211 research outputs found
A large-scale temporal measurement of Android malicious apps: persistence, migration, and lessons learned
CNS-2127232 - National Science FoundationAccepted manuscrip
Digital Platform Strategy - A Systematic Critical Review
While the transformative effect of digital platforms is broadly recognized, digital platform-related research evolved in largely disconnected streams focusing on technical platform architecture, network effects, and specific tactical decisions, without offering a holistic view of digital platform strategy. With the goal of advancing digital platform strategy research, we conduct a systematic critical review of research published in the leading Information Systems journals through a pragmatic business strategy lens that argues that markets, partnerships, differentiators, staging, and profit logic form the core elements of a holistic business strategy. We outline the core insights in extant research and we identify a number of promising opportunities for expanding the scope of digital platform strategy research in Information Systems
Analyzing the Unanalyzable: an Application to Android Apps
In general, software is unreliable. Its behavior can deviate from usersâ expectations because of bugs, vulnerabilities, or even malicious code. Manually vetting software is a challenging, tedious, and highly-costly task that does not scale. To alleviate excessive costs and analystsâ burdens, automated static analysis techniques have been proposed by both the research and practitioner communities making static analysis a central topic in software engineering. In the meantime, mobile apps have considerably grown in importance. Today, most humans carry software in their pockets, with the Android operating system leading the market. Millions of apps have been proposed to the public so far, targeting a wide range of activities such as games, health, banking, GPS, etc. Hence, Android apps collect and manipulate a considerable amount of sensitive information, which puts usersâ security and privacy at risk. Consequently, it is paramount to ensure that apps distributed through public channels (e.g., the Google Play) are free from malicious code. Hence, the research and practitioner communities have put much effort into devising new automated techniques to vet Android apps against malicious activities over the last decade. Analyzing Android apps is, however, challenging. On the one hand, the Android framework proposes constructs that can be used to evade dynamic analysis by triggering the malicious code only under certain circumstances, e.g., if the device is not an emulator and is currently connected to power. Hence, dynamic analyses can -easily- be fooled by malicious developers by making some code fragments difficult to reach. On the other hand, static analyses are challenged by Android-specific constructs that limit the coverage of off-the-shell static analyzers. The research community has already addressed some of these constructs, including inter-component communication or lifecycle methods. However, other constructs, such as implicit calls (i.e., when the Android framework asynchronously triggers a method in the app code), make some app code fragments unreachable to the static analyzers, while these fragments are executed when the app is run. Altogether, many appsâ code parts are unanalyzable: they are either not reachable by dynamic analyses or not covered by static analyzers. In this manuscript, we describe our contributions to the research effort from two angles: â statically detecting malicious code that is difficult to access to dynamic analyzers because they are triggered under specific circumstances; and ⥠statically analyzing code not accessible to existing static analyzers to improve the comprehensiveness of app analyses. More precisely, in Part I, we first present a replication study of a state-of-the-art static logic bomb detector to better show its limitations. We then introduce a novel hybrid approach for detecting suspicious hidden sensitive operations towards triaging logic bombs. We finally detail the construction of a dataset of Android apps automatically infected with logic bombs. In Part II, we present our work to improve the comprehensiveness of Android appsâ static analysis. More specifically, we first show how we contributed to account for atypical inter-component communication in Android apps. Then, we present a novel approach to unify both the bytecode and native in Android apps to account for the multi-language trend in app development. Finally, we present our work to resolve conditional implicit calls in Android apps to improve static and dynamic analyzers
Manipulating, Lying, and Engineering the Future
Decision-making should reflect personal autonomy. Yet, it is not entirely an autonomous process. Influencing individualsâ decision-making is not new. It is and always has been the engine that drives markets, politics, and debates. However, in the digital marketplace of ideas the nature of influence is different in scale, scope, and depth. The asymmetry of information shapes a new model of surveillance capitalism. This model promises profits gained by behavioral information collected from consumers and personal targeting. The Internet of Things, Big Data and Artificial Intelligence open a new dimension for manipulation. In the age of Metaverse that would be mediated through virtual spaces and augmented reality manipulation is expected to get stronger. Such manipulation could be performed by either commercial corporations or governments, though this Article primarily focuses on the former, rather than the latter.
Surveillance capitalism must depend on technology but also on marketing, as commercial entities push their goods and agendas unto their consumers. This new economic order presents benefits in the form of improved services, but it also has negative consequences: it treats individuals as instruments; it may infringe on individualsâ autonomy and future development; and it manipulates consumers to make commercial choices that could potentially harm their own welfare. Moreover, it may also hinder individualsâ free speech and erode some of the privileges enshrined in a democracy.
What can be done to limit the negative consequences of hyper-manipulation in digital markets? Should the law impose limitations on digital influence? If so, how and when? This Article aims to answer these questions in the following manner:
First, this Article demonstrates how companies influence decisions by collecting, analyzing, and manipulating information. Understanding the tools of the new economic order is the first step in developing legal policy that mitigates harm.
Second, this Article analyzes the concept of manipulation. It explains how digital manipulation differs from traditional commercial influences in scope, scale, and depth. Since there are many forms of manipulation, an outright ban on manipulation is not possible, nor is it encouraged since it could undermine the very basis of free markets and even free speech. As a result, this Article proposes a limiting principle on entities identified in literature as âpowerful commercial speakers,â focusing on regulating lies and misrepresentations of these entities. This Article outlines disclosure obligations of contextual elements of advertisements and imposes a duty of avoiding false information. In addition to administrative enforcement of commercial lies and misrepresentations, this Article advocates for a new remedy of compensation for autonomy infringement when a powerful speaker lies or disobeys mandated disclosure on products.
Third, this Article proposes a complementary solution for long-term effects of manipulation. This solution does not focus on the manipulation itself, but rather offers limitations on data retention for commercial purposes. Such limitations can mitigate the depth of manipulation and may prevent commercial entities from shackling individuals to their past decisions.
Fourth, this Article addresses possible objections to the proposed solutions, by demonstrating that they are not in conflict with the First Amendment, but rather promote freedom of expression
"My Perfect PlatformWould Be Telepathy" - Reimagining the Design of Social Media with Autistic Adults
https://doi.org/10.1145/3544548.3580673https://doi.org/10.1145/3544548.3580673https://doi.org/10.1145/3544548.3580673https://doi.org/10.1145/3544548.3580673https://doi.org/10.1145/3544548.358067
XMD: An Expansive Hardware-telemetry based Mobile Malware Detector to enhance Endpoint Detection
Hardware-based Malware Detectors (HMDs) have shown promise in detecting
malicious workloads. However, the current HMDs focus solely on the CPU core of
a System-on-Chip (SoC) and, therefore, do not exploit the full potential of the
hardware telemetry. In this paper, we propose XMD, an HMD that uses an
expansive set of telemetry channels extracted from the different subsystems of
SoC. XMD exploits the thread-level profiling power of the CPU-core telemetry,
and the global profiling power of non-core telemetry channels, to achieve
significantly better detection performance than currently used Hardware
Performance Counter (HPC) based detectors. We leverage the concept of manifold
hypothesis to analytically prove that adding non-core telemetry channels
improves the separability of the benign and malware classes, resulting in
performance gains. We train and evaluate XMD using hardware telemetries
collected from 723 benign applications and 1033 malware samples on a commodity
Android Operating System (OS)-based mobile device. XMD improves over currently
used HPC-based detectors by 32.91% for the in-distribution test data. XMD
achieves the best detection performance of 86.54% with a false positive rate of
2.9%, compared to the detection rate of 80%, offered by the best performing
signature-based Anti-Virus(AV) on VirusTotal, on the same set of malware
samples.Comment: Revised version based on peer review feedback. Manuscript to appear
in IEEE Transactions on Information Forensics and Securit
An Empirical Study of Malicious Code In PyPI Ecosystem
PyPI provides a convenient and accessible package management platform to
developers, enabling them to quickly implement specific functions and improve
work efficiency. However, the rapid development of the PyPI ecosystem has led
to a severe problem of malicious package propagation. Malicious developers
disguise malicious packages as normal, posing a significant security risk to
end-users.
To this end, we conducted an empirical study to understand the
characteristics and current state of the malicious code lifecycle in the PyPI
ecosystem. We first built an automated data collection framework and collated a
multi-source malicious code dataset containing 4,669 malicious package files.
We preliminarily classified these malicious code into five categories based on
malicious behaviour characteristics. Our research found that over 50% of
malicious code exhibits multiple malicious behaviours, with information
stealing and command execution being particularly prevalent. In addition, we
observed several novel attack vectors and anti-detection techniques. Our
analysis revealed that 74.81% of all malicious packages successfully entered
end-user projects through source code installation, thereby increasing security
risks. A real-world investigation showed that many reported malicious packages
persist in PyPI mirror servers globally, with over 72% remaining for an
extended period after being discovered. Finally, we sketched a portrait of the
malicious code lifecycle in the PyPI ecosystem, effectively reflecting the
characteristics of malicious code at different stages. We also present some
suggested mitigations to improve the security of the Python open-source
ecosystem.Comment: Accepted by the 38th IEEE/ACM International Conference on Automated
Software Engineering (ASE2023
Demystifying security and compatibility issues in Android Apps
Never before has any OS been so popular as Android. Existing mobile phones
are not simply devices for making phone calls and receiving SMS messages, but
powerful communication and entertainment platforms for web surfing, social
networking, etc. Even though the Android OS offers powerful communication and
application execution capabilities, it is riddled with defects (e.g., security
risks, and compatibility issues), new vulnerabilities come to light daily, and
bugs cost the economy tens of billions of dollars annually. For example,
malicious apps (e.g., back-doors, fraud apps, ransomware, spyware, etc.) are
reported [Google, 2022] to exhibit malicious behaviours, including privacy
stealing, unwanted programs installed, etc. To counteract these threats, many
works have been proposed that rely on static analysis techniques to detect such
issues. However, static techniques are not sufficient on their own to detect
such defects precisely. This will likely yield false positive results as static
analysis has to make some trade-offs when handling complicated cases (e.g.,
object-sensitive vs. object-insensitive). In addition, static analysis
techniques will also likely suffer from soundness issues because some
complicated features (e.g., reflection, obfuscation, and hardening) are
difficult to be handled [Sun et al., 2021b, Samhi et al., 2022].Comment: Thesi
- âŠ