scholarly journals An Android Inline Hooking Framework for the Securing Transmitted Data

Sensors ◽  
2020 ◽  
Vol 20 (15) ◽  
pp. 4201
Author(s):  
Yu-an Tan ◽  
Shuo Feng ◽  
Xiaochun Cheng ◽  
Yuanzhang Li ◽  
Jun Zheng
Keyword(s):  
Source Code ◽  
Control Flow ◽  
Security Policies ◽  
Unauthorized Access ◽  
Shared Objects ◽  
Android Applications ◽  
Runtime Performance ◽  
And Control

Information leaks can occur through many Android applications, including unauthorized access to sensors data. Hooking is an important technique for protecting Android applications and add security features to them even without its source code. Various hooking frameworks are developed to intercept events and process their own specific events. The hooking tools for Java methods are varied, however, the native hook has few methods. Besides, the commonly used Android hook frameworks cannot meet the requirement of hooking the native methods in shared libraries on non-root devices. Even though some approaches are able to hook these methods, they have limitations or are complicated to implement. In the paper, a feasible hooking approach for Android native methods is proposed and implemented, which does not need any modifications to both the Android framework and app’s code. In this approach, the method’s reference address is modified and control flow is redirected. Beyond that, this study combines this approach with VirtualXposed which aims to run it without root privileges. This hooking framework can be used to enforce security policies and monitor sensitive methods in shared objects. The evaluation of the scheme demonstrates its capability to perform hook operation without a significant runtime performance overhead on real devices and it is compatible and functional for the native hook.

scholarly journals Constructing program animations using a pattern based approach

2007 ◽  
Vol 4 (2) ◽  
pp. 97-114 ◽  
Author(s):  
da Cruz ◽  
Rangel Henriques ◽  
João Varanda
Keyword(s):  
Source Code ◽  
Program Comprehension ◽  
Control Flow ◽  
Rule Base ◽  
Program Execution ◽  
Source Program ◽  
Visualization Of Data ◽  
And Control ◽  
Compiler Techniques ◽  
Rewriting Rules

The aim of this paper is to discuss how our pattern-based strategy for the visualization of data and control flow can effectively be used to animate the program and exhibit its behavior. That result allows us to propose its use for Program Comprehension. The animator uses well known compiler techniques to inspect the source code in order to extract the necessary information to visualize it and understand program execution. We convert the source program into an internal decorated (or attributed) abstract syntax tree and then we visualize the structure by traversing it, and applying visualization rules at each node according to a pre-defined rule-base. In order to calculate the next step in the program execution, a set of rewriting rules are applied to the tree. The visualization of this new tree is shown and the program animation is constructed using an iterative process. No changes are made in the source code, and the execution is simulated step by step. Several examples of visualization are shown to illustrate the approach and support our idea of applying it in the context of a Program Comprehension environment.

Jif-Based Verification of Information Flow Policies for Android Apps

2017 ◽  
Vol 8 (1) ◽  
pp. 28-42
Author(s):  
Lina M. Jimenez ◽  
Martin Ochoa ◽  
Sandra J. Rueda
Keyword(s):  
Open Source ◽  
Information Flow ◽  
Control Flow ◽  
Android Apps ◽  
Executable Code ◽  
Highly Sensitive ◽  
Android Applications ◽  
And Control ◽  
Flow Techniques ◽  
Do So

Android stores and users need mechanisms to evaluate whether their applications are secure or not. Although various previous works use data and control flow techniques to evaluate security features of Android applications, this paper extends those works by using Jif to verify compliance of information flow policies. To do so, the authors addressed some challenges that emerge in Android environments, like automatizing generation of Jif labels for Android applications, and defining translations for Java instructions that are not currently supported by the Jif compiler. Results show that a Jif-based analysis is faster and has a better recall than other available mechanisms, but it also has a slightly lower precision. Jif also provides an open source compiler, generates executable code for an application only if such application meets a defined policy, and checks implicit flows which may be relevant for highly sensitive applications.

Study on Novel Automatic Steel Bundling Machine Pneumatic Control System

2012 ◽  
Vol 490-495 ◽  
pp. 594-597
Author(s):  
Cheng Qun Li ◽  
Liang Gao
Keyword(s):  
Control System ◽  
Control Program ◽  
Control Flow ◽  
Pneumatic Control ◽  
The Core ◽  
New Type ◽  
Action Process ◽  
And Control

This paper introduces a new type of automatic steel bundling machine for bundling process, which includes a pneumatic action process, mainly do some researches on the pneumatic control system. The system chooses PLC as the core control component, puts forward the hardware of control system and control flow. Eventually we have been designed the control program.

scholarly journals A Detection Method for Abnormal Transactions in E-Commerce Based on Extended Data Flow Conformance Checking

2022 ◽  
Vol 2022 ◽  
pp. 1-14
Author(s):  
Yadi Wang ◽  
Wangyang Yu ◽  
Peng Teng ◽  
Guanjun Liu ◽  
Dongming Xiang
Keyword(s):  
Anomaly Detection ◽  
Business Processes ◽  
Data Flow ◽  
Detection Algorithm ◽  
Control Flow ◽  
Smart Devices ◽  
Integration Model ◽  
Whole Process ◽  
Mobile Transaction ◽  
And Control

With the development of smart devices and mobile communication technologies, e-commerce has spread over all aspects of life. Abnormal transaction detection is important in e-commerce since abnormal transactions can result in large losses. Additionally, integrating data flow and control flow is important in the research of process modeling and data analysis since it plays an important role in the correctness and security of business processes. This paper proposes a novel method of detecting abnormal transactions via an integration model of data and control flows. Our model, called Extended Data Petri net (DPNE), integrates the data interaction and behavior of the whole process from the user logging into the e-commerce platform to the end of the payment, which also covers the mobile transaction process. We analyse the structure of the model, design the anomaly detection algorithm of relevant data, and illustrate the rationality and effectiveness of the whole system model. Through a case study, it is proved that each part of the system can respond well, and the system can judge each activity of every mobile transaction. Finally, the anomaly detection results are obtained by some comprehensive analysis.

Identifying Services in Procedural Programs for Migrating Legacy System to Service Oriented Architecture

2013 ◽  
pp. 237-255
Author(s):  
Masahide Nakamur ◽  
Hiroshi Igaki ◽  
Takahiro Kimura ◽  
Kenichi Matsumoto
Keyword(s):  
Control System ◽  
Service Oriented Architecture ◽  
Data Flow ◽  
Source Code ◽  
Flow Diagram ◽  
Service Oriented ◽  
Data Flow Diagram ◽  
And Control ◽  
Dependent Processes

In order to support legacy migration to the service-oriented architecture (SOA), this paper presents a pragmatic method that derives candidates of services from procedural programs. In the SOA, every service is supposed to be a process (procedure) with (1) open interface, (2) self-containedness, and (3) coarse granularity for business. Such services are identified from the source code and its data flow diagram (DFD), by analyzing data and control dependencies among processes. Specifically, first the DFD must be obtained with reverse-engineering techniques. For each layer of the DFD, every data flow is classified into three categories. Using the data category and control among procedures, four types of dependency are categorized. Finally, six rules are applied that aggregate mutually dependent processes and extract them as a service. A case study with a liquor shop inventory control system extracts service candidates with various granularities.

Sign in / Sign up

Export Citation Format

Share Document