748 research outputs found
A Multi-perspective Analysis of Carrier-Grade NAT Deployment
As ISPs face IPv4 address scarcity they increasingly turn to network address
translation (NAT) to accommodate the address needs of their customers.
Recently, ISPs have moved beyond employing NATs only directly at individual
customers and instead begun deploying Carrier-Grade NATs (CGNs) to apply
address translation to many independent and disparate endpoints spanning
physical locations, a phenomenon that so far has received little in the way of
empirical assessment. In this work we present a broad and systematic study of
the deployment and behavior of these middleboxes. We develop a methodology to
detect the existence of hosts behind CGNs by extracting non-routable IP
addresses from peer lists we obtain by crawling the BitTorrent DHT. We
complement this approach with improvements to our Netalyzr troubleshooting
service, enabling us to determine a range of indicators of CGN presence as well
as detailed insights into key properties of CGNs. Combining the two data
sources we illustrate the scope of CGN deployment on today's Internet, and
report on characteristics of commonly deployed CGNs and their effect on end
users
ChimpCheck: Property-Based Randomized Test Generation for Interactive Apps
We consider the problem of generating relevant execution traces to test rich
interactive applications. Rich interactive applications, such as apps on mobile
platforms, are complex stateful and often distributed systems where
sufficiently exercising the app with user-interaction (UI) event sequences to
expose defects is both hard and time-consuming. In particular, there is a
fundamental tension between brute-force random UI exercising tools, which are
fully-automated but offer low relevance, and UI test scripts, which are manual
but offer high relevance. In this paper, we consider a middle way---enabling a
seamless fusion of scripted and randomized UI testing. This fusion is
prototyped in a testing tool called ChimpCheck for programming, generating, and
executing property-based randomized test cases for Android apps. Our approach
realizes this fusion by offering a high-level, embedded domain-specific
language for defining custom generators of simulated user-interaction event
sequences. What follows is a combinator library built on industrial strength
frameworks for property-based testing (ScalaCheck) and Android testing (Android
JUnit and Espresso) to implement property-based randomized testing for Android
development. Driven by real, reported issues in open source Android apps, we
show, through case studies, how ChimpCheck enables expressing effective testing
patterns in a compact manner.Comment: 20 pages, 21 figures, Symposium on New ideas, New Paradigms, and
Reflections on Programming and Software (Onward!2017
AppGuard — fine-grained policy enforcement for untrusted android applications
Android’s success makes it a prominent target for malicious software. However, the user has very limited control over security-relevant operations. This work presents AppGuard, a powerful and flexible security system that overcomes these deficiencies. It enforces user-defined security policies on untrusted Android applications without requiring any changes to a smartphone’s firmware, root access, or the like. Finegrained and stateful security policies are expressed in a formal specification language, which also supports secrecy requirements. Our system offers complete mediation of security-relevant methods based on calleesite inline reference monitoring and supports widespread deployment. In the experimental analysis we demonstrate the removal of permissions for overly curious apps as well as how to defend against several recent real-world attacks on Android phones. Our technique exhibits very little space and runtime overhead. The utility of AppGuard has already been demonstrated by more than 1,000,000 downloads
All-in-one computation vs computational-offloading approaches: a performance evaluation of object detection strategies on android mobile devices
Object detection gives a computer ability to classify objects in an image or video. However, high specified devices are needed to get a good performance. To enable devices with low specifications performs better, one way is offloading the computation process from a device with a low specification to another device with better specifications. This paper investigates the performance of object detection strategies on all-in-one Android mobile phone computation versus Android mobile phone computation with computational offloading on Nvidia Jetson Nano. The experiment carries out the video surveillance from the Android mobile phone with two scenarios, all-in-one object detection computation in a single Android device and decoupled object detection computation between an Android device and an Nvidia Jetson Nano. Android applications send video input for object detection using RTSP/RTMP streaming protocol and received by Nvidia Jetson Nano which acts as an RTSP/RTMP server. Then, the output of object detection is sent back to the Android device for being displayed to the user. The results show that the android device Huawei Y7 Pro with an average FPS performance of 1.82 and an average computing speed of 552 ms significantly improves when working with the Nvidia Jetson Nano, the average FPS becomes ten and the average computing speed becomes 95 ms. It means decoupling object detection computation between an Android device and an Nvidia Jetson Nano using the system provided in this paper successfully improves the detection speed performance
An IoT-enabled Framework for Context-aware Role-based Access Control
We present a framework for enforcing the application of context-aware Role-based Access Control policies based on an Internet of Things eco-system inspired by the Google\u2019s Physical Web. In this setting we are interested in capturing three contextual dimensions, namely who-where-when, and using these information to restrict access to shared resources. Formally, the framework consists of features types, an automata-based model of time-sensitive roles, context-aware permission rules, and an IoT infrastructure based on Eddystone Beacons for validating a policy against the current state of users
- …