A Case Study of Mobile Health Applications: The OWASP Risk of Insufficient Cryptography

Mobile devices are being deployed rapidly for both private and professional reasons. One area of that has been growing is in releasing healthcare applications into the mobile marketplaces for health management. These applications help individuals track their own biorhythms and contain sensitive information. This case study examines the source code of mobile applications released to GitHub for the Risk of Insufficient Cryptography in the Top Ten Mobile Open Web Application Security Project risks. We first develop and justify a mobile OWASP Cryptographic knowledgegraph for detecting security weaknesses specific to mobile applications which can be extended to other domains involving cryptography. We then analyze the source code of 203 open source healthcare mobile applications and report on their usage of cryptography in the applications. Our findings show that none of the open source healthcare applications correctly applied cryptography in all elements of their applications. As humans adopt healthcare applications for managing their health routines, it is essential that they consider the privacy and security risks they are accepting when sharing their data. Furthermore, many open source applications and developers have certain environmental parameters which do not mandate adherence to regulations. In addition to creating new free tools for security risk identifications during software development such as standalone or compiler-embedded, the article suggests awareness and training modules for developers prior to marketplace software release

Embeddings Among Toruses and Meshes

Toruses and meshes include graphs of many varieties of topologies, with lines, rings, and hypercubes being special cases. Given a d-dimensional torus or mesh G and a c-dimensional torus or mesh H of the same size, we study the problem of embedding G in H to minimize the dilation cost. For increasing dimension cases (d \u3c c) in which the shapes of G and H satisfy the condition of expansion, the dilation costs of our embeddings are either 1 or 2, depending on the types of graphs of G and H. These embeddings a,re optimal except when G is a torus of even size and H is a mesh. For lowering dimension cases (d \u3e c) in which the shapes of G and H satisfy the condition of reduction, the dilation costs of our embeddings depend on the shapes of G and H. These embeddings, however, are not optimal in general. For the special cases in which G and H are square, the embedding results above can always be used to construct embeddings of G in H: these embeddings are all optimal for increasing dimension cases in which the dimension of H is divisible by the dimension of G, and all optimal to within a constant for fixed values of d and c for lowering dimension cases. Our main analysis technique is based on a generalization of Gray code for radix-2 (binary) numbering system to similar sequences for mixed-radix numbering systems

Mobile Software Assurance Informed through Knowledge Graph Construction: The OWASP Threat of Insecure Data Storage

Many organizations, to save costs, are moving to the Bring Your Own Mobile Device (BYOD) model and adopting applications built by third-parties at an unprecedented rate. Our research examines software assurance methodologies specifically focusing on security analysis coverage of the program analysis for mobile malware detection, mitigation, and prevention. This research focuses on secure software development of Android applications by developing knowledge graphs for threats reported by the Open Web Application Security Project (OWASP). OWASP maintains lists of the top ten security threats to web and mobile applications. We develop knowledge graphs based on the two most recent top ten threat years and show how the knowledge graph relationships can be discovered in mobile application source code. We analyze 200+ healthcare applications from GitHub to gain an understanding of their software assurance of their developed software for one of the OWASP top ten mobile threats, the threat of “Insecure Data Storage.” We find that many of the applications are storing personally identifying information (PII) in potentially vulnerable places leaving users exposed to higher risks for the loss of their sensitive data

An Efficient Multiway Hypergraph Partitioning Algorithm for VLSI Layout

In this paper, we propose an effective multiway hypergraph partitioning algorithm. We introduce the concept of net gain and embed itin the selection of cell moves. Unlike traditional FM-based iterative improvement algorithms in which the selection of the next cell to move is only based on its cell gain,our algorithm selects a cell based on both its cell gain and the sum of all net gains for those nets incidents to the cell. To escape from local optima and to search broader solution space, we propose a new perturbation mechanism. These two strategies significantly enhance the solution quality produced by our algorithm. Based on our experimental justification, we smoothly decrease the numbers of iteration from pass to pass to reduce the computational effort so that our algorithm can partition large benchmark circuits with reasonable run time. Compared with the recent multiway partitioning algorithms proposed by Dasdan and Aykanat [5], our algorithm significantly outperforms theirs in terms of solution quality (cutsize) and run time: the average improvements in terms of average cutsize over their PLM3 and PFM3 are 47.64% and 36.76% with only 37. 17% and 9.66% of their run time respectively

Second-Harmonic Generation and Spectrum Modulation by Active Nonlinear Metamaterial

The nonlinear properties of a metamaterial sample composed of double-layer metallic patterns and voltage controllable diodes are experimentally investigated. Second harmonics and spectrum modulations are clearly observed in a wide band of microwave frequencies, showing that this kind of metamaterial is not only tunable by low DC bias voltage, but also behaves strong nonlinear property under a small power incidence. These properties are difficult to be found in normal, naturally occurring materials.Comment: 14 pages, 4 figure

Learning Motion Refinement for Unsupervised Face Animation

Unsupervised face animation aims to generate a human face video based on the appearance of a source image, mimicking the motion from a driving video. Existing methods typically adopted a prior-based motion model (e.g., the local affine motion model or the local thin-plate-spline motion model). While it is able to capture the coarse facial motion, artifacts can often be observed around the tiny motion in local areas (e.g., lips and eyes), due to the limited ability of these methods to model the finer facial motions. In this work, we design a new unsupervised face animation approach to learn simultaneously the coarse and finer motions. In particular, while exploiting the local affine motion model to learn the global coarse facial motion, we design a novel motion refinement module to compensate for the local affine motion model for modeling finer face motions in local areas. The motion refinement is learned from the dense correlation between the source and driving images. Specifically, we first construct a structure correlation volume based on the keypoint features of the source and driving images. Then, we train a model to generate the tiny facial motions iteratively from low to high resolution. The learned motion refinements are combined with the coarse motion to generate the new image. Extensive experiments on widely used benchmarks demonstrate that our method achieves the best results among state-of-the-art baselines.Comment: NeurIPS 202