Statically Checking Web API Requests in JavaScript

Many JavaScript applications perform HTTP requests to web APIs, relying on the request URL, HTTP method, and request data to be constructed correctly by string operations. Traditional compile-time error checking, such as calling a non-existent method in Java, are not available for checking whether such requests comply with the requirements of a web API. In this paper, we propose an approach to statically check web API requests in JavaScript. Our approach first extracts a request's URL string, HTTP method, and the corresponding request data using an inter-procedural string analysis, and then checks whether the request conforms to given web API specifications. We evaluated our approach by checking whether web API requests in JavaScript files mined from GitHub are consistent or inconsistent with publicly available API specifications. From the 6575 requests in scope, our approach determined whether the request's URL and HTTP method was consistent or inconsistent with web API specifications with a precision of 96.0%. Our approach also correctly determined whether extracted request data was consistent or inconsistent with the data requirements with a precision of 87.9% for payload data and 99.9% for query data. In a systematic analysis of the inconsistent cases, we found that many of them were due to errors in the client code. The here proposed checker can be integrated with code editors or with continuous integration tools to warn programmers about code containing potentially erroneous requests.Comment: International Conference on Software Engineering, 201

Assisting Provet Cloud Users With Speech Recognition Technologies

Tämän työn tarkoituksena oli luoda prototyyppi, joka yhdistää Google Assistantin ja asiakasyrityksen ohjelmiston, Provet Cloudin. Tarkoitus oli tutkia, olisiko eläinlääketieteen ammattilaisten mahdollista ja hyödyllistä käyttää äänentunnistusapuvälineitä heidän työssään. Tutkimus aloitettiin määrittämällä sen laajuus. Tarkoituksena oli mahdollistaa tiedon haku Provet Cloudista puhumalla Google Assistantille englanniksi. Prototyypissä oli oltava mahdollista kysyä tulevia ajanvarauksia tiettynä päivänä. Lokalisaatio ja muut virtuaaliset avustajat jätettiin tämän työn ulkopuolelle. Seuraavaksi määritettiin käytettävät tekniset komponentit. Tarvittavien komponenttien opiskelu ja niiden päälle rakentaminen vei paljon aikaa, erityisesti Dialogflowin ja Kuberneteksen opiskelu. Lisäksi työn edetessä tuli ilmi, että uuden käyttötapauksen lisääminen oli suhteellisen työlästä. Asia monimutkaistuu entisestään, jos niissä halutaan käyttää edelisen keskustelun kontekstia. Käytettävyystestit suoritettiin asiakasyrityksen ohjaajan ja eläinlääketieteen ammattilaisen kanssa. Lisäksi kaksi ohjelmoijaa katselmoivat projektin aikana syntyneen koodin keskittyen eri alueisiin. Yksi kehittäjä tarkasti Provet Cloudiin tehdyt muutokset ja toinen Provet Flowin koodin. Tämä työ saavutti päämääränsä eli integraatio Google Assistantin ja Provet Cloudin välillä onnistui. Käyttäjä pystyy kysymään Google Assistantilta, mitä ajanvarauksia hänelle on tulossa tiettynä päivänä. Testauksessa tuli kuitenkin ilmi, että Google Assistantin käyttö on melkein mahdotonta eläinklinikalla tai -sairaalassa ympärillä olevan hälinän vuoksi. Sitä voisi kuitenkin käyttää kotona, kun valmistautuu seuraavaan työpäivään. Jatkokehitys koostuu lokalisaatiotuesta, useammasta käyttötapauksesta ja tuotantojulkaisusta. Lisäkehitystä tarvitaan, jotta prototyyppiä voidaan esitellä jossakin, esimerkiksi messuilla.The purpose of this study was to create a proof-of-concept application which integrates Google Assistant and the case company’s application Provet Cloud. The main reason for this was to study whether it is possible and would be helpful for veterinary professionals to use speech recognition in their work. The study started as defining the scope. The goal was to build a solution where one can request data from Provet Cloud by talking to Google Assistant in English. The solution included one use case where a veterinary professional can ask incoming appointments on a specific date. Localization and other virtual assistants, like Amazon Alexa and Apple’s Siri, were left out of the scope. After scope validation technical stack was decided. Studying technical stack required a lot of time, especially Dialogflow and Kubernetes. During solution development it became clear that adding an intention in Dialogflow and providing data for that requires a lot of work. It’s even more complicated when one wants to build conversations that continue. Usability tests were carried with the supervisor and a veterinary professional. In addition, the developed code was reviewed by two developers focusing in the different areas of the proof-of-concept. One developer reviewed changes done in Provet Cloud and the other reviewed the code of Provet Flow. This study achieved its goal and integration between Google Assistant and Provet Cloud was possible. A user can ask his or her appointments on a specific date using Google Assistant. However, it became clear that the end user wouldn’t use this on workdays at the veterinary clinic or hospital due to surrounding distractions, but at home to prepare for the next day. Future development consists of support for localization, more intents and publishing the Action. Additional development is needed to show the proof-of-concept, for example, at a business affair

Developing Predictive Molecular Maps of Human Disease through Community-based Modeling

The failure of biology to identify the molecular causes of disease has led to disappointment in the rate of development of new medicines. By combining the power of community-based modeling with broad access to large datasets on a platform that promotes reproducible analyses we can work towards more predictive molecular maps that can deliver better therapeutics

Software Protection and Secure Authentication for Autonomous Vehicular Cloud Computing

Artificial Intelligence (AI) is changing every technology we deal with. Autonomy has been a sought-after goal in vehicles, and now more than ever we are very close to that goal. Vehicles before were dumb mechanical devices, now they are becoming smart, computerized, and connected coined as Autonomous Vehicles (AVs). Moreover, researchers found a way to make more use of these enormous capabilities and introduced Autonomous Vehicles Cloud Computing (AVCC). In these platforms, vehicles can lend their unused resources and sensory data to join AVCC. In this dissertation, we investigate security and privacy issues in AVCC. As background, we built our vision of a layer-based approach to thoroughly study state-of-the-art literature in the realm of AVs. Particularly, we examined some cyber-attacks and compared their promising mitigation strategies from our perspective. Then, we focused on two security issues involving AVCC: software protection and authentication. For the first problem, our concern is protecting client’s programs executed on remote AVCC resources. Such a usage scenario is susceptible to information leakage and reverse-engineering. Hence, we proposed compiler-based obfuscation techniques. What distinguishes our techniques, is that they are generic and software-based and utilize the intermediate representation, hence, they are platform agnostic, hardware independent and support different high level programming languages. Our results demonstrate that the control-flow of obfuscated code versions are more complicated making it unintelligible for timing side-channels. For the second problem, we focus on protecting AVCC from unauthorized access or intrusions, which may cause misuse or service disruptions. Therefore, we propose a strong privacy-aware authentication technique for users accessing AVCC services or vehicle sharing their resources with the AVCC. Our technique modifies robust function encryption, which protects stakeholder’s confidentiality and withstands linkability and “known-ciphertexts” attacks. Thus, we utilize an authentication server to search and match encrypted data by performing dot product operations. Additionally, we developed another lightweight technique, based on KNN algorithm, to authenticate vehicles at computationally limited charging stations using its owner’s encrypted iris data. Our security and privacy analysis proved that our schemes achieved privacy-preservation goals. Our experimental results showed that our schemes have reasonable computation and communications overheads and efficiently scalable