SCANNER: Sequence Clustering of resource Access to find Nearest Neighbors

The Android operating system currently holds 83% of the smartphone market with more than three million applications available on the leading applications (apps) stores. These apps require a set of permissions on installation and the user has to trust that they behave as expected. This can represent a risk to the user\u27s sensitive information and hence a critical question is how can we track these apps and understand how they are behaving. The current methods to characterize the behavior of applications focus on two types: 1) static analysis, extracting information from the .dex files or the manifest.xml, and 2) dynamic analysis, logging the system calls, control flow or processing sand-boxed execution traces. However, there is a lack of work involving the use of sequential resource access to help reveal critical behavior patterns and find similarly behaving applications. This work presents SCANNER, a system to analyze the applications\u27 sequential accesses to the various resources on Android devices to cluster similarly behaving applications. We propose to use the Longest Common Subsequence (LCS) to describe the ordered sequences and contrast it with the use of statistical access rates for characterizing application behaviors. Using these features, the applications are clustered to find the nearest neighbors. A set of metrics is defined to quantify how well the neighbors resemble each application and the compactness of the clusters. Our results show that the use of LCS features helps identify similarly behaving applications with resource access patterns that are not necessarily identifiable by using the access rates alone

Deceit: A flexible distributed file system

Deceit, a distributed file system (DFS) being developed at Cornell, focuses on flexible file semantics in relation to efficiency, scalability, and reliability. Deceit servers are interchangeable and collectively provide the illusion of a single, large server machine to any clients of the Deceit service. Non-volatile replicas of each file are stored on a subset of the file servers. The user is able to set parameters on a file to achieve different levels of availability, performance, and one-copy serializability. Deceit also supports a file version control mechanism. In contrast with many recent DFS efforts, Deceit can behave like a plain Sun Network File System (NFS) server and can be used by any NFS client without modifying any client software. The current Deceit prototype uses the ISIS Distributed Programming Environment for all communication and process group management, an approach that reduces system complexity and increases system robustness