Source File Set Search for Clone-and-Own Reuse Analysis

Clone-and-own approach is a natural way of source code reuse for software developers. To assess how known bugs and security vulnerabilities of a cloned component affect an application, developers and security analysts need to identify an original version of the component and understand how the cloned component is different from the original one. Although developers may record the original version information in a version control system and/or directory names, such information is often either unavailable or incomplete. In this research, we propose a code search method that takes as input a set of source files and extracts all the components including similar files from a software ecosystem (i.e., a collection of existing versions of software packages). Our method employs an efficient file similarity computation using b-bit minwise hashing technique. We use an aggregated file similarity for ranking components. To evaluate the effectiveness of this tool, we analyzed 75 cloned components in Firefox and Android source code. The tool took about two hours to report the original components from 10 million files in Debian GNU/Linux packages. Recall of the top-five components in the extracted lists is 0.907, while recall of a baseline using SHA-1 file hash is 0.773, according to the ground truth recorded in the source code repositories.Comment: 14th International Conference on Mining Software Repositorie

TRACKING THE EVOLUTION OF E-GROCERS: A QUANTITATIVE ASSESSMENT

Forecasts of the proportion of food retailing likely to be conducted over the Internet remain small, perhaps only contributing 2 percent of sales. One reason for this low market share is the challenge E-Grocers face in developing strategies which respond to four key areas of interest to consumers: signals of firm quality; signals of product quality; the range of products offered; and service, or customer-relationship management (CRM). Careful attention to these consumer concerns is important in all retail relationships–-online or offline. This paper compares indicators of these factors across U.S. E-Grocers. A quantitative four-period ranking of online food-retailing strategies is presented for the nascent industry. Data from the third and fourth quarters of 2001, the fourth quarter of 2002, and the first quarter of 2004 provide the basis of this discussion. After initial setbacks, data show traditional ("“bricks”") grocery retailers successfully developing online strategies. Firms not primarily focused on groceries exited the E-Grocery sector, while the development of specialty food suppliers blurred the concept of online food retailing. Gaps in current strategies are indicated using content analyses of E-Grocery web sites.Agribusiness,

Crime scripting: A systematic review

The file attached to this record is the author's final peer reviewed version.More than two decades after the publication of Cornish’s seminal work about the script-theoretic approach to crime analysis, this article examines how the concept has been applied in our community. The study provides evidence confirming that the approach is increasingly popular; and takes stock of crime scripting practices through a systematic review of over one hundred scripts published between 1994 and 2018. The results offer the first comprehensive picture of this approach, and highlights new directions for those interested in using data from cyber-systems and the Internet of Things to develop effective situational crime prevention measures

The students' point of view about quality of educational multimedia software

The study reported here is part of an international project supported by EU (PEDACTICE - Educational Multimedia in Compulsory School: From Pedagogical Assessment to Product Assessment) and had as main goal to know the opinion and the perception of the Portuguese students about criteria of quality of educational multimedia software. In order to obtain elements on the student`s point of view about educational multimedia software, we decided to interview small groups of pupils who are involved in the work with multimedia materials and than gather, organize and analyse the information got. The sample of interviewed pupils can be considered as representative of the Lisbon schools attended by teachers and pupils very much interested in multimedia materials which these students use not only as an aid to learning activities but also as a support to home and school work. As main results of the study we can refer: a) the confirmation of the success of computers and multimedia among the young Portuguese student population, being manifest either in their attitudes or in the diversity of their experiences, including the technical mastery of informas; b) the acknowledgment, by the students, of the role of the school and of those of their teachers who had till now led the process; c) an unexpected emphasis attached by the students, mainly by the older ones, to the use of computer as a resource for school work which, till now, was done without it; and d) the rare use of the computer for supporting tasks of creative or autonomous nature.European Comissio

Sound and Precise Malware Analysis for Android via Pushdown Reachability and Entry-Point Saturation

We present Anadroid, a static malware analysis framework for Android apps. Anadroid exploits two techniques to soundly raise precision: (1) it uses a pushdown system to precisely model dynamically dispatched interprocedural and exception-driven control-flow; (2) it uses Entry-Point Saturation (EPS) to soundly approximate all possible interleavings of asynchronous entry points in Android applications. (It also integrates static taint-flow analysis and least permissions analysis to expand the class of malicious behaviors which it can catch.) Anadroid provides rich user interface support for human analysts which must ultimately rule on the "maliciousness" of a behavior. To demonstrate the effectiveness of Anadroid's malware analysis, we had teams of analysts analyze a challenge suite of 52 Android applications released as part of the Auto- mated Program Analysis for Cybersecurity (APAC) DARPA program. The first team analyzed the apps using a ver- sion of Anadroid that uses traditional (finite-state-machine-based) control-flow-analysis found in existing malware analysis tools; the second team analyzed the apps using a version of Anadroid that uses our enhanced pushdown-based control-flow-analysis. We measured machine analysis time, human analyst time, and their accuracy in flagging malicious applications. With pushdown analysis, we found statistically significant (p < 0.05) decreases in time: from 85 minutes per app to 35 minutes per app in human plus machine analysis time; and statistically significant (p < 0.05) increases in accuracy with the pushdown-driven analyzer: from 71% correct identification to 95% correct identification.Comment: Appears in 3rd Annual ACM CCS workshop on Security and Privacy in SmartPhones and Mobile Devices (SPSM'13), Berlin, Germany, 201

Meeting of the MINDS: an information retrieval research agenda

Since its inception in the late 1950s, the field of Information Retrieval (IR) has developed tools that help people find, organize, and analyze information. The key early influences on the field are well-known. Among them are H. P. Luhn's pioneering work, the development of the vector space retrieval model by Salton and his students, Cleverdon's development of the Cranfield experimental methodology, Spärck Jones' development of idf, and a series of probabilistic retrieval models by Robertson and Croft. Until the development of the WorldWideWeb (Web), IR was of greatest interest to professional information analysts such as librarians, intelligence analysts, the legal community, and the pharmaceutical industry