Designing Warnings to Reduce Identity Disclosure

The objective of this research was to identify aspects of warnings that will reduce online disclosure of personal information, specifically aspects that people do not consider sensitive. The vast majority of online commercial websites collect personal data, and many consumers report cybercrime events, such that identity theft is a significant risk. Most people can be uniquely identified by the combination of their birth date, age, and gender. This is problematic, since people do not believe these identity elements to be important to safeguard. Participants were asked to provide personal information to receive an online insurance quote. Participants in experimental conditions were warned not to disclose their date of birth. The experimental manipulations were (a) the vividness of the warnings and (b) whether an alternative to disclosure was recommended. Analyses indicated that providing an alternative to disclosure proved to be an effective strategy to reduce disclosure. Personal information disclosure can be reduced through warnings, but warnings need to be carefully designed and tested. Clear recommendations for alternative behavior may be especially effective. Designers of warnings and alerts can use the principles identified in this research to make their messages more effective.     

Checking Consistency and Completeness of On-Line Product Manuals

As products are growing more complex, so is their documentation. With an increasing number of product options, the diversity in service and maintenance procedures grows accordingly. This trend also holds for large-scale medical devices such as magnetic resonance (MR) tomographs. Siemens Medical Solutions has thus decided against one common on-line service handbook for all its MR tomographs. Instead, they fragment the on-line documentation into small packages, out of which a suitable subset is selected for each individual product instance. Selection of (so-called) help packages is controlled by XML terms encoding Boolean choice conditions. To assure that the set of available help packages is sufficient for all valid product instances, we developed a tool called HelpChecker that provides a transformation of XML terms to propositional logic formulas and then employs BDD-based methods to ascertain completeness of the on-line documentation and to support authors in locating any gaps. Experiments with SAT-Solvers were also made.     

Translating Technical Data into Effective User Manuals

Every software system, whether designed for commercial or noncommercial use, must be documented. Documentation must be geared to users' needs and knowledge; it should be neither too technical nor too simple. The quality of documentation is a major determinant of how well a system is received and how widely it is used.     

Translating Technical Data into Effective User Manuals

Abstract

Every software system, whether designed for commercial or noncommercial use, must be documented. Documentation must be geared to users' needs and knowledge; it should be neither too technical nor too simple. The quality of documentation is a major determinant of how well a system is received and how widely it is used.     

Post-Implementation Usability of Erp Training Manuals: The User's Perspective

Training users is critical to the success of ERP implementations. An important aspect of training is documentation in the form of training manuals. However, the effectiveness of the training manuals will depend on their perceived usability. in this study, data on users' perceptions of ERP training manuals, more than two years post-implementation, are analyzed for usability dimensions of task support, learnability, navigation, and presentation.     

Zero-subject Resolution Using Linguistic Constraints and Defaults: The Case of Japanese Instruction Manuals

This paper proposes a methodfor anaphora resolution ofzero subjects in Japaneseinstruction manuals based onboth the linguistic nature ofexpressions and the generalontology of the text type.In instruction manuals writtenin Japanese, zero subject isone of main reasons forambiguity of sentences.In order to resolve them,we examined the property ofseveral types of expressionsincluding some forms of verbalphrases and some conjunctive clauses.As a result, we have aset of constraints and defaultsfor zero subject resolution.We verified the precision and recall rateof the constraints and defaults with realexamples, and have found that they makequite good estimates with 97% precisionand 80% recall.     

基于目标制导符号执行的静态缓冲区溢出警报自动确认技术

缓冲区溢出漏洞是一类严重的安全性缺陷。目前存在动态测试和静态分析技术来检测缓冲区溢出缺陷:动态测试技术的有效性取决于测试用例的设计,而且往往会引入执行开销;静态分析技术及自动化工具已经被广泛运用于缓冲区溢出缺陷检测中,然而静态分析由于采取了保守的策略,其结果往往包含数量巨大的误报,需要通过进一步人工确认来甄别误报,但人工确认静态分析的结果耗时且容易出错,严重限制了静态分析技术的实用性。符号执行技术使用符号代替实际输入,能系统地探索程序的状态空间并生成高覆盖度的测试用例。本文提出一种基于目标制导符号执行的静态缓冲区溢出警报确认方法,使用静态分析工具的输出结果作为目标,制导符号执行确认警报。我们的方法分为3步:首先在过程间控制流图中检测静态分析警报路径片段的可达性,并将可达的警报路径片段集合映射为用于确认的完整确认路径集合;其次在符号执行中通过修剪与溢出缺陷疑似语句无关的路径,指导符号执行沿特定确认路径执行;最后在溢出缺陷疑似语句收集路径约束并加入溢出条件,通过约束求解的结果,对静态分析的警报进行分类。基于上述方法我们实现了原型工具BOVTool,实验结果表明在实际开源程序上BOVTool能够代替人工减少检查59.9%的缓冲区溢出误报。     

Warnings: a supplement not a substitute for other approaches to safety

Warnings in the workplace are analysed from the global perspective that they are not a substitute for, but rather a supplement to, good product design, employee selection, training, job design, supervision, and the provision of other forms of safety information including written procedures and checklists. An explanation is given for when and why these latter approaches will be more effective for reducing both errors and violations. Situations where warnings will be useful and further areas of research are also discussed.     

C/C++程序静态内存泄漏警报自动确认方法

内存泄漏是C/C++程序的一种常见的、难以发现的缺陷,一直困扰着软件开发者,尤其是针对长时间运行的程序或者系统软件,内存泄漏的后果十分严重.针对内存泄漏的检测,目前主要有静态分析和动态测试两种方法.动态测试实际运行程序,具有较大开销,同时依赖测试用例的质量;静态分析技术及自动化工具已经被学术界和工业界广泛运用于内存泄漏缺陷检测中,然而由于静态分析采取了保守的策略,其结果往往包含数量巨大的误报,需要通过进一步人工确认来甄别误报,但人工确认静态分析的结果耗时且容易出错,严重限制了静态分析技术的实用性.本文提出了一种基于混合执行测试的静态内存泄漏警报的自动化确认方法.首先,针对静态分析报告的目标程序中内存泄漏的静态警报,对目标程序进行控制流分析,并计算警报的可达性,形成制导信息;其次,基于警报制导信息对目标程序进行混合执行测试;最后,在混合执行测试过程中,监控追踪内存对象的状态,判定内存泄漏是否发生,对静态警报进行动态确认并分类.实验结果表明该方法可以对静态内存泄漏警报进行有效的分类,显著降低了人工确认的工作量.实验详情参见：http://ssthappy.github.io/memleak/.     

Designing and Building TerraService

A few simple rules guide the design of Web services such as TerraService, a geospatial service added to Microsoft's popular TerraServer database. By sticking to standards-based tools, the authors were able to implement the Web service with no major structural changes to the database. Because it conforms to the "1-to-10 Kbytes in one second" guideline, TerraService offers a highly acceptable user experience. The success of two US Department of Agriculture applications that bridge the Web service and the database demonstrates the astuteness of the authors' design principles.     

Designing Then and Now

Over the past 25 years, we've made great advances in tooling, technologies, and techniques that make software design more concrete. But design still requires careful thought.     

CZ-CIMS设计与实现

该CIMS系统是典型的流程型CIMS系统,它实现了决策支持分系统、生产指挥分系统、过程控制分系统、质量保证分系统、营销管理分系统和综合办公管理分系统等六大分系统的有效集成。该系统采用B/S结构,实现企业物流、信息流、资金流三流合一,建立了开放性的现代化集成系统。     

NQJ-CIMS的设计与实现

NQJCIMS项目全面改善了企业的“T、Q、C、S、E”五项竞争要素。实现了企业资源计划分系统（ERP）、产品开发分系统（PDS）、制造执行分系统（MES）、质量信息管理分系统（QIS）、办公自动化分系统（OA）等五个分系统的有效集成。以COM／DCOM为软件的集成平台,取得了良好的效果。     

Expert Sources in Warnings May Reduce the Extent of Identity Disclosure in Cyber Contexts

Identity theft is an increasing threat to individuals, institutions, and the economy. People are often not adequately cautious with the disclosure of their personal information in digital contexts and may make poor decisions to reveal private information. Warnings reduce unnecessary information exposure, but the effectiveness may depend on source credibility and expertise on influencing risk perceptions and attitudes. The warnings must be designed for users acting in a digital context. The current research was conducted to determine whether adding a trustworthy and expert source to a message that warned individuals not to disclose their personal information would impact decisions to disclose. First, a survey (pilot study) was conducted to identify the source considered the most trustworthy (among Google, FBI Cyber Division, and Department of Justice) and competent with respect to online security. Google received the highest ratings. In a later experiment, warnings with sources did reduce the extent of disclosure, with the FBI Cyber Division (not Google) being the most effective source. The results indicate that warnings need to be tested with respect to the actual target behavior (in this case, disclosure), rather than relying on individuals’ perceptions of trust, risk, or influence of a warning message when designing effective warnings.