FiveUI: Extensible UI Analysis in your browser

Galois is excited to announce the Open-Source release of FiveUI! FiveUI is a framework and tool for checking web-based user interfaces against codified UI guidelines. It is the first step towards an extensible, semantically aware, reusable and pragmatic toolchain for checking aspects of user interfaces against arbitrary guidelines. FiveUI currently works as a browser extension […]

Read More

HTML5 is Paving the Way for Semantically Aware Tools

Rich semantics are the Holy Grail for automated analysis tools; combined with extensible, familiar, and reusable tools and techniques we can seriously cut the costs associated with robust user interface development and testing.

Previously, we discussed the set of tools available for validating and linting HTML5-based user interfaces; (eg: the  W3C, numerous HTML/CSS editors, and tools like  HTML Lint). These tools help to identify syntactic issues, but what else is possible? The syntactic (and limited semantic) checks that these tools perform are necessary, but they aren’t sufficient to cover the body of intricate failures that can occur while creating the rich user experiences we’ve come to expect from interactive web applications and mobile devices. Linters and Validators can’t, for example, find bugs relating to the visual layout, and with good reason: Checking a UI is hard; it’s repetitive, monotonous, and more importantly, subjective work.

However, there is still room for improvement. Surely we can push the envelope to do more. What’s next, and how can we automate tasks that still challenge human analysts?

The first important insight is that many general guidelines for creating a good user interface have quantitative approximations. For example, the Windows 7 guidelines state:

Use title-style capitalization for titles, and sentence-style capitalization for all other UI elements.

and:

Write the label as a phrase or an imperative sentence, and use no ending punctuation.

In the words of Richard Anderson: We have the technology! Which brings us to the first of a few key areas or techniques that could improve the tools that help ensure UI Consistency.

Read More

Verifying ECC Implementations

Last Thursday, the University of Bristol posted a press release and paper describing a way to exploit a bug in version 0.9.8g of OpenSSL and extract the value of a private key. The bug was known, and has been fixed in recent versions of OpenSSL (0.9.8g was released in 2007, and 0.9.8h fixed the bug […]

Read More

Rapid, Consistent Web Development is Coming with HTML5

HTML5 is coming, and it’s not just the next version of HTML.

HTML began as a lightweight mark-up language for linking documents on the web, with some rendering hints. As new versions have come along, support has been added for new kinds of content (images, video, interactive content). More recently, interest has grown in understanding documents and web applications on a deeper level. The most prominent example of this is the semantic web, which seeks to move from a “web of documents” to a “web of information”.

All previous versions of HTML make this an extremely challenging task, akin to trying to understand a philosophical text presented in terms of its typography.

HTML5 will change that. The designers of HTML5 have taken great care to separate semantic content (the information a document is intended to convey or represent) from the process of rendering (how a document should appear in a browser). Through this “separation of concerns”, HTML5 is equipped to revolutionize how we think of the web, how we work with it, and how we create new content. Our interest is in the potential for HTML5 to change how we specify, design, build, and analyze user interfaces – wherever they may appear: on the web, mobile devices, or desktop.

With consistent user experience as our guiding motivation, we survey the state of the art and practice of tool support for semantic reasoning about HTML5.

Read More

Galois Selected to Develop UI Consistency Analysis Tools

Creating consistent User Interfaces (UIs) is a time consuming and error prone process, but consistency and conformance with guidelines is becoming increasingly important for software developers. For example, Apple has raised the bar for UI Consistency by requiring that iOS applications conform with their Human Interface Guidelines (HIG). Non-conforming applications can be removed from the […]

Read More

A Disciplined Approach to Talking About Security

Recently, a thread about a security problem in a piece of open source software got a lot of attention. There was a vulnerability report, a defensive developer, persistent security folks, and of course sideline comments taking one side or the other. This discussion perfectly illustrates why it can be hard to have a civil discussion […]

Read More

11+ Years of Formal Methods at Galois

A month or so ago, I  gave talks at SRI and NASA Ames on 11+ Years of Formal Methods at Galois (pdf).  Though I haven’t been around the whole time, it was fun to reminisce on the projects I’ve helped with and to highlight my colleagues’ work!

Read More

Cloud Security Risk Agreements for Small Businesses

Isaac Potoczny-Jones <ijones@galois.com> PDF version. ABSTRACT Cloud computing can be particularly beneficial to small businesses since it can decrease the total cost of ownership for IT systems. Unfortunately, one of the major barriers to adoption of cloud services is the perception that they are inherently less secure, exposing the organization to unacceptable risk. There are […]

Read More

Galois is Hiring!

Do you want to lead the development of the next generation of embedded systems that transform how we interact with the physical world? Do you want to make secure cloud computing a reality? Can you help us develop and exploit secure, ubiquitous networked devices? Galois has a position open for a senior computer scientist in […]

Read More

ZUC in Cryptol

ZUC is a stream cipher that is proposed for inclusion in the “4G” mobile standard named LTE (Long Term Evolution), the future of secure GSM. The proposal is actually comprised several different algorithms: A stream cipher named ZUC, LTEencryption algorithm (128-EEA3), based on ZUC, LTEintegrity algorithm (128-EIA3), which is a hash function using ZUC as […]

Read More