Analyzing Android Browser Apps for file:// Vulnerabilities

Securing browsers in mobile devices is very challenging, because these browser apps usually provide browsing services to other apps in the same device. A malicious app installed in a device can potentially obtain sensitive information through a browser app. In this paper, we identify four types of attacks in Android, collectively known as FileCross, that exploits the vulnerable file:// to obtain users' private files, such as cookies, bookmarks, and browsing histories. We design an automated system to dynamically test 115 browser apps collected from Google Play and find that 64 of them are vulnerable to the attacks. Among them are the popular Firefox, Baidu and Maxthon browsers, and the more application-specific ones, including UC Browser HD for tablet users, Wikipedia Browser, and Kids Safe Browser. A detailed analysis of these browsers further shows that 26 browsers (23%) expose their browsing interfaces unintentionally. In response to our reports, the developers concerned promptly patched their browsers by forbidding file:// access to private file zones, disabling JavaScript execution in file:// URLs, or even blocking external file:// URLs. We employ the same system to validate the ten patches received from the developers and find one still failing to block the vulnerability.Comment: The paper has been accepted by ISC'14 as a regular paper (see https://daoyuan14.github.io/). This is a Technical Report version for referenc

Theoretical studies of radiation effects in composite materials for space use

Tetraglycidyl 4,4'-diamino diphenyl methane epoxy cured with diamino diphenyl sulfone was used as a model compound. Computer programs were developed to calculate (1) energy deposition coefficients of protons and electrons of various energies at different depths of the material; (2) ranges of protons and electrons of various energies in the material; and (3) cumulative doses received by the composite in different geometric shapes placed in orbits of various altitudes and inclination. A preliminary study on accelerated testing was conducted and it was found that an elliptical equitorial orbit of 300 km perigee by 2750 km apogee can accumulate, in 2 years or less, enough radiation dose comparable to geosynchronous environment for 30 years. The local plasma model calculated the mean excitation energies for covalent and ionic compounds. Longitudinal and lateral distributions of excited species by electron and proton impact as well as the probability of overlapping of two tracks due to two charged particles within various time intervals were studied

Can manager's listening behavior benefit employees? Power distance may have the answer

The current research investigated employee’s perception of their manager’s listening behavior (MLB). Drawing on the group-value theory, we examined the role of MLB and analyzed its effect through employee’s power distance orientation. We distributed questionnaires to 219 employees and adopted two-wave data collection to ameliorate the bias of common method variance. Statistical analysis revealed that MLB was related to employees’ well-being and work engagement. For employees with lower power distance orientation, MLB led to more self-esteem. For employees with higher power distance orientation, MLB did not affect their self-esteem. MLB was not always beneficial to the employees, as individuals may interpret MLB positively or negatively. Research findings have brought new insights into the listening literature, particularly from the perspective of manager’s listening behavior. We encourage the organizations to incorporate listening skills into the education programs (for training incumbent managers) and recruitment criterions (for hiring new managers). Implications on the manager-employee relationship are also discussed

Development of modified vibration test criteria for qualifying space vehicle components

The results of the evaluation of two response prediction methods relating to the prediction of structural responses of stiffened shell structures with or without attached components, and subjected to broadband acoustic excitations are presented. The methods under evaluation were the constant mass attenuation method and the impedance ratio method. Example problems were used to illustrate the application procedures of these two methods and to compare their predicted results with the experimentally measured data. It is found that more realistic estimates of the structural response can be obtained by the impedance ratio method