Vulnerability discovery in multiple version software systems: open source and commercial software systems

Department Head: L. Darrell Whitley.2007 Summer.Includes bibliographical references (pages 80-83).The vulnerability discovery process for a program describes the rate at which the vulnerabilities are discovered. A model of the discovery process can be used to estimate the number of vulnerabilities likely to be discovered in the near future. Past studies have considered vulnerability discovery only for individual software versions, without considering the impact of shared code among successive versions and the evolution of source code. These affecting factors in vulnerability discovery process need to be taken into account estimate the future software vulnerability discovery trend more accurately. This thesis examines possible approaches for taking these factors into account in the previous works. We implemented these factors on vulnerability discovery process. We examine a new approach for quantitatively vulnerability discovery process, based on shared source code measurements among multiple version software system. The applicability of the approach is examined using Apache HTTP Web server and Mysql DataBase Management System (DBMS). The result of this approach shows better goodness of fit than fitting result in the previous researches. Using this revised software vulnerability discovery process, the superposition effect which is an unexpected vulnerability discovery in the previous researches could be determined by software discovery model. The multiple software vulnerability discovery model (MVDM) shows that vulnerability discovery rate is different with single vulnerability discovery model's (SVDM) discovery rate because of newly considered factors. From these result, we create and applied new SVDM for open source and commercial software. This single vulnerability process is examined, and the model testing result shows that SVDM can be an alternative modeling. The modified vulnerability discovery model will be presented for supporting previous researches' weakness, and the theoretical modeling will be discuss for more accurate explanation

A Design of MAC Model Based on the Separation of Duties and Data Coloring: DSDC-MAC

Among the access control methods for database security, there is Mandatory Access Control (MAC) model in which the security level is set to both the subject and the object to enhance the security control. Legacy MAC models have focused only on one thing, either confidentiality or integrity. Thus, it can cause collisions between security policies in supporting confidentiality and integrity simultaneously. In addition, they do not provide a granular security class policy of subjects and objects in terms of subjects\u27 roles or tasks. In this paper, we present the security policy of Bell_LaPadula Model (BLP) model and Biba model as one complemented policy. In addition, Duties Separation and Data Coloring (DSDC)-MAC model applying new data coloring security method is proposed to enable granular access control from the viewpoint of Segregation of Duty (SoD). The case study demonstrated that the proposed modeling work maintains the practicality through the design of Human Resources management System. The proposed model in this study is suitable for organizations like military forces or intelligence agencies where confidential information should be carefully handled. Furthermore, this model is expected to protect systems against malicious insiders and improve the confidentiality and integrity of data

Meaning of Wearing Faux Fur

The purpose of this study is to Understand meanings of consuming faux fur from the perspective of consumer culture theory

Vulnerability assessment for the hazards of crosswinds when vehicles cross a bridge deck

AbstractA new procedure to assess the crosswind hazard of operating a vehicle over a bridge deck has been developed using a probabilistic approach that utilizes long-term wind data at bridge sites as well as the aerodynamic properties of bridge decks and vehicles. The proposed procedure for safety assessment considers the probabilities of two accident types: sideslip and overturning. The vulnerability of vehicles to crosswinds is represented by the number of days for traffic control that would be required to secure vehicle safety over a period of one year. The distribution of wind speed over a bridge deck was estimated from a section model wind tunnel test. A sea-crossing bridge was selected as an example, and a series of case studies were performed to identify the influential factors affecting vehicle vulnerability to crosswinds: vehicle type and loaded weight, the position of a running vehicle over a bridge deck, the bridge alignment relative to the dominant wind direction, and vehicle speed

Democratizing National Security: Implications of Human Security Framework on Human Rights and Civil Society in the Republic of Korea

This thesis analyzes the intersection among civil society, human rights, and national security narratives in the Republic of Korea. It first traces the evolution of civil society, human rights, and national security narratives in South Korea, followed by an examination of the aptness of current national security narratives and its impact on human rights and civil society. The thesis attempts to answer the following questions: first, what are the dominant national security narratives in contemporary South Korean society; second, what are the human rights implications of South Korea’s national security narratives; and third, what are the significance and role of South Korean civil society under a new security framework? Finally, it argues for a shift toward a new security framework, namely one based on human security and comprehensive security frameworks

THE MOLECULAR ROLE OF MOB1 IN LATS1 KINASE ACTIVATION IN HIPPO SIGNALING

The Hippo signaling pathway, a highly conserved pathway between flies and mammals, regulates the rate of cell growth and apoptosis to ultimately control organ size and tissue homeostasis (Saucedo & Edgar, 2007). The pathway was named after an overgrowth phenotype, a fly resembling a hippopotamus, observed in Drosophila upon mutating Hpo (Wu et al., 2003). The action of the Hippo pathway arises from the activity of a set of two kinases. Mst1/2 kinase phosphorylates and activates Lats1/2 kinase in a process that may be stimulated by the effector protein Mob1, which is also a substrate of Mst1/2 (Ni et al., 2015). This study aims to identify a minimal, functional unit of Lats1 more amenable to both purification in vitro and X-ray crystallization. We designed truncations of both the N and C-termini of Lats1. We transiently transfected Mst2, Mob1, Lats1, and YAP in HEK293 cells and validated kinase activity of the truncated Lats1 variants by Western blot and the luciferase reporter assay. We also analyzed complex formation between Mob1 and the truncated Lats1 variants using co-immunoprecipitation from lysate of HEK293 cells transiently transfected with both proteins. We will purify the minimal, functional unit of Lats1 in vitro for use in future biochemical and structural assays. This study also aims to understand the molecular role of Mob1 in the activation of Lats1 kinase. We transiently transfected HEK293 cells with Mst2 and Lats1 with or without Mob1 and monitored Lats1 activation by Western blot. Expression of Mob1 stimulated phosphorylation of Lats1 by Mst2, highlighting a potential role for Mob1 in Lats1 activation and ternary complex formation between Lats1, Mob1, and Mst2. We aim to isolate the ternary complex in vitro and test the phosphospecific nature of assembly of the ternary complex. We will also determine the sequence of molecular events that lead to Lats1 activation by systematically disrupting pairwise interactions between either Mst2 and Mob1 or Lats1 and Mob1 and monitor the effect on Lats1 activation in cells. Several studies have identified mutations in human cancers that affect Lats1/2 expression and kinase activity (Yu, Bachman & Lai, 2013). Thus, the results of this study will provide insight into the mechanisms that regulate Lats1 activation and provide a framework to guide targeted molecular therapies

3D-CVF: Generating Joint Camera and LiDAR Features Using Cross-View Spatial Feature Fusion for 3D Object Detection

In this paper, we propose a new deep architecture for fusing camera and LiDAR sensors for 3D object detection. Because the camera and LiDAR sensor signals have different characteristics and distributions, fusing these two modalities is expected to improve both the accuracy and robustness of 3D object detection. One of the challenges presented by the fusion of cameras and LiDAR is that the spatial feature maps obtained from each modality are represented by significantly different views in the camera and world coordinates; hence, it is not an easy task to combine two heterogeneous feature maps without loss of information. To address this problem, we propose a method called 3D-CVF that combines the camera and LiDAR features using the cross-view spatial feature fusion strategy. First, the method employs auto-calibrated projection, to transform the 2D camera features to a smooth spatial feature map with the highest correspondence to the LiDAR features in the bird's eye view (BEV) domain. Then, a gated feature fusion network is applied to use the spatial attention maps to mix the camera and LiDAR features appropriately according to the region. Next, camera-LiDAR feature fusion is also achieved in the subsequent proposal refinement stage. The camera feature is used from the 2D camera-view domain via 3D RoI grid pooling and fused with the BEV feature for proposal refinement. Our evaluations, conducted on the KITTI and nuScenes 3D object detection datasets demonstrate that the camera-LiDAR fusion offers significant performance gain over single modality and that the proposed 3D-CVF achieves state-of-the-art performance in the KITTI benchmark