120 research outputs found
Dealing with Variability in API Misuse Specification
APIs are the primary mechanism for developers to gain access to externally defined services and tools. However, previous research has revealed API misuses that violate the contract of APIs to be prevalent. Such misuses can have harmful consequences, especially in the context of cryptographic libraries. Various API-misuse detectors have been proposed to address this issue - including CogniCrypt, one of the most versatile of such detectors and that uses a language (CrySL) to specify cryptographic API usage contracts. Nonetheless, existing approaches to detect API misuse had not been designed for systematic reuse, ignoring the fact that different versions of a library, different versions of a platform, and different recommendations/guidelines might introduce variability in the correct usage of an API. Yet, little is known about how such variability impacts the specification of the correct API usage. This paper investigates this question by analyzing the impact of various sources of variability on widely used Java cryptographic libraries (including JCA/JCE, Bouncy Castle, and Google Tink). The results of our investigation show that sources of variability like new versions of the API and security standards significantly impact the specifications. We then use the insights gained from our investigation to motivate an extension to the CrySL language (named MetaCrySL), which builds on meta-programming concepts. We evaluate MetaCrySL by specifying usage rules for a family of Android versions and illustrate that MetaCrySL can model all forms of variability we identified and drastically reduce the size of a family of specifications for the correct usage of cryptographic APIs
Temperature rise in a viscoplastic material during dynamic crack growth
Dynamic steady-state crack growth has been analyzed under mode I plane stress, small-scale yielding conditions using a finite element procedure. A Perzyna type viscoplastic constitutive equation has been employed in this analysis. The viscoplastic work rate is converted into heat input and the temperature distribution is determined by solving the governing conduction/convection equation also by a finite element method. The Stream-line Upwinding Petrov-Galerkin formulation has been employed for this purpose because of the high Peclet number that results in such a type of analysis. The effect of strain rate sensitivity and crack speed on the temperature distribution near the crack tip is examined
A growth walk model for estimating the canonical partition function of Interacting Self Avoiding Walk
We have explained in detail why the canonical partition function of
Interacting Self Avoiding Walk (ISAW), is exactly equivalent to the
configurational average of the weights associated with growth walks, such as
the Interacting Growth Walk (IGW), if the average is taken over the entire
genealogical tree of the walk. In this context, we have shown that it is not
always possible to factor the the density of states out of the canonical
partition function if the local growth rule is temperature-dependent. We have
presented Monte Carlo results for IGWs on a diamond lattice in order to
demonstrate that the actual set of IGW configurations available for study is
temperature-dependent even though the weighted averages lead to the expected
thermodynamic behavior of Interacting Self Avoiding Walk (ISAW).Comment: Revised version consisting of 12 pages (RevTeX manuscript, plus three
.eps figure files); A few sentences in the second paragraph on Page 4 are
rewritten so as to make the definition of the genealogical tree, , clearer. Also, the second equality of Eq.(1) on Page 4, and its
corresponding statement below have been remove
Plugin estimators for selective classification with out-of-distribution detection
Real-world classifiers can benefit from the option of abstaining from
predicting on samples where they have low confidence. Such abstention is
particularly useful on samples which are close to the learned decision
boundary, or which are outliers with respect to the training sample. These
settings have been the subject of extensive but disjoint study in the selective
classification (SC) and out-of-distribution (OOD) detection literature. Recent
work on selective classification with OOD detection (SCOD) has argued for the
unified study of these problems; however, the formal underpinnings of this
problem are still nascent, and existing techniques are heuristic in nature. In
this paper, we propose new plugin estimators for SCOD that are theoretically
grounded, effective, and generalise existing approaches from the SC and OOD
detection literature. In the course of our analysis, we formally explicate how
na\"{i}ve use of existing SC and OOD detection baselines may be inadequate for
SCOD. We empirically demonstrate that our approaches yields competitive SC and
OOD detection performance compared to baselines from both literatures
- …