Computer Science Colloquia
Overview:
Title: TBA | |
Title: Software Engineering using
Rationale | |
Title:
Combating Denial of Service Attacks with Trustworthy Source Addresses
| |
Title: Belief Revision, Decomposition and Horn
Formulas | |
Title: On the development of
FO(.) and a Knowledge Base System for it: a progress report | |
Title: How Secure is your Web
App? Open Source PHP Web Applications Security
Review | |
The list of Colloquia for 2008-2009 |
Monday, October 12, 2009,
Time: 4:00 p.m.,
Venue: 255 FPAT (Engineering Tower)
Title: How Secure is your Web App? Open Source PHP Web Applications
Security Review
Professor Maureen Doyle, Northern Kentucky University
Abstract:
We will present the results of an empirical study of fourteen widely used open source PHP web applications. We found that the vulnerability density of the aggregate code base decreased from 8.88 vulnerabilities/KLOC to 3.30 from Summer 2006 to Summer 2008. Individual web applications varied widely, with vulnerability densities ranging from 0 to 121.4 at the beginning of the study. While the total number of security problems decreased, vulnerability density increased in eight of the fourteen applications over the analysis period. We developed a security resources indicator metric, which we found to be strongly correlated (rho = 0:67; p < 0.05) with change in vulnerability density over time. Traditional software metrics, such as code size, cyclomatic complexity, nesting complexity, and churn, had significant (p < 0:05) but much smaller correlations (rho = 0:31 at best) with vulnerability density. Vulnerability density was measured using the Fortify Source Code Analyzer static analysis tool.
(Joint work with James Walden)
Host: Professor J. Goldsmith.
Speaker's personal page.
Friday, October 30,
Time: 11:00 a.m.,
Venue: 267 FPAT
Title: On the development of FO(.) and a Knowledge Base System for it:
a progress report
Professor Marc Denecker, KU Leuven, Belgium
Abstract:
I will discuss the long term goal of Leuven's KRR group: 1) to develop a rich KR language FO(.) extending classical logic, 2) the development of different reasoning systems for it. FO(.) is an -open ended- extension of classical first order logic (FO) with types, generalized inductive definitions, aggregates and nested inductive/coinductive definitions. I also discuss our attempts to build several sorts of inference systems for FO(.): model generation, model revision and approximate reasoning.
Host: Professor M. Truszczynski.
(Speaker's personal page. )
Wednesday, November 4,
2009, Time: 4:00 p.m.,
Venue: CB 201
Title: Belief Revision, Decomposition and Horn Formulas
Professor Robert Sloan, University of Illinois at Chicago
Abstract:
Horn-to-Horn belief revision asks for the revision of a Horn knowledge base such that the revised knowledge base is also Horn. Horn knowledge bases are important whenever one is concerned with efficiency of computing inferences, of knowledge acquisition, etc. Horn-to-Horn belief revision could be of interest, in particular, as a component of any efficient system requiring large commonsense knowledge bases that may need revisions because, for example, new contradictory information is acquired.
Recent results on belief revision for general logics show that the existence of a belief contraction operator satisfying the generalized AGM rationality postulates (which we will discuss for those unfamiliar with them) is equivalent to the existence of a complement. Here we provide a first step towards efficient Horn-to-Horn belief revision, by characterizing the existence of a complement of a Horn consequence of a Horn knowledge base. A complement exists if and only if the Horn consequence is not the consequence of a modified knowledge base obtained from the original by an operation called body building. This characterization leads to the efficient construction of a complement whenever it exists.
(Joint work with Marina Langlois, Balazs Szorenyi, and Gyorgy Turan)
Host: Professor J. Goldsmith.
(Speaker's personal page)
Tuesday, November 10,
2009, Time: 4:00 p.m.,
Venue: Windstream Room, Hargymon Building, Refreshments: 3:30-4:00, Common
area in Hardymon Building
Title: Software Engineering Using Rationale
Professor Janet E. Burge, Miami University, Computer Science and Software Engineering
Abstract:
Many decisions have to be made when developing a software system and a successful outcome depends on how well thought out these decisions were. The decisions made, and alternatives considered, form the rationale for the system. The rationale goes beyond standard documentation by describing the developers' intent and all alternatives considered rather than only those selected. While the potential usefulness of this information is seldom questioned, the rationale is rarely captured in practice. There is a pervasive belief that developers will not be willing to take the time and effort to perform what might be perceived as "extra" documentation. In order to encourage rationale capture there needs to be some incentive to do so. This talk describes the Software Engineering Using RATionale system (SEURAT). SEURAT is integrated with the Eclipse Interactive Development Environment and inferences over the rationale to evaluate decision alternatives and perform impact assessment when requirements, development criteria, and assumptions change. In addition to development environment integration, SEURAT also supports importing rationale extracted from external sources, such as Word documents, to help further reduce the effort of rationale capture. SEURAT also interfaces with the XFeature feature modeling tool so that rationale can be used to help customers use the rationale to guide product feature selection.
Bio:
Dr. Janet Burge is an Assistant Professor in the Miami University Computer Science and Software Engineering Department. She received her Ph.D. in Computer Science from Worcester Polytechnic Institute (2005) and performed her undergraduate work at Michigan Technological University (1984). Her research interests include design rationale, software engineering, AI in design, and knowledge elicitation. She is a co-author (with Jack Carroll, Ray McCall,and Ivan Mistrik) of the book /Rationale-Based Software Engineering/. She has been at Miami University since 2005. Prior to that point, she worked for more than 20 years in industry as a software engineer and research scientist. Dr. Burge is a recent recipient of a NSF CAREER Award for her project 'Rationale Capture for High-Assurance Systems.'
Speaker's personal page.
Host: Professor J. Hayes
Tuesday, November 10,
2009, Time: 11:00 a.m.,
Venue: 259 FPAT
Title:
Combating Denial of Service Attacks with Trustworthy Source Addresses
Professor Xiaowei Yang, Computer Science Department, Duke University
Abstract:
Large scale Denial of Service (DoS) attacks are an increasing threat to the reliability of the Internet. Attackers that control millions of bot machines can easily take down any site on Internet. A factor that complicates measures to stop DoS flooding attacks is the possibility of source address spoofing, in which compromised hosts place incorrect source addresses on their packets to impersonate other hosts or obscure their locations. A DoS defense mechanism that uses source addresses to limit attack traffic will inevitably inflict collateral damage to legitimate traffic.
In this talk, I will present the design, evaluation, and applications of Passport, a system that allows source addresses to be validated within the network. Passport uses efficient, symmetric-key cryptography to place tokens on packets that allow each autonomous system (AS) along the network path to independently verify that a source address is valid. It leverages the routing system to efficiently distribute the symmetric keys used for verification, and is incrementally deployable without upgrading hosts. Our evaluation shows that Passport is plausible for multi-gigabit links and provides stronger security and deployment incentives than alternatives such as ingress filtering. Passport also enables a variety of effective DoS defense systems.
Bio:
Xiaowei Yang is an assistant professor in the Department of Computer Science at Duke University and a recipient of an NSF CAREER award. She received a PhD and an MS in Computer Science from Massachusetts Institute of Technology, and a BE in Electronic Engineering from Tsinghua University, Beijing, China.
Wednesday, November 11,
2009, Time: 3:30 p.m.,
Venue: 327 McVey Hall (Refreshments: 3pm, same room)
Title: Semantic space models for word meaning in context
Professor Katrin Erk, University of Texas, Austin
Abstract:
Semantic spaces are a popular framework for the representation of word meaning. They encode the meaning of words as high-dimensional vectors, with dimensions representing context elements, for example other words, or documents in which the target word has appeared. Semantic space models can be induced automatically from text. They have been used very successfully in natural language processing, in particular information retrieval and ontology learning. They have also been popular in cognitive science, where they have been used for modeling experimental results on synonymy, lexical priming, and similarity judgments.
This talk, will focus on the use of semantic spaces for representing word meaning in context. The meaning of a word changes according to the context it is used, for example the meaning of "bat" in "The bats flew out of the cave" differs from its meaning in "He hit the ball with his bat". The task of characterizing word meaning in context is usually phrased as one of word sense disambiguation (WSD), choosing the best-fitting sense out of a list of dictionary senses. But this task has turned out to be very hard for humans as well as machines. This may be due to the underlying model: WSD frames word meaning as a list of distinct dictionary senses, and the task as a classification task. However, research on the psychology of concepts has shown that concepts in the human mind do not work like sets with clear-cut boundaries; they show graded membership, and there are typical cases and borderline cases. We show the results of annotation experiments that seem to indicate similar mechanisms in human judgments on word meaning in context.
We then discuss an alternative model that represents word meaning in context without recourse to dictionary senses, as points in semantic space, which immediately yields a model of semantic similarity as distance in space. We present a semantic space model of word meaning that explicitly represents argument structure and selectional preferences and that can be integrated modularly with existing syntactic representations. The model presents a first step towards a compositional account of word meaning based in semantic space models.
The adoption of a graded, semantic space based model immediately raises the question of usability: Traditional, dictionary-based models of word meaning in context yield sense labels that can easily be integrated in processing pipelines; how would one use semantic space models in applications? This can be framed as a question of performing inferences (in the widest sense) based on graded representations of word meaning. We propose viewing interference in this setting as driven by attachment points in semantic space. Each inference rule is associated with attachment points, and a rule is triggered by an occurrence that is sufficiently close to its attachment point.
(Joint colloquium with Center of Computational Sciences)
Host: Professor J. Goldsmith