Orlando Karam

Teaching with security in mind

Security topics have been taught for some time at universities. The most common approach has been to teach a required topic, and then introduce a security module later in the course. We are promoting the notion of teaching security at the same time as main courses material. This helps students to adopt to the idea of writing secure code at an early stage and encourages them to focus on the security issues before beginning coding. While this method has clear advantages, it is not easy to implement in practice. This is partly a result of the facultys luck of awareness about security issues, and the perception of security as an advanced topic. We see security as an extension of the basic concept of input validation, and so a very basic topic. We also propose teaching secure practices as the default model presented to the students, facilitating the adoption of those practices.

Optimizing distributed spatial joins using R-Trees

One of the basic problems in distributed databases is how to efficiently perform distributed joins. Spatial databases are particularly appropriate for distribution, but we need special techniques to deal with spatial data efficiently.In this work we study the distributed spatial join problem and how to perform this operation efficiently. We develop cost models for estimating the cost of this operation. We study the issues involved in optimizing it and develop specific techniques using R-Trees. Our techniques outperform other widely-used approaches for this operation.

Software protection with increased complexity and obfuscation

While many software solutions are provided through open source, the question of proprietary interest still remains. When outsourcing parts of a products software development, theres a risk that the outsourcing partners will become competitors in the future. In this paper we propose an approach to protect proprietary software by increasing its complexity, to prevent reverse engineering. We introduce four Conjectures for protecting our software through obfuscation and explore and provide rationale for why these four Conjectures make logical sense and should be considered for further formal experiments.

Is teaching with security in mind working

Security topics have been taught for some time at universities. The most common approach has been to teach a required topic, and then introduce a security module later in the course. We have been promoting the notion of teaching security at the same time as main courses material. We found that this helps students to accept the idea of writing secure code at an early stage and encourages them to focus on the security issues before they start coding. We proposed teaching secure practices as the default model presented to the students, facilitating the adoption of those practices. Over a period of one year we promoted the concept among our colleagues both in our school and at teaching conferences. This paper is a report that shows where we are one year after of implementation of Teaching with Security in Mind.

On Inter-Method and Intra-Method Object-Oriented Class Cohesion

Cohesion has been a topic of interest since structured design [20, 23] in the 1970’s. Today, there are numerous researchers continuing this work into object-oriented designs [1, 3, 5, 7, 9, 10, 12, 13, 16, 18, 19, 22]. Most of the current research has focused on the interaction of methods within a class, the inter-method cohesion. In this paper we consider both the inter-method cohesion and the intra-method cohesion of a class. We have utilized the concept of program slice [21] and extended Functional Cohesion [2] to devise a new intra-method cohesion metric, ITRA-C, for measuring cohesion of each method within the class. This intra-method cohesion is based on the notion of effects and chaining in an effect-slice. We further combine the (inter-method, intra-method)-tuple into one combined Class Cohesion, which provides a quick view of bands of cohesion for classes. A sample of a commercial bank account class is then provided to illustrate these concepts and metrics.

Impact of Context on Keyword Identification and Use in Biomedical Literature Mining

The use of two statistical metrics in automatically identifying important keywords associated with a concept such as a gene by mining scientific literature is reviewed. Starting with a subset of MEDLINE® abstracts that contain the name or synonyms of a gene in their titles, the aforementioned metrics contrast the prevalence of specific words in these documents against a broader “background set” of abstracts. If a word occurs substantially more often in the document subset associated with a gene than in the background set that acts as a reference, then the word is viewed as capturing some specific attribute of the gene.

Poster: Issues in functional characterization and clustering of genes by literature mining

We consider a collection of MEDLINE1 abstracts that are associated with a gene, as identified by the occurrence of the gene name (or its synonyms) in the title of the document and then contrast the frequency of occurrence of specific words with their frequency in a broader background set of abstracts. Words that occur relatively more frequently in the document collection associated with a gene compared to the background set may be viewed as characterizing the function of the gene.