We describe our current work in developing novel mechanisms for managing security and privacy in pervasive computing environments. More specifically, we have developed and evaluated three different applications, including a contextual instant messenger, a people finder application, and a phone-based application for access control. We also draw out some themes we have learned thus far for user-controllable security and privacy.
We explored a new type of user interface, interactive cover sheets: computer forms laid out on the banner pages of print jobs that people can mark on, scan back into a multifunction printer/scanner, and use as input to applications. Cover sheets are commonly strewn around printer rooms; with interactivity, they can let people see what others have to say, add their own comments, or play games, all while waiting for their print jobs. We designed three prototype applications and deployed them briefly in our research lab. We found that interactive cover sheets can be very appealing, that the sheets must be designed so that people can still identify these pages as cover sheets, and that the slow interaction cycle favors asynchronous applications.
CANTINA: A Content-Based Approach to Detecting Phishing Web Sites, at WWW2007Jason Hong
Phishing is a significant problem involving fraudulent email and web sites that trick unsuspecting users into revealing private information. In this paper, we present the design, implementation, and evaluation of CANTINA, a novel, content-based approach to detecting phishing web sites, based on the TF-IDF information retrieval algorithm. We also discuss the design and evaluation of several heuristics we developed to reduce false positives. Our experiments show that CANTINA is good at detecting phishing sites, correctly labeling approximately 95% of phishing sites.
Usable Privacy and Security: A Grand Challenge for HCI, Human Computer Inter...Jason Hong
In this position paper, we argue that usable privacy and security is a grand challenge that needs more attention from the HCI community. We also discuss benefits to and new challenges for HCI, and use our research experiences to provide a critique of HCI.
Using Text Mining to Infer the Purpose of Permission Use in Mobile AppsJason Hong
Understanding the purpose of why sensitive data is used could help improve privacy as well as enable new kinds of access control. In this paper, we introduce a new technique for inferring the purpose of sensitive data usage in the context of Android smartphone apps. We extract multiple kinds of features from decompiled code, focusing on app-specific features and text-based features. These features are then used to train a machine learning classifier. We have evaluated our approach in the context of two sensitive permissions, namely ACCESS_FINE_LOCATION and READ_CONTACT_LIST, and achieved an accuracy of about 85% and 94% respectively in inferring purposes. We have also found that text-based features alone are highly effective in inferring purposes.
Knock x Knock: The Design and Evaluation of a Unified Authentication Manageme...Jason Hong
We introduce UniAuth, a set of mechanisms for streamlining authentication to devices and web services. With UniAuth, a user first authenticates himself to his UniAuth client, typically his smartphone or wearable device. His client can then authenticate to other services on his behalf. In this paper, we focus on exploring the user experiences with an early iPhone prototype called Knock x Knock. To manage a variety of accounts securely in a usable way, Knock x Knock incorporates features not supported in existing password managers, such as tiered and location-aware lock control, authentication to laptops via knocking, and storing credentials locally while working with laptops seamlessly. In two field studies, 19 participants used Knock x Knock for one to three weeks with their own devices and accounts. Our participants were highly positive about Knock x Knock, demonstrating the desirability of our approach. We also discuss interesting edge cases and design implications.
Social Cybersecurity, at Google Security Summit March 2015Jason Hong
This is my 3 minute pitch at the Google Security Summit, making a case for what I think academia and Google should be doing more of. The basic premise is, rather than creating new security mechanisms, let's look more at getting people to adopt best practices and features we've already created.
Siren: Context-aware Computing for Firefighting, at Pervasive2004Jason Hong
Based on an extensive field study of current firefighting practices, we have developed a system called Siren to support tacit communication between firefighters with multiple levels of redundancy in both communication and user alerts. Siren provides a foundation for gathering, integrating, and distributing contextual data, such as location and temperature. It also simplifies the development of firefighting applications using a peer-to-peer network of embedded devices through a uniform programming interface based on the information space abstraction. As a proof of concept, we have developed a prototype context-aware messaging application in the firefighting domain. We have evaluated this application with firefighters and they have found it to be useful for improving many aspects of their current work practices.
Intelligent Agents for Helping Humanity Reach Its Full PotentialJason Hong
Within fifty years, we will build and deploy highly personalized intelligent agents that can help us find, set, and meet hard goals to improve our lives in meaningful ways that we choose. Think of it as a cross between a lifelong coach, a caring uncle, and an honest and supportive friend. Or, if you are into science fiction, consider it as a combination of Samantha in the movie Her, the Young Lady’s Primer from the book The Diamond Age, and Minds from Iain Bank’s The Culture series. Let’s call this agent Maslow.
We explored a new type of user interface, interactive cover sheets: computer forms laid out on the banner pages of print jobs that people can mark on, scan back into a multifunction printer/scanner, and use as input to applications. Cover sheets are commonly strewn around printer rooms; with interactivity, they can let people see what others have to say, add their own comments, or play games, all while waiting for their print jobs. We designed three prototype applications and deployed them briefly in our research lab. We found that interactive cover sheets can be very appealing, that the sheets must be designed so that people can still identify these pages as cover sheets, and that the slow interaction cycle favors asynchronous applications.
CANTINA: A Content-Based Approach to Detecting Phishing Web Sites, at WWW2007Jason Hong
Phishing is a significant problem involving fraudulent email and web sites that trick unsuspecting users into revealing private information. In this paper, we present the design, implementation, and evaluation of CANTINA, a novel, content-based approach to detecting phishing web sites, based on the TF-IDF information retrieval algorithm. We also discuss the design and evaluation of several heuristics we developed to reduce false positives. Our experiments show that CANTINA is good at detecting phishing sites, correctly labeling approximately 95% of phishing sites.
Usable Privacy and Security: A Grand Challenge for HCI, Human Computer Inter...Jason Hong
In this position paper, we argue that usable privacy and security is a grand challenge that needs more attention from the HCI community. We also discuss benefits to and new challenges for HCI, and use our research experiences to provide a critique of HCI.
Using Text Mining to Infer the Purpose of Permission Use in Mobile AppsJason Hong
Understanding the purpose of why sensitive data is used could help improve privacy as well as enable new kinds of access control. In this paper, we introduce a new technique for inferring the purpose of sensitive data usage in the context of Android smartphone apps. We extract multiple kinds of features from decompiled code, focusing on app-specific features and text-based features. These features are then used to train a machine learning classifier. We have evaluated our approach in the context of two sensitive permissions, namely ACCESS_FINE_LOCATION and READ_CONTACT_LIST, and achieved an accuracy of about 85% and 94% respectively in inferring purposes. We have also found that text-based features alone are highly effective in inferring purposes.
Knock x Knock: The Design and Evaluation of a Unified Authentication Manageme...Jason Hong
We introduce UniAuth, a set of mechanisms for streamlining authentication to devices and web services. With UniAuth, a user first authenticates himself to his UniAuth client, typically his smartphone or wearable device. His client can then authenticate to other services on his behalf. In this paper, we focus on exploring the user experiences with an early iPhone prototype called Knock x Knock. To manage a variety of accounts securely in a usable way, Knock x Knock incorporates features not supported in existing password managers, such as tiered and location-aware lock control, authentication to laptops via knocking, and storing credentials locally while working with laptops seamlessly. In two field studies, 19 participants used Knock x Knock for one to three weeks with their own devices and accounts. Our participants were highly positive about Knock x Knock, demonstrating the desirability of our approach. We also discuss interesting edge cases and design implications.
Social Cybersecurity, at Google Security Summit March 2015Jason Hong
This is my 3 minute pitch at the Google Security Summit, making a case for what I think academia and Google should be doing more of. The basic premise is, rather than creating new security mechanisms, let's look more at getting people to adopt best practices and features we've already created.
Siren: Context-aware Computing for Firefighting, at Pervasive2004Jason Hong
Based on an extensive field study of current firefighting practices, we have developed a system called Siren to support tacit communication between firefighters with multiple levels of redundancy in both communication and user alerts. Siren provides a foundation for gathering, integrating, and distributing contextual data, such as location and temperature. It also simplifies the development of firefighting applications using a peer-to-peer network of embedded devices through a uniform programming interface based on the information space abstraction. As a proof of concept, we have developed a prototype context-aware messaging application in the firefighting domain. We have evaluated this application with firefighters and they have found it to be useful for improving many aspects of their current work practices.
Intelligent Agents for Helping Humanity Reach Its Full PotentialJason Hong
Within fifty years, we will build and deploy highly personalized intelligent agents that can help us find, set, and meet hard goals to improve our lives in meaningful ways that we choose. Think of it as a cross between a lifelong coach, a caring uncle, and an honest and supportive friend. Or, if you are into science fiction, consider it as a combination of Samantha in the movie Her, the Young Lady’s Primer from the book The Diamond Age, and Minds from Iain Bank’s The Culture series. Let’s call this agent Maslow.
A Study of Firefighting in the Coming Age of Ubiquitous Computing, 2002Jason Hong
We demonstrate how field studies, interviews, and low-fidelity prototypes can be used to inform the design of ubiquitous computing systems for firefighters. We describe the artifacts and processes used by firefighters to assess, plan, and communicate during emergency situations, showing how accountability affects these decisions, how their current Incident Command System supports these tasks, and some drawbacks of existing solutions. These factors informed the design of a large electronic display for supporting the incident commander, the person who coordinates the overall response strategy in an emergency. Although our focus was on firefighters, our results are applicable for other aspects of emergency response as well, due to common procedures and training.
Making Mashups with Marmite, at CHI 2007Jason Hong
There is a tremendous amount of web content available today, but it is not always in a form that supports end-users’ needs. In many cases, all of the data and services needed to accomplish a goal already exist, but are not in a form amenable to an end-user. To address this problem, we have developed an end-user programming tool called Marmite, which lets end-users create so-called mashups that re-purpose and combine existing web content and services. In this paper, we present the design, implementation, and evaluation of Marmite. An informal user study found that programmers and some spreadsheet users had little difficulty using the system .
The Role of Social Influence In Security Feature Adoption, at CSCW 2015Jason Hong
Social influence is key in technology adoption, but its role in security-feature adoption is unique and remains unclear. Here, we analyzed how three Facebook security features—Login Approvals, Login Notifications, and Trusted Contacts—diffused through the social networks of 1.5 million people. Our results suggest that social influence affects one’s likelihood to adopt a security feature, but its effect varies based on the observability of the feature, the current feature adoption rate among a potential adopter’s friends, and the number of distinct social circles from which those feature-adopting friends originate. Curiously, there may be a threshold higher than which having more security-feature adopting friends predicts for higher adoption likelihood, but below which having more feature-adopting friends predicts for lower adoption likelihood. Furthermore, the magnitude of this threshold is modulated by the attributes of a feature—features that are more noticeable (Login Approvals, Trusted Contacts) have lower thresholds.
Privacy, Ethics, and Big (Smartphone) Data, Keynote talk at ICISSP 2016Jason Hong
This talk looks at some of the CHIMPS research group's work on urban analytics and on analyzing smartphone apps, and offers a reflection on how we can improve the privacy landscape by focusing on key parts of the ecosystem.
Social Cybersecurity, or, A Computer Scientist's View of HCI and Theory, at ...Jason Hong
June 2015
This talk looks at our team's ongoing work in using social psychology and diffusion of innovations to improve cybersecurity. It also reflects on the role of theory, in terms of offering inspiration for new ideas, a useful vocabulary, guidance for what to build and how to build things better, as well as insight into the problem space. This talk also offers some advice for people building theories, adapting Pasteur's quadrant and Diffusion of Innovations to theory, to help people who build and design systems.
Big Data for Privacy, at NSF Workshop on Big Data and Privacy, April 2015Jason Hong
Short 10 minute talk presenting two research projects looking at how to use big data to help with privacy. Ends with three thoughts about privacy: ecosystem, human-in-the-loop, and scalability.
Slides from Wednesday 1st August - Data in the Scholarly Communications Life Cycle Course which is part of the FORCE11 Scholarly Communications Institute.
Presenter - Natasha Simons
Had a great pleasure and honor to give a lecture about the Current and Future Challenges in Data Science at the Nextech 2019 conference alongside an impressive list of other speakers
Bigger data as better data an exploration in the context of distance educatio...Elizabeth Archer
Archer, E., Barnes, G., Chetty, Y., Prinsloo, P. & Van Zyl, D. (2013). Bigger data as better data: an exploration in the context of distance education. Paper presented at the HELTASA Conference, 27 November 2013, Pretoria: South Africa.
Your organization has lots of data, but what makes sense to visualize? What data is going to have the most impact? What are your goals - are you trying to increase awareness, motivate donations or other actions? We'll explore the many different types of data that your organization likely consumes and produces - from financial data to program data to issue research data. We'll learn how different types of data are, can, and should be used to support your organizational goals. This session will give you the solid grounding to help you think strategically about visualizing your data.
This presentation was provided by Kristi Holmes of Northwestern University during the NISO hot topic virtual conference "Effective Data Management," which was held on September 29, 2021.
A presentation at the October 2015 Internet2 Technology Exchange.
Enabling researchers to provision and manage their own collaborations in a straightforward manner is the goal of the FEDUSHARE project. To provide investigator self-managed collaboration, we undertake the design of a middleware architectural framework that turns current models upside down by modeling collaboration from the user’s perspective rather than from the organizational/administrative perspective. We leverage existing federated campus Identity and Access Management (IAM) infrastructure and expertise to accomplish the desired transparent access. We call this framework “FeduShare”. During our presentation, we will demonstrate an in-production ssh console logon across campuses using Shibboleth ECP and updated GSS-ECP client/server components. We will also describe an open source ECP based mobile authentication solution that occurred as a side effect of our work. This work is funded by NSF Grant No. ACI-1440609 and includes participants from Clemson, U Utah, NCSA/XSEDE, and BBN (GeNi office).
A combined presentation by
- Jef Ausloos (https://twitter.com/Jausl00s): background to data subject rights
- Pierre Dewitte (https://twitter.com/PiDewitte): empirically testing the right of access (https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3106632)
- Laurens Naudts (https://twitter.com/RoboNaudts): empirically testing the right to an explanation
All three are member of the CiTiP embedded in the KULeuven.
The event was hosted at the VUB (Vrije Universiteit Brussel) with the collaboration of VRG Brussels.
A Study of Firefighting in the Coming Age of Ubiquitous Computing, 2002Jason Hong
We demonstrate how field studies, interviews, and low-fidelity prototypes can be used to inform the design of ubiquitous computing systems for firefighters. We describe the artifacts and processes used by firefighters to assess, plan, and communicate during emergency situations, showing how accountability affects these decisions, how their current Incident Command System supports these tasks, and some drawbacks of existing solutions. These factors informed the design of a large electronic display for supporting the incident commander, the person who coordinates the overall response strategy in an emergency. Although our focus was on firefighters, our results are applicable for other aspects of emergency response as well, due to common procedures and training.
Making Mashups with Marmite, at CHI 2007Jason Hong
There is a tremendous amount of web content available today, but it is not always in a form that supports end-users’ needs. In many cases, all of the data and services needed to accomplish a goal already exist, but are not in a form amenable to an end-user. To address this problem, we have developed an end-user programming tool called Marmite, which lets end-users create so-called mashups that re-purpose and combine existing web content and services. In this paper, we present the design, implementation, and evaluation of Marmite. An informal user study found that programmers and some spreadsheet users had little difficulty using the system .
The Role of Social Influence In Security Feature Adoption, at CSCW 2015Jason Hong
Social influence is key in technology adoption, but its role in security-feature adoption is unique and remains unclear. Here, we analyzed how three Facebook security features—Login Approvals, Login Notifications, and Trusted Contacts—diffused through the social networks of 1.5 million people. Our results suggest that social influence affects one’s likelihood to adopt a security feature, but its effect varies based on the observability of the feature, the current feature adoption rate among a potential adopter’s friends, and the number of distinct social circles from which those feature-adopting friends originate. Curiously, there may be a threshold higher than which having more security-feature adopting friends predicts for higher adoption likelihood, but below which having more feature-adopting friends predicts for lower adoption likelihood. Furthermore, the magnitude of this threshold is modulated by the attributes of a feature—features that are more noticeable (Login Approvals, Trusted Contacts) have lower thresholds.
Privacy, Ethics, and Big (Smartphone) Data, Keynote talk at ICISSP 2016Jason Hong
This talk looks at some of the CHIMPS research group's work on urban analytics and on analyzing smartphone apps, and offers a reflection on how we can improve the privacy landscape by focusing on key parts of the ecosystem.
Social Cybersecurity, or, A Computer Scientist's View of HCI and Theory, at ...Jason Hong
June 2015
This talk looks at our team's ongoing work in using social psychology and diffusion of innovations to improve cybersecurity. It also reflects on the role of theory, in terms of offering inspiration for new ideas, a useful vocabulary, guidance for what to build and how to build things better, as well as insight into the problem space. This talk also offers some advice for people building theories, adapting Pasteur's quadrant and Diffusion of Innovations to theory, to help people who build and design systems.
Big Data for Privacy, at NSF Workshop on Big Data and Privacy, April 2015Jason Hong
Short 10 minute talk presenting two research projects looking at how to use big data to help with privacy. Ends with three thoughts about privacy: ecosystem, human-in-the-loop, and scalability.
Slides from Wednesday 1st August - Data in the Scholarly Communications Life Cycle Course which is part of the FORCE11 Scholarly Communications Institute.
Presenter - Natasha Simons
Had a great pleasure and honor to give a lecture about the Current and Future Challenges in Data Science at the Nextech 2019 conference alongside an impressive list of other speakers
Bigger data as better data an exploration in the context of distance educatio...Elizabeth Archer
Archer, E., Barnes, G., Chetty, Y., Prinsloo, P. & Van Zyl, D. (2013). Bigger data as better data: an exploration in the context of distance education. Paper presented at the HELTASA Conference, 27 November 2013, Pretoria: South Africa.
Your organization has lots of data, but what makes sense to visualize? What data is going to have the most impact? What are your goals - are you trying to increase awareness, motivate donations or other actions? We'll explore the many different types of data that your organization likely consumes and produces - from financial data to program data to issue research data. We'll learn how different types of data are, can, and should be used to support your organizational goals. This session will give you the solid grounding to help you think strategically about visualizing your data.
This presentation was provided by Kristi Holmes of Northwestern University during the NISO hot topic virtual conference "Effective Data Management," which was held on September 29, 2021.
A presentation at the October 2015 Internet2 Technology Exchange.
Enabling researchers to provision and manage their own collaborations in a straightforward manner is the goal of the FEDUSHARE project. To provide investigator self-managed collaboration, we undertake the design of a middleware architectural framework that turns current models upside down by modeling collaboration from the user’s perspective rather than from the organizational/administrative perspective. We leverage existing federated campus Identity and Access Management (IAM) infrastructure and expertise to accomplish the desired transparent access. We call this framework “FeduShare”. During our presentation, we will demonstrate an in-production ssh console logon across campuses using Shibboleth ECP and updated GSS-ECP client/server components. We will also describe an open source ECP based mobile authentication solution that occurred as a side effect of our work. This work is funded by NSF Grant No. ACI-1440609 and includes participants from Clemson, U Utah, NCSA/XSEDE, and BBN (GeNi office).
A combined presentation by
- Jef Ausloos (https://twitter.com/Jausl00s): background to data subject rights
- Pierre Dewitte (https://twitter.com/PiDewitte): empirically testing the right of access (https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3106632)
- Laurens Naudts (https://twitter.com/RoboNaudts): empirically testing the right to an explanation
All three are member of the CiTiP embedded in the KULeuven.
The event was hosted at the VUB (Vrije Universiteit Brussel) with the collaboration of VRG Brussels.
Presentation given at the Consorcio Madrono conference on Data Management Plans in Horizon 2020 http://www.consorciomadrono.es/info/web/blogs/formacion/217.php
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIVladimir Iglovikov, Ph.D.
Presented by Vladimir Iglovikov:
- https://www.linkedin.com/in/iglovikov/
- https://x.com/viglovikov
- https://www.instagram.com/ternaus/
This presentation delves into the journey of Albumentations.ai, a highly successful open-source library for data augmentation.
Created out of a necessity for superior performance in Kaggle competitions, Albumentations has grown to become a widely used tool among data scientists and machine learning practitioners.
This case study covers various aspects, including:
People: The contributors and community that have supported Albumentations.
Metrics: The success indicators such as downloads, daily active users, GitHub stars, and financial contributions.
Challenges: The hurdles in monetizing open-source projects and measuring user engagement.
Development Practices: Best practices for creating, maintaining, and scaling open-source libraries, including code hygiene, CI/CD, and fast iteration.
Community Building: Strategies for making adoption easy, iterating quickly, and fostering a vibrant, engaged community.
Marketing: Both online and offline marketing tactics, focusing on real, impactful interactions and collaborations.
Mental Health: Maintaining balance and not feeling pressured by user demands.
Key insights include the importance of automation, making the adoption process seamless, and leveraging offline interactions for marketing. The presentation also emphasizes the need for continuous small improvements and building a friendly, inclusive community that contributes to the project's growth.
Vladimir Iglovikov brings his extensive experience as a Kaggle Grandmaster, ex-Staff ML Engineer at Lyft, sharing valuable lessons and practical advice for anyone looking to enhance the adoption of their open-source projects.
Explore more about Albumentations and join the community at:
GitHub: https://github.com/albumentations-team/albumentations
Website: https://albumentations.ai/
LinkedIn: https://www.linkedin.com/company/100504475
Twitter: https://x.com/albumentations
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Slide 21: you may want to mention that the project is about throwing a bunch of different techniques at this problem (learning, dialogs, explanation and visualization + different levels of expressiveness and different types of application). Our hope is to develop families of technologies that can effectively and efficiently empower users to control their policies and also to better understand the likely limitations of these technologies across different types of environments (e.g. as user tolerance for errors varies across different domains).