-
The Ripple Effect of Vulnerabilities in Maven Central: Prevalence, Propagation, and Mitigation Challenges
Authors:
Ehtisham Ul Haq,
Song Wang,
Robert S. Allison
Abstract:
The widespread use of package managers like Maven has accelerated software development but has also introduced significant security risks due to vulnerabilities in dependencies. In this study, we analyze the prevalence and impact of vulnerabilities within the Maven Central ecosystem, using Common Vulnerabilities and Exposures (CVE) data from OSV.dev and a subsample enriched with aggregated CVE dat…
▽ More
The widespread use of package managers like Maven has accelerated software development but has also introduced significant security risks due to vulnerabilities in dependencies. In this study, we analyze the prevalence and impact of vulnerabilities within the Maven Central ecosystem, using Common Vulnerabilities and Exposures (CVE) data from OSV.dev and a subsample enriched with aggregated CVE data (CVE_AGGREGATED), which captures both direct and transitive vulnerabilities. In our subsample of around 4 million releases, we found that while only about 1% of releases have direct vulnerabilities, approximately 46.8% are affected by transitive vulnerabilities. This highlights how a small number of vulnerable yet influential artifacts can impact a vast portion of the ecosystem. Moreover, our analysis shows that vulnerabilities propagate rapidly through dependency networks and that more central artifacts (those with a high number of dependents) are not necessarily less vulnerable. We also observed that the time taken to patch vulnerabilities, including those of high or critical severity, often spans several years. Additionally, we found that dependents of artifacts tend to prefer presumably non-vulnerable versions; however, some continue to use vulnerable versions, indicating challenges in adopting patched releases. These findings highlight the critical need for improved dependency management practices and timely vulnerability remediation to enhance the security of software ecosystems.
△ Less
Submitted 5 April, 2025;
originally announced April 2025.
-
Exploiting the Nonlinear Stiffness of TMP Origami Folding to Enhance Robotic Jumping Performance
Authors:
Sahand Sadeghi,
Samuel Allison,
Blake Betsill,
Suyi Li
Abstract:
Via numerical simulation and experimental assessment, this study examines the use of origami folding to develop robotic jumping mechanisms with tailored nonlinear stiffness to improve dynamic performance. Specifically, we use Tachi-Miura Polyhedron (TMP) bellow origami -- which exhibits a nonlinear "strain-softening" force-displacement curve -- as a jumping robotic skeleton with embedded energy st…
▽ More
Via numerical simulation and experimental assessment, this study examines the use of origami folding to develop robotic jumping mechanisms with tailored nonlinear stiffness to improve dynamic performance. Specifically, we use Tachi-Miura Polyhedron (TMP) bellow origami -- which exhibits a nonlinear "strain-softening" force-displacement curve -- as a jumping robotic skeleton with embedded energy storage. TMP's nonlinear stiffness allows it to store more energy than a linear spring and offers improved jumping height and airtime. Moreover, the nonlinearity can be tailored by directly changing the underlying TMP crease geometry. A critical challenge is to minimize the TMP's hysteresis and energy loss during its compression stage right before jumping. So we used the plastically annealed lamina emergent origami (PALEO) concept to modify the TMP creases. PALEO increases the folding limit before plastic deformation occurs, thus improving the overall strain energy retention. Jumping experiments confirmed that a nonlinear TMP mechanism achieved roughly 9% improvement in air time and a 13% improvement in jumping height compared to a "control" TMP sample with a relatively linear stiffness. This study's results validate the advantages of using origami in robotic jumping mechanisms and demonstrate the benefits of utilizing nonlinear spring elements for improving jumping performance. Therefore, they could foster a new family of energetically efficient jumping mechanisms with optimized performance in the future.
△ Less
Submitted 26 October, 2020;
originally announced October 2020.
-
Wind Estimation Using Quadcopter Motion: A Machine Learning Approach
Authors:
Sam Allison,
He Bai,
Balaji Jayaraman
Abstract:
In this article, we study the well known problem of wind estimation in atmospheric turbulence using small unmanned aerial systems (sUAS). We present a machine learning approach to wind velocity estimation based on quadcopter state measurements without a wind sensor. We accomplish this by training a long short-term memory (LSTM) neural network (NN) on roll and pitch angles and quadcopter position i…
▽ More
In this article, we study the well known problem of wind estimation in atmospheric turbulence using small unmanned aerial systems (sUAS). We present a machine learning approach to wind velocity estimation based on quadcopter state measurements without a wind sensor. We accomplish this by training a long short-term memory (LSTM) neural network (NN) on roll and pitch angles and quadcopter position inputs with forcing wind velocities as the targets. The datasets are generated using a simulated quadcopter in turbulent wind fields. The trained neural network is deployed to estimate the turbulent winds as generated by the Dryden gust model as well as a realistic large eddy simulation (LES) of a near-neutral atmospheric boundary layer (ABL) over flat terrain. The resulting NN predictions are compared to a wind triangle approach that uses tilt angle as an approximation of airspeed. Results from this study indicate that the LSTM-NN based approach predicts lower errors in both the mean and variance of the local wind field as compared to the wind triangle approach. The work reported in this article demonstrates the potential of machine learning for sensor-less wind estimation and has strong implications to large-scale low-altitude atmospheric sensing using sUAS for environmental and autonomous navigation applications.
△ Less
Submitted 11 July, 2019;
originally announced July 2019.
-
The Effects of Visual and Control Latency on Piloting a Quadcopter using a Head-Mounted Display
Authors:
Jingbo Zhao,
Robert S. Allison,
Margarita Vinnikov,
Sion Jennings
Abstract:
Recent research has proposed teleoperation of robotic and aerial vehicles using head motion tracked by a head-mounted display (HMD). First-person views of the vehicles are usually captured by onboard cameras and presented to users through the display panels of HMDs. This provides users with a direct, immersive and intuitive interface for viewing and control. However, a typically overlooked factor…
▽ More
Recent research has proposed teleoperation of robotic and aerial vehicles using head motion tracked by a head-mounted display (HMD). First-person views of the vehicles are usually captured by onboard cameras and presented to users through the display panels of HMDs. This provides users with a direct, immersive and intuitive interface for viewing and control. However, a typically overlooked factor in such designs is the latency introduced by the vehicle dynamics. As head motion is coupled with visual updates in such applications, visual and control latency always exists between the issue of control commands by head movements and the visual feedback received at the completion of the attitude adjustment. This causes a discrepancy between the intended motion, the vestibular cue and the visual cue and may potentially result in simulator sickness. No research has been conducted on how various levels of visual and control latency introduced by dynamics in robots or aerial vehicles affect users' performance and the degree of simulator sickness elicited. Thus, it is uncertain how much performance is degraded by latency and whether such designs are comfortable from the perspective of users. To address these issues, we studied a prototyped scenario of a head motion controlled quadcopter using an HMD. We present a virtual reality (VR) paradigm to systematically assess the effects of visual and control latency in simulated drone control scenarios.
△ Less
Submitted 30 January, 2020; v1 submitted 29 July, 2018;
originally announced July 2018.
-
Real-Time Head Gesture Recognition on Head-Mounted Displays using Cascaded Hidden Markov Models
Authors:
Jingbo Zhao,
Robert S. Allison
Abstract:
Head gesture is a natural means of face-to-face communication between people but the recognition of head gestures in the context of virtual reality and use of head gesture as an interface for interacting with virtual avatars and virtual environments have been rarely investigated. In the current study, we present an approach for real-time head gesture recognition on head-mounted displays using Casc…
▽ More
Head gesture is a natural means of face-to-face communication between people but the recognition of head gestures in the context of virtual reality and use of head gesture as an interface for interacting with virtual avatars and virtual environments have been rarely investigated. In the current study, we present an approach for real-time head gesture recognition on head-mounted displays using Cascaded Hidden Markov Models. We conducted two experiments to evaluate our proposed approach. In experiment 1, we trained the Cascaded Hidden Markov Models and assessed the offline classification performance using collected head motion data. In experiment 2, we characterized the real-time performance of the approach by estimating the latency to recognize a head gesture with recorded real-time classification data. Our results show that the proposed approach is effective in recognizing head gestures. The method can be integrated into a virtual reality system as a head gesture interface for interacting with virtual worlds.
△ Less
Submitted 2 February, 2018; v1 submitted 20 July, 2017;
originally announced July 2017.