An Historical Analysis of the SEAndroid Policy Evolution

Android adopted SELinux's mandatory access control (MAC) mechanisms in 2013. Since then, billions of Android devices have benefited from mandatory access control security policies. These policies are expressed in a variety of rules, maintained by Google and extended by Android OEMs. Over the years, the rules have grown to be quite complex, making it challenging to properly understand or configure these policies. In this paper, we perform a measurement study on the SEAndroid repository to understand the evolution of these policies. We propose a new metric to measure the complexity of the policy by expanding policy rules, with their abstraction features such as macros and groups, into primitive "boxes", which we then use to show that the complexity of the SEAndroid policies has been growing exponentially over time. By analyzing the Git commits, snapshot by snapshot, we are also able to analyze the "age" of policy rules, the trend of changes, and the contributor composition. We also look at hallmark events in Android's history, such as the "Stagefright" vulnerability in Android's media facilities, pointing out how these events led to changes in the MAC policies. The growing complexity of Android's mandatory policies suggests that we will eventually hit the limits of our ability to understand these policies, requiring new tools and techniques.Comment: 16 pages, 11 figures, published in ACSAC '1

Mobile Web applications

This document presents the work that was elaborated at the company Present Technologies as part of the academic discipline Internship/Industrial Project for the Master’s degree in Informatics and Systems, Software Development branch, at Instituto Superior de Engenharia de Coimbra. The area of the mobile web applications has grown exponentially over the last few years turning it into a very dynamic field where new development platforms and frameworks are constantly emerging. Thus, the internship consisted in the study of two new mobile operating systems, Tizen and Firefox OS, as well as two frameworks for packaging of mobile web applications – Adobe PhoneGap and Appcelerator Titanium. These platforms are in the direct interest of Present Technology since it pretends to use them in its future projects in general and in the Phune Gaming project in particular. Since Television is one of the Present Technologies’ business areas, during the course of the internship it was decided to perform additionally a study of two Smart TV platforms, namely Samsung Smart TV and Opera TV, which was considered as a valuable knowledge for the company. For each of the platforms was performed a study about its architecture, supported standards and the development tools that are provided, nevertheless the focus was on the applications and for this reason a practical case study was conducted. The case studies consisted in the creation of a prototype or packaging of an application, for the case of the packaging tools, in order to prove the feasibility of the applications for the Present Technologies’ needs. The outcome of the work performed during the internship is that it raised the awareness of Present Technology of the studied platforms, providing it with prototypes and written documentation for the platforms’ successful usage in future projects

Linux based mobile: operating systems

Trabalho de Projeto para obtenção do grau de Mestre em Engenharia Informática e de ComputadoresNos últimos quinze anos a industria móvel evolui de um Nokia 3310 que conseguia guardar vinte e quatro registos de chamadas para um iPhone que literalmenteconsegue salvaguardar uma vida inteira de chamadas. A industria móvel cresceu edescartou na maioria os sistema operativos proprietários, convergindo os seus esforços numa selecção de sistemas como Android, iOS e Windows Phone. Os sistemas operativos móveis estão em todo o lado, nos nossos telefones, relógiosou carros. Estes reestruturaram completamente a sociedade oferecendo a possibilidade de contactar qualquer pessoa no mundo inteiro a qualquer hora. Hoje emdia praticamente não conseguimos viver sem os nossos dispositivos móveis porqueos utilizamos para trabalhar, socializar, estudar e consumir informação. Apesar de serem os sistemas mais utilizados no mundo, os mecanismos internos,como é que eles executam, ou como trabalhar com eles continua a ser sujeito a taboo, devido à sua complexidade. Este projecto apresenta como é que um sistema operativo móvel moderno está organizado, como o compilar e como os executar num sistema embebido. Para o fazer foinecessário realizar um estudo para entender o kernel Linux, como é que este corree o que contém. Os sistemas Android e Tizen foram estudados e compreendidos deforma a entender o seu processo de compilação e execução. Finalmente, o projecto também descreve como executar num mesmo dispositivovários sistemas operativos e como os controlar. A prova de conceito foi realizadanuma placa de prototipagem ARM, usando um processador com a tecnologia maisrecente.Abstract: In the last fifteen years the mobile industry evolved from the Nokia 3310 that couldstore a hopping twenty-four phone records to an iPhone that literately can savea lifetime phone history. The mobile industry grew and thrown way most of theproprietary operating systems to converge their efforts in a selected few, such asAndroid, iOS and Windows Phone. Mobile operating systems are everywhere: on our phones, watches or cars. Theycompletely reshaped the worldwide society by having instant contact with virtuallyeveryone everywhere. Nowadays we almost can’t live without our mobile devicesbecause we use them to work, socialize, study and consume information. Although being the most used operating systems on the planet, the internal mechanisms, how they run and how towork them is still subject of taboo, mainly becausethe complexity that these systems have. This project presents how a modern mobile operating system is organized, howto build it and how to deploy into an embedded device. To accomplish that, thenecessary study was made to understand the Linux kernel, how it runs and what itcontains. The full fledged operating systems Android and Tizen were dismemberedto their core and analysed/studied on how to build and deploy them. Finally, the project also describes how to deploy on a single device, multiple operating systems and how can onemanage them. The proof of concept was built underan ARM board using the latest processor technology

Performance Benchmark for Smart TV Platforms, Set-Top Boxes and Game Consoles

Cílem této práce je vytvořit nástroj pro vývoj aplikací  na určité minoritní platformy, primárně Smart TV a HbbTV. Ty jsou implementovány v klienském JavaScriptu. Cílovou skupinou jsou tedy vývojáři takových aplikací, nikoli koncoví uživatelé. Zmíněný nástroj bude mít za cíl zjednodušit a urychlit vývojové procesy, hlavně ladění výkonu aplikací.The purpose of this thesis is to create a tool for development of applications for certain minority platforms, primarily Smart TV and HbbTV. Those are implemented in a client-side JavaScript. Target group are hence the JavaScript developers, not the end-users. Said tool will target simplification and speed-up of development processes, mainly applications' performance tuning.

Towards Modular and Flexible Access Control on Smart Mobile Devices

Smart mobile devices, such as smartphones and tablets, have become an integral part of our daily personal and professional lives. These devices are connected to a wide variety of Internet services and host a vast amount of applications, which access, store and process security- and privacy-sensitive data. A rich set of sensors, ranging from microphones and cameras to location and acceleration sensors, allows these applications and their back end services to reason about user behavior. Further, enterprise administrators integrate smart mobile devices into their IT infrastructures to enable comfortable work on the go. Unsurprisingly, this abundance of available high-quality information has made smart mobile devices an interesting target for attackers, and the number of malicious and privacy-intrusive applications has steadily been rising. Detection and mitigation of such malicious behavior are in focus of mobile security research today. In particular, the Android operating system has received special attention by both academia and industry due to its popularity and open-source character. Related work has scrutinized its security architecture, analyzed attack vectors and vulnerabilities and proposed a wide variety of security extensions. While these extensions have diverse goals, many of them constitute modifications of the Android operating system and extend its default permission-based access control model. However, they are not generic and only address specific security and privacy concerns. The goal of this dissertation is to provide generic and extensible system-centric access control architectures, which can serve as a solid foundation for the instantiation of use-case specific security extensions. In doing so, we enable security researchers, enterprise administrators and end users to design, deploy and distribute security extensions without further modification of the underlying operating system. To achieve this goal, we first analyze the mobile device ecosystem and discuss how Android's security architecture aims to address its inherent threats. We proceed to survey related work on Android security, focusing on system-centric security extensions, and derive a set of generic requirements for extensible access control architectures targeting smart mobile devices. We then present two extensible access control architectures, which address these requirements by providing policy-based and programmable interfaces for the instantiation of use-case specific security solutions. By implementing a set of practical use-cases, ranging from context-aware access control, dynamic application behavior analysis to isolation of security domains we demonstrate the advantages of system-centric access control architectures over application-layer approaches. Finally, we conclude this dissertation by discussing an alternative approach, which is based on application-layer deputies and can be deployed whenever practical limitations prohibit the deployment of system-centric solutions

Simulación de efectos electromagnéticos utilizando la tecnología de realidad aumentada

Los objetivos parciales son los que se definen a continuación: Conocer qué es la realidad aumentada y los diferentes usos y ventajas que puede suponer, en este caso, en relación a la educación y la enseñanza. Conocer y aprender el funcionamiento de la herramienta de diseño: Unity. Esta herramienta nos ayudará a poder llevar a cabo el diseño de la aplicación a través de elementos como objetos 3D, Canvas, materiales… Conocer las funcionalidades que nos proporciona Vuforia a través de Unity para poder introducir la realidad aumentada. Aprender a utilizar el lenguaje de programación necesario para llevar a cabo la aplicación, C#, y su entorno de programación, Microsoft Visual Studio. Esto incluye tareas como, por ejemplo, saber cómo se define cada tipo de dato, conocer las funciones que incluyen las librerías de Unity para este lenguaje de programación y saber cómo usar cada una de ellas o conocer las herramientas de depuración de la plataforma de programación. Gracias a ellos, podemos programar la aplicación para que tenga las funcionalidades deseadas. Aprender a diseñar objetos 3D con Blender, ya que nos hará falta para poder construir los objetos digitales necesarios en la simulación que no nos proporciona Unity.Ingeniería en Tecnologías de Telecomunicació

Développement natif, xamarin, hybride ou web: critères de choix et arbre de décision pour un développement mobile

En l’espace d’une dizaine d’années, le marché des mobiles intelligents s’est beaucoup développé. Trois entreprises se partagent le marché : Google avec Android, Apple avec iOS et Microsoft avec Windows Phone. Chacun propose une approche différente et un ensemble d’outils afin de concevoir une application mobile sous la forme de développement natif. Il profite de toute la puissance et les accélérations matérielles pour fournir la meilleure expérience utilisateur. Cependant, chaque plateforme nécessite un développement spécifique qui implique un investissement important en matière de développement, de maintenance et d’évolution afin de pouvoir distribuer une application sur les différents stores. Le développement d’une application web constitue une alternative qui pourra s’exécuter dans un navigateur internet sans se soucier du système d’exploitation. Elle possède néanmoins plusieurs inconvénients. Plus récemment, de nouveaux outils ont vu le jour avec pour ambition de simplifier le développement d’application mobile multiplateforme. Alors comment choisir quel type de développement est le plus approprié lorsqu’on veut concevoir une nouvelle application mobile ? Est-ce qu’une solution est toujours meilleure qu’une autre ? Quels sont les avantages et les inconvénients de chacune ? Ce travail a pour objectif d’analyser ces différentes solutions. Pour cela, les critères suivants seront analysés à travers la création de divers prototypes : Accès aux fonctionnalités : Toutes les plateformes ont-elles accès de la même façon au hardware des smartphones ? Stockage local : Dans quelle mesure pouvons-nous archiver temporairement et durablement du contenu dans les smartphones ? Communauté, documentation et version : Les plateformes sont-elles pérennes et dans quelles mesures pouvons-nous envisager leur avenir ? Performance : Toutes les plateformes sont-elles équivalentes en termes de réponse de calcul ? Temps de développement : Une plateforme apporte-t-elle plus d’avantages en termes de développement ? Coûts : Quels sont les coûts induits de chaque plateforme ? Interface graphique : Une plateforme apporte-t-elle une expérience utilisateur meilleure que les autres ? Lorsqu’un développement mobile est envisagé, il est important de bien définir les spécifications de l’application. Ainsi, on pourra évaluer l’importance des critères à l’aide d’une matrice de préférence. Par la suite, une matrice de décision nous indiquera la technologie la plus adaptée suivant le contexte