4,395 research outputs found
In-Vivo Bytecode Instrumentation for Improving Privacy on Android Smartphones in Uncertain Environments
In this paper we claim that an efficient and readily applicable means to
improve privacy of Android applications is: 1) to perform runtime monitoring by
instrumenting the application bytecode and 2) in-vivo, i.e. directly on the
smartphone. We present a tool chain to do this and present experimental results
showing that this tool chain can run on smartphones in a reasonable amount of
time and with a realistic effort. Our findings also identify challenges to be
addressed before running powerful runtime monitoring and instrumentations
directly on smartphones. We implemented two use-cases leveraging the tool
chain: BetterPermissions, a fine-grained user centric permission policy system
and AdRemover an advertisement remover. Both prototypes improve the privacy of
Android systems thanks to in-vivo bytecode instrumentation.Comment: ISBN: 978-2-87971-111-
Comparative Analysis of Widely use Object-Oriented Languages
Programming is an integral part of computer science discipline. Every day the
programming environment is not only rapidly growing but also changing and
languages are constantly evolving. Learning of object-oriented paradigm is
compulsory in every computer science major so the choice of language to teach
object-oriented principles is very important. Due to large pool of
object-oriented languages, it is difficult to choose which should be the first
programming language in order to teach object-oriented principles. Many studies
shown which should be the first language to tech object-oriented concepts but
there is no method to compare and evaluate these languages. In this article we
proposed a comprehensive framework to evaluate the widely used object-oriented
languages. The languages are evaluated basis of their technical and
environmental features.Comment: 30 pages, figures
Parsing and Printing Java 7-15 by Extending an Existing Metamodel
Many technologies and frameworks are built upon the open source Eclipse Modelling Framework (EMF) to provide model-based software development or even model-based consistency preservation of software artifacts. In this context, not only EMF-based modeling of the source code but also parsing of the source code and printing the model again into source code files are required.
The Java Model Parser and Printer (JaMoPP) provides an EMF-based environment for modeling, parsing and printing Java source code. However, it supports just the syntax of Java 5 and 6. Moreover, JaMoPP is based on some technologies that have technical problems and have not been further maintained.
In this work, we extend the metamodel of JaMoPP to support Java versions 7-15. Our extensions expand the metamodel with new features, for instance, the diamond operator, lambda expressions, or modules. Moreover, we implemented our new parser and printer. The parser implementation is based on the Eclipse Java Development Tools (JDT) that is well maintained, which reduces the maintenance effort to extend our JaMoPP for new versions of Java
Retrofitting privacy controls to stock Android
Android ist nicht nur das beliebteste Betriebssystem für mobile Endgeräte, sondern auch ein ein attraktives Ziel für Angreifer. Um diesen zu begegnen, nutzt Androids Sicherheitskonzept App-Isolation und Zugangskontrolle zu kritischen Systemressourcen. Nutzer haben dabei aber nur wenige Optionen, App-Berechtigungen gemäß ihrer Bedürfnisse einzuschränken, sondern die Entwickler entscheiden über zu gewährende Berechtigungen. Androids Sicherheitsmodell kann zudem nicht durch Dritte angepasst werden, so dass Nutzer zum Schutz ihrer Privatsphäre auf die Gerätehersteller angewiesen sind. Diese Dissertation präsentiert einen Ansatz, Android mit umfassenden Privatsphäreeinstellungen nachzurüsten. Dabei geht es konkret um Techniken, die ohne Modifikationen des Betriebssystems oder Zugriff auf Root-Rechte auf regulären Android-Geräten eingesetzt werden können. Der erste Teil dieser Arbeit etabliert Techniken zur Durchsetzung von Sicherheitsrichtlinien für Apps mithilfe von inlined reference monitors. Dieser Ansatz wird durch eine neue Technik für dynamic method hook injection in Androids Java VM erweitert. Schließlich wird ein System eingeführt, das prozessbasierte privilege separation nutzt, um eine virtualisierte App-Umgebung zu schaffen, um auch komplexe Sicherheitsrichtlinien durchzusetzen. Eine systematische Evaluation unseres Ansatzes konnte seine praktische Anwendbarkeit nachweisen und mehr als eine Million Downloads unserer Lösung zeigen den Bedarf an praxisgerechten Werkzeugen zum Schutz der Privatsphäre.Android is the most popular operating system for mobile devices, making it a prime target for attackers. To counter these, Android’s security concept uses app isolation and access control to critical system resources. However, Android gives users only limited options to restrict app permissions according to their privacy preferences but instead lets developers dictate the permissions users must grant. Moreover, Android’s security model is not designed to be customizable by third-party developers, forcing users to rely on device manufacturers to address their privacy concerns. This thesis presents a line of work that retrofits comprehensive privacy controls to the Android OS to put the user back in charge of their device. It focuses on developing techniques that can be deployed to stock Android devices without firmware modifications or root privileges. The first part of this dissertation establishes fundamental policy enforcement on thirdparty apps using inlined reference monitors to enhance Android’s permission system. This approach is then refined by introducing a novel technique for dynamic method hook injection on Android’s Java VM. Finally, we present a system that leverages process-based privilege separation to provide a virtualized application environment that supports the enforcement of complex security policies. A systematic evaluation of our approach demonstrates its practical applicability, and over one million downloads of our solution confirm user demand for privacy-enhancing tools
An Investigation Report on Auction Mechanism Design
Auctions are markets with strict regulations governing the information
available to traders in the market and the possible actions they can take.
Since well designed auctions achieve desirable economic outcomes, they have
been widely used in solving real-world optimization problems, and in
structuring stock or futures exchanges. Auctions also provide a very valuable
testing-ground for economic theory, and they play an important role in
computer-based control systems.
Auction mechanism design aims to manipulate the rules of an auction in order
to achieve specific goals. Economists traditionally use mathematical methods,
mainly game theory, to analyze auctions and design new auction forms. However,
due to the high complexity of auctions, the mathematical models are typically
simplified to obtain results, and this makes it difficult to apply results
derived from such models to market environments in the real world. As a result,
researchers are turning to empirical approaches.
This report aims to survey the theoretical and empirical approaches to
designing auction mechanisms and trading strategies with more weights on
empirical ones, and build the foundation for further research in the field
- …