An Empirical Study on Android-related Vulnerabilities

Mobile devices are used more and more in everyday life. They are our cameras, wallets, and keys. Basically, they embed most of our private information in our pocket. For this and other reasons, mobile devices, and in particular the software that runs on them, are considered first-class citizens in the software-vulnerabilities landscape. Several studies investigated the software-vulnerabilities phenomenon in the context of mobile apps and, more in general, mobile devices. Most of these studies focused on vulnerabilities that could affect mobile apps, while just few investigated vulnerabilities affecting the underlying platform on which mobile apps run: the Operating System (OS). Also, these studies have been run on a very limited set of vulnerabilities. In this paper we present the largest study at date investigating Android-related vulnerabilities, with a specific focus on the ones affecting the Android OS. In particular, we (i) define a detailed taxonomy of the types of Android-related vulnerability; (ii) investigate the layers and subsystems from the Android OS affected by vulnerabilities; and (iii) study the survivability of vulnerabilities (i.e., the number of days between the vulnerability introduction and its fixing). Our findings could help OS and apps developers in focusing their verification & validation activities, and researchers in building vulnerability detection tools tailored for the mobile world

Early component-based reliability assessment using UML based software models

In the last decade, software has grown in complexity and size, while development timelines have diminished. As a result, component-based software engineering is becoming routine. Component-based software reliability assessment combines the architecture of the system with the reliability of the components to obtain the system reliability. This allows developers to produce a reliable system and testers to focus on the vulnerable areas.;This thesis discusses a tool developed to implement the methodology previously created for early reliability assessment of component-based systems. The tool, Early Component-based Reliability Assessment (ECRA), uses Rational Rose Unified Modeling Language (UML) diagrams to predict the reliability of component-based software. ECRA provides the user with an easy interface to annotate the UML diagrams and uses a Bayesian algorithm to predict the system reliability. This thesis presents the methodology of ECRA, the steps taken to develop it, and its applications

OZONE: Layer Identification in the presence of Cyclic Dependencies

International audienceA layered software architecture helps understanding the role of software entities (e.g., packages or classes) in a system and hence, the impact of changes on these entities. However, the computation of an optimal layered organization in the presence of cyclic dependencies is difficult. In this paper, we present an approach that (i) provides a strategy supporting the automated detection of cyclic dependencies, (ii) proposes heuristics to break cyclic dependencies, and (iii) computes an organization of software entities in multiple layers even in presence of cyclic dependencies. Our approach performs better than the other existing approaches in terms of accuracy and interactivity, it supports human inputs and constraints. In this paper, we present this approach and compare it to existing solutions. We applied our approach on two large software systems to identify package layers and the results are manually validated by software engineers of the two systems

SDK development for bridging heterogeneous data sources through connect bridge platform

Nesta dissertação apresentou-se um SDK para a criação de conectores a integrar com o CB Server, que pretende: acelerar o desenvolvimento, garantir melhores práticas e simplificar as diversas atividades e tarefas no processo de desenvolvimento. O SDK fornece uma API pública e simples, suportada por um conjunto de ferramentas, que facilitam o processo de desenvolvimento, explorando as facilidades disponibilizadas através da API. Para analisar a exatidão, viabilidade, integridade e acessibilidade da solução apresentam-se dois exemplos e casos de estudo. Através dos casos de estudo foi possível identificar uma lista de problemas, de pontos sensíveis e melhorias na solução proposta. Para avaliar a usabilidade da API, uma metodologia baseada em vários métodos de avaliação de usabilidade foi estabelecida. O múltiplo caso de estudo funciona como o principal método de avaliação, combinando vários métodos de pesquisa. O caso de estudo consiste em três fases de avaliação: um workshop, uma avaliação heurística e uma análise subjetiva. O caso de estudo envolveu três engenheiros de software (incluindo programadores e avaliadores). A metodologia aplicada gerou resultados com base num método de inspeção, testes de utilizador e entrevistas. Identificou-se não só pontos sensíveis e falhas no código-fonte, mas também problemas estruturais, de documentação e em tempo de execução, bem como problemas relacionados com a experiência do utilizador. O contexto do estudo é apresentado de modo a tirar conclusões acerca dos resultados obtidos. O trabalho futuro incluirá o desenvolvimento de novas funcionalidades. Adicionalmente, pretende-se resolver problemas encontrados na metodologia aplicada para avaliar a usabilidade da API, nomeadamente problemas e falhas no código fonte (por exemplo, validações) e problemas estruturais.In this dissertation, we present an SDK for the creation of connectors to integrate with CB Server which accelerates deployment, ensures best practices and simplifies the various activities and tasks in the development process. The SDK provides a public and simple API leveraged by a set of tools around the API developed which facilitate the development process by exploiting the API facilities. To analyse the correctness, feasibility, completeness, and accessibility of our solution, we presented two examples and case studies. From the case studies, we derived a list of issues found in our solution and a set of proposals for improvement. To evaluate the usability of the API, a methodology based on several usability evaluation methods has been established. Multiple case study works as the main evaluation method, combining several research methods. The case study consists of three evaluation phases – a hands-on workshop, a heuristic evaluation and subjective analysis. The case study involved three computer science engineers (including novice and expert developers and evaluators). The applied methodology generated insights based on an inspection method, a user test, and interviews. We identify not only problems and flaws in the source code, but also runtime, structural and documentation problems, as well as problems related to user experience. To help us draw conclusion from the results, we point out the context of the study. Future work will include the development of new functionalities. Additionally, we aim to solve problems found in the applied methodology to evaluate the usability of the API, namely problems and flaws in the source code (e.g. validations) and structural problems

EzWeb/FAST: Reporting on a Successful Mashup-based Solution for Developing and Deploying Composite Applications in the Upcoming "Ubiquitous SOA"

Service oriented architectures (SOAs) based on Web services have attracted a great interest and IT investments during the last years, principally in the context of business-to-business integration within corporate Intranets. However, they are nowadays evolving to break through enterprise boundaries, in a revolutionary attempt to make the approach pervasive, leading to what we call the ubiquitous SOA, i.e. a SOA conceived as a Web of services made up of compositional resources that empowers end-users to ubiquitously exploit these resources by collaboratively remixing them. In this paper we explore the architectural basis, technologies, frameworks and tools considered necessary to face this novel vision of SOA. We also present the rationale behind EzWeb/FAST: an undergoing EU funded project whose first outcomes could serve as a preliminary proof of concep

The benefits and challenges of AI image generators for architectural ideation: Study of an alternative human-machine co-creation exchange based on sketch recognition

editorial reviewedThis paper deals with creative co-design between human and machine. It presents an alternative design method based on an emerging technology of sketch interpretation to support co-creation and collaborative creativity in architecture. This technology embraces spontaneity in design by generating inspirational images linked to the architect's sketches. Our research aims to determine the benefits and challenges of this alternative instrumentation. We are developing a Wizard of Oz test method by immersing several designers in a studio instrumented by this human-machine co-creation technology. We analyze quantitatively and qualitatively the single-designer ideation activity of these subjects. We then investigate the integration of this co-creation instrumentation within the framework of a team design involving several architects. This confirms known benefits such as speeding-up and freeing-up of ideation and highlights the need for designers to evaluate sketched ideas by means of images simulating their real-life rendering, as well as the need for inspiration to materialize the premises of ideas that are still vague

A Reference Software Architecture for Social Robots

Social Robotics poses tough challenges to software designers who are required to take care of difficult architectural drivers like acceptability, trust of robots as well as to guarantee that robots establish a personalised interaction with their users. Moreover, in this context recurrent software design issues such as ensuring interoperability, improving reusability and customizability of software components also arise. Designing and implementing social robotic software architectures is a time-intensive activity requiring multi-disciplinary expertise: this makes difficult to rapidly develop, customise, and personalise robotic solutions. These challenges may be mitigated at design time by choosing certain architectural styles, implementing specific architectural patterns and using particular technologies. Leveraging on our experience in the MARIO project, in this paper we propose a series of principles that social robots may benefit from. These principles lay also the foundations for the design of a reference software architecture for Social Robots. The ultimate goal of this work is to establish a common ground based on a reference software architecture to allow to easily reuse robotic software components in order to rapidly develop, implement, and personalise Social Robots