Understanding the Techniques Used for Mitigating/Fixing Remote Code Execution Vulnerabilities

  Remote Code Execution (RCE) attacks are one of the most prominent security threats for software systems, especially Java-based systems. This research project studies the security update reports for RCE vulnerabilities published by open source Java projects to assess the patches applied to fix RCE vulnerabilities. For our initial investigation, two Java-based projects were studied: Apache Tomcat and Android. rce  
  We analyzed and categorized the code-fixes (i.e., patches/updates) that were applied to fix fifty-one (51) RCE vulnerabilities. Our analysis showed that a significant majority of the RCE vulnerabilities found in Java projects can be mitigated with just five (5) categories of code-fixes. Overall, the goal was to study RCE vulnerabilities in an effort to provide programmers with a handy list of code-fixes, thus making it easier for them to effectively mitigate known RCE vulnerabilities in their own Java-based applications.  
Understanding the Information Disseminated Using Twitter During the COVID-19 Pandemic

  Student Achievement Recognition (Spring'21): Jorge Torres, a graduate student at the Computer Science department of Montclair State University, was the lead author on a paper that received the Best Paper Award at the IEEE IEMTRONICS 2021 conference.

This research explores the types and sources of COVID-19 information that was promoted by Twitter users during the start of the pandemic.

  Abstract: Twitter, with its ever-growing influence, has continued to serve as a means of spreading information and often providing early warnings to the situations that the world is encountering. The COVID-19 pandemic is no exception. With this disease resulting in hundreds of thousands of deaths, it is valuable that an analysis is conducted regarding the source of information posted on social media sites such as Twitter. In this study, we specifically analyze the source-URLs being posted by influential Twitter accounts. Our main goal in this study is to understand the kind of online materials, i.e., external weblinks that Twitter users prefer to promote/share about COVID-19.  
Development and Empirical Evaluation of checkVT: A Browser Add-on for Verifying the Safety of URLs
  Student Achievement Recognition (Fall'20): Emyll Almonte, an Undergraduate IT Major at Montclair State University, has developed and successfully published a browser add-on called checkVT:
  checkVT is a simple web browser extension that takes a selected URL via context-menu and submits it directly to be checked against all engines on VirusTotal with an added feature. The added feature in checkVT is basically the part of the process that tries to find the effective URL (redirect) if it exists on the URL that was submitted, and sends that URL to VirusTotal rather than the URL that was selected. This extra step helps users see VirusTotal results for the URL host that they would have ended up at, as opposed to the original link, which happens with most phishing links. Additional information can be found here:
Using Maching Learning to Automate the Procedures Involved in Requirements Inspections

  ml4Requirements inspections involve multiple inspectors independently reviewing a requirements document and reporting faults in the document. But, inspectors report both faults and non-faults (false-positives). We are using machine learning based approaches to validate requirements reviews. Our approach uses supervised machine learning algorithms to isolate faults from false-positives. An important feature that we use for training our classifiers is labeling our review data with the fault-types (ambiguity, inconsistent, incorrect requirements, omission, etc.). More details and publications related to this research project can be found at the following links:
Using Human Error & Human Factors Research to Improve Software Requirements Quality

  This research employs the Cognitive Psychology research on human errors to address a serious problem in Software Engineering: defects made during software development. We propose that because software development is a human-centric process, most software defects can be traced back to failures of human cognition (also called human errors or mental errors). In order to have the greatest impact on software quality and to minimize the impact of defects, our research is focused on the earliest phase of software development: the requirements engineering phase.

  The major goal of this research effort is to use insights from Cognitive Psychology research on human errors to develop and empirically validate :
(1) a taxonomy of requirements phase human errors, and 
(2) requirements defect detection techniques and tools based on the taxonomy.

Our research group has organized
workshops in premier Software Engineering conferences to elicit instances of human errors that happen in requirements engineering practice in the industry.

Experimental and training documents related to this research:



"In a humble state, you learn better. I can't find anything else very exciting about humility, but at least there's that." ~ John Dooner

© Copyright Vaibhav Anu

   hom2  gsc    rtg    lin   sem   termsu4