|
|
|
Research |
|
|
|
|
|
|
Understanding the Techniques Used for Mitigating/Fixing Remote Code
Execution Vulnerabilities
|
|
|
|
Remote Code Execution (RCE) attacks are one of the most prominent
security threats for software systems, especially Java-based systems.
This research project studies the security update reports for RCE
vulnerabilities published by open source Java projects to assess the
patches applied to fix RCE vulnerabilities. For our initial
investigation, two Java-based projects were studied: Apache Tomcat and
Android. |
 |
|
|
|
We analyzed and categorized the code-fixes
(i.e., patches/updates) that were applied to fix fifty-one (51) RCE
vulnerabilities. Our analysis showed that a significant majority of the
RCE vulnerabilities found in Java projects can be mitigated with just
five (5) categories of code-fixes. Overall, the goal was to study RCE
vulnerabilities in an effort to provide programmers with a handy list of
code-fixes, thus making it easier for them to effectively mitigate known
RCE vulnerabilities in their own Java-based applications. |
|
|
|
|
|
|
|
Understanding the Information Disseminated Using Twitter During
the COVID-19 Pandemic
|
|
|
|
Student Achievement Recognition (Spring'21):
Jorge Torres, a graduate student at the
Computer Science department of
Montclair
State University,
was the lead author on a paper that received the Best Paper Award at the
IEEE IEMTRONICS 2021 conference.
This research explores the types and sources of COVID-19 information
that was promoted by Twitter users during the start of the pandemic.
|
 |
|
|
|
Abstract: Twitter, with its ever-growing
influence, has continued to serve as a means of spreading information
and often providing early warnings to the situations that the world is
encountering. The COVID-19 pandemic is no exception. With this disease
resulting in hundreds of thousands of deaths, it is valuable that an
analysis is conducted regarding the source of information posted on
social media sites such as Twitter. In this study, we specifically
analyze the source-URLs being posted by influential Twitter accounts.
Our main goal in this study is to understand the kind of online
materials, i.e., external weblinks that Twitter users prefer to
promote/share about COVID-19. |
|
|
|
|
|
|
|
Development and Empirical Evaluation of checkVT: A Browser Add-on for Verifying
the Safety of URLs
|
|
|
|
Student Achievement Recognition (Fall'20): Emyll Almonte, an Undergraduate IT Major at
Montclair
State University, has developed and successfully published a browser
add-on called checkVT:
https://addons.mozilla.org/en-US/firefox/addon/checkvt/ |
 |
|
|
|
checkVT is
a simple web browser extension that takes a selected URL via
context-menu and submits it directly to be checked against all engines
on VirusTotal with an added feature. The added feature in checkVT is
basically the part of the process that tries to find the effective URL
(redirect) if it exists on the URL that was submitted, and sends that
URL to VirusTotal rather than the URL that was selected. This extra step
helps users see VirusTotal results for the URL host that they would have
ended up at, as opposed to the original link, which happens with most
phishing links. Additional information can be found here:
https://github.com/ealmonte32/checkVT |
|
|
|
|
|
|
|
Using Maching Learning to Automate the Procedures Involved in
Requirements Inspections
|
|
|
|
 Requirements
inspections involve multiple inspectors independently reviewing a
requirements document and reporting faults in the document. But,
inspectors report both faults and non-faults (false-positives). We are
using machine learning based approaches to validate requirements
reviews. Our approach uses supervised machine learning algorithms to
isolate faults from false-positives. An important feature that we use
for training our classifiers is labeling our review data with the
fault-types (ambiguity, inconsistent, incorrect requirements, omission,
etc.). More details and publications related to this research project
can be found at the following links:
https://www.researchgate.net/project/Machine-Learning-in-Requirement-Inspections
http://vaibhavanu.com/VBF-TP-001.html
|
|
|
|
Using Human Error & Human Factors Research to Improve Software
Requirements Quality
|
|
|
|
This research
employs the Cognitive Psychology research on human
errors to
address a serious problem in Software Engineering: defects made during
software development. We propose that because software development is a
human-centric process, most software defects can be traced back to
failures of human cognition (also called human errors or mental errors).
In order to have the greatest impact on software quality and to minimize
the impact of defects, our research is focused on the earliest phase of
software development: the requirements
engineering phase.
|
 |
|
|
|
The major goal of this research effort is to use insights from Cognitive
Psychology research on human errors to develop and empirically validate
:
(1) a taxonomy of
requirements phase human errors, and
(2) requirements defect detection
techniques and tools based on the taxonomy. |
|
|
|
Our research group has organized
workshops in premier Software Engineering conferences to elicit instances of human errors that happen in requirements
engineering practice in the industry.
Experimental and
training documents related to this research:
vaibhavanu.com/NDSU-CS-TP-2017-001.html
vaibhavanu.com/NDSU-CS-TP-2016-001.html
vaibhavanu.com/SDP_Inspection.html
humanerrorinse.org/Studies/2015/Fall_NDSU/
humanerrorinse.org/Studies/2015/Fall_NDSU_Experiment_1
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
 |
|
"In a
humble state, you learn better. I can't find anything else very exciting
about humility, but at least there's that." ~ John Dooner
© Copyright
Vaibhav Anu |
