Repository logo
 

Publications

Permanent URI for this collectionhttps://hdl.handle.net/10217/239510

Browse

Recent Submissions

Now showing 1 - 20 of 44
  • Thumbnail Image
    ItemOpen Access
    "Bring your own device!": adaptive IoT device-type fingerprinting using automatic behavior extraction
    (Colorado State University. Libraries, 2025-07-25) Bar-on, Maxwel, author; Patterson, Katherine, author; Bezawada, Bruhadeshwar, author; Ray, Indrakshi, author; Ray, Indrajit, author; ACM, publisher
    Internet-of-Things (IoT) is playing a key role in modern society by offering enhanced functionalities and services. As IoT devices may introduce new security risks to the network, network administrators profile the behavior of IoT devices using device fingerprinting. Device fingerprinting typically involves training a machine learning model using the network behavioral data of existing devices. If a new device is added, the network becomes vulnerable to attacks until the time that the machine learning model is trained and updated to integrate the new device. Furthermore, if many devices are regularly added to the network, the cost of adapting the machine learning model can be significant. To address the challenges of security and scalability in fingerprinting, we create a collection of observed behaviors of IoT devices from existing devices and use this collection to construct a fingerprint for a new device. In our approach, we design a bi-component neural network architecture consisting of a transformer-based behavior-extractor (BE) and a fingerprinting interpreter. We perform a one-time training of the BE to extract behaviors from known devices. We use the generated BE for (a) fingerprinting existing devices and (b) adapting the existing fingerprinting model to new device data. In our experiments on 22 diverse IoT devices, we show that our model can identify newly introduced devices as well as known devices with a high identification rate. Our approach improves the time to adapt a model by a factor of 78.3× with no loss of accuracy, achieving recall over 98%.
  • Thumbnail Image
    ItemOpen Access
    Safety analysis in the NGAC model
    (Colorado State University. Libraries, 2025-07-07) Tan, Brian, author; Davies, Ewan S. D., author; Ray, Indrakshi, author; Abdelgawad, Mahmoud A., author; ACM, publisher
    We study the safety problem for the next-generation access control (NGAC) model. We show that under mild assumptions it is coNP-complete, and under further realistic assumptions we give an algorithm for the safety problem that significantly outperforms naive brute force search. We also show that real-world examples of mutually exclusive attributes lead to nearly worst-case behavior of our algorithm.
  • Thumbnail Image
    ItemOpen Access
    SPEAR: security posture evaluation using AI planner-reasoning on attack-connectivity
    (Colorado State University. Libraries, 2025-07-07) Podder, Rakesh, author; Caglar, Turgay, author; Bashir, Shadaab Kawnain, author; Sreedharan, Sarath, author; Ray, Indrajit, author; Ray, Indrakshi, author; ACM, publisher
    Graph-based frameworks are often used in network hardening to help a cyber defender understand how a network can be attacked and how the best defenses can be deployed. However, incorporating network connectivity parameters in the attack graph, reasoning about the attack graph when we do not have access to complete information, providing system administrator suggestions in an understandable format, and allowing them to do what-if analysis on various scenarios and attacker motives is still missing. We fill this gap by presenting SPEAR, a formal framework with tool support for security posture evaluation and analysis that keeps humanin- the-loop. SPEAR uses the causal formalism of AI planning to model vulnerabilities and configurations in a networked system. It automatically converts network configurations and vulnerability descriptions into planning models expressed in the Planning Domain Definition Language (PDDL). SPEAR identifies a set of diverse security hardening strategies that can be presented in a manner understandable to the domain expert. These allow the administrator to explore the network hardening solution space in a systematic fashion and help evaluate the impact and compare the different solutions.
  • Thumbnail Image
    ItemOpen Access
    Proof of compliance (PoC): a consensus mechanism to verify the compliance with informed consent policy in healthcare
    (Colorado State University. Libraries, 2025-06-04) Amin, Md Al, author; Tummala, Hemanth, author; Shah, Rushabh, author; Ray, Indrajit, author; ACM, publisher
    Healthcare industries are subject to various laws and regulatory oversight, just like other industries, such as pharmaceuticals, telecommunications, education, and financial services. Compliance with these regulations is essential for the organization's operation and growth. To help organizations detect early non-compliance issues, this paper proposes a consensus mechanism, Proof of Compliance (PoC), where a set of distributed, decentralized, and independent auditor nodes perform audit operations to determine the compliance status of any logical operations or accesses that have already been approved, granted, or executed in the system. The Proof of Compliance consensus mechanism helps organizations minimize compliance challenges. Organizations can consider PoC outputs to take further actions to reduce non-compliance cases and avoid compliance issues and business losses. The PoC reports do not support final regulatory compliance certification. However, it is possible if one or more multiple audit nodes are deployed and maintained in the consensus mechanism by the corresponding regulatory, government, or compliance authority.
  • Thumbnail Image
    ItemOpen Access
    Dramatically faster Partition Crossover for the traveling salesman problem
    (Colorado State University. Libraries, 2025-07-13) de Carvalho, Ozéas Quevedo, author; Whitley, Darrell, author; ACM, publisher
    The Partition Crossover is a deterministic crossover operator for the Traveling Salesman Problem (TSP). It decomposes the union graph of two TSP solutions, A and B, into connected components known as AB-cycles, from which the lower-cost edges are selected and recombined to produce offspring. The operator finds the best offspring within a search space of 2k solutions in linear time, where k is the number of recombining components. We introduce Generalized Partition Crossover 3 (GPX3), a new implementation of Partition Crossover. GPX3 features a new algorithm to quickly find AB-cycles in the union graph. It also identifies additional recombining AB-cycles, expanding the reachable search space. We show that GPX3 runs in O(n) time and is more efficient and effective than previous implementations of Partition Crossover for the TSP.
  • Thumbnail Image
    ItemOpen Access
    How Partition Crossover exposes parallel lattices and the fractal structure of k-bounded functions
    (Colorado State University. Libraries, 2025-07-13) Whitley, Darrell, author; Ochoa, Gabriela, author; Chicano, Francisco, author; ACM, publisher
    A combination of recombination and local search can expose the existence of an exponential number of parallel lattices that span the search space for all classes of k-bounded pseudo-Boolean functions, including MAX-kSAT problems. These "parallel" lattices sometimes have identical evaluations shifted by a constant. We use Partition Crossover to aid in the discovery of lattices, which are sets of 2q possible offspring from recombination events, organized into q-dimensional hypercubes, where q is the number of recombining components given two parents. Finally, we show that recursively embedded subspace lattices display a fractal structure, which can be captured using rewrite rules based on a Lindenmayer system that accurately model how local optima are distributed across different size lattices.
  • Thumbnail Image
    ItemOpen Access
    Get on the train or be left on the station: using LLMs for software engineering research
    (Colorado State University. Libraries, 2025-07-28) Trinkenreich, Bianca, author; Calefato, Fabio, author; Hanssen, Geir, author; Blincoe, Kelly, author; Kalinowski, Marcos, author; Pezzè, Mauro, author; Tell, Paolo, author; Storey, Margaret-Anne, author; ACM, publisher
    The adoption of Large Language Models (LLMs) is not only transforming software engineering (SE) practice but is also poised to fundamentally disrupt how research is conducted in the field. While perspectives on this transformation range from viewing LLMs as mere productivity tools to considering them revolutionary forces, we argue that the SE research community must proactively engage with and shape the integration of LLMs into research practices, emphasizing human agency in this transformation. As LLMs rapidly become integral to SE research—both as tools that support investigations and as subjects of study—a human-centric perspective is essential. Ensuring human oversight and interpretability is necessary for upholding scientific rigor, fostering ethical responsibility, and driving advancements in the field. Drawing from discussions at the 2nd Copenhagen Symposium on Human-Centered AI in SE, this position paper employs McLuhan's Tetrad of Media Laws to analyze the impact of LLMs on SE research. Through this theoretical lens, we examine how LLMs enhance research capabilities through accelerated ideation and automated processes, make some traditional research practices obsolete, retrieve valuable aspects of historical research approaches, and risk reversal effects when taken to extremes. Our analysis reveals opportunities for innovation and potential pitfalls that require careful consideration. We conclude with a call to action for the SE research community to proactively harness the benefits of LLMs while developing frameworks and guidelines to mitigate their risks, to ensure continued rigor and impact of research in an AI-augmented future.
  • Thumbnail Image
    ItemOpen Access
    Making software development more diverse and inclusive: key themes, challenges, and future directions
    (Colorado State University. Libraries, 2025-05-27) Hyrynsalmi, Sonja M., author; Baltes, Sebastian, author; Brown, Chris, author; Prikladnicki, Rafael, author; Rodriguez-Perez, Gema, author; Serebrenik, Alexander, author; Simmonds, Jocelyn, author; Trinkenreich, Bianca, author; Wang, Yi, author; Liebel, Grischa, author; ACM, publisher
    Introduction: Digital products increasingly reshape industries, influencing human behavior and decision-making. However, the software development teams developing these systems often lack diversity, which may lead to designs that overlook the needs, equal treatment or safety of diverse user groups. These risks highlight the need for fostering diversity and inclusion in software development to create safer, more equitable technology. Method: This research is based on insights from an academic meeting in June 2023 involving 23 software engineering researchers and practitioners. We used the collaborative discussion method 1-2-4-ALL as a systematic research approach and identified six themes around the theme "challenges and opportunities to improve Software Developer Diversity and Inclusion (SDDI)." We identified benefits, harms, and future research directions for the four main themes. Then, we discuss the remaining two themes, AI & SDDI and AI & Computer Science education, which have a cross-cutting effect on the other themes. Results: This research explores the key challenges and research opportunities for promoting SDDI, providing a roadmap to guide both researchers and practitioners. We underline that research around SDDI requires a constant focus on maximizing benefits while minimizing harms, especially to vulnerable groups. As a research community, we must strike this balance in a responsible way.
  • Thumbnail Image
    ItemOpen Access
    Exploring the untapped: student perceptions and participation in OSS
    (Colorado State University. Libraries, 2025-07-28) Santos, Italo, author; Felizardo, Katia Romero, author; Trinkereinch, Bianca, author; German, Daniel M., author; Steinmacher, Igor, author; Gerosa, Marco A., author; ACM, publisher
    Open Source Software (OSS) projects offer valuable opportunities to train the next generation of software engineers while benefiting projects and society as a whole. While research has extensively explored student participation in OSS and its use in software engineering education, student participation in OSS is still low, and the perspectives of students who have never contributed remain underexplored. This study aims to investigate the relationship between students' interest in contributing to OSS and their perceptions of barriers and motivational factors. We developed a theoretical model to understand the relationship between students' perceptions of OSS and their interest in contributing. We then surveyed students majoring in computer science and related fields (N=241). Using structural equation modeling techniques, we tested the model and found that intrinsic and internalized extrinsic motivations are positively associated with interest in contributing to OSS projects, while the impact of extrinsic motivation varies by gender. Comparatively, we found no significant relationship between barriers and interest in contributing. Students suggested several ways to make projects more attractive, including increasing awareness of the importance of OSS. Our findings can help communities better prepare to integrate students and encourage educators to enhance interest in OSS by linking participation to specific motivational factors.
  • Thumbnail Image
    ItemOpen Access
    Analyzing the communication patterns of different teammate types in a software engineering course project
    (Colorado State University. Libraries, 2025-07-28) Luther, Yanye, author; Nielsen, Lindsey, author; Cadman, Logan, author; Moraes, Marcia, author; Ghosh, Sudipto, author; Trinkenreich, Bianca, author; ACM, publisher
    Effective communication is vital for the success of professional software engineering (SE) teams. As SE courses teach essential industry skills like teamwork and collaboration, ensuring effective communication becomes important in student projects. However, poor engagement from team members can lead to conflicts, uneven workloads, and diminished learning experiences. Teammate types such as Couch Potatoes, who contribute minimally, and Hitchhikers, who rely on others while taking credit, exacerbate these issues. In contrast, Lone Wolves work independently, potentially isolating themselves, while Good Teammates actively collaborate and contribute fairly, driving team success. In this study, we aimed to investigate the communication patterns of teammate types such as Couch Potato, Hitchhiker, Lone Wolf, or Good Teammate during a SE testing course. We applied Ordered Network Analysis (ONA) to the conversational data of the teams to examine the distinct communication patterns of students whose contributions were either perceived positively (e.g., Good Teammates) or negatively (e.g., Couch Potato, Hitchhiker, Lone Wolf) by their peers. The findings reveal distinct communication behaviors across teammate types. While Good Teammates and Couch Potatoes discussed similar content, Good Teammates communicated more frequently and consistently throughout the project. Lone Wolves seldom engaged in pleasantries, reflecting a task-focused approach, whereas Hitchhikers rarely contributed substantively to technical discussions, such as pull requests, often interacted through pleasantries. These patterns emphasize the need for early interventions and communication planning to promote accountability balance and effective student collaboration during class projects.
  • Thumbnail Image
    ItemOpen Access
    Comparison of Agile scaling frameworks
    (Colorado State University. Libraries, 2023-08) Yeman, Robin J., author; Malaiya, Yashwant K., author; ACM, publisher
    21st century software development approaches, such as Agile has benefitted small initiatives with a single team building software in their ability to respond to change, reduce product delivery schedules, reduce product cost, increase product quality, and Increase employee morale. The industry has begun to question what the benefits and challenges could be if we use those same practices at scale for large Initiatives with multiple teams. There have been multiple studies on the benefits of Agile at Scale including quality, productivity, and shorter time to market. Over the last two decades dozens of Scaling frameworks have been created. However, given the large number of frameworks available, how do companies choose the right scaling framework? In this paper we review what the difference between the frameworks are by comparing their core principles. This paper began by analyzing results Digital.ai's 16th Annual state of Agile Survey which identifies the 10 most utilized frameworks according to their respondents. The paper presents a detailed analysis of the principles to assess the degree of differences among the frameworks and determine based on this which framework is the best for large scale organizations to choose.
  • Thumbnail Image
    ItemOpen Access
    Next generation genetic algorithms: efficient Crossover and local search and new results on Crossover lattices
    (Colorado State University. Libraries, 2024-07) Whitley, Darrell, author; ACM, publisher
  • Thumbnail Image
    ItemOpen Access
    Partition Crossover can linearize local optima lattices of k-bounded Pseudo-Boolean functions
    (Colorado State University. Libraries, 2023) Whitley, Darrell, author; Ochoa, Gabriela, author; Chicano, Francisco, author; ACM, publisher
    When Partition Crossover is used to recombine two parents which are local optima, the offspring are all local optima in the smallest hyperplane subspace that contains the two parents. The offspring can also be organized into a non-planar hypercube "lattice." Furthermore, all of the offspring can be evaluated using a simple linear equation. When a child of Partition Crossover is a local optimum in the full search space, the linear equation exactly determines its evaluation. When a child of Partition Crossover can be improved by local search, the linear equation is an upper bound on the evaluation of the associated local optimum when minimizing. This theoretical result holds for all k-bounded Pseudo-Boolean optimization problems, including MAX-kSAT, QUBO problems, as well as random and adjacent NK landscapes. These linear equations provide a stronger explanation as to why the "Big Valley" distribution of local optima exists. We fully enumerate a sample of NK landscapes to collect frequency information to complement our theoretical results. We also introduce new algorithmic contributions that can 1) expand smaller lattices in order to find larger lattices that contain additional local optima, and 2) introduce an efficient method to find new improving moves in lattices using score vectors.
  • Thumbnail Image
    ItemOpen Access
    Scheduling multi-resource satellites using genetic algorithms and permutation based representations
    (Colorado State University. Libraries, 2023-07) Quevedo de Carvalho, O., author; Whitley, D., author; Shetty, V., author; Jampathom, P., author; Roberts, M., author; ACM, publisher
    The U.S. Navy currently deploys Genetic Algorithms to schedule multi-resource satellites. We document this real-world application and also introduce a new synthetic test problem generator. A permutation is used as the representation. A greedy scheduler then converts the permutation into a schedule which can be displayed as a Gantt chart. Surprisingly, there have been few careful comparisons of standard generational Genetic Algorithms and Steady State Genetic Algorithms for these types of problems. In addition, this paper compares different crossover operators for the multi-resource satellite scheduling problem. Finally, we look at two ways of mapping the permutation to a schedule in the form of a Gantt chart. One method gives priority to reducing conflicts, while the other gives priority to reducing overlaps of conflicting tasks. This can produce very different results, even when the evaluation function stays exactly the same.
  • Thumbnail Image
    ItemOpen Access
    Evolutionary computation and tunneling at the edge of quantum computing
    (Colorado State University. Libraries, 2023-07) Whitley, Darrell, author; ACM, publisher
  • Thumbnail Image
    ItemOpen Access
    A unified framework for automated code transformation and pragma insertion
    (Colorado State University. Libraries, 2025-02-27) Pouget, Stéphane, author; Pouchet, Louis-Noël, author; Cong, Jason, author; ACM, publisher
    High-Level Synthesis compilers and Design Space Exploration tools have greatly advanced the automation of hardware design, improving development time and performance. However, achieving a good Quality of Results still requires extensive manual code transformations, pragma insertion, and tile size selection, which are typically handled separately. The design space is too large to be fully explored by this fragmented approach. It is too difficult to navigate this way, limits the exploration of potential optimizations, and complicates the design generation process. To tackle this obstacle, we propose Sisyphus, a unified framework that automates code transformation, pragma insertion, and tile size selection within a common optimization framework. By leveraging Nonlinear Programming, our approach efficiently explores the vast design space of regular loop-based kernels, automatically selecting loop transformations and pragmas that minimize latency. Evaluation against state-of-the-art frameworks, including AutoDSE, NLP-DSE, and ScaleHLS, shows that Sisyphus achieves superior Quality of Results, outperforming alternatives across multiple benchmarks. By integrating code transformation and pragma insertion into a unified model, Sisyphus significantly reduces design generation complexity and improves performance for FPGA-based systems.
  • Thumbnail Image
    ItemOpen Access
    Automatic hardware pragma insertion in high-level synthesis: a non-linear programming approach
    (Colorado State University. Libraries, 2025-02-07) Pouget, Stéphane, author; Pouchet, Louis-Noël, author; Cong, Jason, author; ACM, publisher
    High-Level Synthesis enables the rapid prototyping of hardware accelerators, by combining a high-level description of the functional behavior of a kernel with a set of micro-architecture optimizations as inputs. Such optimizations can be described by inserting pragmas e.g., pipelining and replication of units, or even higher level transformations for HLS such as automatic data caching using the AMD/Xilinx Merlin compiler. Selecting the best combination of pragmas, even within a restricted set, remains particularly challenging and the typical state-of-practice uses design-space exploration to navigate this space. But due to the highly irregular performance distribution of pragma configurations, typical DSE approaches are either extremely time consuming, or operating on a severely restricted search space. This work proposes a framework to automatically insert HLS pragmas in regular loop-based programs, supporting pipelining, unit replication, and data caching. We develop an analytical performance and resource model as a function of the input program properties and pragmas inserted, using non-linear constraints and objectives. We prove this model provides a lower bound on the actual performance after HLS. We then encode this model as a Non-Linear Program, by making the pragma configuration unknowns of the system, which is computed optimally by solving this NLP. This approach can also be used during DSE, to quickly prune points with a (possibly partial) pragma configuration, driven by lower bounds on achievable latency. We extensively evaluate our end-to-end, fully implemented system, showing it can effectively manipulate spaces of billions of designs in seconds to minutes for the kernels evaluated.
  • Thumbnail Image
    ItemOpen Access
    Segmentation and immersive visualization of brain lesions using deep learning and virtual reality
    (Colorado State University. Libraries, 2025-01-19) Kelley, Brendan, author; Plabst, Lucas, author; Plabst, Lena, author; ACM, publisher
    Magnetic resonance imaging (MRIs) are commonly used for diagnosing potential neurological disorders, however preparation and interpretation of MRI scans requires professional oversight. Additionally, MRIs are typically viewed as single cross sections of the affected regions which does not always capture the full picture of brain lesions and can be difficult to understand due to 2D's inherent abstraction of our 3D world. To address these challenges we propose a immersive visualization pipeline that combines deep learning image segmentation techniques using a VGG-16 model trained on MRI fluid attenuated inversion recovery (FLAIR) with virtual reality (VR) immersive analytics. Our visualization pipeline begins with our VGG-16 model predicting which regions of the brain are potentially affected by a disease. This output, along with the original scan, are then volumentrically rendered. These renders can then be viewed in VR using an head mounted display (HMD). Within the HMD users can move through the volumentric renderings to view the affected regions and utilize planes to view cross sections of the MRI scans. Our work provides a potential pipeline and tool for diagnosis and care.
  • Thumbnail Image
    ItemOpen Access
    Maximal simplification of polyhedral reductions
    (Colorado State University. Libraries, 2025-01-09) Narmour, Louis, author; Yuki, Tomofumi, author; Rajopadhye, Sanjay, author; ACM, publisher
    Reductions combine collections of input values with an associative and often commutative operator to produce collections of results. When the same input value contributes to multiple outputs, there is an opportunity to reuse partial results, enabling reduction simplification. Simplification often produces a program with lower asymptotic complexity. Typical compiler optimizations yield, at best, a constant fold speedup, but a complexity improvement from, say, cubic to quadratic complexity yields unbounded speedup for sufficiently large problems. It is well known that reductions in polyhedral programs may be simplified automatically, but previous methods cannot exploit all available reuse. This paper resolves this long-standing open problem, thereby attaining minimal asymptotic complexity in the simplified program. We propose extensions to prior work on simplification to support any independent commutative reduction. At the heart of our approach is piece-wise simplification, the notion that we can split an arbitrary reduction into pieces and then independently simplify each piece. However, the difficulty of using such piece-wise transformations is that they typically involve an infinite number of choices. We give constructive proofs to deal with this and select a finite number of pieces for simplification.
  • Thumbnail Image
    ItemOpen Access
    Integrating soft skills training into your course through a collaborative activity
    (Colorado State University. Libraries, 2025-02-18) Brieven, Géraldine, author; Moraes, Marcia, author; Pawelczak, Dieter, author; Vasilache, Simona, author; Donnet, Benoit, author; ACM, publisher
    Nowadays, employers highly value soft skills, yet many students lack these fundamental abilities. Teaching soft skills involves fostering active student participation and facilitating communication of technical knowledge among peers. This approach presents challenges: (i) creating an engaging learning environment; (ii) ensuring students get timely feedback; (iii) finding an approach that is not too time-consuming for instructors to prepare. The Collaborative Design & Build (CDB) activity, described in this paper, was designed to respond to these challenges. It simulates a real-life scenario, triggering students' interest. The success of this collaborative activity hinges on students working together in a structured chain, where each team builds upon and contributes to the success of the others. This fosters student engagement and accountability as they realize the impact of their actions on the entire chain. This pedagogical approach has already been adopted by four universities abroad. This paper shows how it can be deployed in different courses. Finally, it also discusses how students perceived the activity through four soft skills: collaboration, communication, problem solving and critical thinking. These skills were selected based on their relevance, both in the context of the collaborative activity and in the job market. They are also aligned with the ''4C's of 21st Century skills''. Results show that while students initially struggled with soft skills, consistent practice throughout the semester boosted their confidence, especially in communication. This makes the activity particularly relevant in the classroom, as communication is considered as the most important soft skill for the future.