Sound and Precise Malware Analysis for Android via Pushdown Reachability and Entry-Point Saturation

We present Anadroid, a static malware analysis framework for Android apps. Anadroid exploits two techniques to soundly raise precision: (1) it uses a pushdown system to precisely model dynamically dispatched interprocedural and exception-driven control-flow; (2) it uses Entry-Point Saturation (EPS) to soundly approximate all possible interleavings of asynchronous entry points in Android applications. (It also integrates static taint-flow analysis and least permissions analysis to expand the class of malicious behaviors which it can catch.) Anadroid provides rich user interface support for human analysts which must ultimately rule on the "maliciousness" of a behavior. To demonstrate the effectiveness of Anadroid's malware analysis, we had teams of analysts analyze a challenge suite of 52 Android applications released as part of the Auto- mated Program Analysis for Cybersecurity (APAC) DARPA program. The first team analyzed the apps using a ver- sion of Anadroid that uses traditional (finite-state-machine-based) control-flow-analysis found in existing malware analysis tools; the second team analyzed the apps using a version of Anadroid that uses our enhanced pushdown-based control-flow-analysis. We measured machine analysis time, human analyst time, and their accuracy in flagging malicious applications. With pushdown analysis, we found statistically significant (p < 0.05) decreases in time: from 85 minutes per app to 35 minutes per app in human plus machine analysis time; and statistically significant (p < 0.05) increases in accuracy with the pushdown-driven analyzer: from 71% correct identification to 95% correct identification.Comment: Appears in 3rd Annual ACM CCS workshop on Security and Privacy in SmartPhones and Mobile Devices (SPSM'13), Berlin, Germany, 201

DYAMAND: dynamic, adaptive management of networks and devices

Consumer devices increasingly are "smart" and hence offer services that can interwork with and/or be controlled by others. However, the full exploitation of the inherent opportunities this offers, is hurdled by a number of potential limitations. First of all, the interface towards the device might be vendor and even device specific, implying that extra effort is needed to support a specific device. Standardization efforts try to avoid this problem, but within a certain standard ecosystem the level of interoperability can vary (i.e. devices carrying the same standard logo are not necessarily interoperable). Secondly, different application domains (e.g. multimedia vs. energy management) today have their own standards, thus limiting trans-sector innovation because of the additional effort required to integrate devices from traditionally different domains into novel applications. In this paper, we discuss the basic components of current so-called service discovery protocols (SDPs) and present our DYAMAND (DYnamic, Adaptive MAnagement of Networks and Devices) framework. We position this framework as a middleware layer between applications and discoverable/controllable devices, and hence aim to provide the necessary tool to overcome the (intra- and inter-domain) interoperability gaps previously sketched. Thus, we believe it can act as a catalyst enabling trans-sector innovation

The Importance of Being Eelco

Programming language designers and implementers are taught that: semantics are more worthwhile than syntax, that programs exist to embody proofs, rather than to get work done, and to value Dijkstra more than Van Wijngaarden. Eelco Visser believed that, while there is value in the items on the left, there is at least as much value in the items on the right. This short paper explores how Eelco Visser embodied these values, and how he encouraged our work on the Grace programming language, supported that work withio Spoofax, and provided a venue for discussion within the WG2.16 Programming Language Design working group

Recovering Grammar Relationships for the Java Language Specification

Grammar convergence is a method that helps discovering relationships between different grammars of the same language or different language versions. The key element of the method is the operational, transformation-based representation of those relationships. Given input grammars for convergence, they are transformed until they are structurally equal. The transformations are composed from primitive operators; properties of these operators and the composed chains provide quantitative and qualitative insight into the relationships between the grammars at hand. We describe a refined method for grammar convergence, and we use it in a major study, where we recover the relationships between all the grammars that occur in the different versions of the Java Language Specification (JLS). The relationships are represented as grammar transformation chains that capture all accidental or intended differences between the JLS grammars. This method is mechanized and driven by nominal and structural differences between pairs of grammars that are subject to asymmetric, binary convergence steps. We present the underlying operator suite for grammar transformation in detail, and we illustrate the suite with many examples of transformations on the JLS grammars. We also describe the extraction effort, which was needed to make the JLS grammars amenable to automated processing. We include substantial metadata about the convergence process for the JLS so that the effort becomes reproducible and transparent

Object Inheritance Without Classes

Which comes first: the object or the class? Language designers enjoy the conceptual simplicity of object-based languages (such as Emerald or Self) while many programmers prefer the pragmatic utility of classical inheritance (as in Simula and Java). Programmers in object-based languages have a tendency to build libraries to support traditional inheritance, and language implementations are often contorted to the same end. In this paper, we revisit the relationship between classes and objects. We model various kinds of inheritance in the context of an object-oriented language whose objects are not defined by classes, and explain why class inheritance and initialisation cannot be easily modelled purely by delegation

Under-explicit and minimally explicit reference: Evidence from a longitudinal case study

This chapter reports on a 2 ½ year longitudinal case study of one Korean speaker of English, focusing on the development of her command of accessibility marking in referring to persons. The data are derived from informal, open interviews spanning the entire length of the participant’s enrolment in a Bachelor of Nursing programme in New Zealand. These interviews occurred every few weeks during semester (17 in total), and were typically between 45 minutes to one hour in length. The participant reported that she used these interviews as “a kind of reflective journal”, in which she discussed her classes, interactions with classmates, tutors and others, her assignments, and other experiences in New Zealand. The events she reported are rich in references to individuals. Using a previously reported coding scheme (Ryan, 2015), these data were analysed in relation to pragmatic felicity, particularly concerning the felicity of accessibility marking for referents of varying cognitive status in contexts of topic or focus continuity or shift. These data [yet to be analysed] provide evidence of the developmental progression of the participant’s command of reference in English. This chapter contributes substantially to the literature in several ways. In general, there has been a lack of longitudinal case studies of pragmatic development in any domain, including few – if any – previous longitudinal studies focusing on reference; the present analysis is therefore expected to reveal previously unreported details of the trajectory of pragmatic development in reference. The present study is also one of the few working with oral data that was generated in ways other than an elicited communication task. Finally, the study contributes to the somewhat still contentious issue of to what extent mainstream study in an English-speaking context leads to genuine language gains