Jif-Based Verification of Information Flow Policies for Android Apps

Lina M. Jimenez; Martin Ochoa; Sandra J. Rueda

doi:10.4018/ijsse.2017010102

Jif-Based Verification of Information Flow Policies for Android Apps

International Journal of Secure Software Engineering ◽

10.4018/ijsse.2017010102 ◽

2017 ◽

Vol 8 (1) ◽

pp. 28-42

Author(s):

Lina M. Jimenez ◽

Martin Ochoa ◽

Sandra J. Rueda

Keyword(s):

Open Source ◽

Information Flow ◽

Control Flow ◽

Android Apps ◽

Executable Code ◽

Highly Sensitive ◽

Android Applications ◽

And Control ◽

Flow Techniques ◽

Do So

Android stores and users need mechanisms to evaluate whether their applications are secure or not. Although various previous works use data and control flow techniques to evaluate security features of Android applications, this paper extends those works by using Jif to verify compliance of information flow policies. To do so, the authors addressed some challenges that emerge in Android environments, like automatizing generation of Jif labels for Android applications, and defining translations for Java instructions that are not currently supported by the Jif compiler. Results show that a Jif-based analysis is faster and has a better recall than other available mechanisms, but it also has a slightly lower precision. Jif also provides an open source compiler, generates executable code for an application only if such application meets a defined policy, and checks implicit flows which may be relevant for highly sensitive applications.

Download Full-text

A Commit Messages-Based Bug Localization for Android Applications

International Journal of Software Engineering and Knowledge Engineering ◽

10.1142/s0218194019500207 ◽

2019 ◽

Vol 29 (04) ◽

pp. 457-487 ◽

Cited By ~ 1

Author(s):

Tao Zhang ◽

Wenjun Hu ◽

Xiapu Luo ◽

Xiaobo Ma

Keyword(s):

Open Source ◽

Software Maintenance ◽

State Of The Art ◽

Bug Localization ◽

Two Phase ◽

Android Apps ◽

Bug Reports ◽

Android Applications ◽

The Given ◽

General Method

Recently, there has been consistent growth in Android applications (apps). Under these circumstances, software maintenance for Android apps becomes an essential and important task. The core of software maintenance is to locate bugs in source files. Previous bug localization approaches mainly focus on open-source desktop software (e.g. Eclipse, Mozilla, GCC). Even though a few studies locate the bugs in the Android apps, they are dedicated to a special app named ZXing, without developing a general method to locate the bugs in Android apps by taking into account the unique characteristics of Android apps’ bug reports. Such characteristics include fewer number of historical bug reports, insufficient detailed description, etc. These characteristics hinder existing localization approaches from being directly delivered to Android apps, because lack of enough information degrades the performance of those localization approaches relying on historical bug reports. Commit messages include more informative data which can provide the details of reported bugs. Therefore, in this paper, we propose a novel information retrieval-based approach which utilizes commit messages to locate new bugs in Android apps. This approach not only considers the structured textual similarity between the given bug and the candidate source files, but also computes the unstructured textual similarities between the new bug and the commit messages linked to the corresponding source files. According to the experimental results on 10 popular open-source Android apps managed by GitHub, our approach outperforms the state-of-the-art bug localization methods that include BugLocator, BLUiR, and two-phase model.

Download Full-text

An Android Inline Hooking Framework for the Securing Transmitted Data

Sensors ◽

10.3390/s20154201 ◽

2020 ◽

Vol 20 (15) ◽

pp. 4201

Author(s):

Yu-an Tan ◽

Shuo Feng ◽

Xiaochun Cheng ◽

Yuanzhang Li ◽

Jun Zheng

Keyword(s):

Source Code ◽

Control Flow ◽

Security Policies ◽

Unauthorized Access ◽

Shared Objects ◽

Android Applications ◽

Runtime Performance ◽

And Control

Information leaks can occur through many Android applications, including unauthorized access to sensors data. Hooking is an important technique for protecting Android applications and add security features to them even without its source code. Various hooking frameworks are developed to intercept events and process their own specific events. The hooking tools for Java methods are varied, however, the native hook has few methods. Besides, the commonly used Android hook frameworks cannot meet the requirement of hooking the native methods in shared libraries on non-root devices. Even though some approaches are able to hook these methods, they have limitations or are complicated to implement. In the paper, a feasible hooking approach for Android native methods is proposed and implemented, which does not need any modifications to both the Android framework and app’s code. In this approach, the method’s reference address is modified and control flow is redirected. Beyond that, this study combines this approach with VirtualXposed which aims to run it without root privileges. This hooking framework can be used to enforce security policies and monitor sensitive methods in shared objects. The evaluation of the scheme demonstrates its capability to perform hook operation without a significant runtime performance overhead on real devices and it is compatible and functional for the native hook.

Download Full-text

Deep Learning Based Static Analysis of Malwares in Android Applications

10.3233/apc210133 ◽

2021 ◽

Author(s):

Nivedha K ◽

Indra Gandhi K ◽

Shibi S ◽

Nithesh V ◽

Ashwin M

Keyword(s):

Operating System ◽

Deep Learning ◽

Open Source ◽

Text Messages ◽

Third Party ◽

Android Application ◽

Android Malware ◽

Android Apps ◽

User Data ◽

Android Applications

Android is a widely distributed mobile operating system developed especially for mobile devices with touch screens. It is an open source, Google-distributed Linux-based mobile operating system. Since Android is open source, it enables Android devices to be targeted effectively by malware developers. Third-party markets do not search for malicious applications in their databases, so installing Android Application Packages (APKs) from these uncontrolled market places is often risky. Without user’s notice, these malware infected applications gain access to private user data, send text messages that costs the user, or hide malware apk file inside another application. The total number of new samples of Android malware amounted to 482,579 per month as of March 2020. In this paper deep learning approach that focuses on malware detection in android apps to protect data on user devices. We use different static features that are present in an Android application for the implementation of the proposed system. The system extracts various static features and gives them to the classifier for deep learning and shows the results. This proposed system will assist users in checking applications that are not downloaded from the official market.

Download Full-text

Electron Microscopy of a Herpesvirus Isolated from Marek's Disease in Duck and Chicken Embryo Fibroblast Cultures

Proceedings, annual meeting, Electron Microscopy Society of America ◽

10.1017/s0424820100100858 ◽

1968 ◽

Vol 26 ◽

pp. 222-223 ◽

Cited By ~ 1

Author(s):

Keyvan Nazerian

Keyword(s):

Inclusion Bodies ◽

Chicken Embryo Fibroblast ◽

Marek's Disease ◽

Marek’S Disease ◽

Duck Embryo Fibroblast ◽

Multinucleated Cells ◽

Viral Particles ◽

Infected Cells ◽

And Control ◽

Do So

A herpes-like virus has been isolated from duck embryo fibroblast (DEF) cultures inoculated with blood from Marek's disease (MD) infected birds. Cultures which contained this virus produced MD in susceptible chickens while virus negative cultures and control cultures failed to do so. This and other circumstantial evidence including similarities in properties of the virus and the MD agent implicate this virus in the etiology of MD.Histochemical studies demonstrated the presence of DNA-staining intranuclear inclusion bodies in polykarocytes in infected cultures. Distinct nucleo-plasmic aggregates were also seen in sections of similar multinucleated cells examined with the electron microscope. These aggregates are probably the same as the inclusion bodies seen with the light microscope. Naked viral particles were observed in the nucleus of infected cells within or on the edges of the nucleoplasmic aggregates. These particles measured 95-100mμ, in diameter and rarely escaped into the cytoplasm or nuclear vesicles by budding through the nuclear membrane (Fig. 1). The enveloped particles (Fig. 2) formed in this manner measured 150-170mμ in diameter and always had a densely stained nucleoid. The virus in supernatant fluids consisted of naked capsids with 162 hollow, cylindrical capsomeres (Fig. 3). Enveloped particles were not seen in such preparations.

Download Full-text

Integrated Toolkit for Closed-Loop Flow Control: Flow Simulation, Reduced-Order Modeling, and Control Design (Invited)

38th Fluid Dynamics Conference and Exhibit ◽

10.2514/6.2008-3980 ◽

2008 ◽

Author(s):

Tim Colonius ◽

Kunihiko Taira ◽

Won Joe ◽

Clancy Rowley ◽

Sunil Ahuja

Keyword(s):

Flow Control ◽

Closed Loop ◽

Control Design ◽

Flow Simulation ◽

Reduced Order Modeling ◽

Control Flow ◽

Modeling And Control ◽

Reduced Order ◽

And Control

Download Full-text

A first look at Android applications in Google Play related to COVID-19

Empirical Software Engineering ◽

10.1007/s10664-021-09943-x ◽

2021 ◽

Vol 26 (4) ◽

Cited By ~ 1

Author(s):

Jordan Samhi ◽

Kevin Allix ◽

Tegawendé F. Bissyandé ◽

Jacques Klein

Keyword(s):

Mobile Apps ◽

Contact Tracing ◽

Location Tracking ◽

Response Effort ◽

Sensitive Data ◽

Android Apps ◽

Digital World ◽

Public Health Organizations ◽

Android Applications ◽

Google Play

AbstractDue to the convenience of access-on-demand to information and business solutions, mobile apps have become an important asset in the digital world. In the context of the COVID-19 pandemic, app developers have joined the response effort in various ways by releasing apps that target different user bases (e.g., all citizens or journalists), offer different services (e.g., location tracking or diagnostic-aid), provide generic or specialized information, etc. While many apps have raised some concerns by spreading misinformation or even malware, the literature does not yet provide a clear landscape of the different apps that were developed. In this study, we focus on the Android ecosystem and investigate Covid-related Android apps. In a best-effort scenario, we attempt to systematically identify all relevant apps and study their characteristics with the objective to provide a first taxonomy of Covid-related apps, broadening the relevance beyond the implementation of contact tracing. Overall, our study yields a number of empirical insights that contribute to enlarge the knowledge on Covid-related apps: (1) Developer communities contributed rapidly to the COVID-19, with dedicated apps released as early as January 2020; (2) Covid-related apps deliver digital tools to users (e.g., health diaries), serve to broadcast information to users (e.g., spread statistics), and collect data from users (e.g., for tracing); (3) Covid-related apps are less complex than standard apps; (4) they generally do not seem to leak sensitive data; (5) in the majority of cases, Covid-related apps are released by entities with past experience on the market, mostly official government entities or public health organizations.

Download Full-text

Induction of Neural Plasticity Using a Low-Cost Open Source Brain-Computer Interface and a 3D-Printed Wrist Exoskeleton

Sensors ◽

10.3390/s21020572 ◽

2021 ◽

Vol 21 (2) ◽

pp. 572

Author(s):

Mads Jochumsen ◽

Taha Al Muhammadee Janjua ◽

Juan Carlos Arceo ◽

Jimmy Lauber ◽

Emilie Simoneau Buessinger ◽

...

Keyword(s):

Open Source ◽

Neural Plasticity ◽

Motor Evoked Potentials ◽

Low Cost ◽

True Positive Rate ◽

Positive Rate ◽

3D Printed ◽

Major Factors ◽

And Control ◽

Bci System

Brain-computer interfaces (BCIs) have been proven to be useful for stroke rehabilitation, but there are a number of factors that impede the use of this technology in rehabilitation clinics and in home-use, the major factors including the usability and costs of the BCI system. The aims of this study were to develop a cheap 3D-printed wrist exoskeleton that can be controlled by a cheap open source BCI (OpenViBE), and to determine if training with such a setup could induce neural plasticity. Eleven healthy volunteers imagined wrist extensions, which were detected from single-trial electroencephalography (EEG), and in response to this, the wrist exoskeleton replicated the intended movement. Motor-evoked potentials (MEPs) elicited using transcranial magnetic stimulation were measured before, immediately after, and 30 min after BCI training with the exoskeleton. The BCI system had a true positive rate of 86 ± 12% with 1.20 ± 0.57 false detections per minute. Compared to the measurement before the BCI training, the MEPs increased by 35 ± 60% immediately after and 67 ± 60% 30 min after the BCI training. There was no association between the BCI performance and the induction of plasticity. In conclusion, it is possible to detect imaginary movements using an open-source BCI setup and control a cheap 3D-printed exoskeleton that when combined with the BCI can induce neural plasticity. These findings may promote the availability of BCI technology for rehabilitation clinics and home-use. However, the usability must be improved, and further tests are needed with stroke patients.

Download Full-text

Real-Time In Vivo Bioluminescent Imaging for Evaluating the Efficacy of Antibiotics in a Rat Staphylococcus aureus Endocarditis Model

Antimicrobial Agents and Chemotherapy ◽

10.1128/aac.49.1.380-387.2005 ◽

2005 ◽

Vol 49 (1) ◽

pp. 380-387 ◽

Cited By ~ 68

Author(s):

Yan Q. Xiong ◽

Julie Willard ◽

Jagath L. Kadurugamuwa ◽

Jun Yu ◽

Kevin P. Francis ◽

...

Keyword(s):

Staphylococcus Aureus ◽

Real Time ◽

Imaging System ◽

Bioluminescent Imaging ◽

Vancomycin Therapy ◽

Treatment Groups ◽

Highly Sensitive ◽

Relevant Animal Model ◽

And Control

ABSTRACT Therapeutic options for invasive Staphylococcus aureus infections have become limited due to rising antimicrobial resistance, making relevant animal model testing of new candidate agents more crucial than ever. In the present studies, a rat model of aortic infective endocarditis (IE) caused by a bioluminescently engineered, biofilm-positive S. aureus strain was used to evaluate real-time antibiotic efficacy directly. This strain was vancomycin and cefazolin susceptible but gentamicin resistant. Bioluminescence was detected and quantified daily in antibiotic-treated and control animals with IE, using a highly sensitive in vivo imaging system (IVIS). Persistent and increasing cardiac bioluminescent signals (BLS) were observed in untreated animals. Three days of vancomycin therapy caused significant reductions in both cardiac BLS (>10-fold versus control) and S. aureus densities in cardiac vegetations (P < 0.005 versus control). However, 3 days after discontinuation of vancomycin therapy, a greater than threefold increase in cardiac BLS was observed, indicating relapsing IE (which was confirmed by quantitative culture). Cefazolin resulted in modest decreases in cardiac BLS and bacterial densities. These microbiologic and cardiac BLS differences during therapy correlated with a longer time-above-MIC for vancomycin (>12 h) than for cefazolin (∼4 h). Gentamicin caused neither a reduction in cardiac S. aureus densities nor a reduction in BLS. There were significant correlations between cardiac BLS and S. aureus densities in vegetations in all treatment groups. These data suggest that bioluminescent imaging provides a substantial advance in the real-time monitoring of the efficacy of therapy of invasive S. aureus infections in live animals.

Download Full-text

After the Ivory Tower: Gender, Commodification and the ‘Academic’

Feminist Review ◽

10.1057/fr.1997.8 ◽

1997 ◽

Vol 55 (1) ◽

pp. 130-142 ◽

Cited By ~ 18

Author(s):

Joanna de Groot

Keyword(s):

Job Insecurity ◽

Historical Context ◽

Ivory Tower ◽

Academic Identities ◽

Loss Of Autonomy ◽

External Power ◽

Key Features ◽

And Control ◽

Radical Transformation ◽

Do So

This piece uses a feminist approach to explore various aspects of ‘commodification’ in the lives and work of those teaching and researching in UK universities, and in particular its gender dimensions. After setting a historical context for the radical transformation of UK universities during the 1980s, it considers how this transformation was experienced by academics in terms of alienation, anxiety and accountability. Key features of that experience are loss of autonomy and control to the external power of competition and managerialism, insecurity and casualization in employment, and exposure to increasing judgemental scrutiny. For women academics job insecurity and discrimination continue to be disproportionately important, although some of the challenges to old established academic convention and practice have opened up real possibilities to progress more pro-women agendas. In the future they will confront quite depressing developments in the reconstruction of academic identities and labour, but have the legacy of the gains/insights of feminist analysis and politics over the last twenty years with which to do so.

Download Full-text

Study on Novel Automatic Steel Bundling Machine Pneumatic Control System

Advanced Materials Research ◽

10.4028/www.scientific.net/amr.490-495.594 ◽

2012 ◽

Vol 490-495 ◽

pp. 594-597

Author(s):

Cheng Qun Li ◽

Liang Gao

Keyword(s):

Control System ◽

Control Program ◽

Control Flow ◽

Pneumatic Control ◽

The Core ◽

New Type ◽

Action Process ◽

And Control

This paper introduces a new type of automatic steel bundling machine for bundling process, which includes a pneumatic action process, mainly do some researches on the pneumatic control system. The system chooses PLC as the core control component, puts forward the hardware of control system and control flow. Eventually we have been designed the control program.

Download Full-text