For various reasons,many of the security programming rules applicable to specific software have not been recorded in official documents,and hence can hardly be employed by static analysis tools for detection.In this p...For various reasons,many of the security programming rules applicable to specific software have not been recorded in official documents,and hence can hardly be employed by static analysis tools for detection.In this paper,we propose a new approach,named SVR-Miner(Security Validation Rules Miner),which uses frequent sequence mining technique [1-4] to automatically infer implicit security validation rules from large software code written in C programming language.Different from the past works in this area,SVR-Miner introduces three techniques which are sensitive thread,program slicing [5-7],and equivalent statements computing to improve the accuracy of rules.Experiments with the Linux Kernel demonstrate the effectiveness of our approach.With the ten given sensitive threads,SVR-Miner automatically generated 17 security validation rules and detected 8 violations,5 of which were published by Linux Kernel Organization before we detected them.We have reported the other three to the Linux Kernel Organization recently.展开更多
With the current revolution in Shipping 4.0, a tremendous amount of data is accumulated during vessel operations. Dataquality (DQ) is becoming more and more important for the further digitalization and effective decis...With the current revolution in Shipping 4.0, a tremendous amount of data is accumulated during vessel operations. Dataquality (DQ) is becoming more and more important for the further digitalization and effective decision-making in shippingindustry. In this study, a practical DQ assessment method for raw data in vessel operations is proposed. In this method,specific data categories and data dimensions are developed based on engineering practice and existing literature. Concretevalidation rules are then formed, which can be used to properly divide raw datasets. Afterwards, a scoring method is usedfor the assessment of the data quality. Three levels, namely good, warning and alarm, are adopted to reflect the final dataquality. The root causes of bad data quality could be revealed once the internal dependency among rules has been built,which will facilitate the further improvement of DQ in practice. A case study based on the datasets from a Danish shippingcompany is conducted, where the DQ variation is monitored, assessed and compared. The results indicate that theproposed method is effective to help shipping industry improve the quality of raw data in practice. This innovationresearch can facilitate shipping industry to set a solid foundation at the early stage of their digitalization journeys.展开更多
基金National Natural Science Foundation of China under Grant No.60873213,91018008 and 61070192Beijing Science Foundation under Grant No. 4082018Shanghai Key Laboratory of Intelligent Information Processing of China under Grant No. IIPL-09-006
文摘For various reasons,many of the security programming rules applicable to specific software have not been recorded in official documents,and hence can hardly be employed by static analysis tools for detection.In this paper,we propose a new approach,named SVR-Miner(Security Validation Rules Miner),which uses frequent sequence mining technique [1-4] to automatically infer implicit security validation rules from large software code written in C programming language.Different from the past works in this area,SVR-Miner introduces three techniques which are sensitive thread,program slicing [5-7],and equivalent statements computing to improve the accuracy of rules.Experiments with the Linux Kernel demonstrate the effectiveness of our approach.With the ten given sensitive threads,SVR-Miner automatically generated 17 security validation rules and detected 8 violations,5 of which were published by Linux Kernel Organization before we detected them.We have reported the other three to the Linux Kernel Organization recently.
基金Danish Blue Innoship project which is partly funded by the Innovation Fund Denmark under File No.155-2014-10the Danish Maritime Fund+4 种基金the Orient’s FundShipping Lab project“Digital vessel operation”the Innovation Fund Denmark(IFD)under File No.8090-00063Bthe Lauritzen Fondenthe Orient’s Fond。
文摘With the current revolution in Shipping 4.0, a tremendous amount of data is accumulated during vessel operations. Dataquality (DQ) is becoming more and more important for the further digitalization and effective decision-making in shippingindustry. In this study, a practical DQ assessment method for raw data in vessel operations is proposed. In this method,specific data categories and data dimensions are developed based on engineering practice and existing literature. Concretevalidation rules are then formed, which can be used to properly divide raw datasets. Afterwards, a scoring method is usedfor the assessment of the data quality. Three levels, namely good, warning and alarm, are adopted to reflect the final dataquality. The root causes of bad data quality could be revealed once the internal dependency among rules has been built,which will facilitate the further improvement of DQ in practice. A case study based on the datasets from a Danish shippingcompany is conducted, where the DQ variation is monitored, assessed and compared. The results indicate that theproposed method is effective to help shipping industry improve the quality of raw data in practice. This innovationresearch can facilitate shipping industry to set a solid foundation at the early stage of their digitalization journeys.
