An Empirical Analysis of Vulnerabilities in Python Packages for Web Applications

This paper examines software vulnerabilities in common Python packages used particularly for web development. The empirical dataset is based on the PyPI package repository and the so-called Safety DB used to track vulnerabilities in selected packages within the repository. The methodological approach builds on a release-based time series analysis of the conditional probabilities for the releases of the packages to be vulnerable. According to the results, many of the Python vulnerabilities observed seem to be only modestly severe; input validation and cross-site scripting have been the most typical vulnerabilities. In terms of the time series analysis based on the release histories, only the recent past is observed to be relevant for statistical predictions; the classical Markov property holds.Comment: Forthcoming in: Proceedings of the 9th International Workshop on Empirical Software Engineering in Practice (IWESEP 2018), Nara, IEE

Count three for wear able computers

This paper is a postprint of a paper submitted to and accepted for publication in the Proceedings of the IEE Eurowearable 2003 Conference, and is subject to Institution of Engineering and Technology Copyright. The copy of record is available at the IET Digital Library. A revised version of this paper was also published in Electronics Systems and Software, also subject to Institution of Engineering and Technology Copyright. The copy of record is also available at the IET Digital Library.A description of 'ubiquitous computer' is presented. Ubiquitous computers imply portable computers embedded into everyday objects, which would replace personal computers. Ubiquitous computers can be mapped into a three-tier scheme, differentiated by processor performance and flexibility of function. The power consumption of mobile devices is one of the most important design considerations. The size of a wearable system is often a design limitation

MLCapsule: Guarded Offline Deployment of Machine Learning as a Service

With the widespread use of machine learning (ML) techniques, ML as a service has become increasingly popular. In this setting, an ML model resides on a server and users can query it with their data via an API. However, if the user's input is sensitive, sending it to the server is undesirable and sometimes even legally not possible. Equally, the service provider does not want to share the model by sending it to the client for protecting its intellectual property and pay-per-query business model. In this paper, we propose MLCapsule, a guarded offline deployment of machine learning as a service. MLCapsule executes the model locally on the user's side and therefore the data never leaves the client. Meanwhile, MLCapsule offers the service provider the same level of control and security of its model as the commonly used server-side execution. In addition, MLCapsule is applicable to offline applications that require local execution. Beyond protecting against direct model access, we couple the secure offline deployment with defenses against advanced attacks on machine learning models such as model stealing, reverse engineering, and membership inference

Electrical capacitance tomography for flow imaging: System model for development of image reconstruction algorithms and design of primary sensors

A software tool that facilitates the development of image reconstruction algorithms, and the design of optimal capacitance sensors for a capacitance-based 12-electrode tomographic flow imaging system are described. The core of this software tool is the finite element (FE) model of the sensor, which is implemented in OCCAM-2 language and run on the Inmos T800 transputers. Using the system model, the in-depth study of the capacitance sensing fields and the generation of flow model data are made possible, which assists, in a systematic approach, the design of an improved image-reconstruction algorithm. This algorithm is implemented on a network of transputers to achieve a real-time performance. It is found that the selection of the geometric parameters of a 12-electrode sensor has significant effects on the sensitivity distributions of the capacitance fields and on the linearity of the capacitance data. As a consequence, the fidelity of the reconstructed images are affected. Optimal sensor designs can, therefore, be provided, by accommodating these effect

Design and implementation of a modified fourier analysis harmonic current computation technique for power active filters using DSPs

The design and implementation of a harmonic current computation technique based on a modified Fourier analysis, suitable for active power filters incorporating DSPs is presented. The proposed technique is suitable for the monitoring and control of load current harmonics for real-time applications. The derivation of the basic equations based on the proposed technique and the system implementation using the Analogue Devices SHARC processor are presented. The steady state and dynamic performance of the system are evaluated for a range of loading conditions

Graphical modelling language for spycifying concurrency based on CSP

Introduced in this (shortened) paper is a graphical modelling language for specifying concurrency in software designs. The language notations are derived from CSP and the resulting designs form CSP diagrams. The notations reflect both data-flow and control-flow aspects of concurrent software architectures. These designs can automatically be described by CSP algebraic expressions that can be used for formal analysis. The designer does not have to be aware of the underlying mathematics. The techniques and rules presented provide guidance to the development of concurrent software architectures. One can detect and reason about compositional conflicts (errors in design), potential deadlocks (errors at run-time), and priority inversion problems (performance burden) at a high level of abstraction. The CSP diagram collaborates with objectoriented modelling languages and structured methods

What accuracy statistics really measure

Provides the software estimation research community with a better understanding of the meaning of, and relationship between, two statistics that are often used to assess the accuracy of predictive models: the mean magnitude relative error (MMRE) and the number of predictions within 25% of the actual, pred(25). It is demonstrated that MMRE and pred(25) are, respectively, measures of the spread and the kurtosis of the variable z, where z=estimate/actual. Thus, z is considered to be a measure of accuracy, and statistics such as MMRE and pred(25) to be measures of properties of the distribution of z. It is suggested that measures of the central location and skewness of z, as well as measures of spread and kurtosis, are necessary. Furthermore, since the distribution of z is non-normal, non-parametric measures of these properties may be needed. For this reason, box-plots of z are useful alternatives to simple summary metrics. It is also noted that the simple residuals are better behaved than the z variable, and could also be used as the basis for comparing prediction system

On-chip high-speed sorting of micron-sized particles for high-throughput analysis

A new design of particle sorting chip is presented. The device employs a dielectrophoretic gate that deflects particles into one of two microfluidic channels at high speed. The device operates by focussing particles into the central streamline of the main flow channel using dielectrophoretic focussing. At the sorting junction (T- or Y-junction) two sets of electrodes produce a small dielectrophoretic force that pushes the particle into one or other of the outlet channels, where they are carried under the pressure-driven fluid flow to the outlet. For a 40mm wide and high channel, it is shown that 6micron diameter particles can be deflected at a rate of 300particles/s. The principle of a fully automated sorting device is demonstrated by separating fluorescent from non-fluorescent latex beads

Design and implementation of a compliant robot with force feedback and strategy planning software

Force-feedback robotics techniques are being developed for automated precision assembly and servicing of NASA space flight equipment. Design and implementation of a prototype robot which provides compliance and monitors forces is in progress. Computer software to specify assembly steps and makes force feedback adjustments during assembly are coded and tested for three generically different precision mating problems. A model program demonstrates that a suitably autonomous robot can plan its own strategy