10,458 research outputs found
Overcoming Language Dichotomies: Toward Effective Program Comprehension for Mobile App Development
Mobile devices and platforms have become an established target for modern
software developers due to performant hardware and a large and growing user
base numbering in the billions. Despite their popularity, the software
development process for mobile apps comes with a set of unique, domain-specific
challenges rooted in program comprehension. Many of these challenges stem from
developer difficulties in reasoning about different representations of a
program, a phenomenon we define as a "language dichotomy". In this paper, we
reflect upon the various language dichotomies that contribute to open problems
in program comprehension and development for mobile apps. Furthermore, to help
guide the research community towards effective solutions for these problems, we
provide a roadmap of directions for future work.Comment: Invited Keynote Paper for the 26th IEEE/ACM International Conference
on Program Comprehension (ICPC'18
ACMiner: Extraction and Analysis of Authorization Checks in Android's Middleware
Billions of users rely on the security of the Android platform to protect
phones, tablets, and many different types of consumer electronics. While
Android's permission model is well studied, the enforcement of the protection
policy has received relatively little attention. Much of this enforcement is
spread across system services, taking the form of hard-coded checks within
their implementations. In this paper, we propose Authorization Check Miner
(ACMiner), a framework for evaluating the correctness of Android's access
control enforcement through consistency analysis of authorization checks.
ACMiner combines program and text analysis techniques to generate a rich set of
authorization checks, mines the corresponding protection policy for each
service entry point, and uses association rule mining at a service granularity
to identify inconsistencies that may correspond to vulnerabilities. We used
ACMiner to study the AOSP version of Android 7.1.1 to identify 28
vulnerabilities relating to missing authorization checks. In doing so, we
demonstrate ACMiner's ability to help domain experts process thousands of
authorization checks scattered across millions of lines of code
MOSDEN: A Scalable Mobile Collaborative Platform for Opportunistic Sensing Applications
Mobile smartphones along with embedded sensors have become an efficient
enabler for various mobile applications including opportunistic sensing. The
hi-tech advances in smartphones are opening up a world of possibilities. This
paper proposes a mobile collaborative platform called MOSDEN that enables and
supports opportunistic sensing at run time. MOSDEN captures and shares sensor
data across multiple apps, smartphones and users. MOSDEN supports the emerging
trend of separating sensors from application-specific processing, storing and
sharing. MOSDEN promotes reuse and re-purposing of sensor data hence reducing
the efforts in developing novel opportunistic sensing applications. MOSDEN has
been implemented on Android-based smartphones and tablets. Experimental
evaluations validate the scalability and energy efficiency of MOSDEN and its
suitability towards real world applications. The results of evaluation and
lessons learned are presented and discussed in this paper.Comment: Accepted to be published in Transactions on Collaborative Computing,
2014. arXiv admin note: substantial text overlap with arXiv:1310.405
Efficient Opportunistic Sensing using Mobile Collaborative Platform MOSDEN
Mobile devices are rapidly becoming the primary computing device in people's
lives. Application delivery platforms like Google Play, Apple App Store have
transformed mobile phones into intelligent computing devices by the means of
applications that can be downloaded and installed instantly. Many of these
applications take advantage of the plethora of sensors installed on the mobile
device to deliver enhanced user experience. The sensors on the smartphone
provide the opportunity to develop innovative mobile opportunistic sensing
applications in many sectors including healthcare, environmental monitoring and
transportation. In this paper, we present a collaborative mobile sensing
framework namely Mobile Sensor Data EngiNe (MOSDEN) that can operate on
smartphones capturing and sharing sensed data between multiple distributed
applications and users. MOSDEN follows a component-based design philosophy
promoting reuse for easy and quick opportunistic sensing application
deployments. MOSDEN separates the application-specific processing from the
sensing, storing and sharing. MOSDEN is scalable and requires minimal
development effort from the application developer. We have implemented our
framework on Android-based mobile platforms and evaluate its performance to
validate the feasibility and efficiency of MOSDEN to operate collaboratively in
mobile opportunistic sensing applications. Experimental outcomes and lessons
learnt conclude the paper
Security Toolbox for Detecting Novel and Sophisticated Android Malware
This paper presents a demo of our Security Toolbox to detect novel malware in
Android apps. This Toolbox is developed through our recent research project
funded by the DARPA Automated Program Analysis for Cybersecurity (APAC)
project. The adversarial challenge ("Red") teams in the DARPA APAC program are
tasked with designing sophisticated malware to test the bounds of malware
detection technology being developed by the research and development ("Blue")
teams. Our research group, a Blue team in the DARPA APAC program, proposed a
"human-in-the-loop program analysis" approach to detect malware given the
source or Java bytecode for an Android app. Our malware detection apparatus
consists of two components: a general-purpose program analysis platform called
Atlas, and a Security Toolbox built on the Atlas platform. This paper describes
the major design goals, the Toolbox components to achieve the goals, and the
workflow for auditing Android apps. The accompanying video
(http://youtu.be/WhcoAX3HiNU) illustrates features of the Toolbox through a
live audit.Comment: 4 pages, 1 listing, 2 figure
apk2vec: Semi-supervised multi-view representation learning for profiling Android applications
Building behavior profiles of Android applications (apps) with holistic, rich
and multi-view information (e.g., incorporating several semantic views of an
app such as API sequences, system calls, etc.) would help catering downstream
analytics tasks such as app categorization, recommendation and malware analysis
significantly better. Towards this goal, we design a semi-supervised
Representation Learning (RL) framework named apk2vec to automatically generate
a compact representation (aka profile/embedding) for a given app. More
specifically, apk2vec has the three following unique characteristics which make
it an excellent choice for largescale app profiling: (1) it encompasses
information from multiple semantic views such as API sequences, permissions,
etc., (2) being a semi-supervised embedding technique, it can make use of
labels associated with apps (e.g., malware family or app category labels) to
build high quality app profiles, and (3) it combines RL and feature hashing
which allows it to efficiently build profiles of apps that stream over time
(i.e., online learning). The resulting semi-supervised multi-view hash
embeddings of apps could then be used for a wide variety of downstream tasks
such as the ones mentioned above. Our extensive evaluations with more than
42,000 apps demonstrate that apk2vec's app profiles could significantly
outperform state-of-the-art techniques in four app analytics tasks namely,
malware detection, familial clustering, app clone detection and app
recommendation.Comment: International Conference on Data Mining, 201
- …