The document discusses testing delegation policies through mutation analysis. It provides background on access control and delegation. Formal definitions are given for access control policy, master-level delegation, and user-level delegation models. Advanced delegation features like monotonicity of delegation are described. The workshop will present a set of delegation mutant operators, proof-of-concept implementation, and preliminary results for testing delegation policies using mutation analysis.
Enhancing Keyword Query Results Over Database for Improving User Satisfaction ijmpict
Storing data in relational databases is widely increasing to support keyword queries but search results does not gives effective answers to keyword query and hence it is inflexible from user perspective. It would be helpful to recognize such type of queries which gives results with low ranking. Here we estimate prediction of query performance to find out effectiveness of a search performed in response to query and features of such hard queries is studied by taking into account contents of the database and result list. One relevant problem of database is the presence of missing data and it can be handled by imputation. Here an inTeractive Retrieving-Inferring data imputation method (TRIP) is used which achieves retrieving and inferring alternately to fill the missing attribute values in the database. So by considering both the prediction of hard queries and imputation over the database, we can get better keyword search results.
AUTOMATED INFORMATION RETRIEVAL MODEL USING FP GROWTH BASED FUZZY PARTICLE SW...ijcseit
To mine out relevant facts at the time of need from web has been a tenuous task. Research on diverse fields
are fine tuning methodologies toward these goals that extracts the best of information relevant to the users
search query. In the proposed methodology discussed in this paper find ways to ease the search complexity
tackling the severe issues hindering the performance of traditional approaches in use. The proposed
methodology find effective means to find all possible semantic relatable frequent sets with FP Growth
algorithm. The outcome of which is the further source of fuel for Bio inspired Fuzzy PSO to find the optimal
attractive points for the web documents to get clustered meeting the requirement of the search query
without losing the relevance. On the whole the proposed system optimizes the objective function of
minimizing the intra cluster differences and maximizes the inter cluster distances along with retention of all
possible relationships with the search context intact. The major contribution being the system finds all
possible combinations matching the user search transaction and thereby making the system more
meaningful. These relatable sets form the set of particles for Fuzzy Clustering as well as PSO and thus
being unbiased and maintains a innate behaviour for any number of new additions to follow the herd
behaviour’s evaluations reveals the proposed methodology fares well as an optimized and effective
enhancements over the conventional approaches.
This document outlines a thesis project that aims to evaluate query rewriting techniques for recursive queries over ELHI ontologies. The objectives are to choose a query rewriting technique, understand which engines can be used for evaluation, configure the system with ontologies, queries and data, and measure parameters to evaluate performance. While query rewriting has been studied for DL-Lite ontologies, there is a lack of practical experimentation for the more expressive ELHI family. The thesis seeks to address this gap and provide an experimental assessment of evaluating recursive query rewriting over ELHI ontologies.
Master Thesis Topics at Software Engineering DepartmentPhu H. Nguyen
This document provides biographical information about Phu Hong Nguyen, including his current position as a postdoctoral researcher at Simula, Norway, as well as his educational background. It also references several projects related to software engineering research at Simula and includes quotations and information about autonomous systems, robots, smart devices, and master's thesis topics at Simula.
Automated verification of role based access control policies constraints usin...ijsptm
Access control policies are used to restrict access to sensitive records for authorized users only. One approach for specifying policies is using role based access control (RBAC) where authorization is given to roles instead of users. Users are assigned to roles such that each user can access all the records that are allowed to his/her role. RBAC has a great interest because of its flexibility. One issue in RBAC is dealing with constraints. Usually, policies should satisfy pre-defined constraints as for example separation of duty (SOD) which states that users are not allowed to play two conflicting roles. Verifying the satisfiability of constraints based on policies is time consuming and may lead to errors. Therefore, an automated verification is essential.
In this paper, we propose a theory for specifying policies and constraints in first order logic. Furthermore, we present a comprehensive list of constraints. We identity constraints based on the relation between users
and roles, between roles and permission on records, between users and permission on records, and between
users, roles, and permission on records. Then, we use a general purpose theorem prover tool called Prover9 for proving the satisfaction of constraints.
Separation of Duty and Context Constraints for Contextual Role-Based Access C...CSCJournals
This paper presents the separation of duty and context constraints of recently
proposed Contextual Role-Based Access Control Model C-RBAC. Constraints in
C-RBAC enabled the specification of a rich set of Separation of Duty (SoD)
constraints over spatial purpose roles. In healthcare environment in which user
roles are position and are purpose dependant, the notion of SoD is still
meaningful and relevant to the concept of conflict of interest. SoD may be
defined as Static Separation of Duty (SSoD) and Dynamic Separation of Duty
(DSoD) depending on whether exclusive role constraints are evaluated against
the user-role assignment set or against the set of roles activated in user’s
session. In particular, the model is capable of expressing a wider range of
constraints on spatial domains, location hierarchy schemas, location hierarchy
instances, spatial purposes and spatial purpose roles.
Exploration exploitation trade off in mobile context-aware recommender systemsBouneffouf Djallel
Most existing approaches in Context-Aware Recommender Systems (CRS) focus on recommending relevant items to users taking into account contextual information, such as time, loca-tion, or social aspects. However, none of them have considered the problem of user’s content dynamicity. This problem has been studied in the reinforcement learning community, but without paying much attention to the contextual aspect of the recommendation. We introduce in this paper an algorithm that tackles the user’s content dynamicity by modeling the CRS as a contextual bandit algorithm. It is based on dynamic explora-tion/exploitation and it includes a metric to decide which user’s situation is the most relevant to exploration or exploitation. Within a deliberately designed offline simulation framework, we conduct extensive evaluations with real online event log data. The experimental results and detailed analysis demon-strate that our algorithm outperforms surveyed algorithms.
Enhancing Keyword Query Results Over Database for Improving User Satisfaction ijmpict
Storing data in relational databases is widely increasing to support keyword queries but search results does not gives effective answers to keyword query and hence it is inflexible from user perspective. It would be helpful to recognize such type of queries which gives results with low ranking. Here we estimate prediction of query performance to find out effectiveness of a search performed in response to query and features of such hard queries is studied by taking into account contents of the database and result list. One relevant problem of database is the presence of missing data and it can be handled by imputation. Here an inTeractive Retrieving-Inferring data imputation method (TRIP) is used which achieves retrieving and inferring alternately to fill the missing attribute values in the database. So by considering both the prediction of hard queries and imputation over the database, we can get better keyword search results.
AUTOMATED INFORMATION RETRIEVAL MODEL USING FP GROWTH BASED FUZZY PARTICLE SW...ijcseit
To mine out relevant facts at the time of need from web has been a tenuous task. Research on diverse fields
are fine tuning methodologies toward these goals that extracts the best of information relevant to the users
search query. In the proposed methodology discussed in this paper find ways to ease the search complexity
tackling the severe issues hindering the performance of traditional approaches in use. The proposed
methodology find effective means to find all possible semantic relatable frequent sets with FP Growth
algorithm. The outcome of which is the further source of fuel for Bio inspired Fuzzy PSO to find the optimal
attractive points for the web documents to get clustered meeting the requirement of the search query
without losing the relevance. On the whole the proposed system optimizes the objective function of
minimizing the intra cluster differences and maximizes the inter cluster distances along with retention of all
possible relationships with the search context intact. The major contribution being the system finds all
possible combinations matching the user search transaction and thereby making the system more
meaningful. These relatable sets form the set of particles for Fuzzy Clustering as well as PSO and thus
being unbiased and maintains a innate behaviour for any number of new additions to follow the herd
behaviour’s evaluations reveals the proposed methodology fares well as an optimized and effective
enhancements over the conventional approaches.
This document outlines a thesis project that aims to evaluate query rewriting techniques for recursive queries over ELHI ontologies. The objectives are to choose a query rewriting technique, understand which engines can be used for evaluation, configure the system with ontologies, queries and data, and measure parameters to evaluate performance. While query rewriting has been studied for DL-Lite ontologies, there is a lack of practical experimentation for the more expressive ELHI family. The thesis seeks to address this gap and provide an experimental assessment of evaluating recursive query rewriting over ELHI ontologies.
Master Thesis Topics at Software Engineering DepartmentPhu H. Nguyen
This document provides biographical information about Phu Hong Nguyen, including his current position as a postdoctoral researcher at Simula, Norway, as well as his educational background. It also references several projects related to software engineering research at Simula and includes quotations and information about autonomous systems, robots, smart devices, and master's thesis topics at Simula.
Automated verification of role based access control policies constraints usin...ijsptm
Access control policies are used to restrict access to sensitive records for authorized users only. One approach for specifying policies is using role based access control (RBAC) where authorization is given to roles instead of users. Users are assigned to roles such that each user can access all the records that are allowed to his/her role. RBAC has a great interest because of its flexibility. One issue in RBAC is dealing with constraints. Usually, policies should satisfy pre-defined constraints as for example separation of duty (SOD) which states that users are not allowed to play two conflicting roles. Verifying the satisfiability of constraints based on policies is time consuming and may lead to errors. Therefore, an automated verification is essential.
In this paper, we propose a theory for specifying policies and constraints in first order logic. Furthermore, we present a comprehensive list of constraints. We identity constraints based on the relation between users
and roles, between roles and permission on records, between users and permission on records, and between
users, roles, and permission on records. Then, we use a general purpose theorem prover tool called Prover9 for proving the satisfaction of constraints.
Separation of Duty and Context Constraints for Contextual Role-Based Access C...CSCJournals
This paper presents the separation of duty and context constraints of recently
proposed Contextual Role-Based Access Control Model C-RBAC. Constraints in
C-RBAC enabled the specification of a rich set of Separation of Duty (SoD)
constraints over spatial purpose roles. In healthcare environment in which user
roles are position and are purpose dependant, the notion of SoD is still
meaningful and relevant to the concept of conflict of interest. SoD may be
defined as Static Separation of Duty (SSoD) and Dynamic Separation of Duty
(DSoD) depending on whether exclusive role constraints are evaluated against
the user-role assignment set or against the set of roles activated in user’s
session. In particular, the model is capable of expressing a wider range of
constraints on spatial domains, location hierarchy schemas, location hierarchy
instances, spatial purposes and spatial purpose roles.
Exploration exploitation trade off in mobile context-aware recommender systemsBouneffouf Djallel
Most existing approaches in Context-Aware Recommender Systems (CRS) focus on recommending relevant items to users taking into account contextual information, such as time, loca-tion, or social aspects. However, none of them have considered the problem of user’s content dynamicity. This problem has been studied in the reinforcement learning community, but without paying much attention to the contextual aspect of the recommendation. We introduce in this paper an algorithm that tackles the user’s content dynamicity by modeling the CRS as a contextual bandit algorithm. It is based on dynamic explora-tion/exploitation and it includes a metric to decide which user’s situation is the most relevant to exploration or exploitation. Within a deliberately designed offline simulation framework, we conduct extensive evaluations with real online event log data. The experimental results and detailed analysis demon-strate that our algorithm outperforms surveyed algorithms.
Paper Gloria Cea - Goal-Oriented Design Methodology Applied to User Interface...WTHS
This document describes a user interface designed for a mobile application called the Functional Assessment System (FAS). The FAS allows users to assess their aerobic fitness on their own without specialized equipment. The design of the mobile application interface was guided by the Goal-Oriented Design methodology. This methodology focuses on representing users as characters with specific goals and designing scenarios to help users achieve those goals. The document also discusses evaluating the usability of the interface using the AttrakDiff questionnaire to assess pragmatic and hedonic qualities. The results showed satisfactory user interaction with the FAS mobile application interface.
The document provides a mid-semester report for a project on learning agents. It outlines the goals of building a general architecture model and implementing a simple distributed learning agent system to navigate a maze using reinforcement learning. It discusses key topics like the definition of agents and intelligent agents, machine learning approaches like reinforcement and Q-learning, and the JADE agent platform. It breaks down the project among group members to cover areas like machine learning, defining a maze problem, the agent platform, distributed computing, and implementing agents using UML, Java and JADE. It outlines the group's planned activities and progress to date in identifying existing code examples and platforms to build upon.
Abstract: multi-agent systems and particularly bdi agents are mostly used in a wide range of projects, from agent-based simulations to air-traffic control. They all benefit from the autonomy and proactive behavior that provides agent-based architectures, as well as the characteristics of reasoning that are outlined by the bdi architecture. Thereforethe belief desire intention agent model and agentspeak language have becomea state-of-the-art and one of the challenging research subjects in the agent modeling and programming area.
In particular the bdi architecture is frequently used in the development of agents that try to simulate certainaspects of human behavior, and precisely perception and formulation of beliefs are two of the elements of bdiagents that require special attention in the development of such agents. Thiswork propose a way to extend the reasoning cycle algorithm on bdi agents, in a way that it allows to process inaccurate perceptions in the formulation of beliefs in such agents; it also shows an example implemented in agentspeak as well as the results of its execution within the jason interpreter.Keywords: Agent, Agent Speak, Beliefs, BDI, Fuzzy-BDI, Fuzzy Perceptions, Simulation.
Title :An Extended Reasoning Cycle Algorithm for BDI Agents
Author: Donald Rodriguez-Ubeda, Dora-Luz Flores, Luis Palafox, Manuel Castanon-Puga, Carelia Gaxiola-Pacheco, Ricardo Rosales
International Journal of Recent Research in Mathematics Computer Science and Information Technology
ISSN: 2350- 1022
Paper Publications
Abstract: multi-agent systems and particularly bdi agents are mostly used in a wide range of projects, from agent-based simulations to air-traffic control. They all benefit from the autonomy and proactive behavior that provides agent-based architectures, as well as the characteristics of reasoning that are outlined by the bdi architecture. Thereforethe belief desire intention agent model and agentspeak language have becomea state-of-the-art and one of the challenging research subjects in the agent modeling and programming area.
In particular the bdi architecture is frequently used in the development of agents that try to simulate certainaspects of human behavior, and precisely perception and formulation of beliefs are two of the elements of bdiagents that require special attention in the development of such agents. Thiswork propose a way to extend the reasoning cycle algorithm on bdi agents, in a way that it allows to process inaccurate perceptions in the formulation of beliefs in such agents; it also shows an example implemented in agentspeak as well as the results of its execution within the jason interpreter.
The document is a seminar report submitted by Kalaissiram S. for their Bachelor of Technology degree. It discusses reinforcement learning (RL), including the key concepts of agents, environments, actions, states, rewards, and policies. It also covers the Bellman equation, types of RL, Markov decision processes, popular RL algorithms like Q-learning and SARSA, and applications of RL.
This document proposes a fuzzy rule-based system to classify user behavior in a computer network based on user logs. It involves collecting web, network, and machine logs from servers and extracting frequencies of activities. The frequencies are normalized and fed into a fuzzy rule-based system. The system uses if-then rules to classify a user's tendency to attempt restricted tasks based on their log data. Five behavior classes are defined based on the tendency output from very good to very bad. The system is demonstrated on sample user log data from an institution to classify users' behavior in different months.
This document presents a framework for reusing existing software agents through ontological engineering. The framework includes components like a user interface agent, query processor, mapping agent, transfer agent, wrapper agent, and remote agents containing ontologies. The query processor reformulates the user's query, the mapping agent identifies relevant ontologies, and the transfer agent sends the query to remote agents. The remote agents provide ontologies as output, which are then integrated/merged and presented back to the user interface agent. The goal is to enable reuse of heterogeneous agents across different development environments through a standardized ontology representation.
3/12/2019 Originality Report
https://blackboard.nec.edu/webapps/mdb-sa-BB5b75a0e7334a9/originalityReport/ultra?attemptId=043902cf-f693-4caf-93d5-0ab98b9f46b9&course_id… 1/3
%50
%19
%2
SafeAssign Originality Report
Database Security - 201930 - CRN160 - Thota • Week 8 Paper
%71Total Score: High riskPratibha Sugureddygari
Submission UUID: b0b91467-9346-6662-c8c8-6d32b50133c4
Total Number of Reports
1
Highest Match
71 %
Submission_Text.html
Average Match
71 %
Submitted on
03/10/19
10:12 PM EDT
Average Word Count
670
Highest: Submission_Text.html
%71Attachment 1
Institutional database (6)
Student paperStudent paper Student paperStudent paper Student paperStudent paper
Student paperStudent paper Student paperStudent paper Student paperStudent paper
Internet (4)
oracle-baseoracle-base ugentugent oracleoracle
oracleoracle
Global database (1)
Student paperStudent paper
Top sources (3)
Excluded sources (0)
View Originality Report - Old Design
Word Count: 670
Submission_Text.html
33 11 22
44 1010 88
99 1111 77
55
66
33 Student paperStudent paper 11 Student paperStudent paper 99 oracle-baseoracle-base
https://blackboard.nec.edu/webapps/mdb-sa-BB5b75a0e7334a9/originalityReport?attemptId=043902cf-f693-4caf-93d5-0ab98b9f46b9&course_id=_43338_1&download=true&includeDeleted=true&print=true&force=true
3/12/2019 Originality Report
https://blackboard.nec.edu/webapps/mdb-sa-BB5b75a0e7334a9/originalityReport/ultra?attemptId=043902cf-f693-4caf-93d5-0ab98b9f46b9&course_id… 2/3
Source Matches (19)
Student paper 100%
Student paper 65%
Student paper 71%
Student paper 62%
AUDIT_ADMIN and AUDIT_VIEWER
To start with, auditing is the monitoring and recording of configured database actions form both the users of the database as well as the database non-users.
The actions of the database users are known through database auditing. Database administrators set up the auditing for the sake of security purposes so that
users are not able to access information without permission. Therefore, database auditing helps in keeping a check on the actions of the database of the users.
The users who are accepted in the through the client _identifier attribute in the database are referred to as the non-database users. Auditing this type of users
unified audit policy condition or Oracle database real application security is used.
There are many advantages associated with auditing. Firstly, Auditing is important in that it allows accountability for actions such as actions taken on the schema,
table, or row which affects specific content (Groomer, & Murthy, 2018). Secondly, it helps in deterring intruders or users from inappropriate actions based on
their accountability. Thirdly, auditing notifies auditors of actions of an authorized user for instance when an intruder changes or deletes any file or if an operator has
extra rights than anticipated. Lastly, auditing helps in data monitoring and data gathering concerning a particular event .
COGNITIVE RADIO RESOURCE SCHEDULING USING MULTI-AGENT Q-LEARNING FOR LTEIJCNCJournal
In this paper, we propose, implement, and test two novel downlink LTE scheduling algorithms. The
implementation and testing of these algorithms were in Matlab, and they are based on the use of
Reinforcement Learning (RL), more specifically, the Q-learning technique for scheduling two types of
users. The first algorithm is called a Collaborative scheduling algorithm, and the second algorithm is
called a Competitive scheduling algorithm. The first type of the scheduled users is the Primary Users
(PUs), and they are the licensed subscribers that pay for their service. The second type of the scheduled
users is the Secondary Users (SUs), and they could be un-licensed subscribers that don't pay for their
service, device-to-device communications, or sensors. Each user whether it’s a primary or secondary is
considered as an agent. In the Collaborative scheduling algorithm, the primary user agents will
collaborate in order to make a joint scheduling decision about allocating the resource blocks to each one
of them, then the secondary user agents will compete among themselves to use the remaining resource
blocks. In the Competitive scheduling algorithm, the primary user agents will compete among themselves
over the available resources, then the secondary user agents will compete among themselves over the
remaining resources. Experimental results show that both scheduling algorithms converged to almost 90%
utilization of the spectrum, and provided fair shares of the spectrum among users.
Cognitive Radio Resource Scheduling using Multi-Agent Q-Learning for LTEIJCNCJournal
In this paper, we propose, implement, and test two novel downlink LTE scheduling algorithms. The implementation and testing of these algorithms were in Matlab, and they are based on the use of Reinforcement Learning (RL), more specifically, the Q-learning technique for scheduling two types of users. The first algorithm is called a Collaborative scheduling algorithm, and the second algorithm is called a Competitive scheduling algorithm. The first type of the scheduled users is the Primary Users (PUs), and they are the licensed subscribers that pay for their service. The second type of the scheduled users is the Secondary Users (SUs), and they could be un-licensed subscribers that don't pay for their service, device-to-device communications, or sensors. Each user whether it’s a primary or secondary is considered as an agent. In the Collaborative scheduling algorithm, the primary user agents will collaborate in order to make a joint scheduling decision about allocating the resource blocks to each one of them, then the secondary user agents will compete among themselves to use the remaining resource blocks. In the Competitive scheduling algorithm, the primary user agents will compete among themselves over the available resources, then the secondary user agents will compete among themselves over the remaining resources. Experimental results show that both scheduling algorithms converged to almost 90% utilization of the spectrum, and provided fair shares of the spectrum among users.
The document discusses managing order batching issues in supply chain management using a multi-agent system. It first provides background on multi-agent systems and their advantages over centralized systems, such as being able to solve problems that are too large or complex for a single agent. It then discusses how a multi-agent system can be used to handle the order batching problem in supply chain management, which is a major cause of the bullwhip effect that negatively impacts supply chain performance. The proposed system uses intelligent agents to maintain information related to order batching issues and make decisions to manage order batching.
This document provides an initial specification for a CSE333 project on learning agents. The project aims to investigate current research on software learning agents and implement a simple demonstration system. A team of 4 students will build a distributed learning agent system that finds a policy for navigating a maze using reinforcement learning. The project will involve research on machine learning, agent computing, distributed computing and implementation using UML and Java. The document outlines objectives, topics, an example problem, planned activities and appendices on references, agent definitions and development.
This document provides an initial specification for a CSE333 project on learning agents. The project aims to build a distributed learning agent system that can find a policy for navigating a maze. Four key components are identified: perception, action, communication, and learning. The project will investigate reinforcement learning and Q-learning approaches. Team members are assigned areas of focus: machine learning, agent computing, distributed computing, and tools/implementation. Activities over the semester are outlined and will include research, design, prototyping, and implementation of a learning agent system to solve a maze problem using Q-learning.
International Journal of Computer Science and Security Volume (2) Issue (2)CSCJournals
The document summarizes a proposed new role-based access control (RBAC) model for workflow systems. The proposed model addresses limitations of existing RBAC models by incorporating additional control factors relevant to workflows, such as decentralization, delegation, supervision, review, and separation of duties. It defines relationships between roles, such as "is a" and "part of" relations, to relax strict role hierarchies. The model introduces tasks as a new component and a task assignment relationship to enable delegation of tasks from one role to another. This allows superior roles to delegate specific access rights and tasks to subordinate roles for completion while maintaining responsibility.
The document discusses Tom Brimeyer's Hypothyroidism Revolution program, which is a comprehensive guide for reversing hypothyroidism naturally and permanently in three phases. The first phase focuses on eliminating food sensitivities and toxins. The second phase introduces a thyroid-supporting diet. The third phase incorporates a healthy lifestyle including special exercises. The program contains over 160 pages explaining the three phases in detail. It aims to help sufferers of hypothyroidism achieve optimal health through natural means.
A Hypothesis is Placed to Justify the Extendibility of Recommender System/ Re...Dr. Amarjeet Singh
Researchers still believe that the information filtering system/ collaborating system is a recommender system or a recommendation system. It is used to predict the "rating" or "preference" of a user to an item. In other words, both predict rating or preference for an item or product on a specific platform. The aim of the paper is to extend the areas of the recommender system/recommendation systems. The basic task of the recommender system mainly is to predict or analyze items/product. If it is possible to include more products in the system, then obviously the system may be extended for other areas also. For example, Medicine is a product and doctors filter the particular medicine for the particular disease. In the medical diagnosis doctors prescribed a medicine and it a product. It depends on the disease of the user/patient so here doctor predicts a medicine or product just like an item is recommended in a recommender system. The main objective of the paper is to extend the Recommender System/Recommendation system in other fields so that the research works can be extended Social Science, Bio-medical Science and many other areas.
Congestion Management in Deregulated Power by Rescheduling of GeneratorsIRJET Journal
This document discusses congestion management in deregulated power systems through generator rescheduling. It begins with an abstract that introduces congestion management as a challenging task for system operators due to transmission line constraints. It then discusses particle swarm optimization as a technique for identifying generators most sensitive to congested lines and rescheduling them to minimize congestion costs. The document presents a case study applying this method to the IEEE 30-bus test system, identifying sensitive generators and comparing the results to another method.
The document summarizes a study that used a hybrid lens model to examine how the quality of an automated decision aid affects human judgment performance in identifying aircraft. Participants completed scenarios where they judged aircraft types based on raw information with or without an aid. The aid's validity, reliability, and understandability were varied. The model measured the achievement and cognitive processes of participants unaided, aided, and the aid alone. It provided measures to compare the correlated judgments and determine how much participants relied on the aid versus their own cognition. The results helped identify how aid quality impacts human judgment under uncertainty.
International Refereed Journal of Engineering and Science (IRJES) irjes
International Refereed Journal of Engineering and Science (IRJES)
Ad hoc & sensor networks, Adaptive applications, Aeronautical Engineering, Aerospace Engineering
Agricultural Engineering, AI and Image Recognition, Allied engineering materials, Applied mechanics,
Architecture & Planning, Artificial intelligence, Audio Engineering, Automation and Mobile Robots
Automotive Engineering….
Reinforcement learning is a machine learning technique that trains agents to make sequential decisions to maximize rewards. It simulates how humans and animals learn through experiences and interactions. The document discusses popular reinforcement learning algorithms like Q-learning, deep Q-networks, policy gradients and Monte Carlo methods. It also covers applications in areas like robotics, games, finance and healthcare. Reinforcement learning plays a vital role in data science by enabling intelligent systems that learn from data interactions.
The Fourth Industrial Revolution: What it means and how to respondPhu H. Nguyen
This presentation discusses industry 4.0 and the role of cyber-physical systems, and how to respond to these changes. Industry 4.0 involves technology becoming embedded in societies and people's lives. Cyber-physical systems will transform how people interact with technology, connecting the physical and digital worlds. The presentation addresses opportunities like smart energy grids and healthcare, as well as risks to consider with emerging technologies.
Some insights from a Systematic Mapping Study and a Systematic Review Study: ...Phu H. Nguyen
Doing literature reviews is a must for us (researchers) to avoid reinventing the wheel, and to expand the boundary of knowledge. Why not having fun with the snowballing technique and conducting the reviews systematically? This talk shares some insights from a Systematic Mapping Study (SMS) and a Systematic Literature Review (SLR). When to conduct a SMS? When to conduct a SLR? What are the differences?
More Related Content
Similar to Testing Delegation Policy via Mutation Analysis
Paper Gloria Cea - Goal-Oriented Design Methodology Applied to User Interface...WTHS
This document describes a user interface designed for a mobile application called the Functional Assessment System (FAS). The FAS allows users to assess their aerobic fitness on their own without specialized equipment. The design of the mobile application interface was guided by the Goal-Oriented Design methodology. This methodology focuses on representing users as characters with specific goals and designing scenarios to help users achieve those goals. The document also discusses evaluating the usability of the interface using the AttrakDiff questionnaire to assess pragmatic and hedonic qualities. The results showed satisfactory user interaction with the FAS mobile application interface.
The document provides a mid-semester report for a project on learning agents. It outlines the goals of building a general architecture model and implementing a simple distributed learning agent system to navigate a maze using reinforcement learning. It discusses key topics like the definition of agents and intelligent agents, machine learning approaches like reinforcement and Q-learning, and the JADE agent platform. It breaks down the project among group members to cover areas like machine learning, defining a maze problem, the agent platform, distributed computing, and implementing agents using UML, Java and JADE. It outlines the group's planned activities and progress to date in identifying existing code examples and platforms to build upon.
Abstract: multi-agent systems and particularly bdi agents are mostly used in a wide range of projects, from agent-based simulations to air-traffic control. They all benefit from the autonomy and proactive behavior that provides agent-based architectures, as well as the characteristics of reasoning that are outlined by the bdi architecture. Thereforethe belief desire intention agent model and agentspeak language have becomea state-of-the-art and one of the challenging research subjects in the agent modeling and programming area.
In particular the bdi architecture is frequently used in the development of agents that try to simulate certainaspects of human behavior, and precisely perception and formulation of beliefs are two of the elements of bdiagents that require special attention in the development of such agents. Thiswork propose a way to extend the reasoning cycle algorithm on bdi agents, in a way that it allows to process inaccurate perceptions in the formulation of beliefs in such agents; it also shows an example implemented in agentspeak as well as the results of its execution within the jason interpreter.Keywords: Agent, Agent Speak, Beliefs, BDI, Fuzzy-BDI, Fuzzy Perceptions, Simulation.
Title :An Extended Reasoning Cycle Algorithm for BDI Agents
Author: Donald Rodriguez-Ubeda, Dora-Luz Flores, Luis Palafox, Manuel Castanon-Puga, Carelia Gaxiola-Pacheco, Ricardo Rosales
International Journal of Recent Research in Mathematics Computer Science and Information Technology
ISSN: 2350- 1022
Paper Publications
Abstract: multi-agent systems and particularly bdi agents are mostly used in a wide range of projects, from agent-based simulations to air-traffic control. They all benefit from the autonomy and proactive behavior that provides agent-based architectures, as well as the characteristics of reasoning that are outlined by the bdi architecture. Thereforethe belief desire intention agent model and agentspeak language have becomea state-of-the-art and one of the challenging research subjects in the agent modeling and programming area.
In particular the bdi architecture is frequently used in the development of agents that try to simulate certainaspects of human behavior, and precisely perception and formulation of beliefs are two of the elements of bdiagents that require special attention in the development of such agents. Thiswork propose a way to extend the reasoning cycle algorithm on bdi agents, in a way that it allows to process inaccurate perceptions in the formulation of beliefs in such agents; it also shows an example implemented in agentspeak as well as the results of its execution within the jason interpreter.
The document is a seminar report submitted by Kalaissiram S. for their Bachelor of Technology degree. It discusses reinforcement learning (RL), including the key concepts of agents, environments, actions, states, rewards, and policies. It also covers the Bellman equation, types of RL, Markov decision processes, popular RL algorithms like Q-learning and SARSA, and applications of RL.
This document proposes a fuzzy rule-based system to classify user behavior in a computer network based on user logs. It involves collecting web, network, and machine logs from servers and extracting frequencies of activities. The frequencies are normalized and fed into a fuzzy rule-based system. The system uses if-then rules to classify a user's tendency to attempt restricted tasks based on their log data. Five behavior classes are defined based on the tendency output from very good to very bad. The system is demonstrated on sample user log data from an institution to classify users' behavior in different months.
This document presents a framework for reusing existing software agents through ontological engineering. The framework includes components like a user interface agent, query processor, mapping agent, transfer agent, wrapper agent, and remote agents containing ontologies. The query processor reformulates the user's query, the mapping agent identifies relevant ontologies, and the transfer agent sends the query to remote agents. The remote agents provide ontologies as output, which are then integrated/merged and presented back to the user interface agent. The goal is to enable reuse of heterogeneous agents across different development environments through a standardized ontology representation.
3/12/2019 Originality Report
https://blackboard.nec.edu/webapps/mdb-sa-BB5b75a0e7334a9/originalityReport/ultra?attemptId=043902cf-f693-4caf-93d5-0ab98b9f46b9&course_id… 1/3
%50
%19
%2
SafeAssign Originality Report
Database Security - 201930 - CRN160 - Thota • Week 8 Paper
%71Total Score: High riskPratibha Sugureddygari
Submission UUID: b0b91467-9346-6662-c8c8-6d32b50133c4
Total Number of Reports
1
Highest Match
71 %
Submission_Text.html
Average Match
71 %
Submitted on
03/10/19
10:12 PM EDT
Average Word Count
670
Highest: Submission_Text.html
%71Attachment 1
Institutional database (6)
Student paperStudent paper Student paperStudent paper Student paperStudent paper
Student paperStudent paper Student paperStudent paper Student paperStudent paper
Internet (4)
oracle-baseoracle-base ugentugent oracleoracle
oracleoracle
Global database (1)
Student paperStudent paper
Top sources (3)
Excluded sources (0)
View Originality Report - Old Design
Word Count: 670
Submission_Text.html
33 11 22
44 1010 88
99 1111 77
55
66
33 Student paperStudent paper 11 Student paperStudent paper 99 oracle-baseoracle-base
https://blackboard.nec.edu/webapps/mdb-sa-BB5b75a0e7334a9/originalityReport?attemptId=043902cf-f693-4caf-93d5-0ab98b9f46b9&course_id=_43338_1&download=true&includeDeleted=true&print=true&force=true
3/12/2019 Originality Report
https://blackboard.nec.edu/webapps/mdb-sa-BB5b75a0e7334a9/originalityReport/ultra?attemptId=043902cf-f693-4caf-93d5-0ab98b9f46b9&course_id… 2/3
Source Matches (19)
Student paper 100%
Student paper 65%
Student paper 71%
Student paper 62%
AUDIT_ADMIN and AUDIT_VIEWER
To start with, auditing is the monitoring and recording of configured database actions form both the users of the database as well as the database non-users.
The actions of the database users are known through database auditing. Database administrators set up the auditing for the sake of security purposes so that
users are not able to access information without permission. Therefore, database auditing helps in keeping a check on the actions of the database of the users.
The users who are accepted in the through the client _identifier attribute in the database are referred to as the non-database users. Auditing this type of users
unified audit policy condition or Oracle database real application security is used.
There are many advantages associated with auditing. Firstly, Auditing is important in that it allows accountability for actions such as actions taken on the schema,
table, or row which affects specific content (Groomer, & Murthy, 2018). Secondly, it helps in deterring intruders or users from inappropriate actions based on
their accountability. Thirdly, auditing notifies auditors of actions of an authorized user for instance when an intruder changes or deletes any file or if an operator has
extra rights than anticipated. Lastly, auditing helps in data monitoring and data gathering concerning a particular event .
COGNITIVE RADIO RESOURCE SCHEDULING USING MULTI-AGENT Q-LEARNING FOR LTEIJCNCJournal
In this paper, we propose, implement, and test two novel downlink LTE scheduling algorithms. The
implementation and testing of these algorithms were in Matlab, and they are based on the use of
Reinforcement Learning (RL), more specifically, the Q-learning technique for scheduling two types of
users. The first algorithm is called a Collaborative scheduling algorithm, and the second algorithm is
called a Competitive scheduling algorithm. The first type of the scheduled users is the Primary Users
(PUs), and they are the licensed subscribers that pay for their service. The second type of the scheduled
users is the Secondary Users (SUs), and they could be un-licensed subscribers that don't pay for their
service, device-to-device communications, or sensors. Each user whether it’s a primary or secondary is
considered as an agent. In the Collaborative scheduling algorithm, the primary user agents will
collaborate in order to make a joint scheduling decision about allocating the resource blocks to each one
of them, then the secondary user agents will compete among themselves to use the remaining resource
blocks. In the Competitive scheduling algorithm, the primary user agents will compete among themselves
over the available resources, then the secondary user agents will compete among themselves over the
remaining resources. Experimental results show that both scheduling algorithms converged to almost 90%
utilization of the spectrum, and provided fair shares of the spectrum among users.
Cognitive Radio Resource Scheduling using Multi-Agent Q-Learning for LTEIJCNCJournal
In this paper, we propose, implement, and test two novel downlink LTE scheduling algorithms. The implementation and testing of these algorithms were in Matlab, and they are based on the use of Reinforcement Learning (RL), more specifically, the Q-learning technique for scheduling two types of users. The first algorithm is called a Collaborative scheduling algorithm, and the second algorithm is called a Competitive scheduling algorithm. The first type of the scheduled users is the Primary Users (PUs), and they are the licensed subscribers that pay for their service. The second type of the scheduled users is the Secondary Users (SUs), and they could be un-licensed subscribers that don't pay for their service, device-to-device communications, or sensors. Each user whether it’s a primary or secondary is considered as an agent. In the Collaborative scheduling algorithm, the primary user agents will collaborate in order to make a joint scheduling decision about allocating the resource blocks to each one of them, then the secondary user agents will compete among themselves to use the remaining resource blocks. In the Competitive scheduling algorithm, the primary user agents will compete among themselves over the available resources, then the secondary user agents will compete among themselves over the remaining resources. Experimental results show that both scheduling algorithms converged to almost 90% utilization of the spectrum, and provided fair shares of the spectrum among users.
The document discusses managing order batching issues in supply chain management using a multi-agent system. It first provides background on multi-agent systems and their advantages over centralized systems, such as being able to solve problems that are too large or complex for a single agent. It then discusses how a multi-agent system can be used to handle the order batching problem in supply chain management, which is a major cause of the bullwhip effect that negatively impacts supply chain performance. The proposed system uses intelligent agents to maintain information related to order batching issues and make decisions to manage order batching.
This document provides an initial specification for a CSE333 project on learning agents. The project aims to investigate current research on software learning agents and implement a simple demonstration system. A team of 4 students will build a distributed learning agent system that finds a policy for navigating a maze using reinforcement learning. The project will involve research on machine learning, agent computing, distributed computing and implementation using UML and Java. The document outlines objectives, topics, an example problem, planned activities and appendices on references, agent definitions and development.
This document provides an initial specification for a CSE333 project on learning agents. The project aims to build a distributed learning agent system that can find a policy for navigating a maze. Four key components are identified: perception, action, communication, and learning. The project will investigate reinforcement learning and Q-learning approaches. Team members are assigned areas of focus: machine learning, agent computing, distributed computing, and tools/implementation. Activities over the semester are outlined and will include research, design, prototyping, and implementation of a learning agent system to solve a maze problem using Q-learning.
International Journal of Computer Science and Security Volume (2) Issue (2)CSCJournals
The document summarizes a proposed new role-based access control (RBAC) model for workflow systems. The proposed model addresses limitations of existing RBAC models by incorporating additional control factors relevant to workflows, such as decentralization, delegation, supervision, review, and separation of duties. It defines relationships between roles, such as "is a" and "part of" relations, to relax strict role hierarchies. The model introduces tasks as a new component and a task assignment relationship to enable delegation of tasks from one role to another. This allows superior roles to delegate specific access rights and tasks to subordinate roles for completion while maintaining responsibility.
The document discusses Tom Brimeyer's Hypothyroidism Revolution program, which is a comprehensive guide for reversing hypothyroidism naturally and permanently in three phases. The first phase focuses on eliminating food sensitivities and toxins. The second phase introduces a thyroid-supporting diet. The third phase incorporates a healthy lifestyle including special exercises. The program contains over 160 pages explaining the three phases in detail. It aims to help sufferers of hypothyroidism achieve optimal health through natural means.
A Hypothesis is Placed to Justify the Extendibility of Recommender System/ Re...Dr. Amarjeet Singh
Researchers still believe that the information filtering system/ collaborating system is a recommender system or a recommendation system. It is used to predict the "rating" or "preference" of a user to an item. In other words, both predict rating or preference for an item or product on a specific platform. The aim of the paper is to extend the areas of the recommender system/recommendation systems. The basic task of the recommender system mainly is to predict or analyze items/product. If it is possible to include more products in the system, then obviously the system may be extended for other areas also. For example, Medicine is a product and doctors filter the particular medicine for the particular disease. In the medical diagnosis doctors prescribed a medicine and it a product. It depends on the disease of the user/patient so here doctor predicts a medicine or product just like an item is recommended in a recommender system. The main objective of the paper is to extend the Recommender System/Recommendation system in other fields so that the research works can be extended Social Science, Bio-medical Science and many other areas.
Congestion Management in Deregulated Power by Rescheduling of GeneratorsIRJET Journal
This document discusses congestion management in deregulated power systems through generator rescheduling. It begins with an abstract that introduces congestion management as a challenging task for system operators due to transmission line constraints. It then discusses particle swarm optimization as a technique for identifying generators most sensitive to congested lines and rescheduling them to minimize congestion costs. The document presents a case study applying this method to the IEEE 30-bus test system, identifying sensitive generators and comparing the results to another method.
The document summarizes a study that used a hybrid lens model to examine how the quality of an automated decision aid affects human judgment performance in identifying aircraft. Participants completed scenarios where they judged aircraft types based on raw information with or without an aid. The aid's validity, reliability, and understandability were varied. The model measured the achievement and cognitive processes of participants unaided, aided, and the aid alone. It provided measures to compare the correlated judgments and determine how much participants relied on the aid versus their own cognition. The results helped identify how aid quality impacts human judgment under uncertainty.
International Refereed Journal of Engineering and Science (IRJES) irjes
International Refereed Journal of Engineering and Science (IRJES)
Ad hoc & sensor networks, Adaptive applications, Aeronautical Engineering, Aerospace Engineering
Agricultural Engineering, AI and Image Recognition, Allied engineering materials, Applied mechanics,
Architecture & Planning, Artificial intelligence, Audio Engineering, Automation and Mobile Robots
Automotive Engineering….
Reinforcement learning is a machine learning technique that trains agents to make sequential decisions to maximize rewards. It simulates how humans and animals learn through experiences and interactions. The document discusses popular reinforcement learning algorithms like Q-learning, deep Q-networks, policy gradients and Monte Carlo methods. It also covers applications in areas like robotics, games, finance and healthcare. Reinforcement learning plays a vital role in data science by enabling intelligent systems that learn from data interactions.
Similar to Testing Delegation Policy via Mutation Analysis (20)
The Fourth Industrial Revolution: What it means and how to respondPhu H. Nguyen
This presentation discusses industry 4.0 and the role of cyber-physical systems, and how to respond to these changes. Industry 4.0 involves technology becoming embedded in societies and people's lives. Cyber-physical systems will transform how people interact with technology, connecting the physical and digital worlds. The presentation addresses opportunities like smart energy grids and healthcare, as well as risks to consider with emerging technologies.
Some insights from a Systematic Mapping Study and a Systematic Review Study: ...Phu H. Nguyen
Doing literature reviews is a must for us (researchers) to avoid reinventing the wheel, and to expand the boundary of knowledge. Why not having fun with the snowballing technique and conducting the reviews systematically? This talk shares some insights from a Systematic Mapping Study (SMS) and a Systematic Literature Review (SLR). When to conduct a SMS? When to conduct a SLR? What are the differences?
The reliability of IoT solutions in the healthcare sectorPhu H. Nguyen
The document summarizes a presentation from the U-Test project about testing cyber-physical systems under uncertainty. It includes:
- An agenda for the presentation outlining topics on U-Test's project overview, results, tools, and two case studies on home-based healthcare in Oslo and hospital-at-home information systems.
- Summaries of U-Test's presentations, which moved from a case study on a sports tracking device, to the project's methodology for modeling and testing uncertainty, to an overview of their tools.
- Details on U-Test's work developing frameworks for modeling and testing uncertainty in cyber-physical systems, and exploiting the results through potential commercial products and services.
Phu Hong Nguyen gave a presentation about software engineering and his research at the Simula department. He discussed why software engineering is important due to the prevalence of smart systems like autonomous cars and robots. He then highlighted three of the research projects at Simula, including work with ABB robotics, uncertainty in cyber-physical systems, and using software engineering to develop a game to teach about HPV. Nguyen also presented a poem about his research into model-driven security and how it can be used to automatically generate secure code from security models, helping to develop more secure systems.
Bjørnegård school visit @ Simuladagen 2015Phu H. Nguyen
The document summarizes a presentation given by Phu Hong Nguyen and Safdar Aqeel from the Software Engineering Department at Simula Research Laboratory. The presentation introduced software engineering research from robotics to biology, including projects on robotics, smart buildings, and a biology game called FightHPV to teach about cells and viruses. It advocated an approach called Model-Driven Security (MDS) to develop more secure software systems in a productive and less error-prone manner through automated code generation from security models.
SoSPa: A System of Security Patterns for engineering Secure SystemsPhu H. Nguyen
The document presents SoSPa, a system of security design patterns for systematically engineering secure systems. It addresses challenges with existing approaches like security patterns being too abstract. SoSPa specifies patterns as reusable aspect models with a refinement process from abstract to detailed patterns. Inter-pattern relations guide selecting patterns. SoSPa is demonstrated on a Crisis Management System by selecting patterns for authentication, authorization, and logging and weaving them into the system model. Future work includes studying quality impacts of patterns, adding test templates to patterns, empirically evaluating SoSPa's benefits, and developing a domain-specific language for security patterns.
Model-Driven Security with Modularity and Reusability for Engineering Secure ...Phu H. Nguyen
The document summarizes Phu Hong Nguyen's PhD defence on September 10th, 2015 at the University of Luxembourg. The defence addressed model-driven security approaches for engineering secure software systems with a focus on modularity and reusability. The committee included Dr. Yves Le Traon as supervisor and Dr. Pierre Kelsen as chair. The defence summarized an extensive literature review on model-driven security and proposed two approaches: 1) model-driven security with modularity for dynamic adaptation and 2) model-driven security with reusability using a system of security design patterns.
A Multilingual, Scientific Poem on Model-Driven Security in a Vietnamese Kara...Phu H. Nguyen
A short presentation at Luxembourg Pop-Up Science event to promote research to public. An informal presentation of Model-Driven Security in the form of a poem and sung in a Vietnamese Karaoke singing style
How To AVOID “Reinventing The Wheel” in Doing Research?Phu H. Nguyen
This document discusses how to avoid "reinventing the wheel" when doing research through the use of systematic literature reviews (SLRs). It begins with an introduction to SLRs, explaining their purpose and benefits. The presenter then outlines the steps for conducting an SLR, from forming a research question to evaluating and summarizing results. Examples of SLRs on model-driven security approaches are provided. The document concludes with an exercise where attendees conduct a mock SLR on beers in Luxembourg.
Stay young, keep sharing, learning, and playing with SPA - SnT PhD AssociationPhu H. Nguyen
The SnT PhD student Association (SPA) aims to provide assistance and promote well-being for PhD students and postdocs at the University of Luxembourg. It represents around 90 PhD students and others. SPA works to address issues faced by young researchers through advocacy groups, provides professional development opportunities, and organizes social and networking events throughout the year. Current activities include language lunches, BBQs, sports events, and involvement in advocacy networks. New members and ideas are welcome as SPA works to support the rights and community of young researchers.
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...Crescat
Crescat is industry-trusted event management software, built by event professionals for event professionals. Founded in 2017, we have three key products tailored for the live event industry.
Crescat Event for concert promoters and event agencies. Crescat Venue for music venues, conference centers, wedding venues, concert halls and more. And Crescat Festival for festivals, conferences and complex events.
With a wide range of popular features such as event scheduling, shift management, volunteer and crew coordination, artist booking and much more, Crescat is designed for customisation and ease-of-use.
Over 125,000 events have been planned in Crescat and with hundreds of customers of all shapes and sizes, from boutique event agencies through to international concert promoters, Crescat is rigged for success. What's more, we highly value feedback from our users and we are constantly improving our software with updates, new features and improvements.
If you plan events, run a venue or produce festivals and you're looking for ways to make your life easier, then we have a solution for you. Try our software for free or schedule a no-obligation demo with one of our product specialists today at crescat.io
Enterprise Resource Planning System includes various modules that reduce any business's workload. Additionally, it organizes the workflows, which drives towards enhancing productivity. Here are a detailed explanation of the ERP modules. Going through the points will help you understand how the software is changing the work dynamics.
To know more details here: https://blogs.nyggs.com/nyggs/enterprise-resource-planning-erp-system-modules/
Need for Speed: Removing speed bumps from your Symfony projects ⚡️Łukasz Chruściel
No one wants their application to drag like a car stuck in the slow lane! Yet it’s all too common to encounter bumpy, pothole-filled solutions that slow the speed of any application. Symfony apps are not an exception.
In this talk, I will take you for a spin around the performance racetrack. We’ll explore common pitfalls - those hidden potholes on your application that can cause unexpected slowdowns. Learn how to spot these performance bumps early, and more importantly, how to navigate around them to keep your application running at top speed.
We will focus in particular on tuning your engine at the application level, making the right adjustments to ensure that your system responds like a well-oiled, high-performance race car.
WhatsApp offers simple, reliable, and private messaging and calling services for free worldwide. With end-to-end encryption, your personal messages and calls are secure, ensuring only you and the recipient can access them. Enjoy voice and video calls to stay connected with loved ones or colleagues. Express yourself using stickers, GIFs, or by sharing moments on Status. WhatsApp Business enables global customer outreach, facilitating sales growth and relationship building through showcasing products and services. Stay connected effortlessly with group chats for planning outings with friends or staying updated on family conversations.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
GraphSummit Paris - The art of the possible with Graph TechnologyNeo4j
Sudhir Hasbe, Chief Product Officer, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
Graspan: A Big Data System for Big Code AnalysisAftab Hussain
We built a disk-based parallel graph system, Graspan, that uses a novel edge-pair centric computation model to compute dynamic transitive closures on very large program graphs.
We implement context-sensitive pointer/alias and dataflow analyses on Graspan. An evaluation of these analyses on large codebases such as Linux shows that their Graspan implementations scale to millions of lines of code and are much simpler than their original implementations.
These analyses were used to augment the existing checkers; these augmented checkers found 132 new NULL pointer bugs and 1308 unnecessary NULL tests in Linux 4.4.0-rc5, PostgreSQL 8.3.9, and Apache httpd 2.2.18.
- Accepted in ASPLOS ‘17, Xi’an, China.
- Featured in the tutorial, Systemized Program Analyses: A Big Data Perspective on Static Analysis Scalability, ASPLOS ‘17.
- Invited for presentation at SoCal PLS ‘16.
- Invited for poster presentation at PLDI SRC ‘16.
E-commerce Development Services- Hornet DynamicsHornet Dynamics
For any business hoping to succeed in the digital age, having a strong online presence is crucial. We offer Ecommerce Development Services that are customized according to your business requirements and client preferences, enabling you to create a dynamic, safe, and user-friendly online store.
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptxrickgrimesss22
Discover the essential features to incorporate in your Winzo clone app to boost business growth, enhance user engagement, and drive revenue. Learn how to create a compelling gaming experience that stands out in the competitive market.
Odoo ERP software
Odoo ERP software, a leading open-source software for Enterprise Resource Planning (ERP) and business management, has recently launched its latest version, Odoo 17 Community Edition. This update introduces a range of new features and enhancements designed to streamline business operations and support growth.
The Odoo Community serves as a cost-free edition within the Odoo suite of ERP systems. Tailored to accommodate the standard needs of business operations, it provides a robust platform suitable for organisations of different sizes and business sectors. Within the Odoo Community Edition, users can access a variety of essential features and services essential for managing day-to-day tasks efficiently.
This blog presents a detailed overview of the features available within the Odoo 17 Community edition, and the differences between Odoo 17 community and enterprise editions, aiming to equip you with the necessary information to make an informed decision about its suitability for your business.
Atelier - Innover avec l’IA Générative et les graphes de connaissancesNeo4j
Atelier - Innover avec l’IA Générative et les graphes de connaissances
Allez au-delà du battage médiatique autour de l’IA et découvrez des techniques pratiques pour utiliser l’IA de manière responsable à travers les données de votre organisation. Explorez comment utiliser les graphes de connaissances pour augmenter la précision, la transparence et la capacité d’explication dans les systèmes d’IA générative. Vous partirez avec une expérience pratique combinant les relations entre les données et les LLM pour apporter du contexte spécifique à votre domaine et améliorer votre raisonnement.
Amenez votre ordinateur portable et nous vous guiderons sur la mise en place de votre propre pile d’IA générative, en vous fournissant des exemples pratiques et codés pour démarrer en quelques minutes.
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI AppGoogle
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
👉👉 Click Here To Get More Info 👇👇
https://sumonreview.com/ai-fusion-buddy-review
AI Fusion Buddy Review: Key Features
✅Create Stunning AI App Suite Fully Powered By Google's Latest AI technology, Gemini
✅Use Gemini to Build high-converting Converting Sales Video Scripts, ad copies, Trending Articles, blogs, etc.100% unique!
✅Create Ultra-HD graphics with a single keyword or phrase that commands 10x eyeballs!
✅Fully automated AI articles bulk generation!
✅Auto-post or schedule stunning AI content across all your accounts at once—WordPress, Facebook, LinkedIn, Blogger, and more.
✅With one keyword or URL, generate complete websites, landing pages, and more…
✅Automatically create & sell AI content, graphics, websites, landing pages, & all that gets you paid non-stop 24*7.
✅Pre-built High-Converting 100+ website Templates and 2000+ graphic templates logos, banners, and thumbnail images in Trending Niches.
✅Say goodbye to wasting time logging into multiple Chat GPT & AI Apps once & for all!
✅Save over $5000 per year and kick out dependency on third parties completely!
✅Brand New App: Not available anywhere else!
✅ Beginner-friendly!
✅ZERO upfront cost or any extra expenses
✅Risk-Free: 30-Day Money-Back Guarantee!
✅Commercial License included!
See My Other Reviews Article:
(1) AI Genie Review: https://sumonreview.com/ai-genie-review
(2) SocioWave Review: https://sumonreview.com/sociowave-review
(3) AI Partner & Profit Review: https://sumonreview.com/ai-partner-profit-review
(4) AI Ebook Suite Review: https://sumonreview.com/ai-ebook-suite-review
#AIFusionBuddyReview,
#AIFusionBuddyFeatures,
#AIFusionBuddyPricing,
#AIFusionBuddyProsandCons,
#AIFusionBuddyTutorial,
#AIFusionBuddyUserExperience
#AIFusionBuddyforBeginners,
#AIFusionBuddyBenefits,
#AIFusionBuddyComparison,
#AIFusionBuddyInstallation,
#AIFusionBuddyRefundPolicy,
#AIFusionBuddyDemo,
#AIFusionBuddyMaintenanceFees,
#AIFusionBuddyNewbieFriendly,
#WhatIsAIFusionBuddy?,
#HowDoesAIFusionBuddyWorks
Why Mobile App Regression Testing is Critical for Sustained Success_ A Detail...kalichargn70th171
A dynamic process unfolds in the intricate realm of software development, dedicated to crafting and sustaining products that effortlessly address user needs. Amidst vital stages like market analysis and requirement assessments, the heart of software development lies in the meticulous creation and upkeep of source code. Code alterations are inherent, challenging code quality, particularly under stringent deadlines.
UI5con 2024 - Boost Your Development Experience with UI5 Tooling ExtensionsPeter Muessig
The UI5 tooling is the development and build tooling of UI5. It is built in a modular and extensible way so that it can be easily extended by your needs. This session will showcase various tooling extensions which can boost your development experience by far so that you can really work offline, transpile your code in your project to use even newer versions of EcmaScript (than 2022 which is supported right now by the UI5 tooling), consume any npm package of your choice in your project, using different kind of proxies, and even stitching UI5 projects during development together to mimic your target environment.
Artificia Intellicence and XPath Extension FunctionsOctavian Nadolu
The purpose of this presentation is to provide an overview of how you can use AI from XSLT, XQuery, Schematron, or XML Refactoring operations, the potential benefits of using AI, and some of the challenges we face.
Flutter is a popular open source, cross-platform framework developed by Google. In this webinar we'll explore Flutter and its architecture, delve into the Flutter Embedder and Flutter’s Dart language, discover how to leverage Flutter for embedded device development, learn about Automotive Grade Linux (AGL) and its consortium and understand the rationale behind AGL's choice of Flutter for next-gen IVI systems. Don’t miss this opportunity to discover whether Flutter is right for your project.
1. MUTATION WORKSHOP @ ICST 2013
Testing Delegation Policy via Mutation Analysis
Phu H. Nguyen, Mike Papadakis, and Iram Rubab | March 18, 2013
SnT – Interdisciplinary Centre for Security, Reliability and Trust
University of Luxembourg
www.securityandtrust.lu
2. Outline
Background & Motivation
Access Control
Delegation
A motivative example
Formal definitions of Access Control & Delegation Policy model
AC & Delegation Policy model
Advanced Delegation Features
A set of delegation mutant operators
A proof-of-concept implementation & some preliminary results
Conclusion & future work
Outline Motivation Definitions Delegation Features Mutant Operators Preliminary Results Conclusion
Phu H. Nguyen, Mike Papadakis, and Iram Rubab – Testing Delegation Policy via Mutation Analysis March 18, 2013 2/22
3. Background
Access Control (AC)
Aims at administering users access to resources by enforcing AC
policy.
An AC policy consists of a set of AC rules.
Outline Motivation Definitions Delegation Features Mutant Operators Preliminary Results Conclusion
Phu H. Nguyen, Mike Papadakis, and Iram Rubab – Testing Delegation Policy via Mutation Analysis March 18, 2013 3/22
4. Background
Access Control (AC)
Aims at administering users access to resources by enforcing AC
policy.
An AC policy consists of a set of AC rules.
Delegation
An important aspect of AC.
Plays a key role in the administration mechanism [BGTCCBB10].
“Normal” users themselves allowed to grant some authorizations by
delegation.
Outline Motivation Definitions Delegation Features Mutant Operators Preliminary Results Conclusion
Phu H. Nguyen, Mike Papadakis, and Iram Rubab – Testing Delegation Policy via Mutation Analysis March 18, 2013 3/22
5. A Motivative Example
Library Management System
Books can be borrowed and returned on working days. When the
library is closed, users can not borrow books. When a book is
already borrowed, a user can make a reservation for this book.
User accounts managed by an administrator (create, modify and
remove accounts for new users). A secretary who can order books,
add them in the LMS when they are delivered.
The director of the library has the same accesses than the secretary
and he can also consult the accounts of the employees. The
administrator and the secretary can consult all accounts of users. All
users can consult the list of books in the library.
Three types of users: public users who can borrow 5 books for 3
weeks, students who can borrow 10 books for 3 weeks and teachers
who can borrow 10 books for 2 months.
Outline Motivation Definitions Delegation Features Mutant Operators Preliminary Results Conclusion
Phu H. Nguyen, Mike Papadakis, and Iram Rubab – Testing Delegation Policy via Mutation Analysis March 18, 2013 4/22
6. An Example of AC policy
AC policy
Entities: roles, activities, views and contexts.
Policy: combinations of the entities with a status (permission/deny).
Outline Motivation Definitions Delegation Features Mutant Operators Preliminary Results Conclusion
Phu H. Nguyen, Mike Papadakis, and Iram Rubab – Testing Delegation Policy via Mutation Analysis March 18, 2013 5/22
7. Some Delegation Situations
Simple delegation
The director delegates her/his permission of consulting personnel
accounts to a secretary during her/his absence.
A secretary delegates her/his role to a librarian.
Library
Management
System
add new books
create borrower
account
consult borrower
account
create borrow
account
<<delegatee>>
Librarian (Jane)
Access rights
Access rights
<<delegation>>
create borrow account
can access
can access
<<delegator>>
Secretary (Alice)
Outline Motivation Definitions Delegation Features Mutant Operators Preliminary Results Conclusion
Phu H. Nguyen, Mike Papadakis, and Iram Rubab – Testing Delegation Policy via Mutation Analysis March 18, 2013 6/22
8. Some Delegation Situations (cont.)
Advanced delegation
A secretary transfers her/his role to a librarian.
A secretary is allowed to delegate his/her role to a librarian only and
to one librarian at a given time.
The director can delegate, on behalf of a secretary, the secretary’s
role to a librarian (e.g. during the secretary’s absence).
If a librarian empowered in role secretary by delegation is no longer
able to perform this task, then he/she can/cannot delegate, again,
this role to another librarian.
Users can always revoke their own delegations.
The director can revoke users from their delegated roles.
The role administrator is not delegable.
And so on.
Outline Motivation Definitions Delegation Features Mutant Operators Preliminary Results Conclusion
Phu H. Nguyen, Mike Papadakis, and Iram Rubab – Testing Delegation Policy via Mutation Analysis March 18, 2013 7/22
9. Formal Definitions
Definition (Access Control Policy Model)
Let U be a set of users, P be a set of permissions, and C be a set of
contexts. An access control policy AC is defined as a
user-permission-context assignment relation: AC ✓ U ⇥ P ⇥ C. A user u
is granted permission p in a given context c if and only if (u, p, c) 2 AC.
Outline Motivation Definitions Delegation Features Mutant Operators Preliminary Results Conclusion
Phu H. Nguyen, Mike Papadakis, and Iram Rubab – Testing Delegation Policy via Mutation Analysis March 18, 2013 8/22
10. Formal Definitions
Definition (Access Control Policy Model)
Let U be a set of users, P be a set of permissions, and C be a set of
contexts. An access control policy AC is defined as a
user-permission-context assignment relation: AC ✓ U ⇥ P ⇥ C. A user u
is granted permission p in a given context c if and only if (u, p, c) 2 AC.
Delegation
Built on top of an access control policy.
A delegation policy is composed of delegation rules.
Two levels of delegation rules: master-level vs. user-level.
Who has the right to delegate which permission to whom, and in which
context.
Who is delegating to whom which permission, and in which context.
Outline Motivation Definitions Delegation Features Mutant Operators Preliminary Results Conclusion
Phu H. Nguyen, Mike Papadakis, and Iram Rubab – Testing Delegation Policy via Mutation Analysis March 18, 2013 8/22
11. Delegation Policy Model
Definition (Master-Level Delegation)
Let U be a set of users, P be a set of permissions, and C be a set of
contexts. A master-level delegation policy MD is defined as a
user-user-permission-context assignment relation: MD ✓ U ⇥ U ⇥ P ⇥ C.
A delegation of a permission p from a user u1 to a user u2 in a given
context c can be performed if and only if (u1, u2, p, c) 2 MD.
Outline Motivation Definitions Delegation Features Mutant Operators Preliminary Results Conclusion
Phu H. Nguyen, Mike Papadakis, and Iram Rubab – Testing Delegation Policy via Mutation Analysis March 18, 2013 9/22
12. Delegation Policy Model
Definition (Master-Level Delegation)
Let U be a set of users, P be a set of permissions, and C be a set of
contexts. A master-level delegation policy MD is defined as a
user-user-permission-context assignment relation: MD ✓ U ⇥ U ⇥ P ⇥ C.
A delegation of a permission p from a user u1 to a user u2 in a given
context c can be performed if and only if (u1, u2, p, c) 2 MD.
Definition (User-Level Delegation)
Let U be a set of users, P be a set of permissions, and C be a set of
contexts. A user-level delegation policy UD is defined as a
user-user-permission-context assignment relation: UD ✓ U ⇥ U ⇥ P ⇥ C.
A user u2 can have a permission p by delegation from a user u1 in a
given context c if and only if (u1, u2, p, c) 2 UD.
Outline Motivation Definitions Delegation Features Mutant Operators Preliminary Results Conclusion
Phu H. Nguyen, Mike Papadakis, and Iram Rubab – Testing Delegation Policy via Mutation Analysis March 18, 2013 9/22
13. Context
Security context associated with AC and Delegation rules [CCB07]
The Temporal context that depends on the time at which a subject
is requesting for an access to the system.
The Spatial context that depends on the subject location, e.g. a
delegated permission is only active when the delegatee is at office.
The User-declared context that depends on the subject objective
(or purpose).
The Prerequisite context saying that a permission is delegated to a
subject, but only if some specific conditions (often stored in a
database) are satisfied, e.g. no more concurrent delegation of a
specific permission allowed exceeding a (predefined) threshold.
The Provisional context that depends on previous actions the
subject has performed in the system.
Outline Motivation Definitions Delegation Features Mutant Operators Preliminary Results Conclusion
Phu H. Nguyen, Mike Papadakis, and Iram Rubab – Testing Delegation Policy via Mutation Analysis March 18, 2013 10/22
14. Advanced Delegation Features
Monotonicity of Delegation
Whether or not the delegator can still use the permission while
delegating it.
Outline Motivation Definitions Delegation Features Mutant Operators Preliminary Results Conclusion
Phu H. Nguyen, Mike Papadakis, and Iram Rubab – Testing Delegation Policy via Mutation Analysis March 18, 2013 11/22
15. Advanced Delegation Features
Monotonicity of Delegation
Whether or not the delegator can still use the permission while
delegating it.
grantDelegation(u1, u2, p, c) :
pre (u1, p, c) 2 AC ^ (u2, p, c) /2 AC ^ (u1, u2, p, c) 2 MLD
body AC := AC [ {(u2, p, c)}; ULD := ULD [ {(u1, u2, p, c)} end
post (u1, p, c) 2 AC ^ (u2, p, c) 2 AC ^ (u1, u2, p, c) 2 ULD
Outline Motivation Definitions Delegation Features Mutant Operators Preliminary Results Conclusion
Phu H. Nguyen, Mike Papadakis, and Iram Rubab – Testing Delegation Policy via Mutation Analysis March 18, 2013 11/22
16. Advanced Delegation Features
Monotonicity of Delegation
Whether or not the delegator can still use the permission while
delegating it.
grantDelegation(u1, u2, p, c) :
pre (u1, p, c) 2 AC ^ (u2, p, c) /2 AC ^ (u1, u2, p, c) 2 MLD
body AC := AC [ {(u2, p, c)}; ULD := ULD [ {(u1, u2, p, c)} end
post (u1, p, c) 2 AC ^ (u2, p, c) 2 AC ^ (u1, u2, p, c) 2 ULD
transferDelegation(u1, u2, p, c) :
pre (u1, p, c) 2 AC ^ (u2, p, c) /2 AC ^ (u1, u2, p, c) 2 MLD
body AC := AC {(u1, p, c)}; AC := AC [ {(u2, p, c)};
ULD := ULD [ {(u1, u2, p, c)} end
post (u1, p, c) /2 AC ^ (u2, p, c) 2 AC ^ (u1, u2, p, c) 2 ULD
Outline Motivation Definitions Delegation Features Mutant Operators Preliminary Results Conclusion
Phu H. Nguyen, Mike Papadakis, and Iram Rubab – Testing Delegation Policy via Mutation Analysis March 18, 2013 11/22
17. Advanced Delegation Features (cont.)
Temporary Delegation
Its context is associated with some time constraint, only active while
the time constraint is satisfied.
Outline Motivation Definitions Delegation Features Mutant Operators Preliminary Results Conclusion
Phu H. Nguyen, Mike Papadakis, and Iram Rubab – Testing Delegation Policy via Mutation Analysis March 18, 2013 12/22
18. Advanced Delegation Features (cont.)
Temporary Delegation
Its context is associated with some time constraint, only active while
the time constraint is satisfied.
Temporal context: c := c&vacation_period(startDate, endDate)
vacation_period(startDate, endDate) :
startDate endDate ^ afterDate(startDate) ^ beforeDate(endDate)
Outline Motivation Definitions Delegation Features Mutant Operators Preliminary Results Conclusion
Phu H. Nguyen, Mike Papadakis, and Iram Rubab – Testing Delegation Policy via Mutation Analysis March 18, 2013 12/22
19. Advanced Delegation Features (cont.)
Temporary Delegation
Its context is associated with some time constraint, only active while
the time constraint is satisfied.
Temporal context: c := c&vacation_period(startDate, endDate)
vacation_period(startDate, endDate) :
startDate endDate ^ afterDate(startDate) ^ beforeDate(endDate)
Some Others
Multiple Delegation
Outline Motivation Definitions Delegation Features Mutant Operators Preliminary Results Conclusion
Phu H. Nguyen, Mike Papadakis, and Iram Rubab – Testing Delegation Policy via Mutation Analysis March 18, 2013 12/22
20. Advanced Delegation Features (cont.)
Temporary Delegation
Its context is associated with some time constraint, only active while
the time constraint is satisfied.
Temporal context: c := c&vacation_period(startDate, endDate)
vacation_period(startDate, endDate) :
startDate endDate ^ afterDate(startDate) ^ beforeDate(endDate)
Some Others
Multiple Delegation
Multi-step Delegation
Outline Motivation Definitions Delegation Features Mutant Operators Preliminary Results Conclusion
Phu H. Nguyen, Mike Papadakis, and Iram Rubab – Testing Delegation Policy via Mutation Analysis March 18, 2013 12/22
21. Advanced Delegation Features (cont.)
Temporary Delegation
Its context is associated with some time constraint, only active while
the time constraint is satisfied.
Temporal context: c := c&vacation_period(startDate, endDate)
vacation_period(startDate, endDate) :
startDate endDate ^ afterDate(startDate) ^ beforeDate(endDate)
Some Others
Multiple Delegation
Multi-step Delegation
User-specific Delegation
Outline Motivation Definitions Delegation Features Mutant Operators Preliminary Results Conclusion
Phu H. Nguyen, Mike Papadakis, and Iram Rubab – Testing Delegation Policy via Mutation Analysis March 18, 2013 12/22
22. Advanced Delegation Features (cont.)
Temporary Delegation
Its context is associated with some time constraint, only active while
the time constraint is satisfied.
Temporal context: c := c&vacation_period(startDate, endDate)
vacation_period(startDate, endDate) :
startDate endDate ^ afterDate(startDate) ^ beforeDate(endDate)
Some Others
Multiple Delegation
Multi-step Delegation
User-specific Delegation
Revocation
Outline Motivation Definitions Delegation Features Mutant Operators Preliminary Results Conclusion
Phu H. Nguyen, Mike Papadakis, and Iram Rubab – Testing Delegation Policy via Mutation Analysis March 18, 2013 12/22
23. Delegation Mutant Operators
Role-Based Access Control (RBAC)
introduces a set of role
decomposes the relation AC into user-role assignment UR ✓ U ⇥ R,
and role-permission-context assignment RPC ✓ R ⇥ P ⇥ C.
Thus, AC = UR RPC.
Outline Motivation Definitions Delegation Features Mutant Operators Preliminary Results Conclusion
Phu H. Nguyen, Mike Papadakis, and Iram Rubab – Testing Delegation Policy via Mutation Analysis March 18, 2013 13/22
24. Delegation Mutant Operators
Role-Based Access Control (RBAC)
introduces a set of role
decomposes the relation AC into user-role assignment UR ✓ U ⇥ R,
and role-permission-context assignment RPC ✓ R ⇥ P ⇥ C.
Thus, AC = UR RPC.
Basic Delegation Mutant Operators
The Permission Delegation Operator (PDM): to replace the
permission being delegated by another permission of the delegator.
PDM(u1, u2, p1a, c) :
pre (u1, u2, p1a, c) 2 ULD ^ (u1, r1) 2 UR ^ (u2, r2) 2
UR ^ (r1, p1a, c) 2 RPC ^ (r1, p1b, c) 2 RPC
body ULD := ULD {(u1, u2, p1a, c)} [ {(u1, u2, p1b, c)} ;
AC := AC [ {(u2, p1b, c)} end
post (u2, p1b, c) 2 AC ^ (u1, u2, p1b, c) 2 ULD
Outline Motivation Definitions Delegation Features Mutant Operators Preliminary Results Conclusion
Phu H. Nguyen, Mike Papadakis, and Iram Rubab – Testing Delegation Policy via Mutation Analysis March 18, 2013 13/22
25. Basic Delegation Mutant Operators
(cont.)
The Role Delegation Operator (RDM)
The Role Delegation Operator (RDM) is used to simulate errors in
delegation of roles.
RDM(u1, u2, r1, c) :
pre (u1, r1) 2 UR ^ (u2, r2) 2 UR ^ (u3, r3) 2 UR ^ r1 6= r2 6=
r3 ^ (u1, u2, r1, c) 2 ULD
body ULD := ULD {(u1, u2, r1, c)} [ {(u3, u2, r3, c)} ;
UR := UR [ {(u2, r3)} end
post (u2, r3) 2 UR ^ (u3, u2, r3, c) 2 ULD
Outline Motivation Definitions Delegation Features Mutant Operators Preliminary Results Conclusion
Phu H. Nguyen, Mike Papadakis, and Iram Rubab – Testing Delegation Policy via Mutation Analysis March 18, 2013 14/22
26. Advanced Delegation Mutant Operators
Monotonic Delegation Operators
The Transfer to Grant Delegation Operator (T2G) and the Grant to
Transfer Delegation Operator (G2T).
G2T(u1, u2, p, c&IsMonotonic) :
pre (u1, p, c) 2 AC ^ (u1, u2, p, c&IsMonotonic) 2 ULD
body ULD :=
ULD{(u1, u2, p, c&IsMonotonic)}[{(u1, u2, p, c&IsNonMonotonic)}
end
post (u1, p, c) /2 AC ^ (u1, u2, p, c&IsNonMonotonic) 2 ULD
T2G(u1, u2, p, c&IsNonMonotonic) :
pre (u1, p, c) /2 AC ^ (u1, u2, p, c&IsNonMonotonic) 2 ULD
body ULD :=
ULD {(u1, u2, p, c&IsMonotonic)} [ {(u1, u2, p, c&IsMonotonic)}
end
post (u1, p, c) 2 AC ^ (u1, u2, p, c&IsMonotonic) 2 ULD
Outline Motivation Definitions Delegation Features Mutant Operators Preliminary Results Conclusion
Phu H. Nguyen, Mike Papadakis, and Iram Rubab – Testing Delegation Policy via Mutation Analysis March 18, 2013 15/22
27. Advanced Delegation Mutant Operators
(cont.)
Context-based Delegation Operators
e.g. Temporal Delegation Operator (TDM) to mutate the duration of
temporal delegation.
Role-Specific Delegation Operators
Role Delegation Off-Target 1 Operator (RDOT1).
Role Delegation Off-Target 2 Operator (RDOT2)
Permission-Specific Delegation Operators
Non-Delegable Permission Delegation Operator (NDPD) to mutate a
permission delegation by changing the delegated permission from
delegable to non-delegable.
Outline Motivation Definitions Delegation Features Mutant Operators Preliminary Results Conclusion
Phu H. Nguyen, Mike Papadakis, and Iram Rubab – Testing Delegation Policy via Mutation Analysis March 18, 2013 16/22
28. Advanced Delegation Mutant Operators
(cont.)
Multiple Delegation Operator
Multiple Delegation Operator (MultiD).
Multi-step Delegation Operator
Re-delegation Operator (ReD) add a new delegation rule into the
policy where the delegating permission/role must not be re-delegated
any more (stepCounter = 0).
Delegation Removal Operator
Tests should be able to detect that a delegation rule is missing.
Delegation Removal Operator (DR) that removes one of the
delegation rules.
Outline Motivation Definitions Delegation Features Mutant Operators Preliminary Results Conclusion
Phu H. Nguyen, Mike Papadakis, and Iram Rubab – Testing Delegation Policy via Mutation Analysis March 18, 2013 17/22
29. Model-Driven Adaptive Delegation
[NNK+
13]
Access Control
Service
Transformation
&
Adaptation
Delegation
Management Service
Resource
Proxy
Components
Role Proxy
Components
User Proxy
Components
Business
Components
Base model – Business
Logic mappings service
Native XML-DB
Server
Security
policy
model
Base
model
Business
Logic DB
Server
Authenticate
Component
Adaptive
Execution
Platform
Business
ComponentsBusiness Logic
Components
Resource
Proxy
Components
Role Proxy
Components
User Proxy
Components
Outline Motivation Definitions Delegation Features Mutant Operators Preliminary Results Conclusion
Phu H. Nguyen, Mike Papadakis, and Iram Rubab – Testing Delegation Policy via Mutation Analysis March 18, 2013 18/22
30. 3-Layer Architecture reflecting Security
Policy
Personnel
Account
Service
Borrower
Account
Service
Book
Service
Personnel
Account
Resource
Borrower
Account
Resource
Book
Resource
Admin
Secretary
Librarian
Director
Student
Sam
Bob
Jane
Bill
Mary
consult
update
delete
create
consult
update
delete
create
deliver
fix
borrow
reserve
return
User layer Role layer Resource layer Business layer
Outline Motivation Definitions Delegation Features Mutant Operators Preliminary Results Conclusion
Phu H. Nguyen, Mike Papadakis, and Iram Rubab – Testing Delegation Policy via Mutation Analysis March 18, 2013 19/22
31. Mutation Process
Transform
&
adapt
Resource
Proxy
Components
Role Proxy
Components
User Proxy
Components
Business
Components
Access Control
policy
Business
Logic model
Authenticate
Component
Adaptive
Execution
Platform
Business
Components
Business
Logic
Components
Resource
Proxy
Components
Role Proxy
Component
s
User Proxy
Components
Delegation
policy
Test
cases
Access Control
policy
Mutants
Mutants
Mutants
Mutate
Compose
Outline Motivation Definitions Delegation Features Mutant Operators Preliminary Results Conclusion
Phu H. Nguyen, Mike Papadakis, and Iram Rubab – Testing Delegation Policy via Mutation Analysis March 18, 2013 20/22
32. Preliminary Results
Table: Some preliminary mutation analysis results
Test Case Killed Mutants Live Mutants
TC1 PDM (wrong permission) RDM (delegator fault)
TC2 PDM (wrong permission) RDM (delegator replaced)
TC3 T2G (wrong type) PDM, RDM (wrong delegator)
TC4 PDM (permission replaced) TDM (CE,CR)
TC5 TDM (CE,CR) PDM, RDM
Outline Motivation Definitions Delegation Features Mutant Operators Preliminary Results Conclusion
Phu H. Nguyen, Mike Papadakis, and Iram Rubab – Testing Delegation Policy via Mutation Analysis March 18, 2013 21/22
33. Conclusion
Problem & Proposed Solution
Testing Delegation Policy with Advanced Delegation Features.
Delegation Mutant Operators and Mutation Analysis.
Discussion
Semantic delegation mutant operators are necessary to enable
mutation analysis for testing delegation.
“Meaningful” test cases should be generated for testing delegation.
Future work
A thorough empirical study using the proposed mutant operators.
Automatically generation of test cases for killing the proposed
mutants, based on [PM12, PM11].
The integration of Model-Based Testing.
Outline Motivation Definitions Delegation Features Mutant Operators Preliminary Results Conclusion
Phu H. Nguyen, Mike Papadakis, and Iram Rubab – Testing Delegation Policy via Mutation Analysis March 18, 2013 22/22
34. References
Meriam Ben-Ghorbel-Talbi, Frederic Cuppens, Nora Cuppens-Boulahia, and Adel Bouhoula.
A delegation model for extended rbac.
International Journal of Information Security, 9(3):209–236, June 2010.
Frédéric Cuppens and Nora Cuppens-Boulahia.
Modeling contextual security policies.
International Journal of Information Security, 7(4):285–305, November 2007.
Phu H. Nguyen, Gregory Nain, Jacques Klein, Tejeddine Mouelhi, and Yves Le Traon.
Model-Driven Adaptive Delegation.
In Proceedings of the Aspect-Oriented Software Development conference MODULARITY: aosd?13. ACM, 2013.
Mike Papadakis and Nicos Malevris.
Automatically performing weak mutation with the aid of symbolic execution, concolic testing and search-based testing.
Software Quality Journal, 19(4):691–723, 2011.
Mike Papadakis and Nicos Malevris.
Mutation based test case generation via a path selection strategy.
Information & Software Technology, 54(9):915–932, 2012.
Outline Motivation Definitions Delegation Features Mutant Operators Preliminary Results Conclusion
Phu H. Nguyen, Mike Papadakis, and Iram Rubab – Testing Delegation Policy via Mutation Analysis March 18, 2013 22/22
Thanks to the Fonds National de la Recherche (FNR), Luxembourg
for supporting this work!
35. Questions?
The end
Thank you for your attention!
Outline Motivation Definitions Delegation Features Mutant Operators Preliminary Results Conclusion
Phu H. Nguyen, Mike Papadakis, and Iram Rubab – Testing Delegation Policy via Mutation Analysis March 18, 2013 22/22