skip to main content


Title: Automated Synthesis of Access Control Lists
Network configuration remains time-consuming and error-prone with the current configuration command system. To create access control lists (ACLs) with commands containing many options is still considered as a difficult task. In light of this, we aim to develop a comprehensible way to the ACL con- struction. Based on Eliza, a prototype of Artificial Intelligence, we propose a new design called EASYACL that synthesizes ACL rules automatically from natural language descriptions. E A S YAC L demonstrates the effectiveness of domain-specific program synthesis. Through the use of natural language, ACL rules can be constructed without using an excessive number of options or rigid syntax. By introducing the batch processing, we make it possible for users to apply configurations to a range of IP addresses rather than tediously repeating commands. EASYACL supports multi-platform by an intermediate repre- sentation which may be ported to the commands for both Cisco and Juniper devices. The comprehensible commands are friendly for encapsulation as well as reuse. E A S YAC L enables end-users with no prior programming experience to construct ACL in a natural way which lowers the bar for security management training and also reduces the errors in network administration.  more » « less
Award ID(s):
1223710
NSF-PAR ID:
10066913
Author(s) / Creator(s):
; ;
Date Published:
Journal Name:
Proceedings of the 3rd International Conference on Software Security and Assurance (ICSSA 2017)
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. Scripting is a widely-used way to automate the execution of tasks. Despite the popularity of scripting, it remains difficult to use for both beginners and experts: because of the cryptic commands for the first group, and incompatible syntaxes across different systems, for the latter group. The authors introduce Natural Shell, an assistant for enabling end-users to generate commands and scripts for various purposes. Natural Shell automatically synthesizes scripts for different shell systems based on natural language descriptions. By interacting with Natural Shell, new users can learn the basics of scripting languages without the obstacles from the incomprehensible syntaxes. On the other hand, the authors’ tool frees more advanced users from manuals when they switch shell systems. The authors have developed a prototype system and demonstrate its effectiveness with a benchmark of 50 examples of popular shell commands collected from online forums. In addition, the authors analyzed the usage of Natural Shell in a lab study that involves 10 participants with different scripting skill levels. Natural Shell effectively assists the users to generate commands in assigned syntaxes and greatly streamlines their learning and using experience. 
    more » « less
  2. Lierler, Yuliya ; Morales, Jose F ; Dodaro, Carmine ; Dahl, Veroniica ; Gebser, Martin ; Tekle, Tuncay (Ed.)
    Knowledge representation and reasoning (KRR) systems represent knowledge as collections of facts and rules. Like databases, KRR systems contain information about domains of human activities like industrial enterprises, science, and business. KRRs can represent complex concepts and relations, and they can query and manipulate information in sophisticated ways. Unfortunately, the KRR technology has been hindered by the fact that specifying the requisite knowledge requires skills that most domain experts do not have, and professional knowledge engineers are hard to find. One solution could be to extract knowledge from English text, and a number of works have attempted to do so (OpenSesame, Google's Sling, etc.). Unfortunately, at present, extraction of logical facts from unrestricted natural language is still too inaccurate to be used for reasoning, while restricting the grammar of the language (so-called controlled natural language, or CNL) is hard for the users to learn and use. Nevertheless, some recent CNL-based approaches, such as the Knowledge Authoring Logic Machine (KALM), have shown to have very high accuracy compared to others, and a natural question is to what extent the CNL restrictions can be lifted. In this paper, we address this issue by transplanting the KALM framework to a neural natural language parser, mStanza. Here we limit our attention to authoring facts and queries and therefore our focus is what we call factual English statements. Authoring other types of knowledge, such as rules, will be considered in our followup work. As it turns out, neural network based parsers have problems of their own and the mistakes they make range from part-of-speech tagging to lemmatization to dependency errors. We present a number of techniques for combating these problems and test the new system, KALMFL (i.e., KALM for factual language), on a number of benchmarks, which show KALMFL achieves correctness in excess of 95%. 
    more » « less
  3. Continuous Integration (CI) allows developers to check whether their code can build successfully and pass tests across various system environments with every commit. To use a CI platform, a developer must provide configuration files within a code repository to specify build conditions. Incorrect configuration settings lead to CI build failures, which can take hours to run, wasting valuable developer time and delaying product release dates. Debugging CI configurations is a slow and error-prone process. The only way to check the correctness of CI configurations is to push a commit and wait for the build result. We present VeriCI, the first system for localizing CI configuration errors at the code level. VeriCI runs as a static analysis tool, before the developer sends the build request to the CI server. Our key insight is that the commit history and the corresponding build histories available in CI environments can be used both for build error prediction and build error localization. We leverage the build history as a labeled dataset to automatically derive customized rules describing correct CI configurations, using supervised machine learning techniques. To more accurately identify root causes, we train a neural network that filters out constraints that are less likely to be connected to the root cause of build failure. We evaluate VeriCI on real world data from GitHub and achieve 91% accuracy of predicting a build failure and correctly identify the root cause in 75% of cases. We also conducted a between-subjects user study with 20 software developers, showing that VeriCI significantly helps users in identifying and fixing errors in CI. 
    more » « less
  4. INTRODUCTION: Quadriceps tendon autografts have experienced a rapid rise in popularity for anterior cruciate ligament (ACL) reconstruction due to advantages in graft sizing and potential improvement in biomechanics. While there is a growing body of literature on use of quadriceps tendon grafts, deeper investigation into the biomechanical properties of stitch techniques in this construct has been limited. The purpose of this study was to evaluate the performance of a novel suture needle against different conventional suture needles by comparing the biomechanical properties of two commonly used stitch methods, a whip stitch, and a locking stitch in quadriceps tendon. It was hypothesized that the new device would be capable of creating both whip stitches and locking stitches that are biomechanically equivalent to similar stitch techniques performed with conventional needle products. METHODS: This was a controlled biomechanical study. A total of 24 matched pair cadaveric knees were dissected and a total of 48 quadriceps tendons were harvested and tested. All tendon grafts were standardized to the same size. Samples were then randomized into the following groups, keeping the matched pairs together: (Group 1, n=16) consisted of Company W’s novel two-part suture needle design, (Group 2, n=16) consisted of Company A suture, and (Group 3, n=16) consisted of Company B suture. For each group, the matched pairs were categorized into subgroups to be instrumented with either a whip stitch or a locking stitch. Two fellowship-trained surgeons performed all stitching, where they each instrumented 8 tendon grafts per group. For instrumentation, the grafts were clamped to a preparation stand in accordance with the manufacturer’s recommendations for passing each suture needle. A skin marker was used to identify and mark five evenly spaced points, 0.5 cm apart, as a guide to create a 5-stitch series. For Group 1, the whip stitch as well as the locking whip stitch were performed with a novel 2-part needle. For Group 2, the whip stitch was performed with loop suture needle and the locking stitch was krackow with a curved needle. Similarly, for Group 3, the whip stitch was performed with loop suture needle and the locking stitch was krackow with a curved needle (Figure 1). Cyclical testing was performed using a servohydraulic testing machine (MTS Bionix) equipped with a 5kN load cell. A standardized length of tendon, 7 cm, was coupled to the MTS actuator by passing it through a cryoclamp cooled by dry ice to a temperature of -5°C (Figure 2). All testing samples were then pre-conditioned to normalize viscoelastic effects and testing variability through application of cyclical loading to 25-100 N for three cycles. The samples were then held at 89 N for 15 minutes. Thereafter, the samples were loaded to 50-200 N for 500 cycles at 1 Hz. If samples survived, they were ramped to failure at 20 mm/min. Displacement and force data was collected throughout testing. Metrics of interest were total elongation (mm), stiffness (N/mm), ultimate failure load (N) and failure mode. Data are presented as averages plus/minus standard deviation. A one-way analysis of variance (ANOVA) with a Tukey pairwise comparison post hoc analysis was used to evaluate differences between the various stitching methods. Statistical significance was set at P = .05. RESULTS SECTION: For the whip stitch methods, the total elongation was found to be equivalent across all methods (W: 36 ± 10 mm; A: 32 ± 18 mm; B: 33 ± 8 mm). The stiffness of Company A (103 ± 11 N/mm) method was significantly larger than Company W (64 ± 8 N/mm; p=.001), whereas stiffness of whip stitch by Company W was equivalent to Company B (80 ± 32 N/mm). The ultimate failure load was equivalent across all whip stitch methods (W: 379 ± 31 mm; A: 412 ± 103 mm; B: 438 ± 63 mm). For the locking stitch method, the total elongation (W: 26 ± 10 mm; A: 14 ± 2 mm; B: 29 ± 5 mm), stiffness (W: 75 ± 11 N/mm; A: 104 ± 23 N/mm; B: 79 ± 10 N/mm) and ultimate load (W: 343 ± 22 N; A: 369 ± 30 N; B: 438 ± 63 N) were found to be equivalent across all methods. The failure mode for all groups is in Table 1. The common mode of failure across study groups and stitch configuration was suture breakage. However, the whip stitch from Company A and Company B had varied failure modes. DISCUSSION: Products from the three manufacturers were found to produce biomechanically equivalent whip stitches and locking stitches with respect to elongation and ultimate failure load. The only significant difference observed was that the whip stitch created with Company A’s product had a higher stiffness than Company W’s product, which could have been due to differences in the suture material. In this cadaveric quadriceps tendon model, it was shown that when using Company W’s novel two-part suture needle, users were capable of creating whip stitches and locking stitches that achieved equivalent biomechanical performance compared to similar stitch techniques performed with conventional needle products. A failure mode limited solely to suture breakage for methods completed with Company W’s needle product suggest a reliable suture construct with limited tissue damage. SIGNIFICANCE/CLINICAL RELEVANCE: Having a suture needle device with the versatility to easily perform different stitching constructs may provide surgeons an advantage needed to improve clinical outcomes. The data presented illustrates a strong new suture technique that has equivalent performance when compared to conventional needle devices and has promising applications in graft preparation for ligament and tendon reconstruction. 
    more » « less
  5. While the ultimate goal of natural-language based Human-Robot Interaction (HRI) may be free-form, mixed-initiative dialogue,social robots deployed in the near future will likely primarily engage in wakeword-driven interaction, in which users’ commands are prefaced by a wakeword such as “Hey, Robot.” This style of interaction helps to allay user privacy concerns, as the robot’s full speech recognition module need not be employed until the target wakeword is used. Unfortunately, there are a number of concerns in the popular media surrounding this style of interaction, with consumers fearing that it is training users (in particular,children) to be rude towards technology, and by extension, rude towards other humans. In this paper, we present a study that demonstrates how an alternate style of wakeword, i.e., “Excuse me, Robot” may allay this concern, by priming users to phrase commands as Indirect Speech Acts 
    more » « less