Static Privacy Analysis by Flow Reconstruction of Tainted Data

Software security vulnerabilities and leakages of private information are two of the main issues in modern software systems. Several different approaches, ranging from design techniques to run-time monitoring, have been applied to prevent, detect and isolate such vulnerabilities. Static taint analysis has been particularly successful in detecting injection vulnerabilities at compile time. However, its extension to detect leakages of sensitive data has been only partially investigated. In this paper, we introduce BackFlow, a backward flow reconstructor that, starting from the results of a generic taint analysis engine, reconstructs the flow of tainted data. If successful, BackFlow provides full information about the flow that such data (e.g. private information or user input) traversed inside the program before reaching a sensitive point (e.g. Internet communication or execution of an SQL query). Such information is needed to extend taint analysis to privacy analyses, since in such a scenario it is important to know which exact type of sensitive data flows to what type of communication channels. BackFlow has been implemented in Julia (an industrial static analyzer for Java, Android and .NET programs), and applied to WebGoat and different benchmarks to detect both injections and privacy issues. The experimental results prove that BackFlow is able to reconstruct the flow of tainted data for most of the true positives, it scales up to industrial applications, and it can be effectively applied to privacy analysis, such as the detection of sensitive data leaks or compliance with a data regulation.

In-depth analysis of the results of an experimental study of the braking properties of a KAMAZ-740 engine with an engine brake under electronic control

As a result of an in-depth analysis, the dependences of the braking torque of a KAMAZ-740 diesel engine on the engine braking time were obtained in an analytical form, from which it was established that the initial braking torque when braking by an engine with an engine brake is 2 times higher than the initial braking torque when braking by an engine without an engine brake. But the braking torque when braking with an engine with an engine brake quickly decreases several times over time. This reduces the effectiveness of its use for service braking, therefore, to improve the engine brake, it is necessary to stabilize its braking torque due to the electronic control system. Keywords: analysis, engine braking properties, experimental research, electronic control

Technology Enhanced Learning Using Humanoid Robots

In this paper we present a mixture of technologies tailored for e-learning related to the Deep Learning, Sentiment Analysis, and Semantic Web domains, which we have employed to show four different use cases that we have validated in the field of Human-Robot Interaction. The approach has been designed using Zora, a humanoid robot that can be easily extended with new software behaviors. The goal is to make the robot able to engage users through natural language for different tasks. Using our software the robot can (i) talk to the user and understand their sentiments through a dedicated Semantic Sentiment Analysis engine; (ii) answer to open-dialog natural language utterances by means of a Generative Conversational Agent; (iii) perform action commands leveraging a defined Robot Action ontology and open-dialog natural language utterances; and (iv) detect which objects the user is handing by using convolutional neural networks trained on a huge collection of annotated objects. Each module can be extended with more data and information and the overall architectural design is general, flexible, and scalable and can be expanded with other components, thus enriching the interaction with the human. Different applications within the e-learning domains are foreseen: The robot can either be a trainer and autonomously perform physical actions (e.g., in rehabilitation centers) or it can interact with the users (performing simple tests or even identifying emotions) according to the program developed by the teachers.

A study on the high-efficiency mixer of the SCR system

A new mixer for a diesel engine after-treatment system is developed to meet the requirements of China VI emission regulation. As for the structure of the mixer, it is surrounded by spiral blades, and the center is staggered with small blades, which is conducive to the crushing of urea droplets and can make the droplets fully mixed with air, improve the conversion efficiency of nitrogen oxides (NOx) and reduce ammonia leakage. The numerical analysis, engine bench test, and vehicle road test were carried out on the after-treatment system equipped with the new mixer. The numerical calculation results show that the velocity uniformity index of the selective catalytic reduction (SCR) carrier can reach 0.98, as well as the ammonia uniformity can reach 0.95, meanwhile, the low wall film height shows excellent anti-crystallization properties. engine bench test results are consistent with numerical results. The crystallization status of the mixer after the vehicle durability test is acceptable and well performed.

Flaws in the Android Permission Protocol with Limited Verification

Purpose of the article: analysis of the resolution protocol implemented in the Android operating system as the most popular for smartphones and other electronic gadgets; consider a formal model of the Android permission protocol and describe the automatic security analysis of this model; identify potential flaws in the permitting protocol. Research method: A formal model of the Android permission protocol based on C++ using the Java NDK based on first-order relational logic is considered, with an analysis engine that performs limited model validation. Result. Created a formal model of Android permission protocol using C ++ using Java NDK. The model identified flaws in the Android permission protocol, and thus exposed Android security vulnerabilities. The developed Android protocol permission model consists of three parts: an Android device architecture query; Android permission scheme request; system operations. Fixed flaws in Android OS related to custom permissions vulnerability. An experiment is presented to demonstrate the feasibility and prevalence of custom permissions vulnerability in existing Android applications. Examination of real Android applications supports our finding that flaws in the Android permission protocol can have serious security implications for electronic gadget applications, and in some cases allows an attacker to completely bypass permission checks. A study of one of the vulnerabilities showed that it is widespread among many existing Android applications. Most developers do not perform any additional validation to ensure that inbound APIs come from trusted applications or vendors, assuming they may not be aware of a custom permissions vulnerability despite its potential for security breaches. The result will be useful for software developers for operating systems with permissions - Android, iOS and Fire OS.

Flapjack: a data management and analysis tool for genetic circuit characterization

Characterization is fundamental to the design, build, test, learn (DBTL) cycle for engineering synthetic genetic circuits. Components must be described in such a way as to account for their behavior in a range of contexts. Measurements and associated metadata, including part composition, constitute the test phase of the DBTL cycle. These data may consist of measurements of thousands of circuits, measured in hundreds of conditions, in multiple assays potentially performed in different labs and using different techniques. In order to inform the learn phase this large volume of data must be filtered, collated, and analyzed. Characterization consists of using this data to parameterize models of component function in different contexts, and combining them to predict behaviors of novel circuits. Tools to store, organize, share, and analyze large volumes of measurement and metadata are therefore essential to linking the test phase to the build and learn phases, closing the loop of the DBTL cycle. Here we present such a system, implemented as a web app with a backend data registry and analysis engine. An interactive frontend provides powerful querying, plotting and analysis tools, and we provide a REST API and Python package for full integration with external build and learn software. All measurements are associated to circuit part composition via SBOL. We demonstrate our tool by characterizing a range of genetic components and circuits according to composition and context.