61 research outputs found
SeMA: A Design Methodology for Building Secure Android Apps
UX (user experience) designers visually capture the UX of an app via
storyboards. This method is also used in Android app development to
conceptualize and design apps.
Recently, security has become an integral part of Android app UX because
mobile apps are used to perform critical activities such as banking,
communication, and health. Therefore, securing user information is imperative
in mobile apps.
In this context, storyboarding tools offer limited capabilities to capture
and reason about security requirements of an app. Consequently, security cannot
be baked into the app at design time. Hence, vulnerabilities stemming from
design flaws can often occur in apps. To address this concern, in this paper,
we propose a storyboard based design methodology to enable the specification
and verification of security properties of an Android app at design time.Comment: Updates based on AMobile 2019 review
A Security & Privacy Analysis of US-based Contact Tracing Apps
With the onset of COVID-19, governments worldwide planned to develop and
deploy contact tracing (CT) apps to help speed up the contact tracing process.
However, experts raised concerns about the long-term privacy and security
implications of using these apps. Consequently, several proposals were made to
design privacy-preserving CT apps. To this end, Google and Apple developed the
Google/Apple Exposure Notification (GAEN) framework to help public health
authorities develop privacy-preserving CT apps. In the United States, 26 states
used the GAEN framework to develop their CT apps. In this paper, we empirically
evaluate the US-based GAEN apps to determine 1) the privileges they have, 2) if
the apps comply with their defined privacy policies, and 3) if they contain
known vulnerabilities that can be exploited to compromise privacy. The results
show that all apps violate their stated privacy policy and contain several
known vulnerabilities
BenchPress: Analyzing Android App Vulnerability Benchmark Suites
In recent years, various benchmark suites have been developed to evaluate the
efficacy of Android security analysis tools. The choice of such benchmark
suites used in tool evaluations is often based on the availability and
popularity of suites and not on their characteristics and relevance. One of the
reasons for such choices is the lack of information about the characteristics
and relevance of benchmarks suites.
In this context, we empirically evaluated four Android specific benchmark
suites: DroidBench, Ghera, IccBench, and UBCBench. For each benchmark suite, we
identified the APIs used by the suite that were discussed on Stack Overflow in
the context of Android app development and measured the usage of these APIs in
a sample of 227K real world apps (coverage). We also compared each pair of
benchmark suites to identify the differences between them in terms of API
usage. Finally, we identified security-related APIs used in real-world apps but
not in any of the above benchmark suites to assess the opportunities to extend
benchmark suites (gaps).
The findings in this paper can help 1) Android security analysis tool
developers choose benchmark suites that are best suited to evaluate their tools
(informed by coverage and pairwise comparison) and 2) Android app vulnerability
benchmark creators develop and extend benchmark suites (informed by gaps).Comment: Updates based on AMobile 2019 review
A METHOD AND SYSTEM FOR SECURE DOCUMENT SEARCH
The present disclosure discloses a method for secure document search. The objective of the present disclosure focuses on avoiding the need to decrypt the whole database while retrieving the necessary data. The method discloses a method for encrypting and searching documents using a combination of vectorization, hashing, and set intersection. The method includes defining a dictionary to map tokens to unique vectors, forming n-token combinations of the document, and hashing each combination using a nonlinear irreversible function such as a deep neural network. The output of the present disclosure is a set of D-dimensional vectors that represent the document
Bioprocessing Data for the Production of Marine Enzymes
This review is a synopsis of different bioprocess engineering approaches adopted for the production of marine enzymes. Three major modes of operation: batch, fed-batch and continuous have been used for production of enzymes (such as protease, chitinase, agarase, peroxidase) mainly from marine bacteria and fungi on a laboratory bioreactor and pilot plant scales. Submerged, immobilized and solid-state processes in batch mode were widely employed. The fed-batch process was also applied in several bioprocesses. Continuous processes with suspended cells as well as with immobilized cells have been used. Investigations in shake flasks were conducted with the prospect of large-scale processing in reactors
Advanced extended-term simulation approach with flexible quasisteady-state and dynamic semi-analytical simulation engines
Power system simulations that extend over a time period of minutes, hours, or even longer are called extended-term simulations. As power systems evolve into complex systems with increasing interdependencies and richer dynamic behaviors across a wide range of timescales, extended-term simulation is needed for many power system analysis tasks (e.g., resilience analysis, renewable energy integration, cascading failures), and there is an urgent need for efficient and robust extended-term simulation approaches. The conventional approaches are insufficient for dealing with the extended-term simulation of multi-timescale processes. This paper proposes an extended-term simulation approach based on the semi-analytical simulation (SAS) methodology. Its accuracy and computational efficiency are backed by SAS's high accuracy in event-driven simulation, larger and adaptive time steps, and flexible switching between full-dynamic and quasi-steady-state (QSS) models. We used this proposed extended-term simulation approach to evaluate bulk power system restoration plans, and it demonstrates satisfactory accuracy and efficiency in this complex simulation task
Analysis of Escherichia coli RNase E and RNase III activity in vivo using tiling microarrays
Tiling microarrays have proven to be a valuable tool for gaining insights into the transcriptomes of microbial organisms grown under various nutritional or stress conditions. Here, we describe the use of such an array, constructed at the level of 20 nt resolution for the Escherichia coli MG1655 genome, to observe genome-wide changes in the steady-state RNA levels in mutants defective in either RNase E or RNase III. The array data were validated by comparison to previously published results for a variety of specific transcripts as well as independent northern analysis of additional mRNAs and sRNAs. In the absence of RNase E, 60% of the annotated coding sequences showed either increases or decreases in their steady-state levels. In contrast, only 12% of the coding sequences were affected in the absence of RNase III. Unexpectedly, many coding sequences showed decreased abundance in the RNase E mutant, while more than half of the annotated sRNAs showed changes in abundance. Furthermore, the steady-state levels of many transcripts showed overlapping effects of both ribonucleases. Data are also presented demonstrating how the arrays were used to identify potential new genes, RNase III cleavage sites and the direct or indirect control of specific biological pathways
- …