Assessing and Enhancing the Security of Software Packages

Modern software applications are developed with increasing reliance on open-source software packages (i.e., dependencies). This dependence on open-source packages is highly beneficial to software development since it speeds up development tasks and improves software quality. However, it also has implications to the security of software applications. Dependencies with security vulnerabilities have the potential to expose hundreds of applications to security breaches, potentially causing huge financial and reputation damages. Hence, it is essential to build a solid understanding of the security health of software packages and how developers react once the vulnerabilities are found in the packages they depend on. To this end, in this thesis, we conduct empirical studies that shed light on the security state of software packages from two aspects. In the first aspect, we study the lifecycle of security vulnerabilities in packages. We analyze how long it takes to discover and fix security vulnerabilities that affect software packages, to better evaluate the response of software ecosystems to security vulnerabilities. Once the vulnerability is discovered, it is also critical to mitigate its impact on software applications. Therefore, in the second aspect, we evaluate the effectiveness of existing mechanisms in mitigating the impact of package vulnerabilities. We assess the role of two popular mechanisms for tackling security vulnerabilities in software packages. The insights from our studies in this thesis can help researchers and practitioners better understand the security implications of adopting software packages. Also, leveraging our findings in the studies, we provide a series of implications that can help improve the process of discovering, fixing and managing package vulnerabilities. Finally, the implications of our work lead us to build several prototype tools to increase developers’ awareness to vulnerable packages that affect their projects and help them better plan the maintenance of their software packages from a security perspective

The distribution and function of the ATP-sensitive potassium channel subunit Kir6.1 in cardiac and skeletal muscle cell lines.

ATP-sensitive potassium channels (KAtp) are present in the plasma membrane of a number of tissues but are also present on endomembranes such as the endoplasmic reticulum (ER) and mitochondria. They are involved in a number of physiological and pathophysiological processes and form a link between cellular metabolism and membrane excitability. Ischaemic preconditioning describes the phenomenon in which a short period of ischaemia protects against a more prolonged one. The ability of potassium channel openers such as pinacidil and nicorandil can mimic this phenomenon, with inhibitors such as glibenclamide to abolish this response, led to the suggestion that the final effector in this process was the sarcolemmal Katp channel as it was able to shorten the cardiac action potential reducing the energy requirements of the cell. However, a number of pharmacological observations were not compatible with this hypothesis as diazoxide, which does not activate the sarcolemmal channel, was able to mimic preconditioning. The focus of research then turned to the potential involvement of a KAtp channel present in the mitochondrial inner membrane called the mitoKArp channel. The molecular identification of this channel would be important and there is controversial evidence to suggest that Kiro.l may be a major component of the mitoKATP channel. I examined the hypothesis that the localisation of Kir6.1 is functionally significant in cardiac and skeletal muscle because it generates important K+ flux in intracellular membranes such as the ER and perhaps mitochondria. Co-localisation studies showed that transfected Kiro.l was located in the ER with a small but significant proportion in mitochondria. However, Kir6.1 was ER retained and not trafficked to the plasma membrane when co-expressed with its regulatory subunit, the sulphonylurea receptor SUR1. Immunofluorescent staining also detected the presence of endogenous Kir6.1 in these cell lines using antibodies specific to Kir6.1. The distribution of Kir6.1 suggests that it may play a role in reactive oxygen species (ROS) production, calcium (Ca) handling in the ER and perhaps cellular respiration in mitochondria. ROS production is often associated with KAtp channel opening and protection against cell death at reperfusion. My results showed that diazoxide induced ROS production in C2C12, HepG2 and HEK293 cell lines with glibenclamide abolishing this effect. However, in the absence of Kir6.1, the same response was still observed. This suggests that Kir6.1 is not involved in the mechanism that is responsible for ROS production. The functional role of KAtp channels were also examined in mitochondria by measuring flavoprotein and NADH autofluorescence, an index of mitochondrial redox state and mitochondrial membrane potential (Au/m) in C2C12 cells and rat ventricular myocytes. In myocytes, flavoprotein oxidation increased when cells were treated with 3-nitroproprionic acid (3-NPA) and diazoxide. Glibenclamide did not reverse this effect. However, this phenomenon was absent in C2C12 cells. Given these observations, 3-NPA and diazoxide did not affect the Avj/m in C2C12 cells whereas glibenclamide caused mitochondrial depolarisation. The Aij/m could not be measured in myocytes. A large proportion of Kir6.1 resides in the ER and I examined whether Kir6.1 would alter ATP-induced Ca2+ transients. Upon ATP stimulation, C2C12 cells released Ca2+ from internal stores via the P2Y purinergic signalling pathway. The use of dominant negatives (DN) for Kir6.1 showed that ATP-induced Ca2+ transients were affected by the absence of Kir6.1. However, on closer inspection it was revealed that the presence of eGFP to identify transfected cells seriously perturbed the Fura-2 signal. In conclusion, the KAtp sensitive channel subunit Kir6.1 is predominantly distributed in the ER with a small but significant proportion in mitochondria. I also report that pharmacological compounds such as diazoxide and glibenclamide are not always truly 'selective' for the activation and inhibition of KAtp channels. I have not identified a specific role for Kir6.1 but my data suggests that Kir6.1 is not part of the mitoKATp channel and Kir6.1 is not involved in ROS production and mitochondrial function but it may still have a role in Ca2+ handling

GIS-based decision support approach for selecting a new landfill site for the city of Cape Town

Includes bibliographical references (leaves 107-111).Recent studies indicate that the population of Cape Town generates approximately 2.2 milliontons of waste annually. Numerous waste minimization strategies have been developed whichhave not been successful in reducing the amount that needs to be disposed of at a landfill site.This results to mounting pressure on existing waste disposal sites thus necessitating an urgentneed for a new regional landfill. According to CCA Draft Environmental Impact Report (2006),the former Cape Metropolitan Council (CMC) appointed technical consultants in 2000 to identifyand assess the potential sites for a landfill to service Cape Metropolitan Area (CMA), presentlyreferred to as the City of Cape Town (CCT). The construction of a landfill has significant impacts on the environments. It is for that reason Integrated Environmental Management (IEM) has to be followed to assess the impacts. The principle of IEM is broadly interpreted as applying to the planning, assessment, implementation and management of any project proposal or activity that has a potentially significant effect on the environment. Environmental Impact Assessment (EIA) process, which lies in the heart of the IEM, is enforced to examine the environmental effects of development. These impacts are directly related to the physical location of the project. That makes site selection for proposed project a very important stage of the EIA process. Laws have been enacted to minimizeenvironmental impacts, including strict guidelines for siting landfills. Using landfill siting criteria and site selection methods, the technical consultants identified four potential sites, Atlantis being the only site falling within the City of Cape Town. The interviews, backed by secondary data sources such as websites and project reports, revealed that the techniques used to identify potential sites for the landfill, even when combined are costly and time consuming. Several scenarios were run using various ArcGIS extensions, including the ModelBuilder to identify sites that met the stated criteria. GIS analysis yielded agreeable results with the recommendations from the consultants who used techniques other than GIS to identify the regional landfill. The research findings demonstrate that GIS is an efficient and dependable stand-alone technique that can be implemented in landfill site studies thus expedite the decision making process

The role of thioredoxin and T-type Ca2+ channels in vascular smooth muscle cell proliferation

Elevated vascular smooth muscle cell (VSMC) proliferation is a feature of various cardiovascular conditions including restenosis, abdominal aortic aneurysm (AAA) and atherosclerosis. Voltage-gated T-type Ca2+ channels are implicated in VSMC proliferation as their expression is markedly up-regulated in proliferative phases of the VSMC cell-cycle (Kuga et al., 1996). The Thioredoxin (Trx) system is also associated with proliferative disorders of the heart and vasculature, e.g. Trx concentrations are elevated in AAA (Martinez-Pinna et al., 2010) and atherosclerosis (Okuda et al., 2001). Trx has recently been shown to regulate T-type Ca2+channels (Boycott et al., 2013). This PhD has investigated the hypothesis that VSMC proliferation is modulated by interactions between Trx and T-type Ca2+ channels. Proliferation assays revealed that the T-type Ca2+ channel inhibitor NNC55-0396 (NNC, 1-3μM) decreased A7r5, HEK293/CaV3.1 and HEK293/CaV3.2, but not wt HEK293, cell proliferation. In contrast the L-type Ca2+ channel inhibitor nifedipine (2μM) was without effect. The Trx inhibitors PX-12 (1μM) and auranofin (AuF, 300nM) preferentially inhibited the proliferation of CaV3.2-expressing cells, i.e. A7r5 and HEK293/CaV3.2 cells. Basal Ca2+ influx in A7r5 cells was also significantly reduced by NNC (3μM) and AuF (3μM). Whole-cell patch-clamp recordings in recombinant cells revealed that PX-12 (1-300μM) inhibited CaV3.1 and CaV3.2 currents with similar sensitivities. In contrast, Trx (4μg.ml-1) enhanced CaV3.2, but not CaV3.1, peak current amplitude. Similarly, AuF (3μM) selectively reduced the current-density of HEK293/CaV3.2 cells. Data suggest that CaV3.2 channels are positively and selectively regulated by Trx, yet PX-12 could inhibit T-type Ca2+ channels independently of Trx. The sensitivity of CaV3.2 channels to Trx was found to be dependent on an extracellular histidine residue at position 191 (H191), especially as mutation to a glutamine (Q) residue (H191Q) abolished Trx-sensitivity. In summary, these data indicate that interactions between Trx and CaV3.2 channels can regulate the proliferation of CaV3.2–expressing cells

Blending State Differences and Change Operations for Metamodel Independent Merging of Software Models

A typical model merging session: requires a great deal of knowledgeable input; does not provide rapid feedback; quickly overwhelms the user with details; fails to properly match elements; performs minimal conflict detection; offers conflict resolution choices that are inadequate and without semantics; and exhibits counter-intuitive behavior. Viewing model merging as a process, this research defines a hybrid merge workflow that blends the best of the main approaches to merging, expressing its phases as algebraic operators for performing transformations on model and relationship data types. Normalization and denormalization phases decouple models from their originating tool and metamodel. State-based phases capture model differences in the model itself, establish element correspondence using multiply matching strategies, and extract change operations. Operation-based phases then partition and order the changes prior to the detection and automatic resolution of conflicts. The work has culminated in a prototype that validates the workflow, while realizing several novel model merging ideas, which are evaluated with simple and involved test cases. Combining the hybrid merge approach with the semantic expressiveness of decision tables---open to user modification---and an interactive and batch mode of operation allows the tool, named Mirador, to successfully address, to varying degrees, all of the previously cited shortcomings

Processing of Polarization Patterns and Visual Self-Motion in the Locust Central Complex for Spatial Orientation

Despite their relatively small brains with comparatively low neuron counts, insects show complex navigation behavior such as seasonal long-range migration, path integration, and precise straight-line movement. Spatial navigation requires a sense of current heading, which must be tethered to prominent external cues and updated by internal cues that result from movement. Global external cues such as the position of the sun may provide a reference frame for orientation. Sunlight is polarized by scattering in the atmosphere, which results in a sky-spanning polarization pattern that directly depends on the current solar position and makes polarization information, like the sun itself, useful as an external reference cue. Internally, moving through the environment generates optic flow---the motion of the viewed scenery on the retina---, which may inform about turning maneuvers, movement speed, and covered distance. Many insects use these external and internal cues for orientation, and the neuronal center for spatial navigation likely is the central complex, a higher-order brain structure where sensory information is integrated to form an internal compass representation of the current heading. This thesis addresses the question how celestial compass cues, specifically the polarization pattern, and optic flow are processed in the central complex of the desert locust, a long-range migratory insect. All chapters except the last one are electrophysiological studies in which single central-complex neurons were intracellularly recorded while presenting visual stimuli. The neurons' anatomy was histologically determined by dye injection in order to infer their role in the neural network. The studies in Chapters 1 and 2 show that the central complex contains a neuronal compass that robustly signals the sun direction based on direct sunlight and the integration of the whole solar polarization pattern. This shows that the locust brain uses all available skylight cues in order to form a unified compass signal, enabling robust navigation under different environmental conditions. The study in Chapter 3 further examines how neurons at the input stage of the central complex process skylight cues. Already at this stage, single neurons integrate visual information from large areas of the sky and have receptive fields suitable to build the skylight compass. Chapter 4 sheds light on the detection sensitivity for the angle of polarization, finding that central-complex neurons are highly sensitive in this regard, adapted to analyze the skylight polarization pattern almost in its entirety and under unfavorable environmental conditions. In Chapter 5 the locust central complex was scanned for neurons that receive optic flow information. Neurons at virtually all network stages are sensitive to optic flow, mainly uncoupled from skylight-cue sensitivity. This highlights that sensory information is flexibly processed in the central complex, presumably depending on the animal's current behavioral demands. Further, the study hypothesizes how horizontal turning motion is processed in order to update the internal heading representation, backed up by a computational model that adheres to brain anatomy and physiological data. Altogether, these studies advance the understanding of how external and internal cues are processed in the central-complex network in order to establish a sense of orientation in the insect brain. Finally, I contributed with data sets and programming code to the development of the InsectBrainDatabase (www.insectbraindb.org), a free online database tool designed to manage, share and publish anatomical and functional research data (Chapter 6)

Effective fault localization techniques for concurrent software

Multicore and Internet cloud systems have been widely adopted in recent years and have resulted in the increased development of concurrent programs. However, concurrency bugs are still difficult to test and debug for at least two reasons. Concurrent programs have large interleaving space, and concurrency bugs involve complex interactions among multiple threads. Existing testing solutions for concurrency bugs have focused on exposing concurrency bugs in the large interleaving space, but they often do not provide debugging information for developers to understand the bugs. To address the problem, this thesis proposes techniques that help developers in debugging concurrency bugs, particularly for locating the root causes and for understanding them, and presents a set of empirical user studies that evaluates the techniques. First, this thesis introduces a dynamic fault-localization technique, called Falcon, that locates single-variable concurrency bugs as memory-access patterns. Falcon uses dynamic pattern detection and statistical fault localization to report a ranked list of memory-access patterns for root causes of concurrency bugs. The overall Falcon approach is effective: in an empirical evaluation, we show that Falcon ranks program fragments corresponding to the root-cause of the concurrency bug as "most suspicious" almost always. In principle, such a ranking can save a developer's time by allowing him or her to quickly hone in on the problematic code, rather than having to sort through many reports. Others have shown that single- and multi-variable bugs cover a high fraction of all concurrency bugs that have been documented in a variety of major open-source packages; thus, being able to detect both is important. Because Falcon is limited to detecting single-variable bugs, we extend the Falcon technique to handle both single-variable and multi-variable bugs, using a unified technique, called Unicorn. Unicorn uses online memory monitoring and offline memory pattern combination to handle multi-variable concurrency bugs. The overall Unicorn approach is effective in ranking memory-access patterns for single- and multi-variable concurrency bugs. To further assist developers in understanding concurrency bugs, this thesis presents a fault-explanation technique, called Griffin, that provides more context of the root cause than Unicorn. Griffin reconstructs the root cause of the concurrency bugs by grouping suspicious memory accesses, finding suspicious method locations, and presenting calling stacks along with the buggy interleavings. By providing additional context, the overall Griffin approach can provide more information at a higher-level to the developer, allowing him or her to more readily diagnose complex bugs that may cross file or module boundaries. Finally, this thesis presents a set of empirical user studies that investigates the effectiveness of the presented techniques. In particular, the studies compare the effectiveness between a state-of-the-art debugging technique and our debugging techniques, Unicorn and Griffin. Among our findings, the user study shows that while the techniques are indistinguishable when the fault is relatively simple, Griffin is most effective for more complex faults. This observation further suggests that there may be a need for a spectrum of tools or interfaces that depend on the complexity of the underlying fault or even the background of the user.Ph.D