-
Do Users Write More Insecure Code with AI Assistants?
Authors:
Neil Perry,
Megha Srivastava,
Deepak Kumar,
Dan Boneh
Abstract:
We conduct the first large-scale user study examining how users interact with an AI Code assistant to solve a variety of security related tasks across different programming languages. Overall, we find that participants who had access to an AI assistant based on OpenAI's codex-davinci-002 model wrote significantly less secure code than those without access. Additionally, participants with access to…
▽ More
We conduct the first large-scale user study examining how users interact with an AI Code assistant to solve a variety of security related tasks across different programming languages. Overall, we find that participants who had access to an AI assistant based on OpenAI's codex-davinci-002 model wrote significantly less secure code than those without access. Additionally, participants with access to an AI assistant were more likely to believe they wrote secure code than those without access to the AI assistant. Furthermore, we find that participants who trusted the AI less and engaged more with the language and format of their prompts (e.g. re-phrasing, adjusting temperature) provided code with fewer security vulnerabilities. Finally, in order to better inform the design of future AI-based Code assistants, we provide an in-depth analysis of participants' language and interaction behavior, as well as release our user interface as an instrument to conduct similar studies in the future.
△ Less
Submitted 18 December, 2023; v1 submitted 7 November, 2022;
originally announced November 2022.
-
RWN: A Novel Neighborhood-Based Method for Statistical Disclosure Control
Authors:
Noah Perry,
Norman Matloff,
Patrick Tendick
Abstract:
A novel variation of the data swap** approach to statistical disclosure control is presented, aimed particularly at preservation of multivariate relations in the original dataset. A theorem is proved in support of the method, and extensive empirical investigation is reported.
A novel variation of the data swap** approach to statistical disclosure control is presented, aimed particularly at preservation of multivariate relations in the original dataset. A theorem is proved in support of the method, and extensive empirical investigation is reported.
△ Less
Submitted 12 October, 2022;
originally announced October 2022.
-
Strong Anonymity for Mesh Messaging
Authors:
Neil Perry,
Bruce Spang,
Saba Eskandarian,
Dan Boneh
Abstract:
Messaging systems built on mesh networks consisting of smartphones communicating over Bluetooth have been used by protesters around the world after governments have disrupted Internet connectivity. Unfortunately, existing systems have been shown to be insecure; most concerningly by not adequately hiding metadata. This is further complicated by the fact that wireless communication such as Bluetooth…
▽ More
Messaging systems built on mesh networks consisting of smartphones communicating over Bluetooth have been used by protesters around the world after governments have disrupted Internet connectivity. Unfortunately, existing systems have been shown to be insecure; most concerningly by not adequately hiding metadata. This is further complicated by the fact that wireless communication such as Bluetooth is inherently a broadcasting medium. In this paper, we present a new threat model that captures the security requirements of protesters in this setting. We then provide a solution that satisfies the required security properties, hides all relevant metadata, scales to moderately sized protests, and supports group messaging. This is achieved by broadcasting all messages in a way that limits the overhead of duplicate messages, ensuring that ciphertexts do not leak metadata, and limiting what can be learned by observing user behavior. We also build a model of our system and numerically evaluate it to support our claims and analyze how many users it supports. Finally, we discuss further extensions that remove potential bottlenecks in scaling and support substantially more users.
△ Less
Submitted 22 August, 2022; v1 submitted 8 July, 2022;
originally announced July 2022.
-
How Do You #relax When You're #stressed? A Content Analysis and Infodemiology Study of Stress-Related Tweets
Authors:
Son Doan,
Amanda Ritchart,
Nicholas Perry,
Juan D Chaparro,
Mike Conway
Abstract:
Background: Stress is a contributing factor to many major health problems in the United States, such as heart disease, depression, and autoimmune diseases. Relaxation is often recommended in mental health treatment as a frontline strategy to reduce stress, thereby improving health conditions.
Objective: The objective of our study was to understand how people express their feelings of stress and…
▽ More
Background: Stress is a contributing factor to many major health problems in the United States, such as heart disease, depression, and autoimmune diseases. Relaxation is often recommended in mental health treatment as a frontline strategy to reduce stress, thereby improving health conditions.
Objective: The objective of our study was to understand how people express their feelings of stress and relaxation through Twitter messages.
Methods: We first performed a qualitative content analysis of 1326 and 781 tweets containing the keywords "stress" and "relax", respectively. We then investigated the use of machine learning algorithms to automatically classify tweets as stress versus non stress and relaxation versus non relaxation. Finally, we applied these classifiers to sample datasets drawn from 4 cities with the goal of evaluating the extent of any correlation between our automatic classification of tweets and results from public stress surveys.
Results: Content analysis showed that the most frequent topic of stress tweets was education, followed by work and social relationships. The most frequent topic of relaxation tweets was rest and vacation, followed by nature and water. When we applied the classifiers to the cities dataset, the proportion of stress tweets in New York and San Diego was substantially higher than that in Los Angeles and San Francisco.
Conclusions: This content analysis and infodemiology study revealed that Twitter, when used in conjunction with natural language processing techniques, is a useful data source for understanding stress and stress management strategies, and can potentially supplement infrequently collected survey-based stress data.
△ Less
Submitted 22 November, 2019; v1 submitted 20 November, 2019;
originally announced November 2019.
-
Deployment of an Innovative Resource Choice Method for Process Planning
Authors:
Alexandre Candlot,
Nicolas Perry,
Alain Bernard,
Samar Ammar-Khodja
Abstract:
Designers, process planners and manufacturers naturally consider different concepts for a same object. The stiffness of production means and the design specification requirements mark out process planners as responsible of the coherent integration of all constraints. First, this paper details an innovative solution of resource choice, applied for aircraft manufacturing parts. In a second part, key…
▽ More
Designers, process planners and manufacturers naturally consider different concepts for a same object. The stiffness of production means and the design specification requirements mark out process planners as responsible of the coherent integration of all constraints. First, this paper details an innovative solution of resource choice, applied for aircraft manufacturing parts. In a second part, key concepts are instanced for the considered industrial domain. Finally, a digital mock up validates the solution viability and demonstrates the possibility of an in-process knowledge capitalisation and use. Formalising the link between Design and Manufacturing allows to hope enhancements of simultaneous Product / Process developments.
△ Less
Submitted 5 February, 2014;
originally announced February 2014.
-
VCS: Value Chains Simulator, a Tool for Value Analysis of Manufacturing Enterprise Processes (A Value-Based Decision Support Tool)
Authors:
Magali Mauchand,
Ali Siadat,
Nicolas Perry,
Alain Bernard
Abstract:
Manufacturing enterprises are facing a competitive challenge. This paper proposes the use of a value chain based approach to support the modelling and simulation of manufacturing enterprise processes. The aim is to help experts to make relevant decisions on product design and/or product manufacturing process planning. This decision tool is based on the value chain modelling, by considering the pro…
▽ More
Manufacturing enterprises are facing a competitive challenge. This paper proposes the use of a value chain based approach to support the modelling and simulation of manufacturing enterprise processes. The aim is to help experts to make relevant decisions on product design and/or product manufacturing process planning. This decision tool is based on the value chain modelling, by considering the product requirements. In order to evaluate several performance indicators, a simulation of various potential value chains adapted to market demand was conducted through a Value Chains Simulator (VCS). A discrete event simulator is used to perform the simulation of these scenarios and to evaluate the value as a global performance criterion (balancing cost, quality, delivery time, services, etc.). An Analytical Hierarchy Process module supports the analysis process. The value chain model is based on activities and uses the concepts of resource consumption, while integrating the benefiting entities view point. A case study in the microelectronic field is carried out to corroborate the validity of the proposed VCS.
△ Less
Submitted 7 October, 2012;
originally announced October 2012.
-
Customised high-value document generation
Authors:
Niek Du Preez,
Nicolas Perry,
Alexandre Candlot,
Alain Bernard,
Wilhelm Uys,
Louis Louw
Abstract:
Contributions of different experts to innovation projects improve enterprise value, captured in documents. A subset of them is the centre of expert constraint convergence. Their production needs to be tailored case by case. Documents are often considered as knowledge transcription. As the base of a structured knowledge-based information environment, this paper presents a global approach that helps…
▽ More
Contributions of different experts to innovation projects improve enterprise value, captured in documents. A subset of them is the centre of expert constraint convergence. Their production needs to be tailored case by case. Documents are often considered as knowledge transcription. As the base of a structured knowledge-based information environment, this paper presents a global approach that helps knowledge-integration tool deployment. An example, based on process plan in aircraft manufacturing, indicates how fundamental understanding of domain infrastructure contributes to a more coherent architecture of knowledge-based information environments. A comparison with an experiment in insurance services generalised the application of presented principles.
△ Less
Submitted 7 October, 2012;
originally announced October 2012.
-
Integration of CAD and rapid manufacturing for sand casting optimisation
Authors:
Alain Bernard,
Jean-Charles Delplace,
Nicolas Perry,
Serge Gabriel
Abstract:
In order to reduce the time and costs of the products development in the sand casting process, the SMC Colombier Fontaine company has carried out a study based on tooling manufacturing with a new rapid prototy** process. This evolution allowed the adequacy of the geometry used for the simulation to the tooling employed physically in the production. This allowed a reduction of the wall thickness…
▽ More
In order to reduce the time and costs of the products development in the sand casting process, the SMC Colombier Fontaine company has carried out a study based on tooling manufacturing with a new rapid prototy** process. This evolution allowed the adequacy of the geometry used for the simulation to the tooling employed physically in the production. This allowed a reduction of the wall thickness to 4mm and retained reliable manufacturing process.
△ Less
Submitted 7 October, 2012;
originally announced October 2012.
-
A Knowledge Engineering Method for New Product Development
Authors:
Nicolas Perry,
Samar Ammar-Khodja
Abstract:
Engineering activities involve large groups of people from different domains and disciplines. They often generate important information flows that are difficult to manage. To face these difficulties, a knowledge engineering process is necessary to structure the information and its use. This paper presents a deployment of a knowledge capitalization process based on the enrichment of MOKA methodolog…
▽ More
Engineering activities involve large groups of people from different domains and disciplines. They often generate important information flows that are difficult to manage. To face these difficulties, a knowledge engineering process is necessary to structure the information and its use. This paper presents a deployment of a knowledge capitalization process based on the enrichment of MOKA methodology to support the integration of Process Planning knowledge in a CAD System. Our goal is to help different actors to work collaboratively by proposing one referential view of the domain, the context and the objectives assuming that it will help them in better decision-making.
△ Less
Submitted 22 January, 2012;
originally announced January 2012.
-
Collaborative knowledge networks emergence for innovation: Factors of success analysis and comparison
Authors:
Nicolas Perry,
Alexandre Candlot,
Schutte Corne
Abstract:
New product development needs new engineering approaches. Knowledge is a key resource that impacts traditional, organisational, economic and innovative models. Through NICT (New Information and Communication Technologies), globalisation encourages the emergence of networks that overcome traditional organisation boundaries. International enterprises, European-Community Networks of Excellence or Clu…
▽ More
New product development needs new engineering approaches. Knowledge is a key resource that impacts traditional, organisational, economic and innovative models. Through NICT (New Information and Communication Technologies), globalisation encourages the emergence of networks that overcome traditional organisation boundaries. International enterprises, European-Community Networks of Excellence or Clusters (competitiveness poles) indicate the need to define a new way of thinking. This new way moves towards an agile, continuous innovative use of knowledge. Based on an epistemic study of knowledge management best practices, four examples show the barriers that can be encountered today. This paper aims defining the key elements that enhance collaborative networks. The analysis of best practices from collaborative environments enables the design of high standard information systems and initiate knowledge ecosystems. A balance between formalism required to share knowledge and fuzziness of social networks triggers new initiatives. This ensures the validity of information exchange through virtual collaboration. It helps to maintain group coherence despite exceeding the natural maximum number of collaborators. Finally the main success or failure factors are highlights and commented to ease the transition from economic-driven to expertise-driven models is then facilitated.
△ Less
Submitted 23 January, 2012;
originally announced January 2012.