This research focuses on techniques for identifying and reducing the costs, streamlining the process, and improving the readiness of future workforce for the acquisition of complex software systems. Emphasis is directed at identifying, tracking, and analyzing software component costs and cost reduction opportunities within acquisition life cycle of open architecture (OA) systems, where such systems combine best-of-breed software components and software products lines (SPLs) that are subject to different intellectual property (IP) license requirements.
TrimDroid is a novel combinatorial approach for generating GUI system tests for Android apps.
TrimDroid is comprised of four major components: Model Extraction, Dependency Extraction, Sequence Generation, and Test-Case Generation. Together, these components produce a significantly smaller number of test cases than exhaustive combinatorial technique, yet achieve a comparable coverage.
Although a wide variety of approaches identify vulnerabilities in Android apps, none attempt to determine exploitability of those vulnerabilities. Exploitability can aid in reducing false positives of vulnerability analysis, and can help engineers triage bugs. Specifically, one of the main attack vectors of Android apps is their inter-component communication (ICC) interface, where apps may receive messages called Intents.
Collaboration is becoming ubiquitious; at the same time the emergence of new technologies have been changing the landscape of interaction and collaboration. I am interested in the effect that information technologies have on collaboration and the development of new organizational practices such as network-centricity, group-to-group collaboration, nomadic work, and large-scale collaboration. I am also very interested in how Web 2.0 technologies (blogs, wikis, social-networking sites, etc.) are used in collaboration and how they can be integrated into the course of daily work.
Permission-induced attacks, i.e., security breaches enabled by permission misuse, are among the most critical and frequent issues threatening the security of Android devices. By ignoring the temporal aspects of an attack during the analysis and enforcement, the state-of-the-art approaches aimed at protecting the users against such attacks are prone to have low-coverage in detection and high-disruption in prevention of permission-induced attacks. To address the aforementioned shortcomings, we present Terminator, a temporal permission analysis and enforcement framework for Android.
Anti-social behavior such as flaming and griefing is pervasive and problematic in many online venues. This behavior breaks established norms and unsettles the well-being and development of online communities. In a popular online game, Riot Games's League of Legends, the game company received tens of thousands of complaints about others every day. To regulate what they call "toxic" behavior, Riot devised the "Tribunal" system as a way of letting the community to police itself. The Tribunal is a crowdsoucing system that empowers players to identify and judge misbehavior.
DELDroid is an automated system for determination of least privilege architecture in Android and its enforcement at runtime. A key contribution of our approach is the ability to limit the privileges granted to apps without the need to modify them.
DELDroid utilizes static program analysis techniques to extract the exact privileges each component needs for providing its functionality. A Multiple-Domain Matrix representation of the system's architecture is then used to automatically analyze the security posture of the system and derive its least-privilege architecture.