixing misused and missing timeout bugs, respectively. ... ACKNOWLEDGMENTS This research is sponsored in part by NSF CNS1513942 grant, and NSF CNS1149445 grant. ...

arXiv:2110.04101v1 fatcat:bgnjrhmgzndvfc5bf3h77cghve

Open Access

The data were analyzedby identifying the errors, grouping and tabulating into category codes. ... In collecting the data, video recordings were used to find errors and frequencies, while, focus group interview investigating factors of speaking errors. ... During the performance, the researcher recorded students' performance.Then, the researcher replayed the record while identifying, coding, and tabulating the errors. ...

doi:10.26737/jetl.v2i1.149 fatcat:gdx6uzumbbe7jnyeodcjdln75i

DOAJ OJS Szczepanski

More interestingly, we identified security vulnerabilities in the suggested code of accepted answers. ... Prior research was focused on the misuse of cryptography and SSL APIs, but did not explore the key fundamental research question: what are the biggest challenges and vulnerabilities in secure coding practices ... We report new challenges on secure coding practices, such as complex security configurations in Spring security, poor error messages, and multilingual programs. ...

arXiv:1709.09970v1 fatcat:j4m3gjblinfermu737cpheaeum

Open Access

In fact, all of the errors included in our taxonomy are amenable to automatic identification using static source code analysis techniques. ... We provide an in-depth explanation and one or more code-level examples for each of the errors on a companion web site: http://vulncat.fortifysoftware.com. ... CONCLUSION We present a simple, intuitive taxonomy of common coding errors that affect security. ...

doi:10.1109/msp.2005.159 fatcat:tki47o33gvcy7j7okf4kwwlree

We have conducted a field study on programmers in their natural settings working on their code. ... The results of this work contribute to producing more effective tools for refactoring complex software. ... A main motivation of automated refactorings is to reduce the human burden and error in making complex changes to the source code. ...

doi:10.1109/icse.2012.6227190 dblp:conf/icse/VakilianCNRBJ12 fatcat:2hj5fat4ujfwrbdhqub7wh3vmi

Diverse types of software are used in almost all sectors of businesses in the modern world. ... Millions of resources are held in various software worldwide, cyber-attack criminals have made a career in breaching software security for selfish gains, thus necessitating the development and establishment ... They also help identify logic vulnerabilities that typically cannot be identified by automated static code analyzers. ...

doi:10.5281/zenodo.3742908 fatcat:tezbjio4ufgrffgmj4fglzcxki

Open Access

On the same hand, it acts as guide and reference to groundwater modeler, reduces the time spent in understanding the solution technique and complexity of groundwater models, as well as focus ways to address ... However, without a good understanding of a model, modeling studies are not well designed or the model does not represent the natural system which being modeled long term effects may results. ... Moreover, errors in numerical dispersion are hard to be identified as well as special codes are need for specific groundwater problems. ...

doi:10.4236/jwarp.2010.21002 fatcat:pbop6nth75chxpdkewue2rtwsm

Open Access

MCP: A Security Testing Tool Driven by Requirements

Preserved Fulltext

An Anti-pattern for Misuse Cases [chapter]

Preserved Fulltext

Except for exception handling …

Preserved Fulltext

A Natural Language Programming Approach for Requirements-Based Security Testing

Preserved Fulltext

Publicly available machine learning models for identifying opioid misuse from the clinical notes of hospitalized patients

Preserved Fulltext

SAFEWAPI: web API misuse detector for web applications

Preserved Fulltext

Fuzzy Based Refactoring Cost Resembler (FRCR) Modelfor Object Oriented Systems

Preserved Fulltext

Increasing Rates of Opioid Misuse Among Older Adults Visiting Emergency Departments

Preserved Fulltext

TFix+: Self-configuring Hybrid Timeout Bug Fixing for Cloud Systems [article]

Preserved Fulltext

Analysis on English Speaking Performance: Exploring Students' Errors and The Causes

Preserved Fulltext

Secure Coding Practices in Java: Challenges and Vulnerabilities [article]

Preserved Fulltext

Seven Pernicious Kingdoms: A Taxonomy of Software Security Errors

Preserved Fulltext

Use, disuse, and misuse of automated refactorings

Preserved Fulltext

Essential Activities for Secure Software Development

Preserved Fulltext

Groundwater Solution Techniques: Environmental Applications

Preserved Fulltext