Compliance analysis requires legal counsel but is generally unavailable in many software projects. Analysis of legal text using logic-based models can help developers understand requirements for the ...development and use of software-intensive systems throughout its lifecycle. We outline a practical modeling process for norms in legally binding agreements that include contractual rights and obligations. A computational norm model analyzes available rights and required duties based on the satisfiability of situations, a state of affairs, in a given scenario. Our method enables modular norm model extraction, representation, and reasoning. For norm extraction, using the theory of frame semantics, we construct two foundational norm templates for linguistic guidance. These templates correspond to Hohfeld’s concepts of claim-right and its jural correlative, duty. Each template instantiation results in a norm model, encapsulated in a modular unit which we call a super-situation that corresponds to an atomic fragment of law. For hierarchical modularity, super-situations contain a primary norm that participates in relationships with other norm models. Norm compliance values are logically derived from its related situations and propagated to the norm’s containing super-situation, which in turn participates in other super-situations. This modularity allows on-demand incremental modeling and reasoning using simpler model primitives than previous approaches. While we demonstrate the usefulness of our norm models through empirical studies with contractual statements in open source software and privacy domains, its grounding in theories of law and linguistics allows wide applicability.
Full text
Available for:
DOBA, EMUNI, FIS, FZAB, GEOZS, GIS, IJS, IMTLJ, IZUM, KILJ, KISLJ, MFDPS, NLZOH, NUK, OBVAL, OILJ, PILJ, PNG, SAZU, SBCE, SBJE, SBMB, SBNM, UILJ, UKNU, UL, UM, UPUK, VKSCE, ZAGLJ
Semantics-based Automated Web Testing Guo, Hai-Feng; Ouyang, Qing; Siy, Harvey
Electronic proceedings in theoretical computer science,
08/2015, Volume:
188, Issue:
Proc. WWV 2015
Journal Article
Open access
We present TAO, a software testing tool performing automated test and oracle generation based on a semantic approach. TAO entangles grammar-based test generation with automated semantics evaluation ...using a denotational semantics framework. We show how TAO can be incorporated with the Selenium automation tool for automated web testing, and how TAO can be further extended to support automated delta debugging, where a failing web test script can be systematically reduced based on grammar-directed strategies. A real-life parking website is adopted throughout the paper to demonstrate the effectivity of our semantics-based web testing approach.
To compare the sealability of femtosecond laser-constructed and manual clear corneal incisions (CCIs) in patients undergoing cataract surgery.
This prospective, randomized study included 62 eyes of ...62 patients with cataract grade 1 to 2 (LOCS scale). The patients were randomly assigned (1:1) for creation of either manual CCI (with a 2.4-mm keratome) or femtosecond laser-assisted CCI (LENSAR, Inc., Orlando, FL) (31 eyes in each group) before undergoing femtosecond laser-assisted cataract surgery. Wound sealability was assessed as grade 1, 2, or 3 (1: need to reform anterior chamber and hydrate wound at end of surgery; 2: need to reform anterior chamber only; 3: formed anterior chamber, no hydration or anterior chamber reformation necessary).
The nuclear sclerosis grade, cumulative dissipated energy and phacoemulsification time were comparable between the two groups. No complications were experienced in any of the patients. The mean wound sealability for the femtosecond laser group (2.35 ± 0.84) was statistically significantly better in comparison to the manual group (1.32 ± 0.65) (P < .001). At the end of the surgery, 22.6% (n = 7) of eyes in the femtosecond laser group needed reformation of the anterior chamber and hydration of the wound compared to 77.4% (n = 24) of eyes in the manual group. Conversely, 58.1% (n = 18) of eyes in the femtosecond laser group compared to 9.7% (n = 3) of eyes in the manual group were observed to have a formed anterior chamber.
Femtosecond laser-created CCIs had significantly better wound sealability compared to those created with a metal keratome. J Refract Surg. 2017;33(11):744-748..
Application Programming Interfaces (APIs) in cryptography typically impose concealed usage constraints. The violations of these usage constraints can lead to software crashes or security ...vulnerabilities. Several professional tools can detect these constraints (API misuses) in cryptography; however, in the educational programs, the focus has been less on helping students implement an application without cryptographic API misuses that are caused by either a lack of cryptographic knowledge or programming mistakes.
To address the problem, we present an intelligent tutoring approach SSDTutor for educating Secure Software Development. Our tutoring approach helps students or developers repair cryptographic API misuse defects by leveraging an automated program repair technique based on the usage patterns of cryptographic APIs. We studied the best practices of cryptographic implementations and encoded eight cryptographic API usage patterns. For quality feedback, we leverage a clone detection technique to recommend related feedback for helping students understand why their programs are incorrect, rather than blindly accepting repairs.
We evaluated SSDTutor on 456 open source subject projects implemented with cryptographic APIs. SSDTutor successfully detected 1,553 out of 1,573 misuse defects with 98.9% accuracy and repaired 1,551 out of 1,573 misuse defects with 99.3% accuracy. In a user study involving 22 students, the participants reported that interactive SSDTutor's feedback recommendation could be valuable for novice students to learn about the correct usages of cryptography APIs.
•An intelligent tutoring approach for educating secure software development.•An automated repair approach for cryptographic API misuse defects.•Eight cryptographic API usage patterns for the best practices of cryptographic implementations.•Quality feedback to understand why programs are incorrect, rather than blindly accepting repairs.
Full text
Available for:
GEOZS, IJS, IMTLJ, KILJ, KISLJ, NLZOH, NUK, OILJ, PNG, SAZU, SBCE, SBJE, UILJ, UL, UM, UPCLJ, UPUK, ZAGLJ, ZRSKP
We conducted a long term experiment to compare the costs and benefits of several different software inspection methods. These methods were applied by professional developers to a commercial software ...product they were creating. Because the laboratory for this experiment was a live development effort, we took special care to minimize cost and risk to the project, while maximizing our ability to gather useful data. The article has several goals: (1) to describe the experiment's design and show how we used simulation techniques to optimize it; (2) to present our results and discuss their implications for both software practitioners and researchers; and (3) to discuss several new questions raised by our findings. For each inspection, we randomly assigned three independent variables: (1) the number of reviewers on each inspection team (1, 2, or 4); (2) the number of teams inspecting the code unit (1 or 2); and (3) the requirement that defects be repaired between the first and second team's inspections. The reviewers for each inspection were randomly selected without replacement from a pool of 11 experienced software developers. The dependent variables for each inspection included inspection interval (elapsed time), total effort, and the defect detection rate. Our results showed that these treatments did not significantly influence the defect detection effectiveness, but that certain combinations of changes dramatically increased the inspection interval.
In a previous experiment, we determined how various changes in three structural elements of the software inspection process (team size and the number and sequencing of sessions) altered effectiveness ...and interval. Our results showed that such changes did not significantly influence the defect detection rate, but that certain combinations of changes dramatically increased the inspection interval. We also observed a large amount of unexplained variance in the data, indicating that other factors must be affecting inspection performance. The nature and extent of these other factors now have to be determined to ensure that they had not biased our earlier results. Also, identifying these other factors might suggest additional ways to improve the efficiency of inspections. Acting on the hypothesis that the “inputs” into the inspection process (reviewers, authors, and code units) were significant sources of variation, we modeled their effects on inspection performance. We found that they were responsible for much more variation in detect detection than was process structure. This leads us to conclude that better defect detection techniques, not better process structures, are the key to improving inspection effectiveness. The combined effects of process inputs and process structure on the inspection interval accounted for only a small percentage of the variance in inspection interval. Therefore, there must be other factors which need to be identified.
This paper is an attempt to understand the processes by which software ages. We define code to be aged or decayed if its structure makes it unnecessarily difficult to understand or change and we ...measure the extent of decay by counting the number of faults in code in a period of time. Using change management data from a very large, long-lived software system, we explore the extent to which measurements from the change history are successful in predicting the distribution over modules of these incidences of faults. In general, process measures based on the change history are more useful in predicting fault rates than product metrics of the code: For instance, the number of times code has been changed is a better indication of how many faults it will contain than is its length. We also compare the fault rates of code of various ages, finding that if a module is, on the average, a year older than an otherwise similar module, the older module will have roughly a third fewer faults. Our most successful model measures the fault potential of a module as the sum of contributions from all of the times the module has been changed, with large, recent changes receiving the most weight.
Unfortunately, at present, degenerative retinal diseases such as retinitis pigmentosa remains untreatable. Patients with these conditions suffer progressive visual decline resulting from continuing ...loss of photoreceptor cells and outer nuclear layers. However, stem cell therapy is a promising approach to restore visual function in eyes with degenerative retinal diseases such as retinitis pigmentosa. Animal studies have established that pluripotent stem cells when placed in the mouse retinitis pigmentosa models have the potential not only to survive, but also to differentiate, organize into and function as photoreceptor cells. Furthermore, there is early evidence that these transplanted cells provide improved visual function. These groundbreaking studies provide proof of concept that stem cell therapy is a viable method of visual rehabilitation among eyes with retinitis pigmentosa. Further studies are required to optimize these techniques in human application. This review focuses on stem cell therapy as a new approach for vision restitution in retinitis pigmentosa.