The rising popularity of mobile apps deployed on battery-constrained devices underlines the need for effectively evaluating their energy properties. However, currently there is a lack of testing tools for evaluating the energy properties of apps. As a result, for energy testing, developers are relying on tests intended for evaluating the functional correctness of apps. Such tests may not be adequate for revealing energy defects and inefficiencies in apps.
Recent introduction of a dynamic permission model in Android, allowing the users to grant and revoke permissions a at the installation of an app, has made it much harder to properly test apps. Since an app's behavior may change depending on the granted permissions, it needs to be tested under a wide range of granted permission combinations.
The Internet of Things (IoT) is an emerging technology powered by smart devices that increasingly pervades our environments and practices. The process of incorporating technology into one's practices involves use and adaptation of the technology and is usually referred to as appropriation. In research about IoT, appropriation of IoT technology is a rather new topic. It is necessary to understand how appropriation takes place in order to be able to provide strong support for it in the design of technology.
Previous studies have shown that there is a non-trivial amount of duplication in source code. We analyzed a corpus of 2.6 million non-fork projects hosted on GitHub representing over 258 million files written in Java, C++ Python and JavaScript. We found that this corpus has a mere 54 million unique files. In other words, 79% of the code on GitHub consists of clones of previously created files. There is considerable variation between language ecosystems. JavaScript has the highest rate of file duplication, only 7% of the files are distinct.
I am aiding core developers of the Linux kernel to use mutation analysis to improve kernel systems testing methods, and to verify critical algorithms. I am also investigating the use of bounded model checking (CBMC) on Linux kernel. As an outcome of this project so far we have identified 3 bugs in the Linux kernel. I am also applying mutation analysis on sqlite3 to improve its testing.
DELDroid is an automated system for determination of least privilege architecture in Android and its enforcement at runtime. A key contribution of our approach is the ability to limit the privileges granted to apps without the need to modify them.
DELDroid utilizes static program analysis techniques to extract the exact privileges each component needs for providing its functionality. A Multiple-Domain Matrix representation of the system's architecture is then used to automatically analyze the security posture of the system and derive its least-privilege architecture.
We present a comprehensive review of the existing approaches for Android security analysis. The review is carried out to achieve the following objectives: