Analyzing Android Browser Apps for file:// Vulnerabilities

Securing browsers in mobile devices is very challenging, because these browser apps usually provide browsing services to other apps in the same device. A malicious app installed in a device can potentially obtain sensitive information through a browser app. In this paper, we identify four types of attacks in Android, collectively known as FileCross, that exploits the vulnerable file:// to obtain users' private files, such as cookies, bookmarks, and browsing histories. We design an automated system to dynamically test 115 browser apps collected from Google Play and find that 64 of them are vulnerable to the attacks. Among them are the popular Firefox, Baidu and Maxthon browsers, and the more application-specific ones, including UC Browser HD for tablet users, Wikipedia Browser, and Kids Safe Browser. A detailed analysis of these browsers further shows that 26 browsers (23%) expose their browsing interfaces unintentionally. In response to our reports, the developers concerned promptly patched their browsers by forbidding file:// access to private file zones, disabling JavaScript execution in file:// URLs, or even blocking external file:// URLs. We employ the same system to validate the ten patches received from the developers and find one still failing to block the vulnerability.Comment: The paper has been accepted by ISC'14 as a regular paper (see https://daoyuan14.github.io/). This is a Technical Report version for referenc

Theoretical studies of radiation effects in composite materials for space use

Tetraglycidyl 4,4'-diamino diphenyl methane epoxy cured with diamino diphenyl sulfone was used as a model compound. Computer programs were developed to calculate (1) energy deposition coefficients of protons and electrons of various energies at different depths of the material; (2) ranges of protons and electrons of various energies in the material; and (3) cumulative doses received by the composite in different geometric shapes placed in orbits of various altitudes and inclination. A preliminary study on accelerated testing was conducted and it was found that an elliptical equitorial orbit of 300 km perigee by 2750 km apogee can accumulate, in 2 years or less, enough radiation dose comparable to geosynchronous environment for 30 years. The local plasma model calculated the mean excitation energies for covalent and ionic compounds. Longitudinal and lateral distributions of excited species by electron and proton impact as well as the probability of overlapping of two tracks due to two charged particles within various time intervals were studied

Development of modified vibration test criteria for qualifying space vehicle components

The results of the evaluation of two response prediction methods relating to the prediction of structural responses of stiffened shell structures with or without attached components, and subjected to broadband acoustic excitations are presented. The methods under evaluation were the constant mass attenuation method and the impedance ratio method. Example problems were used to illustrate the application procedures of these two methods and to compare their predicted results with the experimentally measured data. It is found that more realistic estimates of the structural response can be obtained by the impedance ratio method

Development of modified vibration test criteria for qualifying space vehicle components

Simplified methods are described to estimate the test criteria of primary structures at component attachment points subjected to broadband random acoustic excitations. The current method utilizes a constant smeared component mass attenuation factor across the frequency range of interest. The developed method indicates that the attenuation factor is based on a frequency dependent ratio of the mechanical impedances of both the component and primary structures. The procedures used to predict the structural responses are considered as the present state-of-the-art and provide satisfactory prediction results. Example problems are used to illustrate the application procedures of the two methods and to compare the significant difference. It was found that the lower test criteria obtained by the impedance ratio method is due to the results of considering the effects of component/primary structure interaction