I am aiding core developers of the Linux kernel to use mutation analysis to improve kernel systems testing methods, and to verify critical algorithms. I am also investigating the use of bounded model checking (CBMC) on Linux kernel. As an outcome of this project so far we have identified 3 bugs in the Linux kernel. I am also applying mutation analysis on sqlite3 to improve its testing.
DELDroid is an automated system for determination of least privilege architecture in Android and its enforcement at runtime. A key contribution of our approach is the ability to limit the privileges granted to apps without the need to modify them.
DELDroid utilizes static program analysis techniques to extract the exact privileges each component needs for providing its functionality. A Multiple-Domain Matrix representation of the system's architecture is then used to automatically analyze the security posture of the system and derive its least-privilege architecture.
We present a comprehensive review of the existing approaches for Android security analysis. The review is carried out to achieve the following objectives:
The number of malicious Android apps is increasing rapidly. Android malware can damage or alter other files or settings, install additional applications, etc. To determine such behaviors, a security analyst can significantly benefit from identifying the family to which an Android malware belongs, rather than only detecting if an app is malicious. Techniques for detecting Android malware, and determining their families, lack the ability to handle certain obfuscations that aim to thwart detection.
The Alloy specification language, and the corresponding Alloy Analyzer, have received much attention in the last two decades with applications in many areas of software engineering. Increasingly, formal analyses enabled by Alloy are desired for use in an on-line mode, where the specifications are automatically kept in sync with the running, possibly changing, software system. However, given Alloy Analyzer's reliance on computationally expensive SAT solvers, an important challenge is the time it takes for such analyses to execute at runtime.
The rising popularity of mobile apps deployed on battery-constrained devices has motivated the need for effective energy-aware testing techniques. Energy testing is generally more labor intensive and expensive than functional testing, as tests need to be executed in the deployment environment, specialized equipment needs to be used to collect energy measurements, etc. Currently, there is a dearth of automatic mobile testing techniques that consider energy as a program property of interest.
Literature about design suggests that a variety of alternatives leads to a higher quality final design. When software designers, either individually or together, are designing in front of the whiteboard, they rarely explore different solution alternatives. How can we help designers to explore more design alternatives for software problems? To achieve this, we are working on a process to facilitate designers to collaborate and produce high quality software designs while considering more solution alternatives.
ISR
