Visible to the public Biblio

Filters: First Letter Of Title is N  [Clear All Filters]
2017-10-09
Karthik Sheshadari, Nirav Ajmeri, Jessica Staddon.  2017.  No (Privacy) News is Good News: An Analysis of New York Times and Guardian Privacy News from 2010 to 2016. Proceedings of 15th Annual Conference on Privacy, Security and Trust (PST). :1-12.
2017-01-10
Jonathan Aldrich, Alex Potanin.  2016.  Naturally Embedded DSLs. Systems, Programming, Languages and Applications: Software for Humanity (SPLASH) .

Domain-specific languages can be embedded in a variety of ways within a host language. The choice of embedding approach entails significant tradeoffs in the usability of the embedded DSL. We argue embedding DSLs \textit{naturally} within the host language results in the best experience for end users of the DSL. A \textit{naturally embedded DSL} is one that uses natural syntax, static semantics, and dynamic semantics for the DSL, all of which may differ from the host language. Furthermore, it must be possible to use DSLs together naturally - meaning that different DSLs cannot conflict, and the programmer can easily tell which code is written in which language.

2016-10-04
Ozgur Kafali, Nirav Ajmeri, Munindar P. Singh.  2016.  Normative Requirements in Sociotechnical Systems. Proceedings of the 9th International Workshop on Requirements Engineering and Law (RELAW). :259-260.
2016-06-17
Ozgur Kafali, Munindar P. Singh, Laurie Williams.  2016.  Nane: Identifying Misuse Cases Using Temporal Norm Enactments. 24th IEEE International Requirements Engineering Conference.

Recent data breaches in domains such as healthcare, where confidentiality of data is crucial, indicate that misuse cases often originate from user errors rather than vulnerabilities in the technical (software or hardware) architecture. Current requirements engineering (RE) approaches determine what access control mechanisms are needed to protect sensitive resources. However, current RE approaches inadequately characterize how a user is expected to interact with others in relation to the relevant resources. Consequently, a requirements analyst cannot readily identify the vulnerabilities based on user interactions. We adopt social norms as a natural, formal means of characterizing user interactions wherein potential misuses map to norm violations. Our research goal is to help analysts identify misuse cases by systematically generating potential temporal enactments that violate formally stated social norms. We propose Nane: a formal framework for identifying misuse cases from norm enactments. We represent misuse cases formally, and propose a semiautomated process for identifying misuse cases based on norm enactments. We show that our process is sound and complete with respect to the stated norms. We discuss the expressiveness of our representation, and demonstrate how Nane enables monitoring of misuse cases via temporal reasoning.

2015-10-11
Subramani, Shweta, Vouk, Mladen A., Williams, Laurie.  2013.  Non-Operational Testing of Software for Security Issues. ISSRE 2013. :pp21-22.

We have been studying extension of the classical Software Reliability Engineering (SRE) methodology into the security space. We combine “classical” reliability modeling, when applied to reported vulnerabilities found under “normal” operational profile conditions, with safety oriented fault management processes. We illustrate with open source Fedora software.

Our initial results appear to indicate that generation of a repeatable automated test-strategy that would explicitly cover the “top 25” security problems may help considerably – eliminating perhaps as much as 50% of the field observable problems. However, genuine aleatoric and more process oriented incomplete analysis and design flaws remain. While we have made some progress in identifying focus areas, a number of questions remain, and we continue working on them.