Android, being an open source smartphone operating system, enjoys a large community of developers who create new mobile services and applications. However, it also attracts malware writers to exploit Android devices i...
详细信息
ISBN:
(纸本)9781479909599
Android, being an open source smartphone operating system, enjoys a large community of developers who create new mobile services and applications. However, it also attracts malware writers to exploit Android devices in order to distribute malicious apps in the wild. In fact, Android malware are becoming more sophisticated and they use advanced "dynamic loading" techniques like java reflection or native code execution to bypass security detection. To detect dynamic loading, one has to use dynamic analysis. Currently, there are only a handful of Android dynamic analysis tools available, and they all have shortcomings in detecting dynamic loading. The aim of this paper is to design and implement a dynamic analysis system which allows analysts to perform systematic analysis of dynamic payloads with malicious behaviors. We propose "DroidTrace", a ptrace based dynamic analysis system with forward execution capability. Our system uses ptrace to monitor selected system calls of the target process which is running the dynamic payloads, and classifies the payloads behaviors through the system call sequence, e.g., behaviors such as file access, network connection, inter-process communication and even privilege escalation. Also, DroidTrace performs "physical modification" to trigger different dynamic loading behaviors within an app. Using DroidTrace, we carry out a large scale analysis on 36,170 dynamic payloads in 50,000 apps and 294 malware in 10 families (four of them are zero-day) with various dynamic loading behaviors.
Hibernate is the most popular ORM framework for java. It is a straightforward and easy-to-use implementation of java Persistence API. However, its simplicity of usage often becomes mischievous to developers and leads ...
详细信息
ISBN:
(纸本)9781467344715
Hibernate is the most popular ORM framework for java. It is a straightforward and easy-to-use implementation of java Persistence API. However, its simplicity of usage often becomes mischievous to developers and leads to serious performance issues in Hibernate-based applications. This paper presents live performance antipatterns related to the usage of one-to-many associations in hibernate. These antipatterns focus on the problems of the owning side of collections, the java types and annotations used in mappings, as well as processing of collections. Each antipattern consists of the description of a problem along with a sample code, negative performance consequences, and the recommended solution. Performance is analyzed in terms of the number and complexity of issued database statement. The code samples illustrate how the antipatterns decrease performance and how to implement the mappings to speed up the execution times.
The memory model used in the Real-Time Specification for java (RTSJ) imposes strict assignment rules to or from memory areas preventing the creation of dangling pointers, and thus maintaining the pointer safety of Jav...
详细信息
ISBN:
(纸本)0769519369
The memory model used in the Real-Time Specification for java (RTSJ) imposes strict assignment rules to or from memory areas preventing the creation of dangling pointers, and thus maintaining the pointer safety of java. An implementation solution to ensure the checking of these rules before each assignment statement consists to use write barriers executing a stack-based algorithm. This paper provides a hardware-based solution for both write barriers and the stack-based algorithm.
Priority in the development of Web applications is the implementation of security mechanisms. In order to detect potential security vulnerabilities and implement appropriate security mechanisms, it is necessary to per...
详细信息
ISBN:
(纸本)9781467329842;9781467329835
Priority in the development of Web applications is the implementation of security mechanisms. In order to detect potential security vulnerabilities and implement appropriate security mechanisms, it is necessary to perform a detailed analysis of the application. For the detection of potential failures in the process of applications development, the static analysis of source code is used. STASEC [1] is a tool for static analysis of source code of Web applications that are implemented using the java programming language. This paper presents a proposal for expansion of this tool with new module for the automatic detection of application vulnerabilities caused by manipulation of the input data on the client.
Alias analysis is a method for extracting sets of expressions which may possibly refer to the same memory locations during program execution. Although many researchers have already proposed analysis methods for the pu...
详细信息
ISBN:
(纸本)076952561X
Alias analysis is a method for extracting sets of expressions which may possibly refer to the same memory locations during program execution. Although many researchers have already proposed analysis methods for the purpose of program optimization, difficulties still remain in applying such methods to practical software engineering tools in the sense of precision, extensibility and scalability. Focusing mainly on a practical use for program maintenance activities such as program debugging and understanding, we propose an alias analysis method for object-oriented programs and discuss our implementation. Using this method, we have developed a tool named JAAT. Our proposed method employs a two-phase, on-demand, and instance-based algorithm, in which intra-class analysis is done in Phase 1 for whole programs and libraries, and inter-class analysis is done in Phase 2 only for a user-demanded target. JAAT can analyze large programs or libraries such as JDK class library. Also, JAAT includes various features for program maintenance activities, such as GUI for displaying aliases, and an XML database for storing analysis information.
We present SOLj (Secure Operations language-java), an event-driven domain-specific synchronous programming extension of java for developing secure service-based systems. The language has capabilities for handling serv...
详细信息
ISBN:
(纸本)9780769528106
We present SOLj (Secure Operations language-java), an event-driven domain-specific synchronous programming extension of java for developing secure service-based systems. The language has capabilities for handling service invocations asynchronously, includes strong typing for the enforcement of information flow and security policies, and exception handling mechanisms to deal with failures of components or services (both benign and Byzantine). Applications written in SOLj are formally verifiable using static analysis techniques. SOLj programs may be deployed, configured, and run on SINS (Secure Infrastructure for Networked Systems) under development at the Naval Research Laboratory.
The use of component models such as Enterprise java Beans and the CORBA Component Model (CCM) in application development is expanding rapidly. Even in real-time safety/mission-critical domains, component-based develop...
详细信息
ISBN:
(纸本)076951877X
The use of component models such as Enterprise java Beans and the CORBA Component Model (CCM) in application development is expanding rapidly. Even in real-time safety/mission-critical domains, component-based development is beginning to take hold as a mechanism for incorporating non-functional aspects such as real-time, quality-of-service, and distribution. To form an effective basis for development of such systems, we believe that support for reasoning about correctness properties of component-based designs is essential. In this paper we present Cadena - an integrated environment for building and modeling CCM systems. Cadena provides facilities for defining component types using CCM IDL, specifying dependency information and transition System semantics for these types, assembling systems from CCM components, visualizing various dependence relationships between components, specifying and verifying correctness properties of models of CCM systems derived from CCM IDL, component assembly information, and Cadena specifications, and producing CORBA stubs and skeletons implemented in java. We are applying Cadena to avionics applications built using Boeing's Bold Stroke framework.
Models are used in software engineering to describe parts of a system that are relevant for the computation of specific analyses, or the provision of specific functionality. Metamodeling languages such as Ecore make i...
详细信息
ISBN:
(纸本)9781538634929
Models are used in software engineering to describe parts of a system that are relevant for the computation of specific analyses, or the provision of specific functionality. Metamodeling languages such as Ecore make it possible to realize analyses and functionality with model-driven technology, such as transformation engines. If models conform to a metamodel that was expressed using Ecore, numerous Eclipse-based tools can be reused to directly analyze, display, or transform models. In many software projects, models are, however, realized with objects of plain-old java classes rather than an explicit metamodel, so these popular tools cannot be used. In this new ideas paper, we present an Ecoreification approach, which can be used to automatically extract Ecore-conforming metamodels from java code, and a code generator that combines the benefits of both worlds. The resulting code can be used exactly as before, but it also uses the modeling infrastructure and implements all interfaces for Ecore-based tooling. This way, arbitrary non-standard models can be displayed and modified, for example using graphical Sirius editors, or transformed with well-proven transformation languages, such as QVT-O or ATL.
The calculation of test coverage is often unfeasible for large-scale mining software repositories studies, as its computation requires building each project and executing their test suites. Because of that, we have be...
详细信息
ISBN:
(纸本)9781467392723
The calculation of test coverage is often unfeasible for large-scale mining software repositories studies, as its computation requires building each project and executing their test suites. Because of that, we have been working on heuristics to calculate code coverage based on static code analysis. However, our results have been disappointing so far. In this paper, we present our approach to the problem and an evaluation involving 18 open source projects (around 2,700 classes) from the Apache Software Foundation. Results show that our approach provides acceptable results for only 50% of all classes. We believe researchers can learn from our mistakes and possibly derive a better approach. We advise researchers who need to use code coverage in their studies to select projects with a well-defined build system, such as Maven.
Planning an efficient construction site layout increases safety and productivity of operations. As opposed to considering only confined construction sites, this paper optimizes site layout for linear infrastructure pr...
详细信息
ISBN:
(数字)9780784482421
ISBN:
(纸本)9780784482421
Planning an efficient construction site layout increases safety and productivity of operations. As opposed to considering only confined construction sites, this paper optimizes site layout for linear infrastructure projects in congested inner cities roads ( i. e., road maintenance). The construction site location of these projects dynamically changes as the work progresses. Therefore, selecting construction facilities locations ( CFL) is a major problem prior to organizing these facilities. The presented work optimizes CFL selection in inner-cities congested roads, using uniform-cost search ( UCS) as an optimization tool, through minimizing the ( 1) resources transportation cost, ( 2) land renting cost, and ( 3) facilities relocation cost. The proposed model is coded in java using NetBeans IDE 8.1 platform. A hypothetical case study with a solution space of 243 solutions was conducted to demonstrate the model's benefits. The model succeeded in finding the optimal CFL for road segments in under 1,100 milliseconds using an 8 GB RAM, 2.00 GHz machine.
暂无评论