Looking for Criminal Intents in JavaScript Obfuscated Code

The majority of websites incorporate JavaScript for client-side execution in a supposedly protected environment. Unfortunately, JavaScript has also proven to be a critical attack vector for both independent and state-sponsored groups of hackers. On the one hand, defenders need to analyze scripts to ensure that no threat is delivered and to respond to potential security incidents. On the other, attackers aim to obfuscate the source code in order to disorient the defenders or even to make code analysis practically impossible. Since code obfuscation may also be adopted by companies for legitimate intellectual-property protection, a dilemma remains on whether a script is harmless or malignant, if not criminal. To help analysts deal with such a dilemma, a methodology is proposed, called JACOB, which is based on five steps, namely: (1) source code parsing, (2) control flow graph recovery, (3) region identification, (4) code structuring, and (5) partial evaluation. These steps implement a sort of decompilation for control flow flattened code, which is progressively transformed into something that is close to the original JavaScript source, thereby making eventual code analysis possible. Most relevantly, JACOB has been successfully applied to uncover unwanted user tracking and fingerprinting in e-commerce websites operated by a well-known Chinese company

Towards a Lightweight Approach for Modding Serious Educational Games: Assisting Novice Designers

Serious educational games (SEGs) are a growing segment of the education community’s pedagogical toolbox. Effectively creating such games remains challenging, as teachers and industry trainers are content experts; typically they are not game designers with the theoretical knowledge and practical experience needed to create a quality SEG. Here, a lightweight approach to interactively explore and modify existing SEGs is introduced, a toll that can be broadly adopted by educators for pedagogically sound SEGs. Novice game designers can rapidly explore the educational and traditional elements of a game, with a stress on tracking the SEG learning objectives, as well as allowing for reviewing and altering a variety of graphic and audio game elements

Multimedia information technology and the annotation of video

The state of the art in multimedia information technology has not progressed to the point where a single solution is available to meet all reasonable needs of documentalists and users of video archives. In general, we do not have an optimistic view of the usability of new technology in this domain, but digitization and digital power can be expected to cause a small revolution in the area of video archiving. The volume of data leads to two views of the future: on the pessimistic side, overload of data will cause lack of annotation capacity, and on the optimistic side, there will be enough data from which to learn selected concepts that can be deployed to support automatic annotation. At the threshold of this interesting era, we make an attempt to describe the state of the art in technology. We sample the progress in text, sound, and image processing, as well as in machine learning

ALMA versus DDD

To be a debugger is a good thing! Since the very beginning of the programming activity, debuggers are the most important and widely used tools after editors and compilers; we completely recognize their importance for software development and testing. Debuggers work at machine level, after the compilation of the source program; they deal with assembly, or binary-code, and are mainly data structure inspectors. Alma is a program animator based on its abstract representation. The main idea is to show the algorithm being implemented by the program, independently from the language used to implement it. To say that ALMA is a debugger, with no value added, is not true! ALMA is a source code inspector but it deals with programming concepts instead of machine code. This makes possible to understand the source program at a conceptual level, and not only to fix run time errors. In this paper we compare our visualizer/animator system, ALMA, with one of the most well-known and used debuggers, the graphical version of GDB, the DDD program. The aim of the paper is twofold: the immediate objective is to prove that ALMA provides new features that are not usually offered by debuggers; the main contribution is to recall the concepts of debugger and animator, and clarify the role of both tools in the field of program understanding, or program comprehension.FC

A visual analytics architecture for the analysis and understanding of software systems

Visual analytics facilitates the creation of knowledge to interpret trends and relationships for better decision making. However, it has not being used widely for the understanding of software systems and the change process that takes place during their development and maintenance. This occurs despite the need of project managers and developers to analyze their systems to calculate the complexity, cohesion, direct, indirect and logical coupling, detect clones, defects and bad smells, and the comparison of individual revisions. This research considers the design of an extensible and scalable architecture to incorporate new and existing methods to retrieve source code from different versioning systems, to carry out the analysis of programs in different languages, to perform the calculation of software metrics and to present the results using visual representations, incorporated as Eclipse and Visual Studio extensions. Consequently, the aim of this work is to design a visual analytics architecture for the analysis and understanding of systems in different languages and its main contributions are the specification of the design and requirements of such architecture, taking as base the lessons learned in Maleku (A. González-Torres et al., 2016)

Assembler to C migration using the FermaT transformation system

The FermaT transformation system, based on research carried out over the last twelve years at Durham University and Software Migrations Ltd., is an industrial-strength formal transformation engine with many applications in program comprehension and language migration. This paper describes one application of the system: the migration of IBM 370 Assembler code to equivalent, maintainable C code. We present an example of using the tool to migrate a small, but complex, assembler module to C with no manual intervention required. We briefly discuss a mass migration exercise where 1,925 assembler modules were successfully migrated to C code