Fabrication, structure and properties of epoxy/metal nanocomposites

Gd2O3 nanoparticles surface-modified with IPDI were compounded with epoxy. IPDI provided an anchor into the porous Gd2O3 surface and a bridge into the matrix, thus creating strong bonds between matrix and Gd2O3. 1.7 vol.-% Gd2O3 increased the Young’s modulus of epoxy by 16–19%; the surface-modified Gd2O3 nanoparticles improved the critical strain energy release rate by 64.3% as compared to 26.4% produced by the unmodified nanoparticles. The X-ray shielding efficiency of neat epoxy was enhanced by 300–360%, independent of the interface modification. Interface debonding consumes energy and leads to crack pinning and matrix shear banding; most fracture energy is consumed by matrix shear banding as shown by the large number of ridges on the fracture surface

Potential programming plan and domain concept detection supported by slicing technique

Little has been written about the component provision problem (programming plans and domain concepts) for the repositories of knowledge in program understanding systems and reports that specifically address this issue are unknown. Model-driven and plan-driven approaches use repositories where construction and evolution are informal and depend on the experts. In domains where the expert is not available the only valid source of information is the source code. But, domain concept design and programming plans from the source code by non-expert professionals is not a trivial task. In this paper, a hybrid top-down/bottom-up approach based on algorithmic pattern matching and slicing techniques has begun to be defined in order to provide plans or concepts (termed activities in the model-driven approaches) to the knowledge base. Initially, the exploration area is restricted by slicing techniques, and then, software inspection tools are used to further limit the relevant areas. Finally, the initially hypothesized pattern is matched with these segments.Eje: V - Workshop de agentes y sistemas inteligentesRed de Universidades con Carreras en Informática (RedUNCI

Understanding Android Obfuscation Techniques: A Large-Scale Investigation in the Wild

In this paper, we seek to better understand Android obfuscation and depict a holistic view of the usage of obfuscation through a large-scale investigation in the wild. In particular, we focus on four popular obfuscation approaches: identifier renaming, string encryption, Java reflection, and packing. To obtain the meaningful statistical results, we designed efficient and lightweight detection models for each obfuscation technique and applied them to our massive APK datasets (collected from Google Play, multiple third-party markets, and malware databases). We have learned several interesting facts from the result. For example, malware authors use string encryption more frequently, and more apps on third-party markets than Google Play are packed. We are also interested in the explanation of each finding. Therefore we carry out in-depth code analysis on some Android apps after sampling. We believe our study will help developers select the most suitable obfuscation approach, and in the meantime help researchers improve code analysis systems in the right direction

Pre/post conditioned slicing

Th paper shows how analysis of programs in terms of pre- and postconditions can be improved using a generalisation of conditioned program slicing called pre/post conditioned slicing. Such conditions play an important role in program comprehension, reuse, verification and reengineering. Fully automated analysis is impossible because of the inherent undecidability of pre- and post- conditions. The method presented reformulates the problem to circumvent this. The reformulation is constructed so that programs which respect the pre- and post-conditions applied to them have empty slices. For those which do not respect the conditions, the slice contains statements which could potentially break the conditions. This separates the automatable part of the analysis from the human analysis

Potential programming plan and domain concept detection supported by slicing technique

Little has been written about the component provision problem (programming plans and domain concepts) for the repositories of knowledge in program understanding systems and reports that specifically address this issue are unknown. Model-driven and plan-driven approaches use repositories where construction and evolution are informal and depend on the experts. In domains where the expert is not available the only valid source of information is the source code. But, domain concept design and programming plans from the source code by non-expert professionals is not a trivial task. In this paper, a hybrid top-down/bottom-up approach based on algorithmic pattern matching and slicing techniques has begun to be defined in order to provide plans or concepts (termed activities in the model-driven approaches) to the knowledge base. Initially, the exploration area is restricted by slicing techniques, and then, software inspection tools are used to further limit the relevant areas. Finally, the initially hypothesized pattern is matched with these segments.Eje: V - Workshop de agentes y sistemas inteligentesRed de Universidades con Carreras en Informática (RedUNCI

Reactive attestation : automatic detection and reaction to software tampering attacks

Anti-tampering is a form of software protection conceived to detect and avoid the execution of tampered programs. tamper detection assesses programs’ integrity with load- or execution-time checks. Avoidance reacts to tampered programs by stopping or rendering them unusable. General purpose reactions (such as halting the execution) stand out like a lighthouse in the code and are quite easy to defeat by an attacker. More sophisticated reactions, which degrade the user experience or the quality of service, are less easy to locate and remove but are too tangled with the program’s business logic, and are thus difficult to automate by a general purpose protection tool. In the present paper, we propose a novel approach to antitampering that (i) fully automatically applies to a target program, (ii) uses Remote Attestation for detection purposes and (iii) adopts a server-side reaction that is difficult to block by an attacker. By means of Client/Server Code Splitting, a crucial part of the program is removed from the client and executed on a remote trusted server in sync with the client. If a client program provides evidences of its integrity, the part moved to the server is executed. Otherwise, a server-side reaction logic may (temporarily or definitely) decide to stop serving it. Therefore, a tampered client application can not continue its execution. We assessed our automatic protection tool on a case study Android application. Experimental results show that all the original and tampered executions are correctly detected, reactions are promptly applied, and execution overhead is on an acceptable level