24,029 research outputs found
ACMiner: Extraction and Analysis of Authorization Checks in Android's Middleware
Billions of users rely on the security of the Android platform to protect
phones, tablets, and many different types of consumer electronics. While
Android's permission model is well studied, the enforcement of the protection
policy has received relatively little attention. Much of this enforcement is
spread across system services, taking the form of hard-coded checks within
their implementations. In this paper, we propose Authorization Check Miner
(ACMiner), a framework for evaluating the correctness of Android's access
control enforcement through consistency analysis of authorization checks.
ACMiner combines program and text analysis techniques to generate a rich set of
authorization checks, mines the corresponding protection policy for each
service entry point, and uses association rule mining at a service granularity
to identify inconsistencies that may correspond to vulnerabilities. We used
ACMiner to study the AOSP version of Android 7.1.1 to identify 28
vulnerabilities relating to missing authorization checks. In doing so, we
demonstrate ACMiner's ability to help domain experts process thousands of
authorization checks scattered across millions of lines of code
Knowledge data discovery and data mining in a design environment
Designers, in the process of satisfying design requirements, generally encounter difficulties in, firstly, understanding the problem and secondly, finding a solution [Cross 1998]. Often the process of understanding the problem and developing a feasible solution are developed simultaneously by proposing a solution to gauge the extent to which the solution satisfies the specific requirements. Support for future design activities has long been recognised to exist in the form of past design cases, however the varying degrees of similarity and dissimilarity found between previous and current design requirements and solutions has restrained the effectiveness of utilising past design solutions. The knowledge embedded within past designs provides a source of experience with the potential to be utilised in future developments provided that the ability to structure and manipulate that knowledgecan be made a reality. The importance of providing the ability to manipulate past design knowledge, allows the ranging viewpoints experienced by a designer, during a design process, to be reflected and supported. Data Mining systems are gaining acceptance in several domains but to date remain largely unrecognised in terms of the potential to support design activities. It is the focus of this paper to introduce the functionality possessed within the realm of Data Mining tools, and to evaluate the level of support that may be achieved in manipulating and utilising experiential knowledge to satisfy designers' ranging perspectives throughout a product's development
Integration of decision support systems to improve decision support performance
Decision support system (DSS) is a well-established research and development area. Traditional isolated, stand-alone DSS has been recently facing new challenges. In order to improve the performance of DSS to meet the challenges, research has been actively carried out to develop integrated decision support systems (IDSS). This paper reviews the current research efforts with regard to the development of IDSS. The focus of the paper is on the integration aspect for IDSS through multiple perspectives, and the technologies that support this integration. More than 100 papers and software systems are discussed. Current research efforts and the development status of IDSS are explained, compared and classified. In addition, future trends and challenges in integration are outlined. The paper concludes that by addressing integration, better support will be provided to decision makers, with the expectation of both better decisions and improved decision making processes
- …