Design & Test of an Advanced Web Security Analysis Tool (AWSAT)

Considering the escalating frequency and sophistication of cyber threats targeting web applications, this paper proposes the development of an automated web security analysis tool to address the accessibility gap for non-security professionals. This paper presents the design and implementation of an automated web security analysis tool, AWSAT, aimed at enabling individuals with limited security expertise to effectively assess and mitigate vulnerabilities in web applications. Leveraging advanced scanning techniques, the tool identifies common threats such as Cross-Site Scripting (XSS), SQL Injection, and Cross-Site Request Forgery (CSRF), providing detailed reports with actionable insights. By integrating sample payloads and reference study links, the tool facilitates informed decision-making in enhancing the security posture of web applications. Through its user-friendly interface and robust functionality, the tool aims to democratize web security practices, empowering a wider audience to proactively safeguard against cyber threats.

CCD Automated Polariscope System and the Stress Analysis Methods

A Linear CCD (change coupled device)automated measurement system and the stress analysis methods are presented in the present paper.The skeleton and the ordersof photoelastic fringes can be acquired rapidly,precisely and in real time by the sy-stem.The automatic stress analysis methods in the paper only uses a small amount ofknown data to analyze the stress precisely.

Impact of blurs on machine-learning aided digital pathology image analysis

BACKGROUND Digital pathology image(DPI)analysis has been developed by machine learning(ML)techniques.However,little attention has been paid to the reproducibility of ML-based histological classification in heterochronously obtained DPIs of the same hematoxylin and eosin(HE)slide.AIM To elucidate the frequency and preventable causes of discordant classification results of DPI analysis using ML for the heterochronously obtained DPIs.METHODS We created paired DPIs by scanning 298 HE stained slides containing 584 tissues twice with a virtual slide scanner.The paired DPIs were analyzed by our MLaided classification model.We defined non-flipped and flipped groups as the paired DPIs with concordant and discordant classification results,respectively.We compared differences in color and blur between the non-flipped and flipped groups by L1-norm and a blur index,respectively.RESULTS We observed discordant classification results in 23.1%of the paired DPIs obtained by two independent scans of the same microscope slide.We detected no significant difference in the L1-norm of each color channel between the two groups;however,the flipped group showed a significantly higher blur index than the non-flipped group.CONCLUSION Our results suggest that differences in the blur-not the color-of the paired DPIs may cause discordant classification results.An ML-aided classification model for DPI should be tested for this potential cause of the reduced reproducibility of the model.In a future study,a slide scanner and/or a preprocessing method of minimizing DPI blur should be developed.

Analyzing Ethereum Smart Contract Vulnerabilities at Scale Based on Inter-Contract Dependency

Smart contracts running on public blockchains are permissionless and decentralized,attracting both developers and malicious participants.Ethereum,the world’s largest decentralized application platform on which more than 40 million smart contracts are running,is frequently challenged by smart contract vulnerabilities.What’s worse,since the homogeneity of a wide range of smart contracts and the increase in inter-contract dependencies,a vulnerability in a certain smart contract could affect a large number of other contracts in Ethereum.However,little is known about how vulnerable contracts affect other on-chain contracts and which contracts can be affected.Thus,we first present the contract dependency graph(CDG)to perform a vulnerability analysis for Ethereum smart contracts,where CDG characterizes inter-contract dependencies formed by DELEGATECALL-type internal transaction in Ethereum.Then,three generic definitions of security violations against CDG are given for finding respective potential victim contracts affected by different types of vulnerable contracts.Further,we construct the CDG with 195,247 smart contracts active in the latest blocks of the Ethereum and verify the above security violations against CDG by detecting three representative known vulnerabilities.Compared to previous large-scale vulnerability analysis,our analysis scheme marks potential victim contracts that can be affected by different types of vulnerable contracts,and identify their possible risks based on the type of security violation actually occurring.The analysis results show that the proportion of potential victim contracts reaches 14.7%,far more than that of corresponding vulnerable contracts(less than 0.02%)in CDG.

Improvement of the Life Cycle Costing Method in DesignStage Using KBIMS Library

With the advent of the fourth industrial revolution,the construction industry has undergone a paradigm shift.The smart construction technology market is expected to grow 12%annually in developed countries due to advanced technology investments.It is expected that businesses requiring highly sophisticated technology,for instance companies that need their old facilities upgraded,will become the main focus of the market.As building information modeling(BIM)design is becoming mandatory,such as in the Korea Public Procurement Service,researches regarding building automation,construction,and operation integration management systems based on BIM are conducted.In addition,for construction projects of over 10 billion won,design value engineering(Design VE)implementation,including life cycle cost(LCC)analysis,is mandatory at the design stage to improve quality and reduce the lifetime costs of buildings.In this study,we propose an improvement plan for LCC analysis at the design stage using the KBIMS library,which is an open BIM library developed by the Korean government and research groups.We analyze the existing LCC method,KBIMS library,and attribute information,and model the process that is applied in the LCC analysis system.This is expected to complement the LCC analysis system and improve work productivity.

A Wireframe Model-Based Method for Automated Internal Design

This paper proposes a wireframe model-based method for automated internal design. The method is used to extract geometric structure of an internal wireframe model and find out all loop structures of furniture models. The wireframe models are classified as the multiple independent sub-models according to the geometric structure by statistical analysis. The corresponding models are selected from a 3D model database to build an internal scene based on characteristic points of furniture wireframe models. In the experiments 3D database via manually selected 268 3D furniture models from Google 3D warehouse is built up. The experiments show that the method can construct 3D scenes in 1.1×103 ms. This method costs less time compared with traditional hierarchical method and depth-sensing camera method in the same experimental conditions. The method can be also used for 3D visualization either with complex backgrounds.

A QUANTIFIER-ELIMINATION BASED HEURISTIC FOR AUTOMATICALLY GENERATING INDUCTIVE ASSERTIONS FOR PROGRAMS

A method using quantifier-elimination is proposed for automatically generating program invariants/inductive assertions. Given a program, inductive assertions, hypothesized as parameterized formulas in a theory, are associated with program locations. Parameters in inductive assertions are discovered by generating constraints on parameters by ensuring that an inductive assertion is indeed preserved by all execution paths leading to the associated location of the program. The method can be used to discover loop invariants-properties of variables that remain invariant at the entry of a loop. The parameterized formula can be successively refined by considering execution paths one by one; heuristics can be developed for determining the order in which the paths are considered. Initialization of program variables as well as the precondition and postcondition, if available, can also be used to further refine the hypothesized invariant. The method does not depend on the availability of the precondition and postcondition of a program. Constraints on parameters generated in this way are solved for possible values of parameters. If no solution is possible, this means that an invariant of the hypothesized form is not likely to exist for the loop under the assumptions/approximations made to generate the associated verification condition. Otherwise, if the parametric constraints are solvable, then under certain conditions on methods for generating these constraints, the strongest possible invariant of the hypothesized form can be generated from most general solutions of the parametric constraints. The approach is illustrated using the logical languages of conjunction of polynomial equations as well as Presburger arithmetic for expressing assertions.

Topic Modeling Based Warning Prioritization from Change Sets of Software Repository

Many existing warning prioritization techniques seek to reorder the static analysis warnings such that true positives are provided first. However, excessive amount of time is required therein to investigate and fix prioritized warnings because some are not actually true positives or are irrelevant to the code context and topic. In this paper, we propose a warning prioritization technique that reflects various latent topics from bug-related code blocks. Our main aim is to build a prioritization model that comprises separate warning priorities depending on the topic of the change sets to identify the number of true positive warnings. For the performance evaluation of the proposed model, we employ a performance metric called warning detection rate, widely used in many warning prioritization studies, and compare the proposed model with other competitive techniques. Additionally, the effectiveness of our model is verified via the application of our technique to eight industrial projects of a real global company.