Synergizing specification miners through model fissions and fusions

Abstract—Software systems are often developed and released without formal specifications. For those systems that are formally specified, developers have to continuously maintain and update the specifications or have them fall out of date. To deal with the absence of formal specifications, researchers have proposed tech-niques to infer the missing specifications of an implementation in a variety of forms, such as finite state automaton (FSA). Despite the progress in this area, the efficacy of the proposed specification miners needs to improve if these miners are to be adopted. We propose SpecForge, a new specification mining approach that synergizes many existing specification miners. SpecForge decomposes FSAs that are inferred by existing miners into simple constraints, through a process we refer to as model fission. It then filters the outlier constraints and fuses the constraints back together into a single FSA (i.e., model fusion). We have evaluated SpecForge on execution traces of 10 programs, which includes 5 programs from DaCapo benchmark, to infer behavioral models of 13 library classes. Our results show that SpecForge achieves an average precision, recall and F-measure of 90.57%, 54.58%, and 64.21 % respectively. SpecForge outperforms the best performing baseline by 13.75 % in terms of F-measure

Statistical log differencing

National Research Foundation (NRF) Singapor

MobiLogLeak: A Study on Data Leakage Caused by Poor Logging Practices

Logging is an essential software practice that is used by developers to debug, diagnose and audit software systems. Despite the advantages of logging, poor logging practices can potentially leak sensitive data. The problem of data leakage is more severe in applications that run on mobile devices, since these devices carry sensitive identification information ranging from physical device identifiers (e.g., IMEI MAC address) to communications network identifiers (e.g., SIM, IP, Bluetooth ID), and application-specific identifiers related to the location and accounts of users. This study explores the impact of logging practices on data leakage of such sensitive information. Particularly, we want to investigate whether logs inserted into an application code could lead to data leakage. While studying logging practices in mobile applications is an active research area, to our knowledge, this is the first study that explores the interplay between logging and security in the context of mobile applications for Android. We propose an approach called MobiLogLeak that identifies log statements in deployed apps that leak sensitive data. MobiLogLeak relies on taint flow analysis. Among 5,000 Android apps that we studied, we found that 200 apps leak sensitive data through logging

Background Examples of Literature Searches on Topics of Interest

A zip file of various literature searches & some resources related to our work related to exposure after the Chernobyl accident and as we began looking at helping in Semey Kazakhstan----a collection of literature reviews on various topics we were interested in... eg. establishing a registry of those exposed for longterm follow-up, what we knew about certain areas like genetics and some resources like A Guide to Environmental Resources on the Internet by Carol Briggs-Erickson and Toni Murphy which could be found on the Internet and was written to be used by researchers, environmentalists, teachers and any person who is interested in knowing and doing something about the health of our planet. See more at https://archives.library.tmc.edu/dm-ms211-012-0060