2019  |  18  |  17  |  16  |  15  |  14  |  13  |  12  |  11  |  10  |  09  |  08  |  07  |  06  |  05  |  04  |  03  |  02  |  01  |  00  |  99

Analysis Research

We are on the cusp of a major opportunity: software tools that take advantage of Big Code. Specifically, Big Code will enable novel tools in areas such as security enhancers, bug finders, and code synthesizers. What do researchers need from Big Code to make progress on their tools? Our answer is an infrastructure that consists of 100,000 executable Java programs together with a set of working tools and an environment for building new tools.

Research Area(s): 
Project Dates: 
March 2019

The current security mechanisms for Android apps, both static and dynamic analysis approaches, are insufficient for detection and prevention of the increasingly dynamic and sophisticated security attacks.

Research Area(s): 
Project Dates: 
January 2018

Permission-induced attacks, i.e., security breaches enabled by permission misuse, are among the most critical and frequent issues threatening the security of Android devices. By ignoring the temporal aspects of an attack during the analysis and enforcement, the state-of-the-art approaches aimed at protecting the users against such attacks are prone to have low-coverage in detection and high-disruption in prevention of permission-induced attacks. To address the aforementioned shortcomings, we present Terminator, a temporal permission analysis and enforcement framework for Android.

Research Area(s): 
Project Dates: 
July 2017

Recent introduction of a dynamic permission model in Android, allowing the users to grant and revoke permissions a at the installation of an app, has made it much harder to properly test apps. Since an app's behavior may change depending on the granted permissions, it needs to be tested under a wide range of granted permission combinations.

Research Area(s): 
Project Dates: 
January 2017

Savasana is the first white-box approach that uses code analysis for reasoning about consistency of adaptation.

Savasana consists of two parts: Static Code Analysis runs on the system's code and Run-time Control manages the corresponding running system.

Research Area(s): 
Project Dates: 
January 2016

We present a comprehensive review of the existing approaches for Android security analysis. The review is carried out to achieve the following objectives:

Research Area(s): 
Project Dates: 
January 2016

The Alloy specification language, and the corresponding Alloy Analyzer, have received much attention in the last two decades with applications in many areas of software engineering. Increasingly, formal analyses enabled by Alloy are desired for use in an on-line mode, where the specifications are automatically kept in sync with the running, possibly changing, software system. However, given Alloy Analyzer's reliance on computationally expensive SAT solvers, an important challenge is the time it takes for such analyses to execute at runtime.

Research Area(s): 
Project Dates: 
January 2016

COVERT is a tool for compositional verification of Android inter-application vulnerabilities. It automatically identifies vulnerabilities that occur due to the interaction of apps comprising a system. Subsequently, it determines whether it is safe for a bundle of apps, requiring certain permissions and potentially interacting with each other, to be installed together.

Research Area(s): 
Project Dates: 
September 2014