A privilege escalation vulnerability checking system for android applications

Android is a free, open source mobile platform based on the Linux kernel. The openness of the application platform attracts developers, both benign and malicious. Android depends on privilege separation to isolate applications from each other and from the system. However, a recent research reported that a genuine application exploited at runtime or a malicious application can escalate granted permissions. The attack depends on a carelessly designed application which fails to protect the permissions granted to it. In this research, we propose a vulnerability checking system to check if an application can be potentially leveraged by an attacker to launch such privilege escalation attack. We downloaded 1038 applications from the wild and found 217 potentially vulnerable applications that need further inspection.published_or_final_versionThe 13th IEEE International Conference on Communication Technology (ICCT 2011), Jinan, China, 25-28 September 2011. In Proceedings of 13th ICCT, 2011, p. 681-68

JSBiRTH: Dynamic javascript birthmark based on the run-time heap

JavaScript is currently the dominating client-side scripting language in the web community. However, the source code of JavaScript can be easily copied through a browser. The intellectual property right of the developers lacks protection. In this paper, we consider using dynamic software birthmark for JavaScript. Instead of using control flow trace (which can be corrupted by code obfuscation) and API (which may not work if the software does not have many API calls), we exploit the run-time heap, which reflects substantially the dynamic behavior of a program, to extract birthmarks. We introduce JSBiRTH, a novel software birthmark system for JavaScript based on the comparison of run-time heaps. We evaluated our system using 20 JavaScript programs with most of them being large-scale. Our system gave no false positive or false negative. Moreover, it is robust against code obfuscation attack. We also show that our system is effective in detecting partial code theft. © 2011 IEEE.published_or_final_versionThe 35th IEEE Annual Computer Software and Applications Conference (COMPSAC 2011), Munich, Germany, 18-22 July 2011. In Proceedings of 35th COMPSAC, 2011, p. 407-41

On-line coating of glass with tin oxide by atmospheric pressure chemical vapor deposition.

Atmospheric pressure chemical vapor deposition (APCVD) of tin oxide is a very important manufacturing technique used in the production of low-emissivity glass. It is also the primary method used to provide wear-resistant coatings on glass containers. The complexity of these systems, which involve chemical reactions in both the gas phase and on the deposition surface, as well as complex fluid dynamics, makes process optimization and design of new coating reactors a very difficult task. In 2001 the U.S. Dept. of Energy Industrial Technologies Program Glass Industry of the Future Team funded a project to address the need for more accurate data concerning the tin oxide APCVD process. This report presents a case study of on-line APCVD using organometallic precursors, which are the primary reactants used in industrial coating processes. Research staff at Sandia National Laboratories in Livermore, CA, and the PPG Industries Glass Technology Center in Pittsburgh, PA collaborated to produce this work. In this report, we describe a detailed investigation of the factors controlling the growth of tin oxide films. The report begins with a discussion of the basic elements of the deposition chemistry, including gas-phase thermochemistry of tin species and mechanisms of chemical reactions involved in the decomposition of tin precursors. These results provide the basis for experimental investigations in which tin oxide growth rates were measured as a function of all major process variables. The experiments focused on growth from monobutyltintrichloride (MBTC) since this is one of the two primary precursors used industrially. There are almost no reliable growth-rate data available for this precursor. Robust models describing the growth rate as a function of these variables are derived from modeling of these data. Finally, the results are used to conduct computational fluid dynamic simulations of both pilot- and full-scale coating reactors. As a result, general conclusions are reached concerning the factors affecting the growth rate in on-line APCVD reactors. In addition, a substantial body of data was generated that can be used to model many different industrial tin oxide coating processes. These data include the most extensive compilation of thermochemistry for gas-phase tin-containing species as well as kinetic expressions describing tin oxide growth rates over a wide range of temperatures, pressures, and reactant concentrations

Wittgensteinian content‐externalism

Content-externalism is the view that a subject’s relations to a context can play a role in individuating the content of her mental states. According to social content-externalists, relations to a socio-linguistic context can play a fundamental individuating role. Åsa Wikforss has suggested that ‘social externalism depends on the assumption that individuals have an incomplete grasp of their own concepts’ (Wikforss 2004, p. 287). In this paper, I show that this isn’t so. I develop and defend an argument for social content-externalism which does not depend on this assumption. The argument is animated by strands of thought in the later work of Wittgenstein. In addition to demonstrating that social externalists are not necessarily committed to thinking that a subject can have thoughts involving concepts which she incompletely understands, this argument is important insofar as it: (1) supports a form of content-externalism with extended scope; (2) avoids the controversy surrounding the claim that subjects can think with concepts which they incompletely understand; and (3) situates Wittgenstein’s later work with respect to contemporary debates about content-externalism

Use of the GenoType® MTBDRplus assay to assess drug resistance of Mycobacterium tuberculosis isolates from patients in rural Uganda

<p>Abstract</p> <p>Background</p> <p>Drug resistance levels and patterns among <it>Mycobacterium tuberculosis </it>isolates from newly diagnosed and previously treated tuberculosis patients in Mbarara Uganda were investigated.</p> <p>Methods</p> <p>We enrolled, consecutively, all newly diagnosed and previously treated smear-positive TB patients aged ≥ 18 years. Isolates were tested for drug resistance against rifampicin (RIF) and isoniazid (INH) using the Genotype^®MDRTBplus assay and results were compared with those obtained by the indirect proportion method on Lowenstein-Jensen media. HIV testing was performed using two rapid HIV tests.</p> <p>Results</p> <p>A total of 125 isolates from 167 TB suspects with a mean age 33.7 years and HIV prevalence of 67.9% (55/81) were analysed. A majority (92.8%) of the participants were newly presenting while only 7.2% were retreatment cases. Resistance mutations to either RIF or INH were detected in 6.4% of the total isolates. Multidrug resistance, INH and RIF resistance was 1.6%, 3.2% and 4.8%, respectively. The <it>rpoβ </it>gene mutations seen in the sample were D516V, S531L, H526Y H526 D and D516V, while one strain had a Δ1 mutation in the wild type probes. There were three strains with <it>katG </it>(codon 315) gene mutations while only one strain showed the <it>inhA </it>promoter region gene mutation.</p> <p>Conclusion</p> <p>The TB resistance rate in Mbarara is relatively low. The GenoType^®MTBDRplus assay can be used for rapid screening of MDR-TB in this setting.</p

Using Intervention Mapping to develop an occupational advice intervention to aid return to work following hip and knee replacement in the United Kingdom

Background There are increasing numbers of total hip replacements (THR) and total knee replacements (TKR) being performed in patients of working age. Providing patients undergoing TKR and THR with return to work advice might facilitate return to work. The aim of this paper is to report on the process used to systematically develop an occupational advice intervention to be delivered in hospital for those undergoing arthroplasty. Methods The six-step Intervention Mapping (IM) approach to development, implementation and evaluation of a theory and evidence-based interventions was followed. This paper reports on the development of the intervention covered by steps 1 to 4 of the IM process. Steps 1-3 gathered data on current practice and barriers to change using a mixed methods approach (cohort study of patients undergoing THR or TKR, stakeholder interviews, survey of practice, evidence synthesis) and provided a theoretical framework for intervention development. Step 4 used information from steps 1-3 in combination with a Delphi consensus process to develop the intervention and the associated tools and materials to facilitate its delivery. Results The final intervention identified included a number of core principles including: early patient identification; delivery of key information to patients and their employers; assessment and support by a member of the orthopaedic team; procedures for escalation based on patient need; mechanisms to support communication; and training and support for the clinical teams delivering care. A total of 13 patient and 20 staff performance objectives as delivery requirements, supported by a range of tools, roles and training resources. The intervention addressed outcomes based at the individual and interpersonal levels of the ecological model. Conclusions Following the IM approach resulted in a structured and justified occupational intervention for delivery in secondary care for patients undergoing total hip and knee replacement. The feasibility of the intervention will subsequently be tested alongside further investigation to establish its effectiveness and cost-effectiveness. Key Words Intervention Mapping Return to Work Occupational advice Arthroplasty Hip Kne

Sublethal toxicant effects with dynamic energy budget theory: model formulation

We develop and test a general modeling framework to describe the sublethal effects of pollutants by adding toxicity modules to an established dynamic energy budget (DEB) model. The DEB model describes the rates of energy acquisition and expenditure by individual organisms; the toxicity modules describe how toxicants affect these rates by changing the value of one or more DEB parameters, notably the parameters quantifying the rates of feeding and maintenance. We investigate four toxicity modules that assume: (1) effects on feeding only; (2) effects on maintenance only; (3) effects on feeding and maintenance with similar values for the toxicity parameters; and (4) effects on feeding and maintenance with different values for the toxicity parameters. We test the toxicity modules by fitting each to published data on feeding, respiration, growth and reproduction. Among the pollutants tested are metals (mercury and copper) and various organic compounds (chlorophenols, toluene, polycyclic aromatic hydrocarbons, tetradifon and pyridine); organisms include mussels, oysters, earthworms, water fleas and zebrafish. In most cases, the data sets could be adequately described with any of the toxicity modules, and no single module gave superior fits to all data sets. We therefore propose that for many applications, it is reasonable to use the most general and parameter sparse module, i.e. module 3 that assumes similar effects on feeding and maintenance, as a default. For one example (water fleas), we use parameter estimates to calculate the impact of food availability and toxicant levels on the long term population growth rate

Prospects and problems for mariculture in Hong Kong associated with wild-caught seed and feed

Mariculture has the potential to supplement world seafood supplies and generate livelihoods and income. It can only do this, however, if it is sustainably practiced in relation to the input of natural resources on which much of it continues to depend. There is, therefore, a need to understand the links between inputs from wild sources, such as fish seed and fish feed, and mariculture practices. Such links are often not considered, with mariculture typically viewed in complete isolation from the status of its natural resources inputs. The mariculture industry in Hong Kong is evaluated, as a case study, in terms of fish and feed inputs, some of which continue to be derived from wild sources. It is argued that better use of wild resources, and a clearer understanding of the links between culture and capture, would provide many benefits to the mariculture industry, and, more broadly, to seafood supply through mariculture in general. Possible directions of development for the local industry include the widespread adoption of pellet feed and hatchery production of juveniles. While regional economic factors will inevitably determine the operation of the industry in the short-term, the biological constraints identified in this paper must be considered for long-term persistence of mariculture operations at the regional level as well as to ensure better use of natural resources.link_to_subscribed_fulltex