The rich and still expanding literature on TBLT is helping to mature both its theoretical conceptualization and practical implementation in foreign and second language education. Similarly, computer-assisted language learning (CALL) has grown as a field, with the use and integration of technology in the classroom continuing to increase and will continue to play an important role in this maturat...

Malware analysis is the process of determining the purpose and functionality of a given malware sample (such as a virus, worm, or Trojan horse). This process is a necessary step to be able to develop effective detection techniques for malicious code. In addition, it is an important prerequisite for the development of removal tools that can thoroughly delete malware from an infected machine. Tra...

A number of tools can statically check program code to identify commonly encountered bug patterns. At the same time, programs are increasingly relying on external APIs for performing the bulk of their work: the bug-prone program logic is being fleshed-out, and many errors involve tricky subroutine calls to the constantly growing set of external libraries. Extending the static analysis tools to ...

◆ This research is built upon and extends the Ballista project. • High level testing done using the API to perform fault injection – Send exceptional values into a system through the API – Requires no modification to code -only linkable object files needed • Each test is a specific function call with a specific set of parameters – Combinations of valid and invalid parameters tried in turn ◆ Yes...

A web application today often utilizes web APIs to incorporate third-party services into its functionality. Such API integration, however, is full of security perils: recent studies show that popular web sites using high-profile web services, such as PayPal/Amazon checkouts and Facebook/Google singlesign-on (SSO) services, are riddled with logic flaws, enabling a malicious party to shop for fre...

Traditional, general-purpose operating systems strictly separate user processes from the kernel. Processes can only communicate with the kernel through system calls. As a means to ensure system security, system calls inevitably involve performance overhead. Direct User Callback from the Kernel, or DUCK, is a framework that improves the performance of network-centric applications by executing a ...

Open APIs are software intermediaries that make it possible for application programs to interact with data and processes, which can both be viewed as forms of services. In many scenarios, when one wants to obtain or publish a new service, one would like to check whether the new functionality can simply be obtained by suitably composing existing services. In this paper we study this problem by d...

The R package CFC performs cause-specific, competing-risk survival analysis by computing cumulative incidence functions from unadjusted, cause-specific survival functions. A high-level API in CFC enables end-to-end survival and competing-risk analysis, using a single-line function call, based on the parametric survival regression models in survival package. A low-level API allows users to achie...

Programs running on insecure or malicious hosts have often been cited as ripe targets for security attacks. The enabling technology for these attacks is the ability to easily analyze and control the running program. Dynamic instrumentation provides the necessary technology for this analysis and control. As embodied in the DynInst API library, dynamic instrumentation allows easy construction of ...

Given the pervasive nature of malicious mobile code (viruses, worms, etc.), developing statistical/structural models of code execution is of considerable importance. We investigate using probabilistic suffix trees (PSTs) and associated suffix automata (PSAs) to build models of benign application behavior with the goal of subsequently being able to detect malicious applications as anything that ...