129,594 research outputs found
On Formal Methods for Collective Adaptive System Engineering. {Scalable Approximated, Spatial} Analysis Techniques. Extended Abstract
In this extended abstract a view on the role of Formal Methods in System
Engineering is briefly presented. Then two examples of useful analysis
techniques based on solid mathematical theories are discussed as well as the
software tools which have been built for supporting such techniques. The first
technique is Scalable Approximated Population DTMC Model-checking. The second
one is Spatial Model-checking for Closure Spaces. Both techniques have been
developed in the context of the EU funded project QUANTICOL.Comment: In Proceedings FORECAST 2016, arXiv:1607.0200
Do Android Taint Analysis Tools Keep Their Promises?
In recent years, researchers have developed a number of tools to conduct
taint analysis of Android applications. While all the respective papers aim at
providing a thorough empirical evaluation, comparability is hindered by varying
or unclear evaluation targets. Sometimes, the apps used for evaluation are not
precisely described. In other cases, authors use an established benchmark but
cover it only partially. In yet other cases, the evaluations differ in terms of
the data leaks searched for, or lack a ground truth to compare against. All
those limitations make it impossible to truly compare the tools based on those
published evaluations.
We thus present ReproDroid, a framework allowing the accurate comparison of
Android taint analysis tools. ReproDroid supports researchers in inferring the
ground truth for data leaks in apps, in automatically applying tools to
benchmarks, and in evaluating the obtained results. We use ReproDroid to
comparatively evaluate on equal grounds the six prominent taint analysis tools
Amandroid, DIALDroid, DidFail, DroidSafe, FlowDroid and IccTA. The results are
largely positive although four tools violate some promises concerning features
and accuracy. Finally, we contribute to the area of unbiased benchmarking with
a new and improved version of the open test suite DroidBench
A Declarative Framework for Specifying and Enforcing Purpose-aware Policies
Purpose is crucial for privacy protection as it makes users confident that
their personal data are processed as intended. Available proposals for the
specification and enforcement of purpose-aware policies are unsatisfactory for
their ambiguous semantics of purposes and/or lack of support to the run-time
enforcement of policies.
In this paper, we propose a declarative framework based on a first-order
temporal logic that allows us to give a precise semantics to purpose-aware
policies and to reuse algorithms for the design of a run-time monitor enforcing
purpose-aware policies. We also show the complexity of the generation and use
of the monitor which, to the best of our knowledge, is the first such a result
in literature on purpose-aware policies.Comment: Extended version of the paper accepted at the 11th International
Workshop on Security and Trust Management (STM 2015
Keeping Context In Mind: Automating Mobile App Access Control with User Interface Inspection
Recent studies observe that app foreground is the most striking component
that influences the access control decisions in mobile platform, as users tend
to deny permission requests lacking visible evidence. However, none of the
existing permission models provides a systematic approach that can
automatically answer the question: Is the resource access indicated by app
foreground? In this work, we present the design, implementation, and evaluation
of COSMOS, a context-aware mediation system that bridges the semantic gap
between foreground interaction and background access, in order to protect
system integrity and user privacy. Specifically, COSMOS learns from a large set
of apps with similar functionalities and user interfaces to construct generic
models that detect the outliers at runtime. It can be further customized to
satisfy specific user privacy preference by continuously evolving with user
decisions. Experiments show that COSMOS achieves both high precision and high
recall in detecting malicious requests. We also demonstrate the effectiveness
of COSMOS in capturing specific user preferences using the decisions collected
from 24 users and illustrate that COSMOS can be easily deployed on smartphones
as a real-time guard with a very low performance overhead.Comment: Accepted for publication in IEEE INFOCOM'201
Contract Aware Components, 10 years after
The notion of contract aware components has been published roughly ten years
ago and is now becoming mainstream in several fields where the usage of
software components is seen as critical. The goal of this paper is to survey
domains such as Embedded Systems or Service Oriented Architecture where the
notion of contract aware components has been influential. For each of these
domains we briefly describe what has been done with this idea and we discuss
the remaining challenges.Comment: In Proceedings WCSI 2010, arXiv:1010.233
Enhancing declarative process models with DMN decision logic
Modeling dynamic, human-centric, non-standardized and knowledge-intensive business processes with imperative process modeling approaches is very challenging. Declarative process modeling approaches are more appropriate for these processes, as they offer the run-time flexibility typically required in these cases. However, by means of a realistic healthcare process that falls in the aforementioned category, we demonstrate in this paper that current declarative approaches do not incorporate all the details needed. More specifically, they lack a way to model decision logic, which is important when attempting to fully capture these processes. We propose a new declarative language, Declare-R-DMN, which combines the declarative process modeling language Declare-R with the newly adopted OMG standard Decision Model and Notation. Aside from supporting the functionality of both languages, Declare-R-DMN also creates bridges between them. We will show that using this language results in process models that encapsulate much more knowledge, while still offering the same flexibility
- …