SDLI: Static Detection of Leaks Across Intents

Total Page:16

File Type:pdf, Size:1020Kb

SDLI: Static Detection of Leaks Across Intents 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering SDLI: Static Detection of Leaks across Intents Rocco Salvia Pietro Ferrara Fausto Spoto Agostino Cortesi School of Computing JuliaSoft SRL Universita` di Verona DAIS University of Utah Verona, Italy and JuliaSoft SRL Universita` Ca’ Foscari Salt Lake City, Utah, USA pietro.ferrara@ Verona, Italy Venice, Italy [email protected] juliasoft.com [email protected] [email protected] Abstract—Intents are Android’s intra and inter-application real world apps from the Google Play marketplace, where its communication mechanism. They specify an action to perform, ability to deal with implicit intents uncovers dangerous flows. with extra data, and are sent to a receiver component or Finally, the analysis is soundy [9], since it inherits the power broadcast to many components. Components, in the same or in a distinct app, receive the intent if they are available to and precision but also the limitations of Julia [17], [10] and of perform the desired action. Hence, a sound static analyzer must most static tools that analyze real software (typically because be aware of information flows through intents. That can be of reflection and multithreading). achieved by considering intents as both source (when reading) This article is organized as follows. Sec. II discusses the and sink (when writing) of confidential data. But this is overly state of the art on intent analysis. Sec. III presents the structure conservative if the intent stays inside the same app or if the set of apps installed on the device is known in advance. In such cases, of Android apps and the use of intents. Sec. IV recalls Julia’s a sound approximation of the flow of intents leads to a more flow analysis and shows its application to Android. Sec. V precise analysis. This work describes SDLI, a novel static analyzer presents the novel intent analysis. Sec. VI reports experiments. that, for each app, creates an XML summary file reporting a Sec. VII concludes. description of the tainted information in outwards intents and of the intents the app is available to serve. SDLI discovers confidential information leaks when two apps communicate, by II. RELATED WORK matching their XML summaries, looking for tainted outwards intents of the first app that can be inwards intents of the Most analyses dealing with intents focus on a limited set second app. The tool is implemented inside Julia, an industrial of components only, typically activities. Some analyze the static analyzer. On some popular apps from the Google Play Android Dalvik (.dex) bytecode directly, others first translate it marketplace, it spots inter-apps leaks of confidential data, hence into Java bytecode or other intermediate language, then perform showing its practical effectiveness. Index Terms—Information Flow, Static Analysis, Abstract the analysis [16]. We now compare our approach to some of Interpretation, Android, Intent. the most notable tools. FlowDroid [2] performs taint analysis on .dex files. It collects I. INTRODUCTION sources and sinks using SuSi [15] and it considers any method This article reports design and implementation of a novel that sends intents as a sink and any call that extracts data intent analysis that detects sensitive information flows across from an intent as a source. It does not deal with implicit different Android applications (apps) and its integration inside intents nor with intent modifiers, unless they are constant the Julia static analyzer. Our analysis warns when an intent strings. Epicc [13] performs a sound static analysis of Android carries sensitive data from one app to another. Hence, it tracks apps in Java bytecode, translated from .dex code through intent flows both between components and between apps. It Dare [11]. It focuses on inter-component communication uses Julia’s flow analysis for tracking flows of tainted data, through intents, also between different apps. It deals with using an abstraction in terms of Boolean formulas to express intent filters statically specified in the manifest but also with all possible explicit flows of tainted data [5]. Starting from dynamically registered broadcast receivers. The analyzer does a set of sources of tainted user input, it establishes if tainted not always detect such receivers in a sound way, because of data flows into sensitive sinks. intrinsic limitations of the tool: no static fields, no reflection, SDLI is the implementation of such analysis, on top of the limited string analysis. IccTA [8] identifies sources and sinks Julia analyzer. For each app, SDLI computes a soundy XML with SuSi, like FlowDroid. It translates Dalvik bytecode into summary file reporting a description of the tainted information Jimple [18], by using Dexpler [3]. It can leverage on both in outwards intents and of the intents the app is available Epicc or its extension IC3 [12] to obtain the inter-component to serve. By matching pairs of XML files, one can discover communication methods and their parameters (IC3 is preferred leaks of confidential information when two apps communicate, due to its performance). It deals with the dynamic registration by checking if an output tainted intent can pass the app’s of broadcast receivers. Finally, IccTA applies FlowDroid to boundaries and reach another app. perform an intra-component taint analysis. The authors report The main novelty of our analysis is that it considers all kinds that IccTA performs also an inter-app communication, but do of Android’s components and both implicit and explicit intents. not show any result. In any case, IccTA inherits the same Moreover, it has been widely evaluated over a large set of limitations of Epicc and IC3. 2324-9013/18/31.00 ©2018 IEEE 1002 DOI 10.1109/TrustCom/BigDataSE.2018.00141 new this class Intent download = Intent( , DownloadService. ); 1 public class MainActivity extends Activity { download.setData(Uri.parse(fileUrl)); 2 public void sendMessage(View view) { startService(download); 3 String textMessage = telephonyManager.getDeviceId(); Fig. 1. Creation of an explicit intent for starting a DownloadService. 4 Intent send = new Intent(); 5 send.setAction(Intent.ACTION_SEND); 6 send.putExtra(Intent.EXTRA_TEXT, textMessage); 7 startActivity(send); III. ANDROID APPLICATIONS AND INTENTS 8} 9} This section describes the structure of Android apps Fig. 2. An activity with an event handler that creates an implicit in- and their communication model through intents. Exam- tent for sending a message. This is inside an app called App1. The constants Intent.EXTRA_TEXT="android.intent.extra.TEXT" ples are from https://developer.android.com/guide/components/ and Intent.ACTION_SEND="android.intent.action.SEND" are intents-filters.html, where the reader can find further detail. hardcoded in the Android OS. Android supports a modular definition of apps in terms of <activity android:name="ShareActivity"> cooperating components, that can be independently developed <intent-filter> <action android:name="android.intent.action.SEND"/> and replaced as long as their interface is honored. This </intent-filter> interface is published in a manifest. Components can be </activity> user interface screens (activities), background tasks (services), 1 class ShareActivity extends Activity { data resolvers (content providers) or generic event listeners 2 protected void onCreate(Bundle savedInstanceState) { (broadcast receivers). An app can invoke its own components, 3 Intent intent = getIntent(); 4 String data = intent.getString(Intent.EXTRA_TEXT); but also exported components of other apps. 5 Log.i(data); A component starts another component by instantiating an 6} 7} Intent object that describes the required task. The intent can Fig. 3. A manifest (above) specifying that the activity ShareActivity be so precise to explicitly name the target component (explicit (below) is willing to fulfill Intent.ACTION_SEND actions (the value of intent) or it can just provide a high-level description, that that constant is explicitly reported in the intent filter). These snippets are from will go through dynamic resolution of the right component an app called App2. (implicit intent). The component is resolved and started static intent filter. The started activity recovers (a clone of) the by passing the intent to methods startActivity() starting intent through its getIntent() method, as shown or startActivityForResult() (for activities), in the same figure. Together, Fig. 2 and 3 form a running startService() (for services) or startBroadcast() example that will be used throughout this article to show a (for broadcast receivers). Content providers are started by data flow between apps. passing intents to a content resolver. Example 1 (Running Example): App1 (Fig. 2) creates an Intents can carry the arguments qualifying the required task, implicit intent with constant action Intent.ACTION_SEND called action. Hence, they are a sort of dynamic component and with extra, for the constant key Intent.EXTRA_TEXT, invocation with parameter passing. It follows that any sound bound to sensitive data (the device identifier). It uses this intent static analysis must be aware of how intent resolution works, to start an activity. App2 registers a matching activity in its in order to follow data propagation between components. But manifest (Fig. 3), through an intent filter that dispatches the this is a complex and highly-dynamic process. intent to the component ShareActivity. The latter reads To specify an intent, the programmer sets four properties: the extra for key Intent.EXTRA_TEXT and logs it. If both (i) an optional, fully qualified name of the target component apps are installed in the same device, they could collaborate class. If provided, this string uniquely identifies the target com- so that App2 catches the intent sent by App1 and leaks the ponent (explicit intent). Otherwise (implicit intent) component device identifier to the logs, even though App2 has no explicit resolution uses the subsequent three properties; (ii) a string access to the device identifier. specifying the desired action (such as view, send, pick); (iii) the URI referencing data to process, with its MIME type; and IV.
Recommended publications
  • Estimating Complex Production Functions: the Importance of Starting Values
    Version: January 26 Estimating complex production functions: The importance of starting values Mark Neal Presented at the 51st Australian Agricultural and Resource Economics Society Conference, Queenstown, New Zealand, 14-16 February, 2007. Postdoctoral Research Fellow Risk and Sustainable Management Group University of Queensland Room 519, School of Economics, Colin Clark Building (39) University of Queensland, St Lucia, QLD, 4072 Email: [email protected] Ph: +61 (0) 7 3365 6601 Fax: +61 (0) 7 3365 7299 http://www.uq.edu.au/rsmg Acknowledgements Chris O’Donnell helpfully provided access to Gauss code that he had written for estimation of latent class models so it could be translated into Shazam. Leighton Brough (UQ), Ariel Liebman (UQ) and Tom Pechey (UMelb) helped by organising a workshop with Nimrod/enFuzion at UQ in June 2006. enFuzion (via Rok Sosic) provided a limited license for use in the project. Leighton Brough, tools coordinator for the ARC Centre for Complex Systems (ACCS), assisted greatly in setting up an enFuzion grid and collating the large volume of results. Son Nghiem provided assistance in collating and analysing data as well as in creating some of the figures. Page 1 of 30 Version: January 26 ABSTRACT Production functions that take into account uncertainty can be empirically estimated by taking a state contingent view of the world. Where there is no a priori information to allocate data amongst a small number of states, the estimation may be carried out with finite mixtures model. The complexity of the estimation almost guarantees a large number of local maxima for the likelihood function.
    [Show full text]
  • Apple / Shazam Merger Procedure Regulation (Ec)
    EUROPEAN COMMISSION DG Competition CASE M.8788 – APPLE / SHAZAM (Only the English text is authentic) MERGER PROCEDURE REGULATION (EC) 139/2004 Article 8(1) Regulation (EC) 139/2004 Date: 06/09/2018 This text is made available for information purposes only. A summary of this decision is published in all EU languages in the Official Journal of the European Union. Parts of this text have been edited to ensure that confidential information is not disclosed; those parts are enclosed in square brackets. EUROPEAN COMMISSION Brussels, 6.9.2018 C(2018) 5748 final COMMISSION DECISION of 6.9.2018 declaring a concentration to be compatible with the internal market and the EEA Agreement (Case M.8788 – Apple/Shazam) (Only the English version is authentic) TABLE OF CONTENTS 1. Introduction .................................................................................................................. 6 2. The Parties and the Transaction ................................................................................... 6 3. Jurisdiction of the Commission .................................................................................... 7 4. The procedure ............................................................................................................... 8 5. The investigation .......................................................................................................... 8 6. Overview of the digital music industry ........................................................................ 9 6.1. The digital music distribution value
    [Show full text]
  • Statistics and GIS Assistance Help with Statistics
    Statistics and GIS assistance An arrangement for help and advice with regard to statistics and GIS is now in operation, principally for Master’s students. How do you seek advice? 1. The users, i.e. students at INA, make direct contact with the person whom they think can help and arrange a time for consultation. Remember to be well prepared! 2. Doctoral students and postdocs register the time used in Agresso (if you have questions about this contact Gunnar Jensen). Help with statistics Research scientist Even Bergseng Discipline: Forest economy, forest policies, forest models Statistical expertise: Regression analysis, models with random and fixed effects, controlled/truncated data, some time series modelling, parametric and non-parametric effectiveness analyses Software: Stata, Excel Postdoc. Ole Martin Bollandsås Discipline: Forest production, forest inventory Statistics expertise: Regression analysis, sampling Software: SAS, R Associate Professor Sjur Baardsen Discipline: Econometric analysis of markets in the forest sector Statistical expertise: General, although somewhat “rusty”, expertise in many econometric topics (all-rounder) Software: Shazam, Frontier Associate Professor Terje Gobakken Discipline: GIS og long-term predictions Statistical expertise: Regression analysis, ANOVA and PLS regression Software: SAS, R Ph.D. Student Espen Halvorsen Discipline: Forest economy, forest management planning Statistical expertise: OLS, GLS, hypothesis testing, autocorrelation, ANOVA, categorical data, GLM, ANOVA Software: (partly) Shazam, Minitab og JMP Ph.D. Student Jan Vidar Haukeland Discipline: Nature based tourism Statistical expertise: Regression and factor analysis Software: SPSS Associate Professor Olav Høibø Discipline: Wood technology Statistical expertise: Planning of experiments, regression analysis (linear and non-linear), ANOVA, random and non-random effects, categorical data, multivariate analysis Software: R, JMP, Unscrambler, some SAS Ph.D.
    [Show full text]
  • Bab 1 Pendahuluan
    BAB 1 PENDAHULUAN Bab ini akan membahas pengertian dasar statistik dengan sub-sub pokok bahasan sebagai berikut : Sub Bab Pokok Bahasan A. Sejarah dan Perkembangan Statistik B. Tokoh-tokoh Kontributor Statistika C. Definisi dan Konsep Statistik Modern D. Kegunaan Statistik E. Pembagian Statistik F. Statistik dan Komputer G. Soal Latihan A. Sejarah dan Perkembangan Statistik Penggunaan istilah statistika berakar dari istilah-istilah dalam bahasa latin modern statisticum collegium (“dewan negara”) dan bahasa Italia statista (“negarawan” atau “politikus”). Istilah statistik pertama kali digunakan oleh Gottfried Achenwall (1719-1772), seorang guru besar dari Universitas Marlborough dan Gottingen. Gottfried Achenwall (1749) menggunakan Statistik dalam bahasa Jerman untuk pertama kalinya sebagai nama bagi kegiatan analisis data kenegaraan, dengan mengartikannya sebagai “ilmu tentang negara/state”. Pada awal abad ke- 19 telah terjadi pergeseran arti menjadi “ilmu mengenai pengumpulan dan klasifikasi data”. Sir John Sinclair memperkenalkan nama dan pengertian statistics ini ke dalam bahasa Inggris. E.A.W. Zimmerman mengenalkan kata statistics ke negeri Inggris. Kata statistics dipopulerkan di Inggris oleh Sir John Sinclair dalam karyanya: Statistical Account of Scotland 1791-1799. Namun demikian, jauh sebelum abad XVIII masyarakat telah mencatat dan menggunakan data untuk keperluan mereka. Pada awalnya statistika hanya mengurus data yang dipakai lembaga- lembaga administratif dan pemerintahan. Pengumpulan data terus berlanjut, khususnya melalui sensus yang dilakukan secara teratur untuk memberi informasi kependudukan yang selalu berubah. Dalam bidang pemerintahan, statistik telah digunakan seiring dengan perjalanan sejarah sejak jaman dahulu. Kitab perjanjian lama (old testament) mencatat adanya kegiatan sensus penduduk. Pemerintah kuno Babilonia, Mesir, dan Roma mengumpulkan data lengkap tentang penduduk dan kekayaan alam yang dimilikinya.
    [Show full text]
  • 1 Reliability of Programming Software: Comparison of SHAZAM and SAS
    Reliability of Programming Software: Comparison of SHAZAM and SAS. Oluwarotimi Odeh Department of Agricultural Economics, Kansas State University, Manhattan, KS 66506-4011 Phone: (785)-532-4438 Fax: (785)-523-6925 Email: [email protected] Allen M. Featherstone Department of Agricultural Economics, Kansas State University, Manhattan, KS 66506-4011 Phone: (785)-532-4441 Fax: (785)-523-6925 Email: [email protected] Selected Paper for Presentation at the Western Agricultural Economics Association Annual Meeting, Honolulu, HI, June 30-July 2, 2004 Copyright 2004 by Odeh and Featherstone. All rights reserved. Readers may make verbatim copies for commercial purposes by any means, provided that this copyright notice appears on all such copies. 1 Reliability of Programming Software: Comparison of SHAZAM and SAS. Introduction The ability to combine quantitative methods, econometric techniques, theory and data to analyze societal problems has become one of the major strengths of agricultural economics. The inability of agricultural economists to perform this task perfectly in some cases has been linked to the fragility of econometric results (Learner, 1983; Tomek, 1993). While small changes in model specification may result in considerable impact and changes in empirical results, Hendry and Richard (1982) have shown that two models of the same relationship may result in contradicting result. Results like these weaken the value of applied econometrics (Tomek, 1993). Since the study by Tice and Kletke (1984) computer programming software have undergone tremendous improvements. However, experience in recent times has shown that available software packages are not foolproof and may not be as efficient and consistent as researchers often assume. Compounding errors, convergence, error due to how software read, interpret and process data impact the values of analytical results (see Tomek, 1993; Dewald, Thursby and Anderson, 1986).
    [Show full text]
  • Peer Institution Research: Recommendations and Trends 2016
    Peer Institution Research: Recommendations and Trends 2016 New Mexico State University Abstract This report evaluates the common technology services from New Mexico State University’s 15 peer institutions. Based on the findings, a summary of recommendations and trends are explained within each of the general areas researched: peer institution enrollment, technology fees, student computing, software, help desk services, classroom technology, equipment checkout and loan programs, committees and governing bodies on technology, student and faculty support, printing, emerging technologies and trends, homepage look & feel and ease of navigation, UNM and UTEP my.nmsu.edu comparison, top IT issues, and IT organization charts. Peer Institution Research 1 Table of Contents Peer Institution Enrollment ................................................................................. 3 Technology Fees ................................................................................................. 3 Student Computing ............................................................................................. 6 Software ............................................................................................................. 8 Help Desk Services .............................................................................................. 9 Classroom Technology ...................................................................................... 11 Equipment Checkout and Loan Programs .........................................................
    [Show full text]
  • Insight MFR By
    Manufacturers, Publishers and Suppliers by Product Category 11/6/2017 10/100 Hubs & Switches ASCEND COMMUNICATIONS CIS SECURE COMPUTING INC DIGIUM GEAR HEAD 1 TRIPPLITE ASUS Cisco Press D‐LINK SYSTEMS GEFEN 1VISION SOFTWARE ATEN TECHNOLOGY CISCO SYSTEMS DUALCOMM TECHNOLOGY, INC. GEIST 3COM ATLAS SOUND CLEAR CUBE DYCONN GEOVISION INC. 4XEM CORP. ATLONA CLEARSOUNDS DYNEX PRODUCTS GIGAFAST 8E6 TECHNOLOGIES ATTO TECHNOLOGY CNET TECHNOLOGY EATON GIGAMON SYSTEMS LLC AAXEON TECHNOLOGIES LLC. AUDIOCODES, INC. CODE GREEN NETWORKS E‐CORPORATEGIFTS.COM, INC. GLOBAL MARKETING ACCELL AUDIOVOX CODI INC EDGECORE GOLDENRAM ACCELLION AVAYA COMMAND COMMUNICATIONS EDITSHARE LLC GREAT BAY SOFTWARE INC. ACER AMERICA AVENVIEW CORP COMMUNICATION DEVICES INC. EMC GRIFFIN TECHNOLOGY ACTI CORPORATION AVOCENT COMNET ENDACE USA H3C Technology ADAPTEC AVOCENT‐EMERSON COMPELLENT ENGENIUS HALL RESEARCH ADC KENTROX AVTECH CORPORATION COMPREHENSIVE CABLE ENTERASYS NETWORKS HAVIS SHIELD ADC TELECOMMUNICATIONS AXIOM MEMORY COMPU‐CALL, INC EPIPHAN SYSTEMS HAWKING TECHNOLOGY ADDERTECHNOLOGY AXIS COMMUNICATIONS COMPUTER LAB EQUINOX SYSTEMS HERITAGE TRAVELWARE ADD‐ON COMPUTER PERIPHERALS AZIO CORPORATION COMPUTERLINKS ETHERNET DIRECT HEWLETT PACKARD ENTERPRISE ADDON STORE B & B ELECTRONICS COMTROL ETHERWAN HIKVISION DIGITAL TECHNOLOGY CO. LT ADESSO BELDEN CONNECTGEAR EVANS CONSOLES HITACHI ADTRAN BELKIN COMPONENTS CONNECTPRO EVGA.COM HITACHI DATA SYSTEMS ADVANTECH AUTOMATION CORP. BIDUL & CO CONSTANT TECHNOLOGIES INC Exablaze HOO TOO INC AEROHIVE NETWORKS BLACK BOX COOL GEAR EXACQ TECHNOLOGIES INC HP AJA VIDEO SYSTEMS BLACKMAGIC DESIGN USA CP TECHNOLOGIES EXFO INC HP INC ALCATEL BLADE NETWORK TECHNOLOGIES CPS EXTREME NETWORKS HUAWEI ALCATEL LUCENT BLONDER TONGUE LABORATORIES CREATIVE LABS EXTRON HUAWEI SYMANTEC TECHNOLOGIES ALLIED TELESIS BLUE COAT SYSTEMS CRESTRON ELECTRONICS F5 NETWORKS IBM ALLOY COMPUTER PRODUCTS LLC BOSCH SECURITY CTC UNION TECHNOLOGIES CO FELLOWES ICOMTECH INC ALTINEX, INC.
    [Show full text]
  • Robust Audio Fingerprinting Method for Content-Based Copy Detection”
    Submitted by Reinhard Sonnleitner Submitted at Department of Computational Perception Supervisor and Audio Identication First Examiner via Fingerprinting Gerhard Widmer Second Examiner Achieving Robustness to Meinard Müller Severe Signal Modications April, 2017 Doctoral Thesis to obtain the academic degree of Doktor der technischen Wissenschaften in the Doctoral Program Technische Wissenschaften JOHANNES KEPLER UNIVERSITY LINZ Altenbergerstraÿe 69 4040 Linz, Österreich www.jku.at DVR 0093696 STATUTORYDECLARATION I hereby declare that the thesis submitted is my own unaided work, that I have not used other than the sources indicated, and that all direct and indirect sources are acknowledged as references. This printed thesis is identical with the electronic version submitted. Linz, April 2017 Reinhard Sonnleitner ABSTRACT In this thesis we approach the task of audio identification via audio fingerprinting, with the special emphasis on the complex task of designing a system that is highly robust to various signal modifications. We build a system that can account for linear and non-linear time- stretching, pitch-shifting and speed changes of query audio excerpts, as well as for severe noise distortions. We motivate the design of yet another fingerprinting method to complement the rich number of proposed methods and research in this field. In this thesis we propose a novel, efficient, highly accurate and precise fingerprinting method that works on geometric hashes of local maxima of the spectrogram representation of audio signals. We propose to perform the matching of features using efficient range- search, and to subsequently integrate a verification stage for match hypotheses to maintain high precision and specificity on challenging datasets. We gradually refine this method from its early concept to a practically applicable system that is evaluated on queries against a database of 430,000 tracks, with a total duration of 3.37 years of audio content.
    [Show full text]
  • Cumulation of Poverty Measures: the Theory Beyond It, Possible Applications and Software Developed
    Cumulation of Poverty measures: the theory beyond it, possible applications and software developed (Francesca Gagliardi and Giulio Tarditi) Siena, October 6th , 2010 1 Context and scope Reliable indicators of poverty and social exclusion are an essential monitoring tool. In the EU-wide context, these indicators are most useful when they are comparable across countries and over time. Furthermore, policy research and application require statistics disaggregated to increasingly lower levels and smaller subpopulations. Direct, one-time estimates from surveys designed primarily to meet national needs tend to be insufficiently precise for meeting these new policy needs. This is particularly true in the domain of poverty and social exclusion, the monitoring of which requires complex distributional statistics – statistics necessarily based on intensive and relatively small- scale surveys of households and persons. This work addresses some statistical aspects relating to improving the sampling precision of such indicators in EU countries, in particular through the cumulation of data over rounds of regularly repeated national surveys. 2 EU-SILC The reference data for this purpose are EU Statistics on Income and Living Conditions, the major source of comparative statistics on income and living conditions in Europe. A standard integrated design has been adopted by nearly all EU countries. It involves a rotational panel, with a new sample of households and persons introduced each year to replace one-fourth of the existing sample. Persons enumerated in each new sample are followed-up in the survey for four years. The design yields each year a cross- sectional sample, as well as longitudinal samples of 2, 3 and 4 year duration.
    [Show full text]
  • Wilkinson's Tests and Econometric Software
    Journal of Economic and Social Measurement 29 (2004) 261–270 261 IOS Press Wilkinson’s tests and econometric software B.D. McCullough Department of Decision Sciences, Drexel University, Philadelphia, PA 19104, USA E-mail: [email protected] The Wilkinson Tests, entry-level tests for assessing the numerical accuracy of statistical computations, have been applied to statistical software packages. Some software developers, having failed these tests, have corrected deficiencies in subsequent versions. Thus these tests have had a meliorative impact on the state of statistical software. These same tests are applied to several econometrics packages. Many deficiencies are noted. Keywords: Numerical accuracy, software reliability 1. Introduction The primary purpose of econometric software is to crunch numbers. Regrettably, the primary consideration in evaluating econometric software is not how well the software fulfills its primary purpose. What does matter is how easy it is to get an answer out of the package; whether the answer is accurate is of almost no impor- tance. Reviews of econometric software typically make no mention whatsoever of accuracy, though Vinod [14,15], Veall [13], McCullough [7,8], and MacKenzie [5] are exceptions. In part, this lack of benchmarking during reviews may be attributed to the fact that, until quite recently, no one ever collected the various benchmarks in a single place (see the NIST StRD at www.nist.gov/itl/div898/strd). A reviewer may well have been aware of a few scattered benchmarks, but including only a few benchmarks is hardly worth the effort. This view is supported by the fact that while the statistics profession has a long history of concern with the reliability of its software, software reviews in statistical journals rarely mention numerical accuracy.
    [Show full text]
  • College of Wooster Miscellaneous Materials: a Finding Tool
    College of Wooster Miscellaneous Materials: A Finding Tool Denise Monbarren August 2021 Box 1 #GIVING TUESDAY Correspondence [about] #GIVINGWOODAY X-Refs. Correspondence [about] Flyers, Pamphlets See also Oversized location #J20 Flyers, Pamphlets #METOO X-Refs. #ONEWOO X-Refs #SCHOLARSTRIKE Correspondence [about] #WAYNECOUNTYFAIRFORALL Clippings [about] #WOOGIVING DAY X-Refs. #WOOSTERHOMEFORALL Correspondence [about] #WOOTALKS X-Refs. Flyers, Pamphlets See Oversized location A. H. GOULD COLLECTION OF NAVAJO WEAVINGS X-Refs. A. L. I. C. E. (ALERT LOCKDOWN INFORM COUNTER EVACUATE) X-Refs. Correspondence [about] ABATE, GREG X-Refs. Flyers, Pamphlets See Oversized location ABBEY, PAUL X-Refs. ABDO, JIM X-Refs. ABDUL-JABBAR, KAREEM X-Refs. Clippings [about] Correspondence [about] Flyers, Pamphlets See Oversized location Press Releases ABHIRAMI See KUMAR, DIVYA ABLE/ESOL X-Refs. ABLOVATSKI, ELIZA X-Refs. ABM INDUSTRIES X-Refs. ABOLITIONISTS X-Refs. ABORTION X-Refs. ABRAHAM LINCOLN MEMORIAL SCHOLARSHIP See also: TRUSTEES—Kendall, Paul X-Refs. Photographs (Proof sheets) [of] ABRAHAM, NEAL B. X-Refs. ABRAHAM, SPENCER X-Refs. Clippings [about] Correspondence [about] Flyers, Pamphlets ABRAHAMSON, EDWIN W. X-Refs. ABSMATERIALS X-Refs. Clippings [about] Press Releases Web Pages ABU AWWAD, SHADI X-Refs. Clippings [about] Correspondence [about] ABU-JAMAL, MUMIA X-Refs. Flyers, Pamphlets ABUSROUR, ABDELKATTAH Flyers, Pamphlets ACADEMIC AFFAIRS COMMITTEE X-Refs. ACADEMIC FREEDOM AND TENURE X-Refs. Statements ACADEMIC PROGRAMMING PLANNING COMMITTEE X-Refs. Correspondence [about] ACADEMIC STANDARDS COMMITTEE X-Refs. ACADEMIC STANDING X-Refs. ACADEMY OF AMERICAN POETRY PRIZE X-Refs. ACADEMY SINGERS X-Refs. ACCESS MEMORY Flyers, Pamphlets ACEY, TAALAM X-Refs. Flyers, Pamphlets ACKLEY, MARTY Flyers, Pamphlets ACLU Flyers, Pamphlets Web Pages ACRES, HENRY Clippings [about] ACT NOW TO STOP WAR AND END RACISM X-Refs.
    [Show full text]
  • Towards Left Duff S Mdbg Holt Winters Gai Incl Tax Drupal Fapi Icici
    jimportneoneo_clienterrorentitynotfoundrelatedtonoeneo_j_sdn neo_j_traversalcyperneo_jclientpy_neo_neo_jneo_jphpgraphesrelsjshelltraverserwritebatchtransactioneventhandlerbatchinsertereverymangraphenedbgraphdatabaseserviceneo_j_communityjconfigurationjserverstartnodenotintransactionexceptionrest_graphdbneographytransactionfailureexceptionrelationshipentityneo_j_ogmsdnwrappingneoserverbootstrappergraphrepositoryneo_j_graphdbnodeentityembeddedgraphdatabaseneo_jtemplate neo_j_spatialcypher_neo_jneo_j_cyphercypher_querynoe_jcypherneo_jrestclientpy_neoallshortestpathscypher_querieslinkuriousneoclipseexecutionresultbatch_importerwebadmingraphdatabasetimetreegraphawarerelatedtoviacypherqueryrecorelationshiptypespringrestgraphdatabaseflockdbneomodelneo_j_rbshortpathpersistable withindistancegraphdbneo_jneo_j_webadminmiddle_ground_betweenanormcypher materialised handaling hinted finds_nothingbulbsbulbflowrexprorexster cayleygremlintitandborient_dbaurelius tinkerpoptitan_cassandratitan_graph_dbtitan_graphorientdbtitan rexter enough_ram arangotinkerpop_gremlinpyorientlinkset arangodb_graphfoxxodocumentarangodborientjssails_orientdborientgraphexectedbaasbox spark_javarddrddsunpersist asigned aql fetchplanoriento bsonobjectpyspark_rddrddmatrixfactorizationmodelresultiterablemlibpushdownlineage transforamtionspark_rddpairrddreducebykeymappartitionstakeorderedrowmatrixpair_rddblockmanagerlinearregressionwithsgddstreamsencouter fieldtypes spark_dataframejavarddgroupbykeyorg_apache_spark_rddlabeledpointdatabricksaggregatebykeyjavasparkcontextsaveastextfilejavapairdstreamcombinebykeysparkcontext_textfilejavadstreammappartitionswithindexupdatestatebykeyreducebykeyandwindowrepartitioning
    [Show full text]