Code Metrics For Predicting Risk Levels of Android Applications

Android applications pose security and privacy risks for end-users. Early prediction of risk levels that are associated with Android applications can help Android developers is releasing less risky applications to end-users. Researchers have showed how code metrics can be used as early predictors of failure prone software components. Whether or not code metrics can be used to predict risk levels of Android applications requires systematic exploration. The goal of this paper is to aid Android application developers in assessing the risk associated with developed Android applications by identifying code metrics that can be used as predictors to predict two levels of risk for Android applications. In this exploratory research study the author has investigated if code metrics can be used to predict two levels of risk for Android applications. The author has used a dataset of 4416 Android applications that also included the applications\u27 21 code metrics. By applying logistic regression, the author observes two of the 21 code metrics can predict risk levels significantly. These code metrics are functional complexity and number of directories. Empirical findings from this exploratory study suggest that with the use of proper prediction techniques, code metrics might be used as predictors for Android risk scores successfully

Detecting and Characterizing Propagation of Security Weaknesses in Puppet-based Infrastructure Management

Despite being beneficial for managing computing infrastructure automatically, Puppet manifests are susceptible to security weaknesses, e.g., hard-coded secrets and use of weak cryptography algorithms. Adequate mitigation of security weaknesses in Puppet manifests is thus necessary to secure computing infrastructure that are managed with Puppet manifests. A characterization of how security weaknesses propagate and affect Puppet-based infrastructure management, can inform practitioners on the relevance of the detected security weaknesses, as well as help them take necessary actions for mitigation. To that end, we conduct an empirical study with 17,629 Puppet manifests mined from 336 open source repositories. We construct Taint Tracker for Puppet Manifests (TaintPup), for which we observe 2.4 times more precision compared to that of a state-of-the-art security static analysis tool. TaintPup leverages Puppet-specific information flow analysis using which we characterize propagation of security weaknesses. From our empirical study, we observe security weaknesses to propagate into 4,457 resources, i.e, Puppet-specific code elements used to manage infrastructure. A single instance of a security weakness can propagate into as many as 35 distinct resources. We observe security weaknesses to propagate into 7 categories of resources, which include resources used to manage continuous integration servers and network controllers. According to our survey with 24 practitioners, propagation of security weaknesses into data storage-related resources is rated to have the most severe impact for Puppet-based infrastructure management.Comment: 14 pages, currently under revie

Application of Lignin (Modified/Unmodified ) to Cement and Observing Effects

Biomass of various types have been known to be important sources of energy or raw material for products in industries for centuries. Biomass have been proven to be cost effective as sources of suitable chemicals that can enhance many industrial processes. Lignin is one of many very valuable components extractable from biomass. Using lignin, modified or unmodified, can improve the sustainability of manufacturing processes. In this work, lignin was extracted from two different biomass, i.e. coffee chaff and sugarcane bagasse. Coffee chaff is the dried skins of coffee beans, the waste product from the roasting process. Sugarcane bagasse is the fibrous material remaining once the juice is extracted from the sugarcane. It can be dried and combusted as a solid biofuel. A deep eutectic solvent (DES) was used to extract lignin from these two biomass. DESs are hydrogen-bonded solvents that can extract lignin from biomass. They are safe, simple, cost effective and recyclable. In this study, the DES used was a two to one molar ratio of formic acid with choline chloride (FA:CC). The lignin extracted from the two biomass was added to cement to discover how they impacted the plasticity, porosity and compression strength of cement cylinders. In addition, commercially purchased sugarcane bagasse lignin was carboxymethylated and added to cement to investigate its effect on these properties