4,725 research outputs found
Neural-Augmented Static Analysis of Android Communication
We address the problem of discovering communication links between
applications in the popular Android mobile operating system, an important
problem for security and privacy in Android. Any scalable static analysis in
this complex setting is bound to produce an excessive amount of
false-positives, rendering it impractical. To improve precision, we propose to
augment static analysis with a trained neural-network model that estimates the
probability that a communication link truly exists. We describe a
neural-network architecture that encodes abstractions of communicating objects
in two applications and estimates the probability with which a link indeed
exists. At the heart of our architecture are type-directed encoders (TDE), a
general framework for elegantly constructing encoders of a compound data type
by recursively composing encoders for its constituent types. We evaluate our
approach on a large corpus of Android applications, and demonstrate that it
achieves very high accuracy. Further, we conduct thorough interpretability
studies to understand the internals of the learned neural networks.Comment: Appears in Proceedings of the 2018 ACM Joint European Software
Engineering Conference and Symposium on the Foundations of Software
Engineering (ESEC/FSE
Teaching Concurrent Software Design: A Case Study Using Android
In this article, we explore various parallel and distributed computing topics
from a user-centric software engineering perspective. Specifically, in the
context of mobile application development, we study the basic building blocks
of interactive applications in the form of events, timers, and asynchronous
activities, along with related software modeling, architecture, and design
topics.Comment: Submitted to CDER NSF/IEEE-TCPP Curriculum Initiative on Parallel and
Distributed Computing - Core Topics for Undergraduate
Vibration Alert Bracelet for Notification of the Visually and Hearing Impaired
This paper presents the prototype of an electronic vibration bracelet designed to help the visually and hearing impaired to receive and send emergency alerts. The bracelet has two basic functions. The first function is to receive a wireless signal and respond with a vibration to alert the user. The second function is implemented by pushing one button of the bracelet to send an emergency signal. We report testing on a prototype system formed by a mobile application and two bracelets. The bracelets and the application form a complete system intended to be used in retirement apartment communities. However, the system is flexible and could be expanded to add new features or to serve as a research platform for gait analysis and location services. The medical and professional potential of the proposed system is that it offers a simple, modular, and cost-effective alternative to all the existing medical devices with similar functionality currently on the market. The proposed system has an educational potential as well: it can be used as a starting point for capstone projects and demonstration purposes in schools to attract students to STEM disciplines
Fog Computing in Medical Internet-of-Things: Architecture, Implementation, and Applications
In the era when the market segment of Internet of Things (IoT) tops the chart
in various business reports, it is apparently envisioned that the field of
medicine expects to gain a large benefit from the explosion of wearables and
internet-connected sensors that surround us to acquire and communicate
unprecedented data on symptoms, medication, food intake, and daily-life
activities impacting one's health and wellness. However, IoT-driven healthcare
would have to overcome many barriers, such as: 1) There is an increasing demand
for data storage on cloud servers where the analysis of the medical big data
becomes increasingly complex, 2) The data, when communicated, are vulnerable to
security and privacy issues, 3) The communication of the continuously collected
data is not only costly but also energy hungry, 4) Operating and maintaining
the sensors directly from the cloud servers are non-trial tasks. This book
chapter defined Fog Computing in the context of medical IoT. Conceptually, Fog
Computing is a service-oriented intermediate layer in IoT, providing the
interfaces between the sensors and cloud servers for facilitating connectivity,
data transfer, and queryable local database. The centerpiece of Fog computing
is a low-power, intelligent, wireless, embedded computing node that carries out
signal conditioning and data analytics on raw data collected from wearables or
other medical sensors and offers efficient means to serve telehealth
interventions. We implemented and tested an fog computing system using the
Intel Edison and Raspberry Pi that allows acquisition, computing, storage and
communication of the various medical data such as pathological speech data of
individuals with speech disorders, Phonocardiogram (PCG) signal for heart rate
estimation, and Electrocardiogram (ECG)-based Q, R, S detection.Comment: 29 pages, 30 figures, 5 tables. Keywords: Big Data, Body Area
Network, Body Sensor Network, Edge Computing, Fog Computing, Medical
Cyberphysical Systems, Medical Internet-of-Things, Telecare, Tele-treatment,
Wearable Devices, Chapter in Handbook of Large-Scale Distributed Computing in
Smart Healthcare (2017), Springe
Exploring Ransomware on The Oculus Quest 2
Virtual Reality Head Mounted Displays, also coined VR headsets, have breached barriers that held back widespread adoption and usage in the past. While covering the reasons for this large-scale spread, the idea is introduced that HMDs, which are standalone units, can become targets for malware. This work explores how applicable Android ransomware is to the Oculus Quest 2’s attack surface, due to the Quest’s usage of Android 10 as a base operating system. Existing ransomware samples are evaluated to determine an abstract definition of ransomware. This work also introduces SRS, Simple Ransomware Sample, which acts as a Proof-of-Concept, a minimum viable ransomware for testing ransomware on Android device attack surfaces. SRS is designed around the abstract ransomware definition that is derived. In addition to SRS, WannaLocker and Koler samples are used in testing. All samples are compared through execution on the Oculus Quest 2. Observed ransomware sample behavior is compared to expected behavior of each ransomware sample, as well as to the abstract ransomware definition. Ransomware sample success is evaluated based on expected behavior and the ability of the samples to execute definitional ransomware traits. The conclusion is that the Oculus Quest 2’s attack surface does contain the necessary aspects for the successful execution of ransomware
Computational Soundness for Dalvik Bytecode
Automatically analyzing information flow within Android applications that
rely on cryptographic operations with their computational security guarantees
imposes formidable challenges that existing approaches for understanding an
app's behavior struggle to meet. These approaches do not distinguish
cryptographic and non-cryptographic operations, and hence do not account for
cryptographic protections: f(m) is considered sensitive for a sensitive message
m irrespective of potential secrecy properties offered by a cryptographic
operation f. These approaches consequently provide a safe approximation of the
app's behavior, but they mistakenly classify a large fraction of apps as
potentially insecure and consequently yield overly pessimistic results.
In this paper, we show how cryptographic operations can be faithfully
included into existing approaches for automated app analysis. To this end, we
first show how cryptographic operations can be expressed as symbolic
abstractions within the comprehensive Dalvik bytecode language. These
abstractions are accessible to automated analysis, and they can be conveniently
added to existing app analysis tools using minor changes in their semantics.
Second, we show that our abstractions are faithful by providing the first
computational soundness result for Dalvik bytecode, i.e., the absence of
attacks against our symbolically abstracted program entails the absence of any
attacks against a suitable cryptographic program realization. We cast our
computational soundness result in the CoSP framework, which makes the result
modular and composable.Comment: Technical report for the ACM CCS 2016 conference pape
- …