发布求助
文献互助 智能选刊 最新文献

2022 IEEE 29th Annual Software Technology Conference (STC)最新文献

筛选
英文 中文
Experience-Based Guidelines for Effective Planning & Management of Software Integration & Test Activities in the Agile/DevSecOps Environment 在敏捷/DevSecOps环境中有效规划和管理软件集成和测试活动的基于经验的指南
2022 IEEE 29th Annual Software Technology Conference (STC) Pub Date : 2022-10-01 DOI: 10.1109/stc55697.2022.00028
Emily Arseneault, D. Boudreau, Jarred Lien, Gregory Young
{"title":"Experience-Based Guidelines for Effective Planning & Management of Software Integration & Test Activities in the Agile/DevSecOps Environment","authors":"Emily Arseneault, D. Boudreau, Jarred Lien, Gregory Young","doi":"10.1109/stc55697.2022.00028","DOIUrl":"https://doi.org/10.1109/stc55697.2022.00028","url":null,"abstract":"Agile teams need to be ready to fail and try again. The Integration and Test (I&S) team is integral to this process because they provide the benchmarks against which DevSecOps development teams measure their work products. The integration process for Agile features must be flexible enough to handle changing schedules and requirements, while continuing to drive the program teams toward the ultimate goal of a successful program sell-off activity. Throughout the life of the contract the I&T team must continually integrate new features; work with the hardware & software teams to ensure product quality is preserved; and regression test the system at each software build release to ensure product stability. As the defense industry continues maturing its applications of the Agile and Devsecops philosophies, this family of I&T activities must be defined, managed, and executed within these frameworks.This presentation discusses in detail the integration of new features activity in I&T. Provided are practical. proven, experience-based guidelines for planning and managing this effort in the Agile framework. These guidelines derive from the successful integration of new capabilities into an unclassified foreign system, on a program employing DevSecOps. Information presented in this lecture is recommended to individuals interested in, or tasked with, this responsibility.","PeriodicalId":170123,"journal":{"name":"2022 IEEE 29th Annual Software Technology Conference (STC)","volume":"30 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133430049","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Implementing a Communication Network between Bases Station applied for Group of Drones 无人机群基站间通信网络的实现
2022 IEEE 29th Annual Software Technology Conference (STC) Pub Date : 2022-10-01 DOI: 10.1109/STC55697.2022.00025
Julio Opolski Netto, Robison Cris Brito, F. Favarim, Luis Felipe Priester, E. Todt
{"title":"Implementing a Communication Network between Bases Station applied for Group of Drones","authors":"Julio Opolski Netto, Robison Cris Brito, F. Favarim, Luis Felipe Priester, E. Todt","doi":"10.1109/STC55697.2022.00025","DOIUrl":"https://doi.org/10.1109/STC55697.2022.00025","url":null,"abstract":"The use of Unmanned Aerial Vehicle (UAV) have been shown to be increasingly frequent for a diversity of applications, mainly in agriculture. The mapping of large areas for analysis purposes is common and it is considered a challenge due to the short range of the UAVs. The base stations utilization for drone recharge and important information obtainment is a relevant proposal. This paper features a low energy cost long range communication system between in base stations. Using Internet of Things (IoT) concepts and the possibility of utilizing a diversity of communication protocols in just a single device, this paper shows the integration between microcontroller, server and operator interface. The developed system is capable of identifying a drone that just landed in a base station through RFID technology, and send this and other information in real time through the command line “gateway” to the server using LoRa technology and Message Queuing Telemetry (MQTT) protocol.","PeriodicalId":170123,"journal":{"name":"2022 IEEE 29th Annual Software Technology Conference (STC)","volume":"54 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125964524","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Automated Extraction of Software Names from Vulnerability Reports using LSTM and Expert System 利用LSTM和专家系统从漏洞报告中自动提取软件名称
2022 IEEE 29th Annual Software Technology Conference (STC) Pub Date : 2022-10-01 DOI: 10.1109/STC55697.2022.00024
Igor Khokhlov, A. Okutan, Ryan Bryla, Steven Simmons, Mehdi Mirakhorli
{"title":"Automated Extraction of Software Names from Vulnerability Reports using LSTM and Expert System","authors":"Igor Khokhlov, A. Okutan, Ryan Bryla, Steven Simmons, Mehdi Mirakhorli","doi":"10.1109/STC55697.2022.00024","DOIUrl":"https://doi.org/10.1109/STC55697.2022.00024","url":null,"abstract":"Software vulnerabilities are closely monitored by the security community to timely address the security and privacy issues in software systems. Before a vulnerability is published by vulnerability management systems, it needs to be characterized to highlight its unique attributes, including affected software products and versions, to help security professionals prioritize their patches. Associating product names and versions with disclosed vulnerabilities may require a labor-intensive process that may delay their publication and fix, and thereby give attackers more time to exploit them. This work proposes a machine learning method to extract software product names and versions from unstructured CVE descriptions automatically. It uses Word2Vec and Char2Vec models to create context-aware features from CVE descriptions and uses these features to train a Named Entity Recognition (NER) model using bidirectional Long short-term memory (LSTM) networks. Based on the attributes of the product names and versions in previously published CVE descriptions, we created a set of Expert System (ES) rules to refine the predictions of the NER model and improve the performance of the developed method. Experiment results on real-life CVE examples indicate that using the trained NER model and the set of ES rules, software names and versions in unstructured CVE descriptions could be identified with F-Measure values above 0.95.","PeriodicalId":170123,"journal":{"name":"2022 IEEE 29th Annual Software Technology Conference (STC)","volume":"15 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126380968","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Continuous Documentation: Automating Document Preparation with your DevSecOps Pipeline 连续文档:使用DevSecOps管道自动化文档准备
2022 IEEE 29th Annual Software Technology Conference (STC) Pub Date : 2022-10-01 DOI: 10.1109/STC55697.2022.00029
Bill Andel
{"title":"Continuous Documentation: Automating Document Preparation with your DevSecOps Pipeline","authors":"Bill Andel","doi":"10.1109/STC55697.2022.00029","DOIUrl":"https://doi.org/10.1109/STC55697.2022.00029","url":null,"abstract":"End item deliveries to government customers are usually accompanied by a multitude of required documents, typically in print-ready formats such as Microsoft Word or Adobe Portable Document Format (PDF). Preparing these documents requires tedious manual collation and re-formatting of data from a multitude of data sources, which takes a significant amount of labor, is error-prone, and incurs lengthy review and approval cycles.How can we modernize our document preparation to support continuous release and delivery? Continuous Documentation (CDoc)! By leveraging the Authoritative Sources of Truth (ASOTs) for data already within our DevSecOps pipelines, we can extend the concept of “Documents as Code” (DaC) to reliably and repeatably automate document preparation using a suite of Free and Open-Source Software (FOSS) tools. Continuous Documentation ensures documents are ready for delivery and release in the print-ready formats customers expect at the same time as the software they accompany.","PeriodicalId":170123,"journal":{"name":"2022 IEEE 29th Annual Software Technology Conference (STC)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128975466","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Zero Trust Validation: from Practice to Theory : An empirical research project to improve Zero Trust implementations 零信任验证:从实践到理论:改进零信任实施的实证研究项目
2022 IEEE 29th Annual Software Technology Conference (STC) Pub Date : 2022-10-01 DOI: 10.1109/STC55697.2022.00021
Y. Bobbert, J. Scheerder
{"title":"Zero Trust Validation: from Practice to Theory : An empirical research project to improve Zero Trust implementations","authors":"Y. Bobbert, J. Scheerder","doi":"10.1109/STC55697.2022.00021","DOIUrl":"https://doi.org/10.1109/STC55697.2022.00021","url":null,"abstract":"How can high-level directives concerning risk, cybersecurity and compliance be operationalized in the central nervous system of any organization above a certain complexity? How can the effectiveness of technological solutions for security be proven and measured, and how can this technology be aligned with the governance and financial goals at the board level? These are the essential questions for any CEO, CIO or CISO that is concerned with the wellbeing of the firm. The concept of Zero Trust (ZT) approaches information and cybersecurity from the perspective of the asset to be protected, and from the value that asset represents. Zero Trust has been around for quite some time. Most professionals associate Zero Trust with a particular architectural approach to cybersecurity, involving concepts such as segments, resources that are accessed in a secure manner and the maxim “always verify never trust”. This paper describes the current state of the art in Zero Trust usage. We investigate the limitations of current approaches and how these are addressed in the form of Critical Success Factors in the Zero Trust Framework developed by ON2IT ‘Zero Trust Innovators’ (1). Furthermore, this paper describes the design and engineering of a Zero Trust artefact that addresses the problems at hand (2), according to Design Science Research (DSR). The last part of this paper outlines the setup of an empirical validation trough practitioner oriented research, in order to gain a broader acceptance and implementation of Zero Trust strategies (3). The final result is a proposed framework and associated technology which, via Zero Trust principles, addresses multiple layers of the organization to grasp and align cybersecurity risks and understand the readiness and fitness of the organization and its measures to counter cybersecurity risks.","PeriodicalId":170123,"journal":{"name":"2022 IEEE 29th Annual Software Technology Conference (STC)","volume":"58 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128583183","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Neural Model for Generating Method Names from Combined Contexts 从组合上下文生成方法名的神经模型
2022 IEEE 29th Annual Software Technology Conference (STC) Pub Date : 2022-10-01 DOI: 10.1109/STC55697.2022.00009
Zane Varner, Çerağ Oğuztüzün, Feng Long
{"title":"Neural Model for Generating Method Names from Combined Contexts","authors":"Zane Varner, Çerağ Oğuztüzün, Feng Long","doi":"10.1109/STC55697.2022.00009","DOIUrl":"https://doi.org/10.1109/STC55697.2022.00009","url":null,"abstract":"The names given to methods within a software system are critical to the success of both software development and maintenance. Meaningful and concise method names save developers both time and effort when attempting to understand and use the code. Our study focuses on learning concise and meaningful method names from word tokens found within the contexts of a method, including the method documentation, input parameters, return type, method body, and enclosing class. Combining the approaches of previous studies, we constructed both an RNN encoder-decoder model with attention as well as a Transformer model, each tested using different combinations of contextual information as input. Our experiments demonstrate that a model that uses all of the mentioned contexts will have a higher performance than a model that uses any subset of the contexts. Furthermore, we demonstrate that the Transformer model outperforms the RNN model in this scenario.","PeriodicalId":170123,"journal":{"name":"2022 IEEE 29th Annual Software Technology Conference (STC)","volume":"79 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134363716","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Model-Agnostic Scoring Methods for Artificial Intelligence Assurance 人工智能保障的模型不可知评分方法
2022 IEEE 29th Annual Software Technology Conference (STC) Pub Date : 2022-10-01 DOI: 10.1109/STC55697.2022.00011
Md. Nazmul Kabir Sikder, Feras A. Batarseh, Pei Wang, Nitish Gorentala
{"title":"Model-Agnostic Scoring Methods for Artificial Intelligence Assurance","authors":"Md. Nazmul Kabir Sikder, Feras A. Batarseh, Pei Wang, Nitish Gorentala","doi":"10.1109/STC55697.2022.00011","DOIUrl":"https://doi.org/10.1109/STC55697.2022.00011","url":null,"abstract":"State of the art Artificial Intelligence Assurance (AIA) methods validate AI systems based on predefined goals and standards, are applied within a given domain, and are designed for a specific AI algorithm. Existing works do not provide information on assuring subjective AI goals such as fairness and trustworthiness. Other assurance goals are frequently required in an intelligent deployment, including explainability, safety, and security. Accordingly, issues such as value loading, generalization, context, and scalability arise; however, achieving multiple assurance goals without major trade-offs is generally deemed an unattainable task. In this manuscript, we present two AIA pipelines that are model-agnostic, independent of the domain (such as: healthcare, energy, banking), and provide scores for AIA goals including explainability, safety, and security. The two pipelines: Adversarial Logging Scoring Pipeline (ALSP) and Requirements Feedback Scoring Pipeline (RFSP) are scalable and tested with multiple use cases, such as a water distribution network and a telecommunications network, to illustrate their benefits. ALSP optimizes models using a game theory approach and it also logs and scores the actions of an AI model to detect adversarial inputs, and assures the datasets used for training. RFSP identifies the best hyper-parameters using a Bayesian approach and provides assurance scores for subjective goals such as ethical AI using user inputs and statistical assurance measures. Each pipeline has three algorithms that enforce the final assurance scores and other outcomes. Unlike ALSP (which is a parallel process), RFSP is user-driven and its actions are sequential. Data are collected for experimentation; the results of both pipelines are presented and contrasted.","PeriodicalId":170123,"journal":{"name":"2022 IEEE 29th Annual Software Technology Conference (STC)","volume":"140 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116432962","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Introduction to AI Assurance for Policy Makers 政策制定者人工智能保障导论
2022 IEEE 29th Annual Software Technology Conference (STC) Pub Date : 2022-10-01 DOI: 10.1109/stc55697.2022.00016
Luke Biersmith, P. Laplante
{"title":"Introduction to AI Assurance for Policy Makers","authors":"Luke Biersmith, P. Laplante","doi":"10.1109/stc55697.2022.00016","DOIUrl":"https://doi.org/10.1109/stc55697.2022.00016","url":null,"abstract":"The deployment of artificial intelligence (AI) applications has accelerated faster than most scientists, policymakers and business leaders could have predicted. AI enabled technologies are facing the public in many ways including infrastructure, consumer products and home applications. Because many of these technologies present risk either in the form of physical injury or unfair outcomes, policy makers must consider the need for oversight. Most policymakers, however, lack the technical knowledge to judge whether an emerging AI technology is safe, effective and requires oversight, therefore depending on experts opinion. But policymakers are better served when, in addition to expert opinion, they have some general understanding of existing guidelines and regulations.While not comprehensive, this work provides an overview of AI legislation and directives at the international, U.S. state and federal levels. It also covers business standards, and technical society initiatives. This work can serve as a resource for policymakers and other key stakeholders and an entry point to their understanding of AI policy.","PeriodicalId":170123,"journal":{"name":"2022 IEEE 29th Annual Software Technology Conference (STC)","volume":"61 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123456627","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
The Generation of Software Security Scoring Systems Leveraging Human Expert Opinion 利用人类专家意见的软件安全评分系统的生成
2022 IEEE 29th Annual Software Technology Conference (STC) Pub Date : 2022-10-01 DOI: 10.1109/STC55697.2022.00023
P. Mell
{"title":"The Generation of Software Security Scoring Systems Leveraging Human Expert Opinion","authors":"P. Mell","doi":"10.1109/STC55697.2022.00023","DOIUrl":"https://doi.org/10.1109/STC55697.2022.00023","url":null,"abstract":"While the existence of many security elements in software can be measured (e.g., vulnerabilities, security controls, or privacy controls), it is challenging to measure their relative security impact. In the physical world we can often measure the impact of individual elements to a system. However, in cyber security we often lack ground truth (i.e., the ability to directly measure significance). In this work we propose to solve this by leveraging human expert opinion to provide ground truth. Experts are iteratively asked to compare pairs of security elements to determine their relative significance. On the back end our knowledge encoding tool performs a form of binary insertion sort on a set of security elements using each expert as an oracle for the element comparisons. The tool not only sorts the elements (note that equality may be permitted), but it also records the strength or degree of each relationship. The output is a directed acyclic ‘constraint’ graph that provides a total ordering among the sets of equivalent elements. Multiple constraint graphs are then unified together to form a single graph that is used to generate a scoring or prioritization system.For our empirical study, we apply this domain-agnostic measurement approach to generate scoring/prioritization systems in the areas of vulnerability scoring, privacy control prioritization, and cyber security control evaluation.","PeriodicalId":170123,"journal":{"name":"2022 IEEE 29th Annual Software Technology Conference (STC)","volume":"6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125665712","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Analyzing Failures in Artificial Intelligent Learning Systems (FAILS) 分析人工智能学习系统中的故障(FAILS)
2022 IEEE 29th Annual Software Technology Conference (STC) Pub Date : 2022-10-01 DOI: 10.1109/STC55697.2022.00010
Francis Durso, M. Raunak, Rick Kuhn, R. Kacker
{"title":"Analyzing Failures in Artificial Intelligent Learning Systems (FAILS)","authors":"Francis Durso, M. Raunak, Rick Kuhn, R. Kacker","doi":"10.1109/STC55697.2022.00010","DOIUrl":"https://doi.org/10.1109/STC55697.2022.00010","url":null,"abstract":"We learn more from analyzing failures in engineering than by studying successes. There is significant value in documenting and tracking AI failures in sufficient detail to understand their root causes, and to put processes and practices in place toward preventing similar problems in the future. Similar efforts to track and record vulnerabilities in traditional software led to the establishment of National Vulnerability Database, which has contributed towards understanding vulnerability trends, their root causes, and how to prevent them [1], [3].","PeriodicalId":170123,"journal":{"name":"2022 IEEE 29th Annual Software Technology Conference (STC)","volume":"217 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127603769","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信