57 research outputs found
Summary of Search-based Crash Reproduction using Behavioral Model Seeding
This is an extended abstract of the article: Pouria Derakhshanfar, Xavier Devroey, Gilles Perrouin, Andy Zaidman and Arie van Deursen. 2019. Search-based crash reproduction using behavioural model seeding. In: Software Testing, Verification and Reliability (May 2020). http://doi.org/10.1002/stvr.1733.Software EngineeringSoftware Technolog
The ferric conundrum: which intravenous iron preparations are preferred for chronic kidney disease patients?
Implication for health policy/practice/research/medical education: It has been demonstrated that iron deposition in the kidney is a harbinger of poor prognosis, but it is not clear whether kidney failure/damage predisposes iron deposition, or iron deposition activates an oxidative cascade and causes kidney damage. Until this issue is clarified, it will be difficult to predict the risks or benefits of any iron infusion for chronic kidney disease. © 2022 The Author(s).Open access journalThis item from the UA Faculty Publications collection is made available by the University of Arizona with support from the University of Arizona Libraries. If you have questions, please contact us at [email protected]
Securing Python Supply Chain: Using Graph Theory for Vulnerability Prediction
The open-source Python ecosystem is a complex system whose community-driven nature creates significant software assurance challenges. This study develops a foundational, graph-theory-based technique for proactively predicting vulnerability in these critical supply chains. Modeling the Python Package Index (PyPI) as a directed graph of 411,056 packages, we evaluate how network centrality metrics, such as indegree, betweenness, and PageRank, serve as proxies for security risk. Our analysis demonstrates their significant power to predict both direct and indirect, dependency-propagated vulnerabilities. The results reveal how a few high-centrality nodes can cascade risk across thousands of downstream packages. This approach provides a scientific basis for ensuring system integrity, enabling new tools and practices to identify systemic weaknesses before exploits occur, and bridging the gap between collaborative innovation and robust cybersecurity
From Seaweed to Security: The Emergence of Alginate in Compromising IoT Fingerprint Sensors
The increasing integration of capacitive fingerprint recognition sensors in
IoT devices presents new challenges in digital forensics, particularly in the
context of advanced fingerprint spoofing. Previous research has highlighted the
effectiveness of materials such as latex and silicone in deceiving biometric
systems. In this study, we introduce Alginate, a biopolymer derived from brown
seaweed, as a novel material with the potential for spoofing IoT-specific
capacitive fingerprint sensors. Our research uses Alginate and cutting-edge
image recognition techniques to unveil a nuanced IoT vulnerability that raises
significant security and privacy concerns. Our proof-of-concept experiments
employed authentic fingerprint molds to create Alginate replicas, which
exhibited remarkable visual and tactile similarities to real fingerprints. The
conductivity and resistivity properties of Alginate, closely resembling human
skin, make it a subject of interest in the digital forensics field, especially
regarding its ability to spoof IoT device sensors. This study calls upon the
digital forensics community to develop advanced anti-spoofing strategies to
protect the evolving IoT infrastructure against such sophisticated threats
Bedömning av idegenererings- och problemlösningsmetoder för ingenjörsmässiga problem
An engineer can often face creativity blocks due to constraints put on a project, like manufacturing limitations, time and cost. To support the engineers, ideation methods were developed such as TRIZ and SCAMPER to boost creativity in these contexts. Another ideation tool that has proven to be useful is artificial intelligence (AI). But these methods' effectiveness in engineering tasks is unclear. This thesis compares TRIZ, SCAMPER and AI as ideation tools when applied for engineering tasks. The conventional methods, TRIZ and SCAMPER, are put to test through individual ideation sessions and has 12 engineering students and 6 non-engineers participating as test subjects. Using an AI as an ideation tool was also tested but by the author only. All AI agents and human participants worked on the same design problem, with half of the human participants using TRIZ, the other half using SCAMPER and AI used by the author. Each idea was given an evaluation score and each method an average score for comparison. SCAMPER achieved a higher overall mean score (5.8) when compared to only TRIZ (4.3). But this was driven mainly by superior ratings in helpfulness and ease of use. While TRIZ produced slightly more unique ideas, participants engaged with SCAMPER more readily. The results suggest that between TRIZ and SCAMPER, SCAMPER is the superior choice for quickly learning and applying an ideation method when used for individual ideation for engineering tasks. But when compared with the results from the ideation with an AI, it was clear that neither TRIZ or SCAMPER could outperform this ideation tool. With an idea-quantity score of 9.4 compared to the 2.7 of the conventional methods and an idea-uniqueness score of 7 compared to TRIZ and SCAMPER which got 5.3 and 4.7 respectively, AI has proven to be the most useful ideation tool
It is not Only About Control Dependent Nodes: Basic Block Coverage for Search-Based Crash Reproduction
Search-based techniques have been widely used for white-box test generation. Many of these approaches rely on the approach level and branch distance heuristics to guide the search process and generate test cases with high line and branch coverage. Despite the positive results achieved by these two heuristics, they only use the information related to the coverage of explicit branches (e.g., indicated by conditional and loop statements), but ignore potential implicit branchings within basic blocks of code. If such implicit branching happens at runtime (e.g., if an exception is thrown in a branchless-method), the existing fitness functions cannot guide the search process. To address this issue, we introduce a new secondary objective, called Basic Block Coverage (BBC), which takes into account the coverage level of relevant basic blocks in the control flow graph. We evaluated the impact of BBC on search-based crash reproduction because the implicit branches commonly occur when trying to reproduce a crash, and the search process needs to cover only a few basic blocks (i.e., blocks that are executed before crash happening). We combined BBC with existing fitness functions (namely STDistance and WeightedSum) and ran our evaluation on 124 hard-to-reproduce crashes. Our results show that BBC, in combination with STDistance and WeightedSum, reproduces 6 and 1 new crashes, respectively. BBC significantly decreases the time required to reproduce 26.6% and 13.7% of the crashes using STDistance and WeightedSum, respectively. For these crashes, BBC reduces the consumed time by 44.3% (for STDistance) and 40.6% (for WeightedSum) on average.Green Open Access added to TU Delft Institutional Repository ‘You share, we take care!’ – Taverne project https://www.openaccess.nl/en/you-share-we-take-care Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public.Software Engineerin
The application of fuzzy logic in CNC programming
The complex and very elaborate mechanism of the human brain that helps him control phenomena and analyse problems, has been the model for the design and structure of most control systems. The two main human advantages in controlling systems are: the access to a flexible data base (which is the data stored in the brain) and the ability to quickly modify and verify it; and the capability of combining different pieces of information obtained through the senses. Hence, the increasing use of intelligent knowledge-base systems is an effort towards externalising the first capability, and the ongoing research on combining information is an effort towards externalising the second.In achieving this, the application and combination of different intelligent systems, like Neural Networks, Fuzzy Systems and Evolutionary Algorithms for controlling systems have been widely considered. The advantage of these systems is the option of benefiting from the learning capabilities. Each of these intelligent systems normally have modifiable parameters that change with learning. In this thesis, the two learning methods of "off line learning" and "on line learning" have been discussed and analysed. The first method that has been developed by the author [2] uses the numerical data off line to generate the data base for a fuzzy controller. In this method, the data base is generated using the numerical data obtained from controlled dynamics. The second method is the self-organised method in which the fuzzy controller can generate the suitable data base for controlling a system while controlling it. These methods are then used to design the controller that move the axes/controls the primary movers of a Computerised Numerically Controlled (CNC) machine.In addition to implementing the above mentioned algorithms, two further applications for CNC machines are presented, namely: (1) Controlling the metal removal rate; (2) Combination of different information from various sensors.There has been a lot of research on combining information, and many theories have been presented [18] to [21]. Some of these theories are later discussed, and in the end the author presents a method in using the fuzzy logic in combining sensor information
Unit test generation for common and uncommon behaviors
Various search-based test generation techniques have been proposed to automate the process of test generation to fulfill different criteria (e.g., line coverage, branch coverage, mutation score, etc.). Despite these techniques' undeniable accomplishments, they still suffer from a lack of guidance coming from the data gathered from the production phase, which makes the generation of complex test cases harder for the search process. Hence, previous studies introduced many strategies (such as dynamic symbolic execution or seeding) to address this issue. However, the test cases created by these techniques cannot assure the full coverage of the execution paths in software under test. Therefore, this thesis introduces common and uncommon behavior test generation (CUBTG) for search-based unit test generation. CUBTG uses the concept of commonality score, which is a measure of how close an execution path of a generated test case is from reproducing the same common and uncommon execution patterns observed during the real-world usage of the software. To evaluate the performance of CUBTG, we implemented it in EvoSuite and evaluated it on 150 classes from JabRef, an open-source application for managing bibliography references. We found that CUBTG managed to cover more common behaviors than plain MOSA in 75% of the cases, and more uncommon behaviors in 60% of the cases. In up to 10% of the cases CUBTG managed to find more mutants seeded by PIT by using method sequences that plain MOSA did not find.Computer Scienc
Fit2Crash: Specialising Fitness Functions for Crash Reproduction
Software applications inevitably crash, and it is time-consuming to recreate the crash conditions for debugging. Recently, researchers have developed frameworks relying on genetic algorithms, e.g. Botsing, for automated crash reproduction. However, the existing approaches process exceptions of different types as if they were the same. In this thesis, we study how the four most common types of Java exceptions are thrown and define specialised fitness functions for them. We have extended Botsing and carried out an evaluation against 52 real-world crashes from seven various open-source software applications. Our results show that our proposed fitness functions influence both the effectiveness and efficiency, negatively or positively depending on the type of the target exception. This thesis demonstrates how tailoring the fitness functions according to the exception type can improve search-based crash reproduction.STAMP-project | BotsingComputer Scienc
Automated crash fault localization
Debugging application crashes is an expensive and time-taking process, relying on the developer’s expertise, and requiring knowledge about the system. Over the years, the research community has developed several automated approaches to ease debugging. Among those approaches, search-based crash reproduction, which tries to generate a test case capable of reproducing a given crash to make it observable to the developers, solely based on the stack trace included in the crash report. We believe that this makes crash reproduction the perfect candidate to achieve end-to-end crash fault localization. In this thesis, we explore and empirically evaluate the usage of search-based crash reproduction combined with spectrum-based fault localization on 50 real-world crashes. Starting from a crash report, we generate crash-reproducing test cases and use them in conjunction with the existing or an automatically generated unit test suite as input for spectrum-based fault localization. Our results show that, although, hand-written test cases remain the most efficient in the general scenario, automatically generated crash-reproducing test cases still reduce the number of statements to be investigated by developers. Additionally, when considering the best-case scenario where only crash-reproducing test cases covering the fault are evaluated, we observe no statistically significant difference between the accuracy of fault localization when using hand-written or automatically generated test cases. Our results confirm the feasibility of end-to-end automated crash fault localization. The results also identify new challenges for both automated test case generation and fault localization, as well as when they are combined.Computer Scienc
- …
