Although a wide variety of approaches identify vulnerabilities in Android apps, none attempt to determine exploitability of those vulnerabilities. Exploitability can aid in reducing false positives of vulnerability analysis, and can help engineers triage bugs. Specifically, one of the main attack vectors of Android apps is their inter-component communication (ICC) interface, where apps may receive messages called Intents.
COVERT is a tool for compositional verification of Android inter-application vulnerabilities. It automatically identifies vulnerabilities that occur due to the interaction of apps comprising a system. Subsequently, it determines whether it is safe for a bundle of apps, requiring certain permissions and potentially interacting with each other, to be installed together.
To enable much of our research to enable program understanding, software quality, and maintenance, we utilize and develop analyses of program code. These analyses model the flows of information through the logic of programs and systems. With these analysis models enable automated techniques to assist development and maintenance tasks.
Code search has become an integral part of the day-to-day programming activity with developers seeking to take advantage of the vast amount of code and advice available on sites such as Stack Overflow, GitHub, and Ohloh. Finding the 'right' code, however, remains a serious challenge. CodeExchange is a new code search platform that offers social-technical code search: search enriched with social-technical metadata through which targeted queries can be formulated, results quickly filtered, and code that is found easily integrated into the project at hand.
Spacetime is a framework for developing time-stepped, multi-worker applications based on the tuplespace model. Workers compute within spacetimed frames -- a fixed portion of the shared data during a fixed period of time. The locally modified data may be pushed back to the shared store at the end of each step.
The rising popularity of mobile apps deployed on battery-constrained devices underlines the need for effectively evaluating their energy properties. However, currently there is a lack of testing tools for evaluating the energy properties of apps. As a result, for energy testing, developers are relying on tests intended for evaluating the functional correctness of apps. Such tests may not be adequate for revealing energy defects and inefficiencies in apps.
We present a comprehensive review of the existing approaches for Android security analysis. The review is carried out to achieve the following objectives: