Considering the escalating frequency and sophistication of cyber threats targeting web applications, this paper proposes the development of an automated web security analysis tool to address the accessibility gap for ...Considering the escalating frequency and sophistication of cyber threats targeting web applications, this paper proposes the development of an automated web security analysis tool to address the accessibility gap for non-security professionals. This paper presents the design and implementation of an automated web security analysis tool, AWSAT, aimed at enabling individuals with limited security expertise to effectively assess and mitigate vulnerabilities in web applications. Leveraging advanced scanning techniques, the tool identifies common threats such as Cross-Site Scripting (XSS), SQL Injection, and Cross-Site Request Forgery (CSRF), providing detailed reports with actionable insights. By integrating sample payloads and reference study links, the tool facilitates informed decision-making in enhancing the security posture of web applications. Through its user-friendly interface and robust functionality, the tool aims to democratize web security practices, empowering a wider audience to proactively safeguard against cyber threats.展开更多
A Linear CCD (change coupled device)automated measurement system and the stress analysis methods are presented in the present paper.The skeleton and the ordersof photoelastic fringes can be acquired rapidly,precisely ...A Linear CCD (change coupled device)automated measurement system and the stress analysis methods are presented in the present paper.The skeleton and the ordersof photoelastic fringes can be acquired rapidly,precisely and in real time by the sy-stem.The automatic stress analysis methods in the paper only uses a small amount ofknown data to analyze the stress precisely.展开更多
BACKGROUND Digital pathology image(DPI)analysis has been developed by machine learning(ML)techniques.However,little attention has been paid to the reproducibility of ML-based histological classification in heterochron...BACKGROUND Digital pathology image(DPI)analysis has been developed by machine learning(ML)techniques.However,little attention has been paid to the reproducibility of ML-based histological classification in heterochronously obtained DPIs of the same hematoxylin and eosin(HE)slide.AIM To elucidate the frequency and preventable causes of discordant classification results of DPI analysis using ML for the heterochronously obtained DPIs.METHODS We created paired DPIs by scanning 298 HE stained slides containing 584 tissues twice with a virtual slide scanner.The paired DPIs were analyzed by our MLaided classification model.We defined non-flipped and flipped groups as the paired DPIs with concordant and discordant classification results,respectively.We compared differences in color and blur between the non-flipped and flipped groups by L1-norm and a blur index,respectively.RESULTS We observed discordant classification results in 23.1%of the paired DPIs obtained by two independent scans of the same microscope slide.We detected no significant difference in the L1-norm of each color channel between the two groups;however,the flipped group showed a significantly higher blur index than the non-flipped group.CONCLUSION Our results suggest that differences in the blur-not the color-of the paired DPIs may cause discordant classification results.An ML-aided classification model for DPI should be tested for this potential cause of the reduced reproducibility of the model.In a future study,a slide scanner and/or a preprocessing method of minimizing DPI blur should be developed.展开更多
Smart contracts running on public blockchains are permissionless and decentralized,attracting both developers and malicious participants.Ethereum,the world’s largest decentralized application platform on which more t...Smart contracts running on public blockchains are permissionless and decentralized,attracting both developers and malicious participants.Ethereum,the world’s largest decentralized application platform on which more than 40 million smart contracts are running,is frequently challenged by smart contract vulnerabilities.What’s worse,since the homogeneity of a wide range of smart contracts and the increase in inter-contract dependencies,a vulnerability in a certain smart contract could affect a large number of other contracts in Ethereum.However,little is known about how vulnerable contracts affect other on-chain contracts and which contracts can be affected.Thus,we first present the contract dependency graph(CDG)to perform a vulnerability analysis for Ethereum smart contracts,where CDG characterizes inter-contract dependencies formed by DELEGATECALL-type internal transaction in Ethereum.Then,three generic definitions of security violations against CDG are given for finding respective potential victim contracts affected by different types of vulnerable contracts.Further,we construct the CDG with 195,247 smart contracts active in the latest blocks of the Ethereum and verify the above security violations against CDG by detecting three representative known vulnerabilities.Compared to previous large-scale vulnerability analysis,our analysis scheme marks potential victim contracts that can be affected by different types of vulnerable contracts,and identify their possible risks based on the type of security violation actually occurring.The analysis results show that the proportion of potential victim contracts reaches 14.7%,far more than that of corresponding vulnerable contracts(less than 0.02%)in CDG.展开更多
With the advent of the fourth industrial revolution,the construction industry has undergone a paradigm shift.The smart construction technology market is expected to grow 12%annually in developed countries due to advan...With the advent of the fourth industrial revolution,the construction industry has undergone a paradigm shift.The smart construction technology market is expected to grow 12%annually in developed countries due to advanced technology investments.It is expected that businesses requiring highly sophisticated technology,for instance companies that need their old facilities upgraded,will become the main focus of the market.As building information modeling(BIM)design is becoming mandatory,such as in the Korea Public Procurement Service,researches regarding building automation,construction,and operation integration management systems based on BIM are conducted.In addition,for construction projects of over 10 billion won,design value engineering(Design VE)implementation,including life cycle cost(LCC)analysis,is mandatory at the design stage to improve quality and reduce the lifetime costs of buildings.In this study,we propose an improvement plan for LCC analysis at the design stage using the KBIMS library,which is an open BIM library developed by the Korean government and research groups.We analyze the existing LCC method,KBIMS library,and attribute information,and model the process that is applied in the LCC analysis system.This is expected to complement the LCC analysis system and improve work productivity.展开更多
A method using quantifier-elimination is proposed for automatically generating program invariants/inductive assertions. Given a program, inductive assertions, hypothesized as parameterized formulas in a theory, are as...A method using quantifier-elimination is proposed for automatically generating program invariants/inductive assertions. Given a program, inductive assertions, hypothesized as parameterized formulas in a theory, are associated with program locations. Parameters in inductive assertions are discovered by generating constraints on parameters by ensuring that an inductive assertion is indeed preserved by all execution paths leading to the associated location of the program. The method can be used to discover loop invariants-properties of variables that remain invariant at the entry of a loop. The parameterized formula can be successively refined by considering execution paths one by one; heuristics can be developed for determining the order in which the paths are considered. Initialization of program variables as well as the precondition and postcondition, if available, can also be used to further refine the hypothesized invariant. The method does not depend on the availability of the precondition and postcondition of a program. Constraints on parameters generated in this way are solved for possible values of parameters. If no solution is possible, this means that an invariant of the hypothesized form is not likely to exist for the loop under the assumptions/approximations made to generate the associated verification condition. Otherwise, if the parametric constraints are solvable, then under certain conditions on methods for generating these constraints, the strongest possible invariant of the hypothesized form can be generated from most general solutions of the parametric constraints. The approach is illustrated using the logical languages of conjunction of polynomial equations as well as Presburger arithmetic for expressing assertions.展开更多
Many existing warning prioritization techniques seek to reorder the static analysis warnings such that true positives are provided first. However, excessive amount of time is required therein to investigate and fix pr...Many existing warning prioritization techniques seek to reorder the static analysis warnings such that true positives are provided first. However, excessive amount of time is required therein to investigate and fix prioritized warnings because some are not actually true positives or are irrelevant to the code context and topic. In this paper, we propose a warning prioritization technique that reflects various latent topics from bug-related code blocks. Our main aim is to build a prioritization model that comprises separate warning priorities depending on the topic of the change sets to identify the number of true positive warnings. For the performance evaluation of the proposed model, we employ a performance metric called warning detection rate, widely used in many warning prioritization studies, and compare the proposed model with other competitive techniques. Additionally, the effectiveness of our model is verified via the application of our technique to eight industrial projects of a real global company.展开更多
This paper proposes a wireframe model-based method for automated internal design. The method is used to extract geometric structure of an internal wireframe model and find out all loop structures of furniture models. ...This paper proposes a wireframe model-based method for automated internal design. The method is used to extract geometric structure of an internal wireframe model and find out all loop structures of furniture models. The wireframe models are classified as the multiple independent sub-models according to the geometric structure by statistical analysis. The corresponding models are selected from a 3D model database to build an internal scene based on characteristic points of furniture wireframe models. In the experiments 3D database via manually selected 268 3D furniture models from Google 3D warehouse is built up. The experiments show that the method can construct 3D scenes in 1.1×103 ms. This method costs less time compared with traditional hierarchical method and depth-sensing camera method in the same experimental conditions. The method can be also used for 3D visualization either with complex backgrounds.展开更多
文摘Considering the escalating frequency and sophistication of cyber threats targeting web applications, this paper proposes the development of an automated web security analysis tool to address the accessibility gap for non-security professionals. This paper presents the design and implementation of an automated web security analysis tool, AWSAT, aimed at enabling individuals with limited security expertise to effectively assess and mitigate vulnerabilities in web applications. Leveraging advanced scanning techniques, the tool identifies common threats such as Cross-Site Scripting (XSS), SQL Injection, and Cross-Site Request Forgery (CSRF), providing detailed reports with actionable insights. By integrating sample payloads and reference study links, the tool facilitates informed decision-making in enhancing the security posture of web applications. Through its user-friendly interface and robust functionality, the tool aims to democratize web security practices, empowering a wider audience to proactively safeguard against cyber threats.
文摘A Linear CCD (change coupled device)automated measurement system and the stress analysis methods are presented in the present paper.The skeleton and the ordersof photoelastic fringes can be acquired rapidly,precisely and in real time by the sy-stem.The automatic stress analysis methods in the paper only uses a small amount ofknown data to analyze the stress precisely.
文摘BACKGROUND Digital pathology image(DPI)analysis has been developed by machine learning(ML)techniques.However,little attention has been paid to the reproducibility of ML-based histological classification in heterochronously obtained DPIs of the same hematoxylin and eosin(HE)slide.AIM To elucidate the frequency and preventable causes of discordant classification results of DPI analysis using ML for the heterochronously obtained DPIs.METHODS We created paired DPIs by scanning 298 HE stained slides containing 584 tissues twice with a virtual slide scanner.The paired DPIs were analyzed by our MLaided classification model.We defined non-flipped and flipped groups as the paired DPIs with concordant and discordant classification results,respectively.We compared differences in color and blur between the non-flipped and flipped groups by L1-norm and a blur index,respectively.RESULTS We observed discordant classification results in 23.1%of the paired DPIs obtained by two independent scans of the same microscope slide.We detected no significant difference in the L1-norm of each color channel between the two groups;however,the flipped group showed a significantly higher blur index than the non-flipped group.CONCLUSION Our results suggest that differences in the blur-not the color-of the paired DPIs may cause discordant classification results.An ML-aided classification model for DPI should be tested for this potential cause of the reduced reproducibility of the model.In a future study,a slide scanner and/or a preprocessing method of minimizing DPI blur should be developed.
基金supported by the Key R and D Programs of Zhejiang Province under Grant No.2022C01018the Natural Science Foundation of Zhejiang Province under Grant No.LQ20F020019.
文摘Smart contracts running on public blockchains are permissionless and decentralized,attracting both developers and malicious participants.Ethereum,the world’s largest decentralized application platform on which more than 40 million smart contracts are running,is frequently challenged by smart contract vulnerabilities.What’s worse,since the homogeneity of a wide range of smart contracts and the increase in inter-contract dependencies,a vulnerability in a certain smart contract could affect a large number of other contracts in Ethereum.However,little is known about how vulnerable contracts affect other on-chain contracts and which contracts can be affected.Thus,we first present the contract dependency graph(CDG)to perform a vulnerability analysis for Ethereum smart contracts,where CDG characterizes inter-contract dependencies formed by DELEGATECALL-type internal transaction in Ethereum.Then,three generic definitions of security violations against CDG are given for finding respective potential victim contracts affected by different types of vulnerable contracts.Further,we construct the CDG with 195,247 smart contracts active in the latest blocks of the Ethereum and verify the above security violations against CDG by detecting three representative known vulnerabilities.Compared to previous large-scale vulnerability analysis,our analysis scheme marks potential victim contracts that can be affected by different types of vulnerable contracts,and identify their possible risks based on the type of security violation actually occurring.The analysis results show that the proportion of potential victim contracts reaches 14.7%,far more than that of corresponding vulnerable contracts(less than 0.02%)in CDG.
文摘With the advent of the fourth industrial revolution,the construction industry has undergone a paradigm shift.The smart construction technology market is expected to grow 12%annually in developed countries due to advanced technology investments.It is expected that businesses requiring highly sophisticated technology,for instance companies that need their old facilities upgraded,will become the main focus of the market.As building information modeling(BIM)design is becoming mandatory,such as in the Korea Public Procurement Service,researches regarding building automation,construction,and operation integration management systems based on BIM are conducted.In addition,for construction projects of over 10 billion won,design value engineering(Design VE)implementation,including life cycle cost(LCC)analysis,is mandatory at the design stage to improve quality and reduce the lifetime costs of buildings.In this study,we propose an improvement plan for LCC analysis at the design stage using the KBIMS library,which is an open BIM library developed by the Korean government and research groups.We analyze the existing LCC method,KBIMS library,and attribute information,and model the process that is applied in the LCC analysis system.This is expected to complement the LCC analysis system and improve work productivity.
基金This research was partially supported by an National Science Foundation(NSF)Information Technology Research(ITR)award CCR-0113611an NSF award CCR-0203051.
文摘A method using quantifier-elimination is proposed for automatically generating program invariants/inductive assertions. Given a program, inductive assertions, hypothesized as parameterized formulas in a theory, are associated with program locations. Parameters in inductive assertions are discovered by generating constraints on parameters by ensuring that an inductive assertion is indeed preserved by all execution paths leading to the associated location of the program. The method can be used to discover loop invariants-properties of variables that remain invariant at the entry of a loop. The parameterized formula can be successively refined by considering execution paths one by one; heuristics can be developed for determining the order in which the paths are considered. Initialization of program variables as well as the precondition and postcondition, if available, can also be used to further refine the hypothesized invariant. The method does not depend on the availability of the precondition and postcondition of a program. Constraints on parameters generated in this way are solved for possible values of parameters. If no solution is possible, this means that an invariant of the hypothesized form is not likely to exist for the loop under the assumptions/approximations made to generate the associated verification condition. Otherwise, if the parametric constraints are solvable, then under certain conditions on methods for generating these constraints, the strongest possible invariant of the hypothesized form can be generated from most general solutions of the parametric constraints. The approach is illustrated using the logical languages of conjunction of polynomial equations as well as Presburger arithmetic for expressing assertions.
基金The research was supported by Basic Science Research Program through the National Research Foundation of Korea(NRF)funded by the Ministry of Science,ICT&Future Planning under Grant No.NRF-2019R1A2C2084158Samsung Electronics Co.Ltd.
文摘Many existing warning prioritization techniques seek to reorder the static analysis warnings such that true positives are provided first. However, excessive amount of time is required therein to investigate and fix prioritized warnings because some are not actually true positives or are irrelevant to the code context and topic. In this paper, we propose a warning prioritization technique that reflects various latent topics from bug-related code blocks. Our main aim is to build a prioritization model that comprises separate warning priorities depending on the topic of the change sets to identify the number of true positive warnings. For the performance evaluation of the proposed model, we employ a performance metric called warning detection rate, widely used in many warning prioritization studies, and compare the proposed model with other competitive techniques. Additionally, the effectiveness of our model is verified via the application of our technique to eight industrial projects of a real global company.
基金Suppported by the National Natural Science Foundation of China(61303214)
文摘This paper proposes a wireframe model-based method for automated internal design. The method is used to extract geometric structure of an internal wireframe model and find out all loop structures of furniture models. The wireframe models are classified as the multiple independent sub-models according to the geometric structure by statistical analysis. The corresponding models are selected from a 3D model database to build an internal scene based on characteristic points of furniture wireframe models. In the experiments 3D database via manually selected 268 3D furniture models from Google 3D warehouse is built up. The experiments show that the method can construct 3D scenes in 1.1×103 ms. This method costs less time compared with traditional hierarchical method and depth-sensing camera method in the same experimental conditions. The method can be also used for 3D visualization either with complex backgrounds.