4,413 research outputs found
Checking Interaction-Based Declassification Policies for Android Using Symbolic Execution
Mobile apps can access a wide variety of secure information, such as contacts
and location. However, current mobile platforms include only coarse access
control mechanisms to protect such data. In this paper, we introduce
interaction-based declassification policies, in which the user's interactions
with the app constrain the release of sensitive information. Our policies are
defined extensionally, so as to be independent of the app's implementation,
based on sequences of security-relevant events that occur in app runs. Policies
use LTL formulae to precisely specify which secret inputs, read at which times,
may be released. We formalize a semantic security condition, interaction-based
noninterference, to define our policies precisely. Finally, we describe a
prototype tool that uses symbolic execution to check interaction-based
declassification policies for Android, and we show that it enforces policies
correctly on a set of apps.Comment: This research was supported in part by NSF grants CNS-1064997 and
1421373, AFOSR grants FA9550-12-1-0334 and FA9550-14-1-0334, a partnership
between UMIACS and the Laboratory for Telecommunication Sciences, and the
National Security Agenc
Translating Video Recordings of Mobile App Usages into Replayable Scenarios
Screen recordings of mobile applications are easy to obtain and capture a
wealth of information pertinent to software developers (e.g., bugs or feature
requests), making them a popular mechanism for crowdsourced app feedback. Thus,
these videos are becoming a common artifact that developers must manage. In
light of unique mobile development constraints, including swift release cycles
and rapidly evolving platforms, automated techniques for analyzing all types of
rich software artifacts provide benefit to mobile developers. Unfortunately,
automatically analyzing screen recordings presents serious challenges, due to
their graphical nature, compared to other types of (textual) artifacts. To
address these challenges, this paper introduces V2S, a lightweight, automated
approach for translating video recordings of Android app usages into replayable
scenarios. V2S is based primarily on computer vision techniques and adapts
recent solutions for object detection and image classification to detect and
classify user actions captured in a video, and convert these into a replayable
test scenario. We performed an extensive evaluation of V2S involving 175 videos
depicting 3,534 GUI-based actions collected from users exercising features and
reproducing bugs from over 80 popular Android apps. Our results illustrate that
V2S can accurately replay scenarios from screen recordings, and is capable of
reproducing 89% of our collected videos with minimal overhead. A case
study with three industrial partners illustrates the potential usefulness of
V2S from the viewpoint of developers.Comment: In proceedings of the 42nd International Conference on Software
Engineering (ICSE'20), 13 page
Event trace reduction for effective bug replay of Android apps via differential GUI state analysis
© 2019 ACM. Existing Android testing tools, such as Monkey, generate a large quantity and a wide variety of user events to expose latent GUI bugs in Android apps. However, even if a bug is found, a majority of the events thus generated are often redundant and bug-irrelevant. In addition, it is also time-consuming for developers to localize and replay the bug given a long and tedious event sequence (trace). This paper presents ECHO, an event trace reduction tool for effective bug replay by using a new differential GUI state analysis. Given a sequence of events (trace), ECHO aims at removing bug-irrelevant events by exploiting the differential behavior between the GUI states collected when their corresponding events are triggered. During dynamic testing, ECHO injects at most one lightweight inspection event after every event to collect its corresponding GUI state. A new adaptive model is proposed to selectively inject inspection events based on sliding windows to differentiate the GUI states on-the-fly in a single testing process. The experimental results show that ECHO improves the effectiveness of bug replay by removing 85.11% redundant events on average while also revealing the same bugs as those detected when full event sequences are used
The STAR MAPS-based PiXeL detector
The PiXeL detector (PXL) for the Heavy Flavor Tracker (HFT) of the STAR
experiment at RHIC is the first application of the state-of-the-art thin
Monolithic Active Pixel Sensors (MAPS) technology in a collider environment.
Custom built pixel sensors, their readout electronics and the detector
mechanical structure are described in detail. Selected detector design aspects
and production steps are presented. The detector operations during the three
years of data taking (2014-2016) and the overall performance exceeding the
design specifications are discussed in the conclusive sections of this paper
Heart Failure Monitoring System Based on Wearable and Information Technologies
In Europe, Cardiovascular Diseases (CVD) are the leading source of death, causing 45% of all deceases. Besides, Heart Failure, the paradigm of CVD, mainly affects people older than 65. In the current aging society, the European MyHeart Project was created, whose mission is to empower citizens to fight CVD by leading a preventive lifestyle and being able to be diagnosed at an early stage. This paper presents the development of a Heart Failure Management System, based on daily monitoring of Vital Body Signals, with wearable and mobile technologies, for the continuous assessment of this chronic disease. The System makes use of the latest technologies for monitoring heart condition, both with wearable garments (e.g. for measuring ECG and Respiration); and portable devices (such as Weight Scale and Blood Pressure Cuff) both with Bluetooth capabilitie
Graph-based Temporal Analysis in Digital Forensics
Establishing a timeline as part of a digital forensics investigation is a vital part of understanding the order in which system events occurred. However, most digital forensics tools present timelines as histogram or as raw artifacts. Consequently, digital forensics examiners are forced to rely on manual, labor-intensive practices to reconstruct system events. Current digital forensics analysis tools are at their technological limit with the increasing storage and complexity of data. A graph-based timeline can present digital forensics evidence in a structure that can be immediately understood and effortlessly focused. This paper presents the Temporal Analysis Integration Management Application (TAIMA) to enhance digital forensics analysis via information visualization (infovis) techniques. TAIMA is a prototype application that provides a graph-based timeline for event reconstruction using abstraction and visualization techniques. A workflow illustration and pilot usability study provided evidence that TAIMA assisted digital forensics specialists in identifying key system events during digital forensics analysis
Gap19, a Cx43 hemichannel inhibitor, acts as a gating modifier that decreases main state opening while increasing substate gating
Cx43 hemichannels (HCs) are electrically and chemically gated transmembrane pores with low open probability and multiple conductance states, which makes kinetic studies of channel gating in large datasets challenging. Here, we developed open access software, named HemiGUI, to analyze HC gating transitions and investigated voltage-induced HC opening based on up to ≈4000 events recorded in HeLa-Cx43-overexpressing cells. We performed a detailed characterization of Cx43 HC gating profiles and specifically focused on the role of the C-terminal tail (CT) domain by recording the impact of adding an EGFP tag to the Cx43 CT end (Cx43-EGFP) or by supplying the Cx43 HC-inhibiting peptide Gap19 that interferes with CT interaction with the cytoplasmic loop (CL). We found that Gap19 not only decreased HC opening activity to the open state (≈217 pS) but also increased the propensity of subconductance (≈80 pS) transitions that additionally became slower as compared to the control. The work demonstrates that large sample transition analysis allows detailed investigations on Cx43 HC gating and shows that Gap19 acts as a HC gating modifier by interacting with the CT that forms a crucial gating element
ChimpCheck: Property-Based Randomized Test Generation for Interactive Apps
We consider the problem of generating relevant execution traces to test rich
interactive applications. Rich interactive applications, such as apps on mobile
platforms, are complex stateful and often distributed systems where
sufficiently exercising the app with user-interaction (UI) event sequences to
expose defects is both hard and time-consuming. In particular, there is a
fundamental tension between brute-force random UI exercising tools, which are
fully-automated but offer low relevance, and UI test scripts, which are manual
but offer high relevance. In this paper, we consider a middle way---enabling a
seamless fusion of scripted and randomized UI testing. This fusion is
prototyped in a testing tool called ChimpCheck for programming, generating, and
executing property-based randomized test cases for Android apps. Our approach
realizes this fusion by offering a high-level, embedded domain-specific
language for defining custom generators of simulated user-interaction event
sequences. What follows is a combinator library built on industrial strength
frameworks for property-based testing (ScalaCheck) and Android testing (Android
JUnit and Espresso) to implement property-based randomized testing for Android
development. Driven by real, reported issues in open source Android apps, we
show, through case studies, how ChimpCheck enables expressing effective testing
patterns in a compact manner.Comment: 20 pages, 21 figures, Symposium on New ideas, New Paradigms, and
Reflections on Programming and Software (Onward!2017
Leveraging Program Analysis to Reduce User-Perceived Latency in Mobile Applications
Reducing network latency in mobile applications is an effective way of
improving the mobile user experience and has tangible economic benefits. This
paper presents PALOMA, a novel client-centric technique for reducing the
network latency by prefetching HTTP requests in Android apps. Our work
leverages string analysis and callback control-flow analysis to automatically
instrument apps using PALOMA's rigorous formulation of scenarios that address
"what" and "when" to prefetch. PALOMA has been shown to incur significant
runtime savings (several hundred milliseconds per prefetchable HTTP request),
both when applied on a reusable evaluation benchmark we have developed and on
real applicationsComment: ICSE 201
- …