This research examines industry-based dissertation research in a doctoralcomputing program through the lens of machine learning algorithms todetermine if natural language processing-based categorization on abstractsal...This research examines industry-based dissertation research in a doctoralcomputing program through the lens of machine learning algorithms todetermine if natural language processing-based categorization on abstractsalone is adequate for classification. This research categorizes dissertationby both their abstracts and by their full-text using the GraphLabCreate library from Apple’s Turi to identify if abstract analysis is anadequate measure of content categorization, which we found was not. Wealso compare the dissertation categorizations using IBM’s Watson Discoverydeep machine learning tool. Our research provides perspectiveson the practicality of the manual classification of technical documents;and, it provides insights into the: (1) categories of academic work createdby experienced fulltime working professionals in a Computing doctoralprogram, (2) viability and performance of automated categorization of theabstract analysis against the fulltext dissertation analysis, and (3) natuallanguage processing versus human manual text classification abstraction.展开更多
Many organizations,to save costs,are moving to the Bring Your Own Mobile Device(BYOD)model and adopting applications built by third-parties at an unprecedented rate.Our research examines software assurance methodologi...Many organizations,to save costs,are moving to the Bring Your Own Mobile Device(BYOD)model and adopting applications built by third-parties at an unprecedented rate.Our research examines software assurance methodologies specifically focusing on security analysis coverage of the program analysis for mobile malware detection,mitigation,and prevention.This research focuses on secure software development of Android applications by developing knowledge graphs for threats reported by the Open Web Application Security Project(OWASP).OWASP maintains lists of the top ten security threats to web and mobile applications.We develop knowledge graphs based on the two most recent top ten threat years and show how the knowledge graph relationships can be discovered in mobile application source code.We analyze 200+healthcare applications from GitHub to gain an understanding of their software assurance of their developed software for one of the OWASP top ten mobile threats,the threat of“Insecure Data Storage.”We find that many of the applications are storing personally identifying information(PII)in potentially vulnerable places leaving users exposed to higher risks for the loss of their sensitive data.展开更多
Mobile devices are being deployed rapidly for both private and professional reasons.One area of that has been growing is in releasing healthcare applications into the mobile marketplaces for health management.These ap...Mobile devices are being deployed rapidly for both private and professional reasons.One area of that has been growing is in releasing healthcare applications into the mobile marketplaces for health management.These applications help individuals track their own biorhythms and contain sensitive information.This case study examines the source code of mobile applications released to GitHub for the Risk of Insufficient Cryptography in the Top Ten Mobile Open Web Application Security Project risks.We first develop and justify a mobile OWASP Cryptographic knowledge-graph for detecting security weaknesses specific to mobile applications which can be extended to other domains involving cryptography.We then analyze the source code of 203 open source healthcare mobile applications and report on their usage of cryptography in the applications.Our findings show that none of the open source healthcare applications correctly applied cryptography in all elements of their applications.As humans adopt healthcare applications for managing their health routines,it is essential that they consider the privacy and security risks they are accepting when sharing their data.Furthermore,many open source applications and developers have certain environmental parameters which do not mandate adherence to regulations.In addition to creating new free tools for security risk identifications during software development such as standalone or compiler-embedded,the article suggests awareness and training modules for developers prior to marketplace software release.展开更多
文摘This research examines industry-based dissertation research in a doctoralcomputing program through the lens of machine learning algorithms todetermine if natural language processing-based categorization on abstractsalone is adequate for classification. This research categorizes dissertationby both their abstracts and by their full-text using the GraphLabCreate library from Apple’s Turi to identify if abstract analysis is anadequate measure of content categorization, which we found was not. Wealso compare the dissertation categorizations using IBM’s Watson Discoverydeep machine learning tool. Our research provides perspectiveson the practicality of the manual classification of technical documents;and, it provides insights into the: (1) categories of academic work createdby experienced fulltime working professionals in a Computing doctoralprogram, (2) viability and performance of automated categorization of theabstract analysis against the fulltext dissertation analysis, and (3) natuallanguage processing versus human manual text classification abstraction.
文摘Many organizations,to save costs,are moving to the Bring Your Own Mobile Device(BYOD)model and adopting applications built by third-parties at an unprecedented rate.Our research examines software assurance methodologies specifically focusing on security analysis coverage of the program analysis for mobile malware detection,mitigation,and prevention.This research focuses on secure software development of Android applications by developing knowledge graphs for threats reported by the Open Web Application Security Project(OWASP).OWASP maintains lists of the top ten security threats to web and mobile applications.We develop knowledge graphs based on the two most recent top ten threat years and show how the knowledge graph relationships can be discovered in mobile application source code.We analyze 200+healthcare applications from GitHub to gain an understanding of their software assurance of their developed software for one of the OWASP top ten mobile threats,the threat of“Insecure Data Storage.”We find that many of the applications are storing personally identifying information(PII)in potentially vulnerable places leaving users exposed to higher risks for the loss of their sensitive data.
文摘Mobile devices are being deployed rapidly for both private and professional reasons.One area of that has been growing is in releasing healthcare applications into the mobile marketplaces for health management.These applications help individuals track their own biorhythms and contain sensitive information.This case study examines the source code of mobile applications released to GitHub for the Risk of Insufficient Cryptography in the Top Ten Mobile Open Web Application Security Project risks.We first develop and justify a mobile OWASP Cryptographic knowledge-graph for detecting security weaknesses specific to mobile applications which can be extended to other domains involving cryptography.We then analyze the source code of 203 open source healthcare mobile applications and report on their usage of cryptography in the applications.Our findings show that none of the open source healthcare applications correctly applied cryptography in all elements of their applications.As humans adopt healthcare applications for managing their health routines,it is essential that they consider the privacy and security risks they are accepting when sharing their data.Furthermore,many open source applications and developers have certain environmental parameters which do not mandate adherence to regulations.In addition to creating new free tools for security risk identifications during software development such as standalone or compiler-embedded,the article suggests awareness and training modules for developers prior to marketplace software release.