Dealing with Variability in API Misuse Specification

APIs are the primary mechanism for developers to gain access to externally defined services and tools. However, previous research has revealed API misuses that violate the contract of APIs to be prevalent. Such misuses can have harmful consequences, especially in the context of cryptographic libraries. Various API-misuse detectors have been proposed to address this issue - including CogniCrypt, one of the most versatile of such detectors and that uses a language (CrySL) to specify cryptographic API usage contracts. Nonetheless, existing approaches to detect API misuse had not been designed for systematic reuse, ignoring the fact that different versions of a library, different versions of a platform, and different recommendations/guidelines might introduce variability in the correct usage of an API. Yet, little is known about how such variability impacts the specification of the correct API usage. This paper investigates this question by analyzing the impact of various sources of variability on widely used Java cryptographic libraries (including JCA/JCE, Bouncy Castle, and Google Tink). The results of our investigation show that sources of variability like new versions of the API and security standards significantly impact the specifications. We then use the insights gained from our investigation to motivate an extension to the CrySL language (named MetaCrySL), which builds on meta-programming concepts. We evaluate MetaCrySL by specifying usage rules for a family of Android versions and illustrate that MetaCrySL can model all forms of variability we identified and drastically reduce the size of a family of specifications for the correct usage of cryptographic APIs

Temperature rise in a viscoplastic material during dynamic crack growth

Dynamic steady-state crack growth has been analyzed under mode I plane stress, small-scale yielding conditions using a finite element procedure. A Perzyna type viscoplastic constitutive equation has been employed in this analysis. The viscoplastic work rate is converted into heat input and the temperature distribution is determined by solving the governing conduction/convection equation also by a finite element method. The Stream-line Upwinding Petrov-Galerkin formulation has been employed for this purpose because of the high Peclet number that results in such a type of analysis. The effect of strain rate sensitivity and crack speed on the temperature distribution near the crack tip is examined

A growth walk model for estimating the canonical partition function of Interacting Self Avoiding Walk

We have explained in detail why the canonical partition function of Interacting Self Avoiding Walk (ISAW), is exactly equivalent to the configurational average of the weights associated with growth walks, such as the Interacting Growth Walk (IGW), if the average is taken over the entire genealogical tree of the walk. In this context, we have shown that it is not always possible to factor the the density of states out of the canonical partition function if the local growth rule is temperature-dependent. We have presented Monte Carlo results for IGWs on a diamond lattice in order to demonstrate that the actual set of IGW configurations available for study is temperature-dependent even though the weighted averages lead to the expected thermodynamic behavior of Interacting Self Avoiding Walk (ISAW).Comment: Revised version consisting of 12 pages (RevTeX manuscript, plus three .eps figure files); A few sentences in the second paragraph on Page 4 are rewritten so as to make the definition of the genealogical tree, ${\cal Z}_N$, clearer. Also, the second equality of Eq.(1) on Page 4, and its corresponding statement below have been remove

Plugin estimators for selective classification with out-of-distribution detection

Real-world classifiers can benefit from the option of abstaining from predicting on samples where they have low confidence. Such abstention is particularly useful on samples which are close to the learned decision boundary, or which are outliers with respect to the training sample. These settings have been the subject of extensive but disjoint study in the selective classification (SC) and out-of-distribution (OOD) detection literature. Recent work on selective classification with OOD detection (SCOD) has argued for the unified study of these problems; however, the formal underpinnings of this problem are still nascent, and existing techniques are heuristic in nature. In this paper, we propose new plugin estimators for SCOD that are theoretically grounded, effective, and generalise existing approaches from the SC and OOD detection literature. In the course of our analysis, we formally explicate how na\"{i}ve use of existing SC and OOD detection baselines may be inadequate for SCOD. We empirically demonstrate that our approaches yields competitive SC and OOD detection performance compared to baselines from both literatures