A systematic literature review on source code similarity measurement and clone detection: techniques, applications, and challenges

Measuring and evaluating source code similarity is a fundamental software engineering activity that embraces a broad range of applications, including but not limited to code recommendation, duplicate code, plagiarism, malware, and smell detection. This paper proposes a systematic literature review and meta-analysis on code similarity measurement and evaluation techniques to shed light on the existing approaches and their characteristics in different applications. We initially found over 10000 articles by querying four digital libraries and ended up with 136 primary studies in the field. The studies were classified according to their methodology, programming languages, datasets, tools, and applications. A deep investigation reveals 80 software tools, working with eight different techniques on five application domains. Nearly 49% of the tools work on Java programs and 37% support C and C++, while there is no support for many programming languages. A noteworthy point was the existence of 12 datasets related to source code similarity measurement and duplicate codes, of which only eight datasets were publicly accessible. The lack of reliable datasets, empirical evaluations, hybrid methods, and focuses on multi-paradigm languages are the main challenges in the field. Emerging applications of code similarity measurement concentrate on the development phase in addition to the maintenance.Comment: 49 pages, 10 figures, 6 table

Understanding and assessing security on Android via static code analysis

Smart devices have become a rich source of sensitive information including personal data (contacts and account data) and context information like GPS data that is continuously aggregated by onboard sensors. As a consequence, mobile platforms have become a prime target for malicious and over-curious applications. The growing complexity and the quickly rising number of mobile apps have further reinforced the demand for comprehensive application security vetting. This dissertation presents a line of work that advances security testing on Android via static code analysis. In the first part of this dissertation, we build an analysis framework that statically models the complex runtime behavior of apps and Android’s application framework (on which apps are built upon) to extract privacy and security-relevant data-flows. We provide the first classification of Android’s protected resources within the framework and generate precise API-to-permission mappings that excel over prior work. We then propose a third-party library detector for apps that is resilient against common code obfuscations to measure the outdatedness of libraries in apps and to attribute vulnerabilities to the correct software component. Based on these results, we identify root causes of app developers not updating their dependencies and propose actionable items to remedy the current status quo. Finally, we measure to which extent libraries can be updated automatically without modifying the application code.Smart Devices haben sich zu Quellen persönlicher Daten (z.B. Kontaktdaten) und Kontextinformationen (z.B. GPS Daten), die kontinuierlich über Sensoren gesammelt werden, entwickelt. Aufgrund dessen sind mobile Platformen ein attraktives Ziel für Schadsoftware geworden. Die stetig steigende App Komplexität und Anzahl verfügbarer Apps haben zusätzlich ein Bedürfnis für gründliche Sicherheitsüberprüfungen von Applikationen geschaffen. Diese Dissertation präsentiert eine Reihe von Forschungsarbeiten, die Sicherheitsbewertungen auf Android durch statische Code Analyse ermöglicht. Zunächst wurde ein Analyseframework gebaut, dass das komplexe Laufzeitverhalten von Apps und Android’s Applikationsframework (dessen Funktionalität Apps nutzen) statisch modelliert, um sicherheitsrelevante Datenflüsse zu extrahieren. Zudem ermöglicht diese Arbeit eine Klassifizierung geschützter Framework Funktionalität und das Generieren präziser Mappings von APIs-auf-Berechtigungen. Eine Folgearbeit stellt eine obfuskierungs-resistente Technik zur Erkennung von Softwarekomponenten innerhalb der App vor, um die Aktualität der Komponenten und, im Falle von Sicherheitlücken, den Urheber zu identifizieren. Darauf aufbauend wurde Ursachenforschung betrieben, um herauszufinden wieso App Entwickler Komponenten nicht aktualisieren und wie man diese Situation verbessern könnte. Abschließend wurde untersucht bis zu welchem Grad man veraltete Komponenten innerhalb der App automatisch aktualisieren kann

Navigating Copyright for Libraries

Much of the information that libraries make available is protected by copyright or subject to the terms of license agreements. This reader presents an overview of current issues in copyright law reform. The chapters present salient points, overviews of the law and legal concepts, selected comparisons of approaches around the world, significance of the topic, and opportunities for reform, advocacy, and other related resources

Impact of New Method for Laying Separate Sewer System on Pavement Layers

The method of installing underground infrastructure has a significant influence on road resistance and performance under live loads such as traffic. This research presents a new method for laying separate sewer systems by using one trench to sit both sanitary pipe and storm pipe and considers the effects of this approach on the pavement strength. Experimental tests have been conducted in the laboratory using a trench 2.5x0.45x1 metre to install two pipes one over the other (sanitary pipe in the bottom and storm pipe on top). Two cases have tested, the first case using 5 cm surface layer of cold mix asphalt while the second is using soil. A series of loads were applied to test the behaviour of this new system and its effects on the pavement surface layer and the buried pipe. The comparison between the rut print of the live load on the soil layer and the pavement layer was conducted. Results demonstrated that using the cold mix asphalt is still insufficient to provide enough safety to protect buried pipe as a reason of needing to relatively long time to acquire high stiffness. Therefore, minimum cover depth to protect pipelines still required

The age of interactivity: An historical analysis of public discourses on interactivity in Ireland 1995 - 2009.

Interactivity is integral to media and communications and yet is a contested concept in the literature. There is little agreement on its meaning not least because of its multidisciplinary nature. Previous research, concerned with finding a single definition of interactivity, has focused narrowly on specific contexts of communication using limited methodologies. This thesis argues that several meanings of interactivity are in circulation and that the search for one bounded definition constrains understanding of its role and fails to recognise its analytical potential. The study makes an original contribution to research by presenting findings from an analysis of public discourses on interactivity, a valuable source of material neglected in research to date. It shows that at least nine thematic representations of interactivity are in circulation representing different aspects of its role in communicative events. These are identified as the Empowering, Commercial, Pedagogical, Aesthetic, Ludological, Futuropia, Hula-hoop, Sceptical and Information Society themes. The results are based on a longitudinal content and discourse analysis of fifteen years of newspaper coverage in Ireland, an original methodological addition to research, reflecting both a unique national perspective on the concept and the flow of influential international discourses within a small state. The content analysis draws a detailed quantitative picture of how and where interactivity arises in news coverage while the discourse analysis examines qualitative aspects of the dominant, overlapping and conflicting discourses around interactivity and the discourse communities operating behind the talk. The analysis illustrates how thematic representations of interactivity coexist both in discourse and in individual communicative events, suggesting the potential for layered interactivities in communication. The ‘age of interactivity’ describes a wide range of discourses from hype and myths around interactivity to its potentially transformative role in communication. Overall this thesis highlights the value of interactivity as a communication concept and analytical tool with rich research potential

Navigating Copyright for Libraries – Purpose and Scope

Information is a critical resource for personal, economic and social development. Libraries and archives are the primary access point to information for individuals and communities with much of the information protected by copyright or licence terms. In this complex legal environment, librarians and information professionals operate at the fulcrum of copyright’s balance, ensuring understanding of and compliance with copyright legislation and enabling access to knowledge in the pursuit of research, education and innovation. This book, produced on behalf of the IFLA Copyright and other Legal Matters (CLM) Advisory Committee, provides basic and advanced information about copyright, outlines limitations and exceptions, discusses communicating with users and highlights emerging copyright issues. The chapters note the significance of the topic; describe salient points of the law and legal concepts; present selected comparisons of approaches around the world; highlight opportunities for reform and advocacy; and help libraries and librarians find their way through the copyright maze