Secure programming Guidelines help to prevent developers from introducing vulnerabilities. But being just static text to be consulted now and then, the Guidelines are difficult to integrate in the implementation phase...
详细信息
Secure programming Guidelines help to prevent developers from introducing vulnerabilities. But being just static text to be consulted now and then, the Guidelines are difficult to integrate in the implementation phase of software development, especially when developers are under pressure of delivering software for a deadline. In this paper, we present an IDE integration of security testing and static code analysis to detect vulnerabilities and known insecure coding patterns according to Secure programming Guidelines. While security testing tools and static analyzers exist for security professionals, similar tools to be used by software engineers who are normally non security experts are missing. This automated tool support is non-intrusive during implementation by being fully integrated in the IDE developers use, efficient to not slow down the overall implementation effort, and extensible to consider different vulnerabilities. We implement this IDE integration as an extension to SAP HANA Web-based Development Workbench. While not proposing new security testing nor static code analysis techniques, we integrate multiple security analysis to make them usable for developers during implementation, as they are relevant threats to SAP HANA applications and thus concerned in the Secure programming Guidelines.
We discuss the problem of learning fuzzy measures from empirical data. Values of the discrete Choquet integral are fitted to the data in the least absolute deviation sense. This problem is solved by linear programming...
详细信息
We discuss the problem of learning fuzzy measures from empirical data. Values of the discrete Choquet integral are fitted to the data in the least absolute deviation sense. This problem is solved by linear programming techniques. We consider the cases when the data are given on the numerical and interval scales. An open source programming library which facilitates calculations involving fuzzy measures and their learning from data is presented.
Rich context available creates varied applications on mobile device and makes end-user possible to customize personalized context-aware application. Meanwhile, problems arise that how to realize the service compositio...
详细信息
Rich context available creates varied applications on mobile device and makes end-user possible to customize personalized context-aware application. Meanwhile, problems arise that how to realize the service composition and present the service easy for end-user programming. In this paper, we refer to the notion of service component, design and implement a Context Source Service Composition Prototype Framework on Maemo platform on mobile device and deploy a serial of context-source services to inspect and verify our system.
Contrary to the apparent beliefs of many students, computer programming and problem solving are not amenable to purely book learning. These skills can be acquired only by practice, and even then, students with an apti...
详细信息
Contrary to the apparent beliefs of many students, computer programming and problem solving are not amenable to purely book learning. These skills can be acquired only by practice, and even then, students with an aptitude for programming will acquire the skills far more readily than those without. Unfortunately, aptitude is a concept that many students have difficulty appreciating. This paper describes a novel approach to helping students understand the concept.
Only within the past ten years has some attention been given to psychological concerns of human-machine interface. A review of the literature in this area reveals that personality has received the least attention, but...
详细信息
ISBN:
(纸本)9780897910002
Only within the past ten years has some attention been given to psychological concerns of human-machine interface. A review of the literature in this area reveals that personality has received the least attention, but interest is growing. If critical personality factors can be isolated and associated with particular programming tasks, such information could be a useful tool for education as well as *** hypothesis of this exploratory study was that two personality dimensions, assertiveness and locus of control, influence a programmer's choice of batch or interactive processing for program development. Locus of control relates to the perception an individual has of his/her influence over events. Assertiveness allows an individual expression in a manner that fully communicates personal desires without infringing upon the rights of others. These two dimensions and the programmer's preference for batch or interactive mode were studied through a questionnaire survey of experienced programmers.
Robot has been widely used for industrial application in the flexible manufacturing system. The time-consuming teaching process by skilled engineers is inevitable to teach real robot manipulators for generating the ro...
详细信息
Robot has been widely used for industrial application in the flexible manufacturing system. The time-consuming teaching process by skilled engineers is inevitable to teach real robot manipulators for generating the robot program and recording locations which the robot should follow for the given task. The off-line programming (OLP) method is proposed to generate the robot program from CAD format data without the teaching process. It needs a registration process to find the translational and rotational relations between the reference frame of real robot and the reference frame in CAD format data. This paper presents the simple registration method between real robot and workpiece in virtual environment. Also a method to assign position and orientation of TCP (Tool Center Point) in real robot is presented when the target point is selected in the virtual environment by the user. The proposed methods are evaluated by the simulation with the commercial industrial robot for placing tool on the surface of the workpiece which is given in STL format data.
Embedded media applications have traditionally used custom ASICs to meet their real-time performance requirements. However, the combination of increasing chip design cost and availability of commodity many-core proces...
详细信息
Embedded media applications have traditionally used custom ASICs to meet their real-time performance requirements. However, the combination of increasing chip design cost and availability of commodity many-core processors is making programmable devices increasingly attractive alternatives. Yet for these processors to be successful in this role, programming systems are needed that can automate the task of mapping the applications to the tens-to-hundreds of cores on current and future many-core processors, while simultaneously guaranteeing the real-time throughput constraints. This paper presents a block-parallel program description for embedded real-time media applications and automatic transformations including buffering and parallelization to ensure the program meets the throughput requirements. These transformations are enabled by starting with a high-level, yet intuitive, application description. The description builds on traditional stream programming structures by adding simple control and serialization constructs to enable a greater variety of applications. The result is an application description that provides a balance of flexibility and power to the programmer, while exposing the application structure to the compiler at a high enough level to enable useful transformations without heroic analysis.
Dead code, which is not uncommon in software engineering, is an unexplored area in software piracy forensics. This paper primarily investigates the forensic importance of all programming blunders, including dead codes...
详细信息
Dead code, which is not uncommon in software engineering, is an unexplored area in software piracy forensics. This paper primarily investigates the forensic importance of all programming blunders, including dead codes. programming Blunder is identified as a variable or a code segment (including dead code) or a field in a database table, which is hardly used or executed in the context of the application or the user's functionality. Blunder genes can be found in many parts of any program. It is the contention of this paper that this phenomenon of blunders needs to be studied systematically from its very genetic origins to their surface realizations in contrast to bugs and flaws, especially in view of their importance in software copyright infringement forensics. The article discusses the idea -- expression merger aspects of programming blunders and finally, proposes the need and a way to incorporate programming blunders into Abstraction-Filtration- Comparison test, the official software copyright infringement investigation procedure of US judiciary.
We describe TESSE, an emerging general-purpose, open-source software ecosystem that attacks the twin challenges of programmer productivity and portable performance for advanced scientific applications on modern high-p...
详细信息
ISBN:
(数字)9781665422840
ISBN:
(纸本)9781665422857
We describe TESSE, an emerging general-purpose, open-source software ecosystem that attacks the twin challenges of programmer productivity and portable performance for advanced scientific applications on modern high-performance computers. TESSE builds upon and extends the ParsecDAG/-dataflow runtime with a new Domain Specific Languages (DSL) and new integration capabilities. Motivating this work is our belief that such a dataflow model, perhaps with applications composed in domain specific languages, can overcome many of the challenges faced by a wide variety of irregular applications that are poorly served by current programming and execution models. Two such applications from many-body physics and applied mathematics are briefly explored. This paper focuses upon the Template Task Graph (TTG), which is TESSE's main C++ Api that provides a powerful work/data-flow programming model. Algorithms on spatial trees, block-sparse tensors, and wave fronts are used to illustrate the API and associated concepts, as well as to compare with related approaches.
With the continuous change of the world's energy structure, the safe and efficient operation of distribution system and microgrids is becoming increasingly important and challenging. This paper proposes an improve...
详细信息
ISBN:
(数字)9798331523527
ISBN:
(纸本)9798331523534
With the continuous change of the world's energy structure, the safe and efficient operation of distribution system and microgrids is becoming increasingly important and challenging. This paper proposes an improved risk analysis algorithm for microgrids based on multi-parametric programming considering the integration of large-scale renewable energy. First, the risk analysis system for microgrids is established, including wind power curtailment risk, distribution line heavy load risk, and integrated risk. Then, the linear mapping relationship from uncertain factors like renewable energy output to value of each risk indicator is established through the multi-parametric programming method. The redundant optimization problem solving steps are omitted cause calculation is executed based on the divided critical domains. In the end, the risk analysis efficiency of microgrids is greatly improved.
暂无评论