329,793 research outputs found
Recommended from our members
Knowledge dependencies in fuzzy information systems evaluation
Experience and research within the field of Information Systems Evaluation (ISE), has traditionally centered on providing tools and techniques for investment justification and appraisal, based upon explicit knowledge which encodes financial and other direct situational factors (such as accounting, costing and risk metrics). However, such approaches tend not to include additional causal interdependencies that are based upon tacit knowledge and are inherent within such a decision-making task. The authors show the results of applying a cognitive mapping approach, in the guise of a Fuzzy Cognitive Mapping (FCM) simulation, i.e. Fuzzy Information Systems Evaluation (F-ISE), in order to highlight the usefulness of applying such a technique. The authors highlight those contingent and necessary knowledge dependencies, in an exploratory sense, which relate to the investment appraisal decision-making task, in terms of the interplay between tacit and explicit knowledge, in this regard
Securing Databases from Probabilistic Inference
Databases can leak confidential information when users combine query results
with probabilistic data dependencies and prior knowledge. Current research
offers mechanisms that either handle a limited class of dependencies or lack
tractable enforcement algorithms. We propose a foundation for Database
Inference Control based on ProbLog, a probabilistic logic programming language.
We leverage this foundation to develop Angerona, a provably secure enforcement
mechanism that prevents information leakage in the presence of probabilistic
dependencies. We then provide a tractable inference algorithm for a practically
relevant fragment of ProbLog. We empirically evaluate Angerona's performance
showing that it scales to relevant security-critical problems.Comment: A short version of this paper has been accepted at the 30th IEEE
Computer Security Foundations Symposium (CSF 2017
Vulnerable Open Source Dependencies: Counting Those That Matter
BACKGROUND: Vulnerable dependencies are a known problem in today's
open-source software ecosystems because OSS libraries are highly interconnected
and developers do not always update their dependencies. AIMS: In this paper we
aim to present a precise methodology, that combines the code-based analysis of
patches with information on build, test, update dates, and group extracted from
the very code repository, and therefore, caters to the needs of industrial
practice for correct allocation of development and audit resources. METHOD: To
understand the industrial impact of the proposed methodology, we considered the
200 most popular OSS Java libraries used by SAP in its own software. Our
analysis included 10905 distinct GAVs (group, artifact, version) when
considering all the library versions. RESULTS: We found that about 20% of the
dependencies affected by a known vulnerability are not deployed, and therefore,
they do not represent a danger to the analyzed library because they cannot be
exploited in practice. Developers of the analyzed libraries are able to fix
(and actually responsible for) 82% of the deployed vulnerable dependencies. The
vast majority (81%) of vulnerable dependencies may be fixed by simply updating
to a new version, while 1% of the vulnerable dependencies in our sample are
halted, and therefore, potentially require a costly mitigation strategy.
CONCLUSIONS: Our case study shows that the correct counting allows software
development companies to receive actionable information about their library
dependencies, and therefore, correctly allocate costly development and audit
resources, which is spent inefficiently in case of distorted measurements.Comment: This is a pre-print of the paper that appears, with the same title,
in the proceedings of the 12th International Symposium on Empirical Software
Engineering and Measurement, 201
FUNCTIONAL DEPENDENCIES AND INCOMPLETE INFORMATION
Functional dependencies play an important role in
relational database design. They are defined in the context
of a single relation which at all times must contain
tuples with non-null entries. In this paper we examine
an extension of the functional dependency interpretation
to handle null values, that is, entries in tuples that
represent incomplete information in a relational database.
A complete axiomatization of inference rules for
extended functional dependencies is also presented.
Only after having such results is it possible to talk about
decompositions and normalization theory in a context of
incomplete information. Finally, we show that there are
several practical advantages in using nulls and a weaker
notion of constraint satisfiability.Information Systems Working Papers Serie
- …