Renforcement formel et automatique de politiques de sécurité dans des applications Android par réécriture

Autant les applications Android ont réussi à positionner Android parmi les systèmes d'exploitation les plus utilisés, autant elles ont facilité aux créateurs de maliciels de s'introduire et de compromettre ses appareils. Une longue liste de menaces causées par les applications téléchargées vise l'intégrité du système et la vie privée de ses utilisateurs. Malgré l'évolution incessante du système Android pour améliorer son mécanisme de sécurité, le niveau de sophistication des logiciels malveillants a augmenté et s'adapte continuellement avec les nouvelles mesures. L'une des principales faiblesses menaçant la sécurité de ce système est le manque abyssal d'outils et d'environnements permettant la spécification et la vérification formelle des comportements des applications avant que les dommages ne soient causés. À cet égard, les méthodes formelles semblent être le moyen le plus naturel et le plus sûr pour une spécification et une vérification rigoureuses et non ambiguës de telles applications. Notre objectif principal est de développer un cadre formel pour le renforcement de politiques de sécurité dans les applications Android. L'idée est d'établir une synergie entre le paradigme orienté aspect et les méthodes formelles. L'approche consiste à réécrire le programme de l'application en ajoutant des tests de sécurité à certains points soigneusement sélectionnés pour garantir le respect de la politique de sécurité. La version réécrite du programme préserve tous les bons comportements de la version originale qui sont conformes à la politique de sécurité et agit contre les mauvais.As much as they have positioned Android among the most widely used operating systems, Android applications have helped malware creators to break in and infect its devices. A long list of threats caused by downloaded applications targets the integrity of the system and the privacy of its users. While the Android system is constantly evolving to improve its security mechanism, the malware's sophistication level is skyrocketing and continuously adapting with the new measures. One of the main weaknesses threatening smartphone security is the abysmal lack of tools and environments that allow formal specification and verification of application behaviors before damage is done. In this regard, formal methods seem to be the most natural and secure way for rigorous and unambiguous specification and verification of such applications. Our ultimate goal is to formally enforce security policies on Android applications. The main idea is to establish a synergy between the aspect-oriented paradigm and formal methods such as the program rewriting technique. The approach consists of rewriting the application program by adding security tests at certain carefully selected points to ensure that the security policy is respected. The rewritten version of the program preserves all the good behaviors of the original one that comply with the security policy and acts against the bad ones

An Adaptive Regenerative Braking Strategy Design Based on Naturalistic Regeneration Performance for Intelligent Vehicles

The effectiveness of regenerative braking strategies plays an important role in extending the driving range of electric vehicles. Since the driver is still an essential factor in levels 3 and 4 of intelligent electric vehicles, improving user acceptance and adoption of the braking control strategy is crucial. This paper puts forward a new regenerative braking strategy to find a compromise between optimal braking control performance and naturalistic regeneration performance while satisfying the maximum speed preference when driving between two-stop events. Unlike other similar works that only maximize regenerative braking energy while satisfying the physical limits of an electrified powertrain, this paper considers naturalistic regeneration performance. To achieve this, firstly, the power regenerated by three drivers is predicted with a long-horizon (30 seconds), using long-short-term memory networks (LSTM) and non-linear autoregressive exogenous model (NARX). Subsequently, an estimation of the energy recovery maximization rate is performed to give a perception of the naturalistic regeneration performance. As this performance varies, the deceleration planning employs three horizon scales of long, medium, and short, determined by the energy recovery maximization rate. Finally, dynamic programming (DP) is utilized to optimize a deceleration profile. The study utilizes real data of inverter efficiency, transmission efficiency, and motor-to-battery efficiency map. The outcome of this study shows that the proposed regeneration braking strategy is adaptive, improving regeneration efficiency by 39,6% for driver 1, 16% for driver 2, and 26% for driver 3, and forecasting the optimality of some deceleration behaviors

Smali+: An Operational Semantics for Low-Level Code Generated from Reverse Engineering Android Applications

Today, Android accounts for more than 80% of the global market share. Such a high rate makes Android applications an important topic that raises serious questions about its security, privacy, misbehavior and correctness. Application code analysis is obviously the most appropriate and natural means to address these issues. However, no analysis could be led with confidence in the absence of a solid formal foundation. In this paper, we propose a full-fledged formal approach to build the operational semantics of a given Android application by reverse-engineering its assembler-type code, called Smali. We call the new formal language Smali + . Its semantics consist of two parts. The first one models a single-threaded program, in which a set of main instructions is presented. The second one presents the semantics of a multi-threaded program which is an important feature in Android that has been glossed over in the-state-of-the-art works. All multi-threading essentials such as scheduling, threads communication and synchronization are considered in these semantics. The resulting semantics, forming Smali + , are intended to provide a formal basis for developing security enforcement, analysis and misbehaving detection techniques for Android applications