Reverse engineering Android Apps with CodeInspect

While the Android operating system is popular among users, it has also attracted a broad variety of miscreants and malware. New samples are discovered every day. Purely automatic analysis is often not enough for understanding current state-of-the-art Android malware, though. Miscreants obfuscate and encrypt their code, or hide secrets in native code. Precisely identifying the malware's behavior and finding information about its potential authors requires tools that assist human experts in a manual investigation. In this paper, we present CodeInspect, a novel reverse engineering tool for Android app that optimally supports investigators and analysts in that task

Investigating users' reaction to fine-grained data requests: A market experiment

The market for smartphone applications is steadily growing. Unfortunately, along with this growth, the number of malicious applications is increasing as well. To identify this malware, various automatic code-analysis tools have been developed. These tools are able to assess the risk associated with a specific app. However, informing users about these findings is often difficult. Currently, on Android, users decide about applications based on coarse-grained permission dialogs during installation. As these dialogs are quite abstract, many users do not read or understand them. Thus, to make the more detailed findings from security research accessible, new mechanisms for privacy communication need to be assessed. In our market experiment, we investigate how fine-grained data requests during runtime affect users' information disclosure. We find that many users reverse their decision when prompted with a fine-grained request

Static analysis of android apps: A systematic literature review

Context: Static analysis exploits techniques that parse program source code or bytecode, often traversing program paths to check some program properties. Static analysis approaches have been proposed for different tasks, including for assessing the security of Android apps, detecting app clones, automating test cases generation, or for uncovering non-functional issues related to performance or energy. The literature thus has proposed a large body of works, each of which attempts to tackle one or more of the several challenges that program analyzers face when dealing with Android apps. Objective: We aim to provide a clear view of the state-of-the-art works that statically analyze Android apps, from which we highlight the trends of static analysis approaches, pinpoint where the focus has been put, and enumerate the key aspects where future researches are still needed. Method: We have performed a systematic literature review (SLR) which involves studying 124 research papers published in software engineering, programming languages and security venues in the last 5 years (January 2011-December 2015). This review is performed mainly in five dimensions: problems targeted by the approach, fundamental techniques used by authors, static analysis sensitivities considered, android characteristics taken into account and the scale of evaluation performed. Results: Our in-depth examination has led to several key findings: 1) Static analysis is largely performed to uncover security and privacy issues; 2) The Soot framework and the Jimple intermediate representation are the most adopted basic support tool and format, respectively; 3) Taint analysis remains the most applied technique in research approaches; 4) Most approaches support several analysis sensitivities, but very few approaches consider path-sensitivity; 5) There is no single work that has been proposed to tackle all challenges of static analysis that are related to Android programming; and 6) Only a small portion of state-of-the-art works have made their artifacts publicly available. Conclusion: The research community is still facing a number of challenges for building approaches that are aware altogether of implicit-Flows, dynamic code loading features, reflective calls, native code and multi-threading, in order to implement sound and highly precise static analyzers

A Study of Book Recommendation System with Topic Maps and Relationship Algebra

（二）本計畫為「基於主題地圖和關係代數之書籍推薦系統之研究」﹐計畫內容是數位化圖書館秉持library2.0精神，提供以讀者為中心的各式服務，即是個人化服務．書籍推薦系統除了可以依據讀者過去的借閱記錄，推薦相關書籍給讀者外，更可以藉由同一社群的資訊，推薦讀者從沒有借閱過的書籍，而廣受讀者的歡迎．書籍推薦系統的開發方式主要又可分為：協同式、內容式和混合式．然而，不論使用哪一種方式所開發的書籍推薦系統都有下列課題：冷啟動(cold start)、個人隱私（privacy）和資訊行為(information behavior)．所謂冷啟動問題指的是當一個新讀者或新圖書館由於缺發足夠借閱資料而無法推薦書籍．個人隱私的問題則是一般人注重個人隱私而不願提供圖書館使用記錄而使得推薦系統無法運作．資訊行為則是一般人會隨著興趣、閱讀環境或社群團體的改變資訊行為的改變，然而傳統推薦系統無法正確對應．由於主題地圖(topic maps)使用主題、關聯和資源索引可以有效指引資源利用，具有容易編輯（新增、合併或刪除）、主題關係的呈現．另外，由於其為基於XML的標記語言，可以和其他知識架構，例如，RDF或本體論相容，一般被用來作為管理和呈現知識的工具．另一方面，為在主題地圖上探討社群的分布，關係代數(relational algebra)利用直接信任、同引信任、遞移信任和信任耦合等運算子可執行信任傳導而找出網路中的社群．因此，本研究除利用主題地圖優越的知識解釋和視覺化呈現,也利用關係代數可自動推導社群分布的特性開發一個以讀者為中心的書籍推薦系統．This project is entitled “A Study of Book Recommendation System with Topic Maps and Relationship Algebra”. To abide by the spirit of Library 2.0, digital libraries provide various reader-centered services, e.g., personalized services. Book recommendation system can recommend the related books to a reader not only by referring his (her) loan history, but also by referring all the loan histories from the people of his (her) social network. The development of a book recommendation system can be divided into three approaches: collaborative filtering approach, content-based filtering approach and hybrid approach. However, all of the three approaches have the following development issues: cold start, privacy and information behavior. Cold start means that when a new reader or library does not have enough profile data or load data, the recommendation system can not start to recommend. Privacy means that people are usually not willing to provide their own profile or load history, due to lack of the related data the book recommendation system usually works abnormally. Information behavior means that as the change of personal hobby, reading habit or social network, the readers are easy to change their information needs. On the other hand, topic map employs the topics, relations and occurrence to index and show the related knowledge resources. As the topic map uses XML to tag its document, it is easy to transfer knowledge from or to other knowledge system, e.g., RDF or Ontology. Moreover, the topic map can also be easy to edit (combine, change and delete) and show the relation between topics. On the one hand, relational algebra can use the direct trust, co-indexed trust, transfer trust and coupling trust operators to conduct the trust propagation on the network efficiently. Thus, the topic maps can deal with the issue of information behavior and the relational algebra can deal with the issues of both cold start and privacy. Therefore, in order tackle the above three issues we use both the topic maps and relational algebra to develop a reader-centered book recommendation system

On the application of two-fluid flows solver to the casting problem

This book presents and discusses mathematical models, numerical methods and computational techniques used for solving coupled problems in science and engineering. It takes a step forward in the formulation and solution of real-life problems with a multidisciplinary vision, accounting for all of the complex couplings involved in the physical description. Simulation of multifaceted physics problems is a common task in applied research and industry. Often a suitable solver is built by connecting together several single-aspect solvers into a network. In this book, research in various fields was selected for consideration: adaptive methodology for multi-physics solvers, multi-physics phenomena and coupled-field solutions, leading to computationally intensive structural analysis. The strategies which are used to keep these problems computationally affordable are of special interest, and make this an essential book.Peer ReviewedPostprint (published version