3,184 research outputs found
Static Analysis for Extracting Permission Checks of a Large Scale Framework: The Challenges And Solutions for Analyzing Android
A common security architecture is based on the protection of certain
resources by permission checks (used e.g., in Android and Blackberry). It has
some limitations, for instance, when applications are granted more permissions
than they actually need, which facilitates all kinds of malicious usage (e.g.,
through code injection). The analysis of permission-based framework requires a
precise mapping between API methods of the framework and the permissions they
require. In this paper, we show that naive static analysis fails miserably when
applied with off-the-shelf components on the Android framework. We then present
an advanced class-hierarchy and field-sensitive set of analyses to extract this
mapping. Those static analyses are capable of analyzing the Android framework.
They use novel domain specific optimizations dedicated to Android.Comment: IEEE Transactions on Software Engineering (2014). arXiv admin note:
substantial text overlap with arXiv:1206.582
Automatically Securing Permission-Based Software by Reducing the Attack Surface: An Application to Android
A common security architecture, called the permission-based security model
(used e.g. in Android and Blackberry), entails intrinsic risks. For instance,
applications can be granted more permissions than they actually need, what we
call a "permission gap". Malware can leverage the unused permissions for
achieving their malicious goals, for instance using code injection. In this
paper, we present an approach to detecting permission gaps using static
analysis. Our prototype implementation in the context of Android shows that the
static analysis must take into account a significant amount of
platform-specific knowledge. Using our tool on two datasets of Android
applications, we found out that a non negligible part of applications suffers
from permission gaps, i.e. does not use all the permissions they declare
In-Vivo Bytecode Instrumentation for Improving Privacy on Android Smartphones in Uncertain Environments
In this paper we claim that an efficient and readily applicable means to
improve privacy of Android applications is: 1) to perform runtime monitoring by
instrumenting the application bytecode and 2) in-vivo, i.e. directly on the
smartphone. We present a tool chain to do this and present experimental results
showing that this tool chain can run on smartphones in a reasonable amount of
time and with a realistic effort. Our findings also identify challenges to be
addressed before running powerful runtime monitoring and instrumentations
directly on smartphones. We implemented two use-cases leveraging the tool
chain: BetterPermissions, a fine-grained user centric permission policy system
and AdRemover an advertisement remover. Both prototypes improve the privacy of
Android systems thanks to in-vivo bytecode instrumentation.Comment: ISBN: 978-2-87971-111-
Model Driven Mutation Applied to Adaptative Systems Testing
Dynamically Adaptive Systems modify their behav- ior and structure in
response to changes in their surrounding environment and according to an
adaptation logic. Critical sys- tems increasingly incorporate dynamic
adaptation capabilities; examples include disaster relief and space exploration
systems. In this paper, we focus on mutation testing of the adaptation logic.
We propose a fault model for adaptation logics that classifies faults into
environmental completeness and adaptation correct- ness. Since there are
several adaptation logic languages relying on the same underlying concepts, the
fault model is expressed independently from specific adaptation languages.
Taking benefit from model-driven engineering technology, we express these
common concepts in a metamodel and define the operational semantics of mutation
operators at this level. Mutation is applied on model elements and model
transformations are used to propagate these changes to a given adaptation
policy in the chosen formalism. Preliminary results on an adaptive web server
highlight the difficulty of killing mutants for adaptive systems, and thus the
difficulty of generating efficient tests.Comment: IEEE International Conference on Software Testing, Verification and
Validation, Mutation Analysis Workshop (Mutation 2011), Berlin : Allemagne
(2011
You Cannot Fix What You Cannot Find! An Investigation of Fault Localization Bias in Benchmarking Automated Program Repair Systems
Properly benchmarking Automated Program Repair (APR) systems should
contribute to the development and adoption of the research outputs by
practitioners. To that end, the research community must ensure that it reaches
significant milestones by reliably comparing state-of-the-art tools for a
better understanding of their strengths and weaknesses. In this work, we
identify and investigate a practical bias caused by the fault localization (FL)
step in a repair pipeline. We propose to highlight the different fault
localization configurations used in the literature, and their impact on APR
systems when applied to the Defects4J benchmark. Then, we explore the
performance variations that can be achieved by `tweaking' the FL step.
Eventually, we expect to create a new momentum for (1) full disclosure of APR
experimental procedures with respect to FL, (2) realistic expectations of
repairing bugs in Defects4J, as well as (3) reliable performance comparison
among the state-of-the-art APR systems, and against the baseline performance
results of our thoroughly assessed kPAR repair tool. Our main findings include:
(a) only a subset of Defects4J bugs can be currently localized by commonly-used
FL techniques; (b) current practice of comparing state-of-the-art APR systems
(i.e., counting the number of fixed bugs) is potentially misleading due to the
bias of FL configurations; and (c) APR authors do not properly qualify their
performance achievement with respect to the different tuning parameters
implemented in APR systems.Comment: Accepted by ICST 201
L'analyse statistique de données appliquée à la surveillance multi-paramètres de versants instables
La difficulté à modéliser les mécanismes de rupture de mouvements de versants de grande ampleur limite fortement les capacités d'anticipation et d'alerte des dispositifs basés sur des critères de détection déterministes simples. De par la multiplicité et la complexité des phénomènes en jeu ces dispositifs sont de plus propices aux situations de fausses alarmes ou d'occurrence de l'aléa sans alarme. Pour s'affranchir de ces limites et faire face à la diversité et la complexité des situations d'aléas gravitaires rencontrées, des approches multi-paramètres d'observation et de surveillance sont mises en oeuvre. L'évolution technologique des capteurs, des systèmes d'alerte et de leurs protocoles d'acquisition permet aujourd'hui de collecter de manière synchronisée de nombreux types de données de mesure : mécaniques, hydrologiques, géodésiques, météorologiques, sismiques et micro-sismiques. L'enjeu des travaux actuels concerne l'exploitation automatique en routine des séries chronologiques ainsi collectées et notamment : (1) l'analyse de l'évolution dans le temps des différentes variables, (2) la détection des singularités dans ces séries, et (3) l'identification des interactions entre variables et des temps de transfert entre elles. In fine, ces travaux doivent permettre l'utilisation d'outils et méthodes d'analyse statistique éprouvés permettant d'établir des lois probabilistes d'occurrence de l'aléa redouté ou tout au moins une détection fiable des situations à risque. Dans cet article, il est proposé d'illustrer ce propos à l'aide des chroniques de données multi-paramètres collectées par l'INERIS sur le versant des Ruines de Séchilienne entre 2009 et 2013. Nous verrons que les processus d'analyse et d'exploitation ne sont pas immédiats et qu'ils requièrent des choix méthodologiques, ainsi qu'un recul sur les données de mesure, les incertitudes associées, la résolution des techniques instrumentales déployées qui peuvent combiner des variables quantitatives, qualitatives, ponctuelles, volumétriques, les scénarios attendus, ou encore sur la prise en compte des informations redondantes ou contradictoires
FixMiner: Mining Relevant Fix Patterns for Automated Program Repair
Patching is a common activity in software development. It is generally
performed on a source code base to address bugs or add new functionalities. In
this context, given the recurrence of bugs across projects, the associated
similar patches can be leveraged to extract generic fix actions. While the
literature includes various approaches leveraging similarity among patches to
guide program repair, these approaches often do not yield fix patterns that are
tractable and reusable as actionable input to APR systems. In this paper, we
propose a systematic and automated approach to mining relevant and actionable
fix patterns based on an iterative clustering strategy applied to atomic
changes within patches. The goal of FixMiner is thus to infer separate and
reusable fix patterns that can be leveraged in other patch generation systems.
Our technique, FixMiner, leverages Rich Edit Script which is a specialized tree
structure of the edit scripts that captures the AST-level context of the code
changes. FixMiner uses different tree representations of Rich Edit Scripts for
each round of clustering to identify similar changes. These are abstract syntax
trees, edit actions trees, and code context trees. We have evaluated FixMiner
on thousands of software patches collected from open source projects.
Preliminary results show that we are able to mine accurate patterns,
efficiently exploiting change information in Rich Edit Scripts. We further
integrated the mined patterns to an automated program repair prototype,
PARFixMiner, with which we are able to correctly fix 26 bugs of the Defects4J
benchmark. Beyond this quantitative performance, we show that the mined fix
patterns are sufficiently relevant to produce patches with a high probability
of correctness: 81% of PARFixMiner's generated plausible patches are correct.Comment: 31 pages, 11 figure
Deformed vortices in (4+1)-dimensional Einstein-Yang-Mills theory
We study vortex-type solutions in a (4+1)-dimensional
Einstein-Yang-Mills-SU(2) model. Assuming all fields to be independent on the
extra coordinate, these solutions correspond in a four dimensional picture to
axially symmetric multimonopoles, respectively monopole-antimonopole solutions.
By boosting the five dimensional purely magnetic solutions we find new
configurations which in four dimensions represents rotating regular nonabelian
solutions with an additional electric charge.Comment: 11 pages, including 5 eps files; reference added, discussion
extended; typos correcte
- …