Week 3 Home assignment

Nataliia Lebiedieva – CSm11

Based on ex 8.2 you should find phrases in YOUR (in your folders) abstracts and
introductions, that match functions (A–D).

Abstracts and introductions 2

(A) Establishing why your topic (X) is important.
(B) Outlining the past-present history of the study of X (no direct references to the
literature).
(C) Outlining the possible future of X.
(D) Indicating the gap in knowledge and possible limitations.

https://docs.google.com/document/d/1nnuANoMSLhGFtJkzoy24y53xJXIn5Inn/edit?
usp=sharing&ouid=110578113411288286020&rtpof=true&sd=true

1) Before you start you should research ex.8.2

2) Your sentences should be from abstracts and introductions
3) It should be only 8 sentences: 2 per EACH FUNCTION

RESEARCH 1
Title: Unleashing the power of pseudo-code for binary code similarity analysis
(A) Code similarity analysis has become more popular due to its significant applications, including
vulnerability detection, malware detection, and patch analysis.

(A) Open source libraries are widely adopted in software development cycles, which improves the
development efficiency and reduces the costs.

(B) Recently, the latest machine learning (ML) methods have significantly enhanced the capabilities of
BSCA.

(B) In recent years, many BCSA studies incorporating AI techniques focus on deriving semantic
information from binary functions with code representations such as assembly code, intermediate
representations, and control flow graphs to measure the similarity.

(C) We present a new approach to matching semantically similar functions in closed-source software: we
 learn binary function feature representations from pseudo-code using deep learning.

(C) Finally, we conduct the ablation experiments to show that the accuracy of semantic similarity
function matching can be significantly improved by selectively inlining key functions and using
pseudo-code and string features.

(D) Since the source code of the software is difficult to obtain under most circumstances, binary-level
code similarity analysis (BCSA) has been paid much attention to.

(D) However, in the real world, the source code of the software is often difficult to obtain, which makes
these tools impractical to search clones in of-the-shelf software.

RESEARCH 2
Title: Identifying high-risk over-entitlement in access control policies using fuzzy logic
(A) Analyzing access control policies is an essential process for ensuring over-prescribed permissions are
identified and removed.

(A) Access control systems are an integral mechanism within computing systems, whereby access to
resources are regulated to ensure those deemed to be sensitive are only accessed by authorized users

(B) The paper presents a generic solution, which has been implemented to perform experimental analysis
on Microsoft’s New Technology File System to show how this works in practice.

(B) It has previously been highlighted that the relationship between these inputs is best suited to being
modelled and represented in fuzzy logic, where values such as user trust that are not binary can be
represented by a probability of truth

(C) However, if someone with such knowledge is available, it is reasonable to suggest that they will still
benefit from a technological aid, assisting to improve reliability and reduce the required time and
effort.

(C) In this work, we aim to solve this problem and utilise fuzzy logic in the analysis process through the
development of a novel technique, whereby a user’s efective permission on all access-controlled
objects is modelled in a risk-based fuzzy model, which is subsequently used for analysis purposes and
for detecting implemented permissions which have the highest level of risk.

(D) Furthermore, there is no standard definition of what constitutes an over-entitled permission within an
organization’s access control policy, making it not possible to develop automated rule-based
approaches.

(D) Over-entitlement can be particularly dangerous.

RESEARCH 3
Title: Analyzing best practices on Web development frameworks:The lift approach
(A) A framework is a high-level solution for the reuse of software pieces, a step forward in simple library
based reuse that allows for sharing common functions and generic logic of a domain application.

(A) It also ensures a better level of quality of the final product, since one important part of the application
is already found within the framework and, therefore, has already been tested

(B) Finally, as proof of concept, a set of Lift-based Web applications were developed for this paper by
applying best practices such as actors, lazy loading, Comet support, SiteMap, Wiring, HyperText
Markup Language, version 5 (HTML5) support, and parallel rendering.

(B) However, another brand new type of Web framework emerged in 2007.

(C) The identification of these best practices would allow developers to construct more interactive and
efficient Lift-based Web applications, integrating features of Web 2.0 technologies with less effort
and exploiting the frameworks’ benefits.

(C) Finally, the fourth section presents a set of Lift-based Web applications applying best practices, while
future directions and the concluding remarks are presented in Section 5.

(D) Choosing the Web framework that best fits the requirements is not an easy task for developers.

(D) However, there is no current comparative analysis that identifies the best practices for Web
frameworks.

RESEARCH 4 (*here is Background instead of Introduction)

Title: An analytics approach to adaptive maturity models using organizational
characteristics
(A) This research attempts to deploy these organizational characteristics on the ISFAM, and understand
the influence the organizational characteristics have on focus areas within the ISFAM.

(A) Furthermore it will present an adaptive ISFAM as a proof-of-concept for adaptive maturity matrices.

(B) In the past decades, maturity models have become important tools to visualize progress in adopting
processes and standards and to benchmark companies in their industry.

(B) Aside from the aforementioned, over 150 maturity models have been developed (de Bruin et al.
2005), which can be classified in three types of models (Mettler et al. 2010):

(C) Each focus area consists of one or more capabilities that an organization can implement.

(C) Focus area maturity matrices extend the classification of CMM-like models in that they have a more
formal order in which capabilities should be implemented and express interdependencies between the
capabilities making up the maturity levels.

(D) Ever since the first incarnations of maturity models, critics have voiced several concerns with these
 frameworks.

(D) It discusses the operationalization of these organizational characteristics by identifying themes,

specific organizational characteristics and the different means of measuring these organizational
characteristics through measurement levels.

RESEARCH 5
Title: Adaptive identity and access management—contextual data based policies
(A) These policies provide the foundation for every identity and access management system no matter if
poured into IT systems or only located within responsible identity and access management (IAM)
engineers’ mind.

(A) Due to compliance and IT security requirements, company-wide identity and access management
within organizations has gained significant importance in research and practice over the last years.

(B) At the same time, they are responsible for process-related aspects like access privilege management,
provisioning processes, and security management within the IAM.

(B) The adequate communication started at ARES 2015 and is further continued with this extended
article in the EURASIP journal (6).

(C) Companies aim at standardizing user management policies in order to reduce administrative overhead
and strengthen IT security.

(C) As a result, policies outdate over time, leading to security vulnerabilities and inefficiencies.

(D) Despite its relevance, hardly any supportive means for the automated detection and refinement as
well as management of policies are available.

(D) While available systems offer a variety of technologies and functionalities for implementing user
management processes, policies have received little attention among researchers and practitioners so
far.