Generating Programming Environments with Integrated Text and Graphics for VLSI Design Systems

The constant improvements in device integration, the development of new technologies and the emergence of new design techniques call for flexible, maintainable and robust software tools. The generic nature of compiler-compiler systems, with their semi-formal specifications, can help in the construction of those tools. This thesis describes the Wright editor generator which is used in the synthesis of language-based graphical editors (LBGEs). An LBGE is a programming environment where the programs being manipulated denote pictures. Editing actions can be specified through both textual and graphical interfaces. Editors generated by the Wright system are specified using the formalism of attribute grammars. The major example editor in this thesis, Stick-Wright, is a design entry system for the construction of VLSI circuits. Stick-Wright is a hierarchical symbolic layout editor which exploits a combination of text and graphics in an interactive environment to provide the circuit designer with a tool for experimenting with circuit topologies. A simpler system, Pict-Wright: a picture drawing system, is also used to illustrate the attribute grammar specification process. This thesis aims to demonstrate the efficacy of formal specification in the generation of software-tools. The generated system Stick-Wright shows that a text/graphic programming environment can form the basis of a powerful VLSI design tool, especially with regard to providing the designer with immediate graphical feedback. Further applications of the LBGE generator approach to system design are given for a range of VLSI design activities

Investigating the Day-to-Day Experiences of Users with Traumatic Brain Injury with Conversational Agents

Traumatic brain injury (TBI) can cause cognitive, communication, and psychological challenges that profoundly limit independence in everyday life. Conversational Agents (CAs) can provide individuals with TBI with cognitive and communication support, although little is known about how they make use of CAs to address injury-related needs. In this study, we gave nine adults with TBI an at-home CA for four weeks to investigate use patterns, challenges, and design requirements, focusing particularly on injury-related use. The findings revealed significant gaps between the current capabilities of CAs and accessibility challenges faced by TBI users. We also identified 14 TBI-related activities that participants engaged in with CAs. We categorized those activities into four groups: mental health, cognitive activities, healthcare and rehabilitation, and routine activities. Design implications focus on accessibility improvements and functional designs of CAs that can better support the day-to-day needs of people with TBI.Comment: In Proceedings The 25th International ACM SIGACCESS Conference on Computers and Accessibility (ASSETS'23

An Insider Misuse Threat Detection and Prediction Language

Numerous studies indicate that amongst the various types of security threats, the problem of insider misuse of IT systems can have serious consequences for the health of computing infrastructures. Although incidents of external origin are also dangerous, the insider IT misuse problem is difficult to address for a number of reasons. A fundamental reason that makes the problem mitigation difficult relates to the level of trust legitimate users possess inside the organization. The trust factor makes it difficult to detect threats originating from the actions and credentials of individual users. An equally important difficulty in the process of mitigating insider IT threats is based on the variability of the problem. The nature of Insider IT misuse varies amongst organizations. Hence, the problem of expressing what constitutes a threat, as well as the process of detecting and predicting it are non trivial tasks that add up to the multi- factorial nature of insider IT misuse. This thesis is concerned with the process of systematizing the specification of insider threats, focusing on their system-level detection and prediction. The design of suitable user audit mechanisms and semantics form a Domain Specific Language to detect and predict insider misuse incidents. As a result, the thesis proposes in detail ways to construct standardized descriptions (signatures) of insider threat incidents, as means of aiding researchers and IT system experts mitigate the problem of insider IT misuse. The produced audit engine (LUARM – Logging User Actions in Relational Mode) and the Insider Threat Prediction and Specification Language (ITPSL) are two utilities that can be added to the IT insider misuse mitigation arsenal. LUARM is a novel audit engine designed specifically to address the needs of monitoring insider actions. These needs cannot be met by traditional open source audit utilities. ITPSL is an XML based markup that can standardize the description of incidents and threats and thus make use of the LUARM audit data. Its novelty lies on the fact that it can be used to detect as well as predict instances of threats, a task that has not been achieved to this date by a domain specific language to address threats. The research project evaluated the produced language using a cyber-misuse experiment approach derived from real world misuse incident data. The results of the experiment showed that the ITPSL and its associated audit engine LUARM provide a good foundation for insider threat specification and prediction. Some language deficiencies relate to the fact that the insider threat specification process requires a good knowledge of the software applications used in a computer system. As the language is easily expandable, future developments to improve the language towards this direction are suggested

Off-Beats and Cross Streets: A Collection of Writing about Music, Relationships, and New York City

Through a series of concert reviews, album reviews, and personal essays, this thesis tracks a musical memoir about the transition from a childhood growing up in a sheltered Connecticut suburb to young adulthood working in New York City, discovering relationships and music scenes that shape the narrator\u27s sense of identity as well the larger culture he finds himself in. The essays touch upon the development of personality in aspects that reveal the roots of the narrator\u27s political views, his interest in sports, existential beliefs about free will and theoretical physics, the human condition in the 21st century, and his search for love and companionship. Behind these themes plays a soundtrack of music which the narrator uses to guide himself by, connecting his story to songs through deep analysis of the theory behind them. New York City presents itself as a world of opportunity as the narrator settles into adulthood. The ability to experience the live music scene and encounter a cast of individuals whose personalities announce themselves above the din of the crowd. The city also poses its own challenges with the daily grind, the messiness inherent in so many people existing in such proximity

Shaping the Digital Dissertation

"Digital dissertations have been a part of academic research for years now, yet there are still many questions surrounding their processes. Are interactive dissertations significantly different from their paper-based counterparts? What are the effects of digital projects on doctoral education? How does one choose and defend a digital dissertation? This book explores the wider implications of digital scholarship across institutional, geographic, and disciplinary divides. The volume is arranged in two sections: the first, written by senior scholars, addresses conceptual concerns regarding the direction and assessment of digital dissertations in the broader context of doctoral education. The second section consists of case studies by PhD students whose research resulted in a natively digital dissertation that they have successfully defended. These early-career researchers have been selected to represent a range of disciplines and institutions. Despite the profound effect of incorporated digital tools on dissertations, the literature concerning them is limited. This volume aims to provide a fresh, up-to-date view on the digital dissertation, considering the newest technological advances. It is especially relevant in the European context where digital dissertations, mostly in arts-based research, are more popular. Shaping the Digital Dissertation aims to provide insights, precedents and best practices to graduate students, doctoral advisors, institutional agents, and dissertation committees. As digital dissertations have a potential impact on the state of research as a whole, this edited collection will be a useful resource for the wider academic community and anyone interested in the future of doctoral studies.

Code-injection Verwundbarkeiten in Web Anwendungen am Beispiel von Cross-site Scripting

The majority of all security problems in today's Web applications is caused by string-based code injection, with Cross-site Scripting (XSS)being the dominant representative of this vulnerability class. This thesis discusses XSS and suggests defense mechanisms. We do so in three stages: First, we conduct a thorough analysis of JavaScript's capabilities and explain how these capabilities are utilized in XSS attacks. We subsequently design a systematic, hierarchical classification of XSS payloads. In addition, we present a comprehensive survey of publicly documented XSS payloads which is structured according to our proposed classification scheme. Secondly, we explore defensive mechanisms which dynamically prevent the execution of some payload types without eliminating the actual vulnerability. More specifically, we discuss the design and implementation of countermeasures against the XSS payloads Session Hijacking'', Cross-site Request Forgery'', and attacks that target intranet resources. We build upon this and introduce a general methodology for developing such countermeasures: We determine a necessary set of basic capabilities an adversary needs for successfully executing an attack through an analysis of the targeted payload type. The resulting countermeasure relies on revoking one of these capabilities, which in turn renders the payload infeasible. Finally, we present two language-based approaches that prevent XSS and related vulnerabilities: We identify the implicit mixing of data and code during string-based syntax assembly as the root cause of string-based code injection attacks. Consequently, we explore data/code separation in web applications. For this purpose, we propose a novel methodology for token-level data/code partitioning of a computer language's syntactical elements. This forms the basis for our two distinct techniques: For one, we present an approach to detect data/code confusion on run-time and demonstrate how this can be used for attack prevention. Furthermore, we show how vulnerabilities can be avoided through altering the underlying programming language. We introduce a dedicated datatype for syntax assembly instead of using string datatypes themselves for this purpose. We develop a formal, type-theoretical model of the proposed datatype and proof that it provides reliable separation between data and code hence, preventing code injection vulnerabilities. We verify our approach's applicability utilizing a practical implementation for the J2EE application server.Cross-site Scripting (XSS) ist eine der häufigsten Verwundbarkeitstypen im Bereich der Web Anwendungen. Die Dissertation behandelt das Problem XSS ganzheitlich: Basierend auf einer systematischen Erarbeitung der Ursachen und potentiellen Konsequenzen von XSS, sowie einer umfassenden Klassifikation dokumentier Angriffsarten, wird zunächst eine Methodik vorgestellt, die das Design von dynamischen Gegenmaßnahmen zur Angriffseingrenzung erlaubt. Unter Verwendung dieser Methodik wird das Design und die Evaluation von drei Gegemaßnahmen für die Angriffsunterklassen "Session Hijacking", "Cross-site Request Forgery" und "Angriffe auf das Intranet" vorgestellt. Weiterhin, um das unterliegende Problem grundsätzlich anzugehen, wird ein Typ-basierter Ansatz zur sicheren Programmierung von Web Anwendungen beschrieben, der zuverlässigen Schutz vor XSS Lücken garantiert

Fragmentation in the Dual Enrollment Experience: The Importance of Students’ Self-Perceptions in Dual Enrollment First-Year Composition Students

Dual enrollment has become an embedded aspect of our writing programs yet is still an under-researched area within rhetoric and composition. One reason for this research gap is that many DE students experience their FYC courses on secondary campuses, liminal spaces that are more difficult to access for research. DE students within these spaces experience daily tensions between the collegiate expectations of FYC curriculum and the secondary social contexts in which their DE FYC courses are taught. These unique contextual experiences impact their perceptions of themselves as writers. This research is an attempt to step into this DE research gap and to give voice to the lived experiences of these students learning in liminal spaces of the neoliberal DE context. This qualitative study employs ethnographic methods to look at how DE FYC students perceive of themselves as writers and how the DE context may evoke conflicts within these perceptions. Data from student surveys, focus groups, interviews, artifact samplings, and observational notes highlighted the DE participants’ usage of metaphor to relay their lived experiences and to discuss abstract concepts like habits of mind. Results also showed a dualism between how these DE students perceived of their writing and of themselves as writers, a schism of “skills” and “mindset.” The DE participants also demonstrated an awareness of ambiguity in teachers’ expectations, so they used their lived experience as a form of cultural agency in seeking out help from other students, past and present. Findings also highlighted the emphasis on neoliberalism as the backdrop for the DE context, as courses are commonly marketed as an expedient means to get through college coursework. This neoliberal context elevated grades as a primary motivator for the DE participants within this study. These findings ultimately point to fragmentation in the DE experience. To lessen some of this fragmentation, this study calls for greater K-16 collaboration in professional learning; a more explicit unpacking of habits of mind as they relate to teacher expectations; and more time and space for reflective practice in DE FYC classrooms, as well as reflexivity in DE FYC instructors

The Geopolitics of Refuge and Reproduction: Maternal Health and Healthcare of Congolese Refugees in Flight, Displacement, and Resettlement

The purpose of this anthropological research is to examine and analyze the intertwined geopolitical complexities of the lived sexual, reproductive, and maternal health and healthcare experiences of female Congolese refugees in flight. These experiences are examined at three pivotal points of refugee flight: during protracted conflict and violence, in displacement, generally in neighboring East African countries, and during resettlement in Western contexts. Data were collected using two anthropological methodologies - targeted life history interviews and semi-structured qualitative ethnographic interviews. Supplemental data from related studies, reports, and literature reviews were also used for population-level information. Collected data were analyzed through the lenses of political economy, structural violence, and cultural hegemony. Using these frames of analysis, this research brings new insights to the interdisciplinary fields of refugee and migration studies with particular emphasis on the cultural and social considerations in a political economy lens of analysis. More specifically, it brings new insights to enhance the efficacy, sustainability, and subject-focused nature of East African refugee maternalhealth and healthcare policies. I argue that such policy enhancement must be led by the voices, experiences, and histories of those they are meant to serve - Congolese refugee women. Moreover, I suggest that this approach be protected and funded by a multilateral coalition of refugee-focused women’s health and healthcare agencies and initiatives at the grassroots to the global scale. Thus, an overarching goal of this research is to contribute to the decolonization of the Western-centric knowledge and power structures at play in the institutions and organizations meant to support the health and healthcare of Congolese refugee women and refugee women in general