Security Analysis of Android Applications

Nowadays, people can easily jump into learning programming on any platform they are interested in. It is the same with Android application development. However, security aspects during development are usually not considered in the first place. Sometimes testing an application's security has to be done in divergent environments and with different techniques, approaches, and tools. The more testing and investigation techniques used on an application; the more fields would be covered. Using static and dynamic analysis together can produce better security research coverage than using only one approach. The first and most important thing about cyber security is the theory. Developers must pay attention to many diverse parts of functions’ behaviors and be completely aware of the existing implementation of the built-in Android components. How can an Android application developer ensure that their application is not exposed to attackers? A feasible way to learn how to defend your application is to attempt to attack it. By examining penetration testing techniques, network monitoring, vulnerability showcases, and explanations, developers can answer how to find and take advantage of security weaknesses and threats in an application and how to come up with mitigations for it

End-User Needs of Fragmented Databases in Higher Education Data Analysis and Decision Making

Indiana University-Purdue University Indianapolis (IUPUI)In higher education, a wealth of data is available to advisors, recruiters, marketers, and program directors. However, data sources can be accessed in a variety of ways and often do not seem to represent the same data set, presenting users with the confounding notion that data sources are in conflict with one another. As users are identifying new ways of accessing and analyzing this data, they are modifying existing work practices and sometimes creating their own databases. To understand how users are navigating these databases, the researchers employed a mixed methods research design including a survey and interview to understand the needs to end users who are accessing these seemingly fragmented databases. The study resulted in a three overarching categories – access, understandability, and use – that affect work practices for end users. The researchers used these themes to develop a set of broadly applicable design recommendations as well as six sets of sketches for implementation – development of a data gateway, training, collaboration, tracking, definitions and roadblocks, and time management

Outlaw Innovation, Software Piracy and Parallel Imports in the Video Game Market

[[abstract]]This article analyzes the impact of outlaw innovations on the video game market. Rather than solely focusing on piracy in a closed economy, this study discusses the impact of parallel imports (PI) inspired by outlaw innovations. A simple model with one monopolistic hardware manufacturer and one monopolistic software provider selling complementary products in two countries is developed to show three results that are in contrast to general expectation. First, software piracy could be beneficial for both firms. Second, the hardware manufacturer may benefit from PI. Third, consumers in the PI recipient country are not necessarily better off due to PI.[[sponsorship]]淡江大學經濟學系; 西南財經大學經濟學院[[conferencetype]]兩岸[[conferencetkucampus]]淡水校園[[conferencedate]]20121002~20121002[[iscallforpapers]]Y[[conferencelocation]]新北市, 臺

The Professionalization of Hackers: A Content Analysis of 30 Years of Hacker Communication

Underground hacking has evolved from its early countercultural roots to become a complex and varied phenomenon. By combining a historical review of the literature with a content analysis of 30 years of underground hacker communication, we show that hacking has evolved in three waves to embrace learning and creativity, intrusion and crime, as well as politics and cyberwarfare. We uncover a paradoxical relationship between hackers and society at large where underground hacking is considered a digital crime while at the same time inspiring and driving corporate innovation, cybersecurity, and even cyberwarfare. The outcome of our research provides a nuanced picture of the hacker underground by highlighting differences between competing discursive themes across time. Moreover, by translating these themes into a set of six contrasting personas of IS professionals, we discuss how knowledge, technologies, and creative practices of underground hackers are being professionalized. We use this discussion to provide implications and a research agenda for IS studies in cybersecurity, innovation, and cyberwarfare

Taxonomy of Attacks on Open-Source Software Supply Chains

The widespread dependency on open-source software makes it a fruitful target for malicious actors, as demonstrated by recurring attacks. The complexity of today's open-source supply chains results in a significant attack surface, giving attackers numerous opportunities to reach the goal of injecting malicious code into open-source artifacts that is then downloaded and executed by victims. This work proposes a general taxonomy for attacks on open-source supply chains, independent of specific programming languages or ecosystems, and covering all supply chain stages from code contributions to package distribution. Taking the form of an attack tree, it covers 107 unique vectors, linked to 94 real-world incidents, and mapped to 33 mitigating safeguards. User surveys conducted with 17 domain experts and 134 software developers positively validated the correctness, comprehensiveness and comprehensibility of the taxonomy, as well as its suitability for various use-cases. Survey participants also assessed the utility and costs of the identified safeguards, and whether they are used

Homebrew and the social construction of gaming : community, creativity, and legal context of amateur Game Boy Advance development

Thesis (S.M.)--Massachusetts Institute of Technology, Dept. of Comparative Media Studies, 2005.Includes bibliographical references (leaves 147-156).This thesis challenges the common social construction of game development, which perceives the activity only within its commercial, corporate realm. As an exemplar of the many thriving amateur development communities, the self-identified "homebrew" Nintendo Game Boy Advance (GBA) development community is analyzed in-depth. This unique community is brought to the attention of scholars as an important intersection of game studies and amateur media studies, challenging the focus of game studies on commercial production. The GBA homebrew community is studied from the personal motivational level to the social dynamics of the group. The analysis considers the blend of technological and cultural motivations brought to bear on the production and the content of the amateur games, and how amateur development facilitates skill acquisition outside of canonical academic structure, and opens access to professional mobility. The case study advances both historical and contemporary comparisons to other independent media communities. The thesis also examines discussions in the community around peer-judged competitions as a form of vernacular theory. The content of homebrew GBA games released into the community are further analyzed, with the construction of useful categories spanning genre, fan games, remakes, remixes, and tech demos. Nostalgia and parody in relation to game history are especially considered, as are demonstrations of technical skill ("tech demos") as a uniquely amateur practice. The legal context of amateur GBA development is also examined. Nintendo maintains the GBA as a closed, proprietary system, and thus for homebrew developers access to information and legitimacy is blocked.(cont.) Comparisons are advanced to historical examples of intellectual property enforcement in the emergence of corporate media in the 20th century. Amateur practice is found to be tangential to corporate interests, ignored both by the disinterest of corporations, and in blanket policies targeting piracy. Historical cases that legitimate reverse engineering of software are discussed for context. Thesis concludes that one cannot cleanly construct categories of amateur and professional as separate practices, and remarks upon the constant renewal and shifts in amateur development communities as new game platforms are released in the commercial market.by Brett Bennett Camper.S.M

Declaration patterns in dependency management : a thesis presented in partial fulfilment of the requirements for the degree of Master of Science in Computer Science at Massey University, Manawatū, New Zealand

Dependency management has become an important topic within the field of software engineering, where large-scale projects use an increasing number of dependencies to quickly integrate advanced functionality into projects. To take advantage of agile principles - with their fast release cycles - it has become common to delegate the task of dependency management to package managers, whose responsibilities it is to find and download a specified version of the dependency at build time. The principles of Semantic Versioning allow developers to specify version declarations that allow package managers to choose from not just one, but a range of versions, giving rise to the automatic updating of dependencies - a convenient but potentially risky option due to backwards incompatibility issues in some updates. In this thesis, we examine the types of declarations used and their effects on software quality. We find a large variation in practices between software ecosystems, with some opting for conservative, fixed declaration styles, others that prefer Semantic Versioning style ranges, and a few that use higher risk open range styles. We then delve into the consequences of these declaration choices by considering how they affect technical lag, a software quality indicator, finding that declaration styles can have a significant effect on lag. In order to avoid technical lag, in all but the most extreme cases (using open ranges), it is necessary to update declarations periodically. In the case of fixed declarations, updates must be made with every change to the dependency - an ongoing challenge and time outlay for developers. We considered this case to find how regularly developers that use fixed declarations update lagging declarations, finding that developers rarely keep up with changes. The datasets used for these works consisted of large-scale, open-source projects. A developer survey has also been included to contextualise the quantitative results, allowing insight into the intentions of developers who make these declaration choices, and to gain insight on how applicable these findings might be to closed-source projects

Alaska's Food (In)Security, Climate Change and the Boreal Forest, Biomass and Hydrocarbons

[Geography] -- AMSA: the future of arctic marine shipping: With more shipping traffic in the north and greater marine access due to the retreat of Arctic sea ice, the Arctic states needed to develop a strategy to protect the maritime Arctic, its people, and the environment -- [Forest Sciences] -- Changing the forest and the trees - Is it climate?: Sunspots, sun cycles, El Ninos, La Ninas, atmospheric oscillations, greenhouse gases: climate change has begun to affect the boreal more than any other forest region. / Glenn Patrick Juday -- One Tree in the Tanana Valley: Take one entire tree, and make everything you can out of it-including science and art education. / Nancy Tarnai -- Forest Dynamics & Management: This program monitors the growth and change in Alaska's forests, looking at forest health, characteristics, and regeneration. / Jingjing Liang and Tom Maline -- [High-Latitude Agriculture] -- Alaska's food (in)security: Alaskans have become aware that their food security is precarious - and they're doing something about it. / Deirdre Helfferich and Nancy Tarnai -- Leafhoppers: In Alaska, potato production accounts for 14 percent of total agricultural crop revenues, but the insect pests that can affect them are poorly understood. / Alberto Pantoja, Aaron M. Hagerty, Susan Y. Emmert, and Joseph E. Munyaneza -- You are my Sunshine!: The author took up the challenge: to make a beer brewed with Sunshine Hulless Barley, developed by AFES and released in 2009. / Anita Hartmann -- Reindeer market project makes history: For the first time, reindeer are 4-H project livestock. / George Aguiar -- Security of the red meat supply: Red meat for Alaskans, like other aspects of the food supply in the northernmost state, is dependent upon Outside sources. / Thomas F. Paragi, S. Craig Gerlach, and Alison M. Meadow -- [Natural Resources] -- Salmon and alder: Gasification of Low-Value Biomass in Alaska: Converting Alaska-specific biomass into a volatile hydrocarbon mixture could offset fuel use in remote locations. / Shawn Freitas, Andres Soria, and Cindy Bower -- Unlocking hydrocarbons from biomass: In the world of renewable energy, biomass is the sole source capable of producing hydrocarbons, the raw material needed for fuel, plastics, and the variety of products that maintain the economy. / Andres Soria -- Carex spectabilis: A Sedge for Landscaping and Revegetation in Alaska: Establishing groundcover on barren ground can be a challenge in Alaska; an indigenous sedge may provide a solution. / Jay D. McKendrick -- [People] -- Horace Drury: In Momoriam: This former director of the Alaska Agricultural & Forestry Experiment Station faced the challenge of 'new problems in a new land'. / Nancy Tarnai -- [News & Publications