Filters








35,133 Hits in 4.0 sec

MCP: A Security Testing Tool Driven by Requirements

Phu X. Mai, Fabrizio Pastore, Arda Goknil, Lionel C. Briand
2019 2019 IEEE/ACM 41st International Conference on Software Engineering: Companion Proceedings (ICSE-Companion)  
NLP is used to identify the activities performed by the malicious user and the control flow of misuse case specifications.  ...  MCP matches the malicious user's activities to the methods of the provided test driver API in order to generate executable security test cases that perform the activities described in the misuse case specifications  ...  The generated test cases do not contain any programming errors despite the generated code being not trivial (791 lines of code in total, 172 method calls, 44 assignments, and 260 method arguments).  ... 
doi:10.1109/icse-companion.2019.00037 dblp:conf/icse/MaiPGB19 fatcat:dv5fzkawyncvzlgdavko2lev7i

An Anti-pattern for Misuse Cases [chapter]

Mohammad Torabi Dashti, Saša Radomirović
2017 Lecture Notes in Computer Science  
We present an anti-pattern for applying misuse cases, dubbed "orphan misuses." Orphan misuse cases by and large ignore the system at hand, thus providing little insight into its security.  ...  We illustrate orphan misuse cases through examples, explain their negative consequences in detail, and give guidelines for avoiding them.  ...  Clearly, this mitigation comes at the cost of a more complex, stateful error handling mechanism. The resulting diagram is shown in Figure 3 .  ... 
doi:10.1007/978-3-319-72817-9_16 fatcat:cj2si5d6hjcapl6enjbnvzy2sa

Except for exception handling …

Alexander Romanovsky, Bo Sandén
2001 ACM SIGAda Ada Letters  
Ada programs with exceptions can be difficult to understand, develop, modify and analyse, and the exception handling features can be misused in a number of ways.  ...  It allows for the propagation of unhandled and anonymous exceptions, it is error-prone and it is inappropriate for some language features such as tasking and tagged types.  ...  In complex modern systems often more than half of the application code is devoted to dealing with abnor-mal system events [7] .  ... 
doi:10.1145/568671.568678 fatcat:ppqqudlrqzchli6ez64oyztcy4

A Natural Language Programming Approach for Requirements-Based Security Testing

Phu X. Mai, Fabrizio Pastore, Arda Goknil, Lionel C. Briand
2018 2018 IEEE 29th International Symposium on Software Reliability Engineering (ISSRE)  
To facilitate communication among stakeholders, software security requirements are typically written in natural language and capture both positive requirements (i.e., what the system is supposed to do  ...  We propose, apply and assess Misuse Case Programming (MCP), an approach that automatically generates security test cases from misuse case specifications (i.e., use case specifications capturing the behavior  ...  In the third phase, Identify test inputs, MCP determines the inputs to be sent to the system.  ... 
doi:10.1109/issre.2018.00017 dblp:conf/issre/MaiPGB18 fatcat:zhewumrtbjckjg26h2iw76ip7m

Publicly available machine learning models for identifying opioid misuse from the clinical notes of hospitalized patients

Brihat Sharma, Dmitriy Dligach, Kristin Swope, Elizabeth Salisbury-Afshar, Niranjan S. Karnik, Cara Joyce, Majid Afshar
2020 BMC Medical Informatics and Decision Making  
As an alternative to relying on de-identification systems, we propose the following solutions: (1) Mapping the corpus of documents to standardized medical vocabulary (concept unique identifier [CUI] codes  ...  The top weighted CUI codes in logistic regression has the related terms 'Heroin' and 'Victim of abuse'.  ...  Acknowledgements We would like to thank Susan Zelisko, and Jason Boyda at Loyola's Systems Development and IT Department for providing the data from the clinical data warehouse.  ... 
doi:10.1186/s12911-020-1099-y pmid:32349766 pmcid:PMC7191715 fatcat:yr3s4dpcqfaxtjiboawhz76tsm

SAFEWAPI: web API misuse detector for web applications

SungGyeong Bae, Hyunghun Cho, Inho Lim, Sukyoung Ryu
2014 Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering - FSE 2014  
For representative misuses of Web APIs defined by software quality assurance engineers, our SAFE WAPI detects such misuses in real-world JavaScript web applications.  ...  While one of the driving technologies of web applications is JavaScript, the extremely dynamic features of JavaScript make it very difficult to define and detect errors in JavaScript applications.  ...  Because the JavaScript errors defined in the language specification are too weak to find API misuses, and the dynamic features allow developers to intentionally write seemingly incorrect code, identifying  ... 
doi:10.1145/2635868.2635916 dblp:conf/sigsoft/BaeCLR14 fatcat:r5x2knwzw5halowt3on3tcn4qy

Fuzzy Based Refactoring Cost Resembler (FRCR) Modelfor Object Oriented Systems

Ankit Desai, Amit Ganatra
2012 Journal of clean energy technologies  
As a consequence, one may identify various reengineering patterns that capture best practice in reverse-and re-engineering object-oriented legacy systems.  ...  The opportunities are class misuse, violation of the principle of encapsulation, lack of use of inheritance concept, misuse of inheritance, misplaced polymorphism.  ...  Errors may be made in system specification; development problems; financial risk may be high; etc. ii.  ... 
doi:10.7763/ijcte.2012.v4.461 fatcat:ndhhu27mknckrgtqeryd3n3vye

Increasing Rates of Opioid Misuse Among Older Adults Visiting Emergency Departments

Mary W Carter, Bo Kyum Yang, Marsha Davenport, Allison Kabel
2019 Innovation in aging  
Diagnostic codes were used to identify opioid misuse disorder; sampling weights were used to adjust standard estimates of the errors.  ...  ED visits by older adults with opioid misuse identified in the ED increased sharply from 2006 to 2014, representing a nearly 220% increase over the study period.  ...  coded for opioid misuse.  ... 
doi:10.1093/geroni/igz002 pmid:30863796 pmcid:PMC6404687 fatcat:4kvtgtqahzh53lka5d5mxsxjxy

TFix+: Self-configuring Hybrid Timeout Bug Fixing for Cloud Systems [article]

Jingzhu He, Ting Dai, Xiaohui Gu
2021 arXiv   pre-print
In this paper, we present TFix+, a self-configuring timeout bug fixing framework for automatically correcting two major kinds of timeout bugs (i.e., misused timeout bugs and missing timeout bugs) with  ...  TFix+ provides two new hybrid schemes for fixing misused and missing timeout bugs, respectively.  ...  ACKNOWLEDGMENTS This research is sponsored in part by NSF CNS1513942 grant, and NSF CNS1149445 grant.  ... 
arXiv:2110.04101v1 fatcat:bgnjrhmgzndvfc5bf3h77cghve

Analysis on English Speaking Performance: Exploring Students' Errors and The Causes

Dayat Dayat
2017 Journal Of Education, Teaching and Learning  
The data were analyzedby identifying the errors, grouping and tabulating into category codes.  ...  In collecting the data, video recordings were used to find errors and frequencies, while, focus group interview investigating factors of speaking errors.  ...  During the performance, the researcher recorded students' performance.Then, the researcher replayed the record while identifying, coding, and tabulating the errors.  ... 
doi:10.26737/jetl.v2i1.149 fatcat:gdx6uzumbbe7jnyeodcjdln75i

Secure Coding Practices in Java: Challenges and Vulnerabilities [article]

Na Meng, Stefan Nagy, Daphne Yao, Wenjie Zhuang, Gustavo Arango Argoty
2017 arXiv   pre-print
More interestingly, we identified security vulnerabilities in the suggested code of accepted answers.  ...  Prior research was focused on the misuse of cryptography and SSL APIs, but did not explore the key fundamental research question: what are the biggest challenges and vulnerabilities in secure coding practices  ...  We report new challenges on secure coding practices, such as complex security configurations in Spring security, poor error messages, and multilingual programs.  ... 
arXiv:1709.09970v1 fatcat:j4m3gjblinfermu737cpheaeum

Seven Pernicious Kingdoms: A Taxonomy of Software Security Errors

K. Tsipenyuk, B. Chess, G. McGraw
2005 IEEE Security and Privacy  
In fact, all of the errors included in our taxonomy are amenable to automatic identification using static source code analysis techniques.  ...  We provide an in-depth explanation and one or more code-level examples for each of the errors on a companion web site: http://vulncat.fortifysoftware.com.  ...  CONCLUSION We present a simple, intuitive taxonomy of common coding errors that affect security.  ... 
doi:10.1109/msp.2005.159 fatcat:tki47o33gvcy7j7okf4kwwlree

Use, disuse, and misuse of automated refactorings

Mohsen Vakilian, Nicholas Chen, Stas Negara, Balaji Ambresh Rajkumar, Brian P. Bailey, Ralph E. Johnson
2012 2012 34th International Conference on Software Engineering (ICSE)  
We have conducted a field study on programmers in their natural settings working on their code.  ...  The results of this work contribute to producing more effective tools for refactoring complex software.  ...  A main motivation of automated refactorings is to reduce the human burden and error in making complex changes to the source code.  ... 
doi:10.1109/icse.2012.6227190 dblp:conf/icse/VakilianCNRBJ12 fatcat:2hj5fat4ujfwrbdhqub7wh3vmi

Essential Activities for Secure Software Development

Mamdouh Alenezi, Sadiq Almuairf
2020 Zenodo  
Diverse types of software are used in almost all sectors of businesses in the modern world.  ...  Millions of resources are held in various software worldwide, cyber-attack criminals have made a career in breaching software security for selfish gains, thus necessitating the development and establishment  ...  They also help identify logic vulnerabilities that typically cannot be identified by automated static code analyzers.  ... 
doi:10.5281/zenodo.3742908 fatcat:tezbjio4ufgrffgmj4fglzcxki

Groundwater Solution Techniques: Environmental Applications

Sarva Mangala PRAVEENA, Mohd Harun ABDULLAH, Ahmad Zaharin ARIS, Kawi BIDIN
2010 Journal of Water Resource and Protection  
On the same hand, it acts as guide and reference to groundwater modeler, reduces the time spent in understanding the solution technique and complexity of groundwater models, as well as focus ways to address  ...  However, without a good understanding of a model, modeling studies are not well designed or the model does not represent the natural system which being modeled long term effects may results.  ...  Moreover, errors in numerical dispersion are hard to be identified as well as special codes are need for specific groundwater problems.  ... 
doi:10.4236/jwarp.2010.21002 fatcat:pbop6nth75chxpdkewue2rtwsm
« Previous Showing results 1 — 15 out of 35,133 results