How to design extended finite state machine test models in Java

This chapter is a tutorial that teaches you how to design extended finite state machine (EFSM) test models for a system that you want to test. EFSM models are more powerful and expressive than simple finite state machine (FSM) models, and are one of the most commonly used styles of models for model-based testing, especially for embedded systems. There are many languages and notations in use for writing EFSM models, but in this tutorial we write our EFSM models in the familiar Java programming language. To generate tests from these EFSM models we use ModelJUnit, which is an open-source tool that supports several stochastic test generation algorithms, and we also show how to write your own model-based testing tool. We show how EFSM models can be used for unit testing and system testing of embedded systems, and for offline testing as well as online testing.

Static analysis of executables for collaborative malware detection on Android

Smartphones are getting increasingly popular and several malwares appeared targeting these devices. General countermeasures to smartphone malwares are currently limited to signature-based antivirus scanners which efficiently detect known malwares, but they have serious shortcomings with new and unknown malwares creating a window of opportunity for attackers. As smartphones become host for sensitive data and applications, extended malware detection mechanisms are necessary complying with the corresponding resource constraints. The contribution of this paper is twofold. First, we perform static analysis on the executables to extract their function calls in Android environment using the command readelf. Function call lists are compared with malware executables for classifying them with PART, Prism and Nearest Neighbor Algorithms. Second, we present a collaborative malware detection approach to extend these results. Corresponding simulation results are presented.

Smartphone malware evolution revisited : Android next target?

Smartphones started being targets for malware in June 2004 while malware count increased steadily until the introduction of a mandatory application signing mechanism for Symbian OS in 2006. From this point on, only few news could be read on this topic. Even despite of new emerging smartphone platforms, e.g. android and iPhone, malware writers seemed to lose interest in writing malware for smartphones giving users an unappropriate feeling of safety. In this paper, we revisit smartphone malware evolution for completing the appearance list until end of 2008. For contributing to smartphone malware research, we continue this list by adding descriptions on possible techniques for creating the first malware(s) for Android platform. Our approach involves usage of undocumented Android functions enabling us to execute native Linux application even on retail Android devices. This can be exploited to create malicious Linux applications and daemons using various methods to attack a device. In this manner, we also show that it is possible to bypass the Android permission system by using native Linux applications.

An Android application sandbox system for suspicious software detection

Smartphones are steadily gaining popularity, creating new application areas as their capabilities increase in terms of computational power, sensors and communication. Emerging new features of mobile devices give opportunity to new threats. Android is one of the newer operating systems targeting smartphones. While being based on a Linux kernel, Android has unique properties and specific limitations due to its mobile nature. This makes it harder to detect and react upon malware attacks if using conventional techniques. In this paper, we propose an Android Application Sandbox (AASandbox) which is able to perform both static and dynamic analysis on Android programs to automatically detect suspicious applications. Static analysis scans the software for malicious patterns without installing it. Dynamic analysis executes the application in a fully isolated environment, i.e. sandbox, which intervenes and logs low-level interactions with the system for further analysis. Both the sandbox and the detection algorithms can be deployed in the cloud, providing a fast and distributed detection of suspicious software in a mobile software store akin to Google's Android Market. Additionally, AASandbox might be used to improve the efficiency of classical anti-virus applications available for the Android operating system.

Using static analysis for automatic assessment and mitigation of unwanted and malicious activities within Android applications

In the last decade, smartphones have gained widespread usage. Since the advent of online application stores, hundreds of thousands of applications have become instantly available to millions of smart-phone users. Within the Android ecosystem, application security is governed by digital signatures and a list of coarse-grained permissions. However, this mechanism is not fine-grained enough to provide the user with a sufficient means of control of the applications' activities. Abuse of highly sensible private information such as phone numbers without users' notice is the result. We show that there is a high frequency of privacy leaks even among widely popular applications. Together with the fact that the majority of the users are not proficient in computer security, this presents a challenge to the engineers developing security solutions for the platform. Our contribution is twofold: first, we propose a service which is able to assess Android Market applications via static analysis and provide detailed, but readable reports to the user. Second, we describe a means to mitigate security and privacy threats by automated reverse-engineering and refactoring binary application packages according to the users' security preferences.

A trusted ecosystem for Android applications based on context-aware access control

Private data stored on smartphones is a precious target for malware attacks. A constantly changing environment, e.g. switching network connections, can cause unpredictable threats, and require an adaptive approach to access control. Context-based access control is using dynamic environmental information, including it into access decisions. We propose an "ecosystem-in-an-ecosystem" which acts as a secure container for trusted software aiming at enterprise scenarios where users are allowed to use private devices. We have implemented a proof-of-concept prototype for an access control framework that processes changes to low-level sensors and semantically enriches them, adapting access control policies to the current context. This allows the user or the administrator to maintain fine-grained control over resource usage by compliant applications. Hence, resources local to the trusted container remain under control of the enterprise policy. Our results show that context-based access control can be done on smartphones without major performance impact.

An exploration of the roles of nurses working in emergency care services in general hospitals in West Java, Indonesia : a grounded theory study

A review of literature on the role of emergency nurses in Indonesia revealed a dearth of research. Anecdotal evidence suggests a lack of clarity in role definition which has led to uncertainty and role ambiguity. Despite advances in the development of specialist nursing roles in Indonesia, that of the emergency nurse remains unclear. This study explored the role of nurses working in emergency care services in three general hospitals in West Java, Indonesia. The theoretical framework is grounded in Charmaz’s constructivist grounded theory. Data collection methods were observation, in-depth interviews and interrogation of related documents. Phase one of data collection involved 74 h of observation and nterviews with 35 nurses working in the three ED settings. For the purposes of theoretical sampling, a second phase of data collection was conducted. This involved a second nterview with eight participants from the three EDs. nterviews were also undertaken with the three key informants of nursing management of three related hospitals; key informants from the Indonesian Nurses Association; the Directorate of Nursing, Ministry of Health; and from the organization for ED nurses. Data analysis drew on Charmaz’s constructivist approach and the concepts of simultaneous data collection and analysis, constant comparison, coding, and theoretical sampling. The analysis generated four theoretical concepts that characterized the role of the emergency nurse: An arbitrary scope of practice, Struggling for recognition, Learning on the job and Looking to better practice. These concepts provided analytical direction for an exploration of the clinical and political dimensions of the role of the emergency nurse in Indonesia.

Bioequivalence of two tablet formulations of capecitabine and exploration of age, gender, body surface area, and creatinine clearance as factors influencing systemic exposure in cancer patients

Purpose: The objective of the study was to assess the bioequivalence of two tablet formulations of capecitabine and to explore the effect of age, gender, body surface area and creatinine clearance on the systemic exposure to capecitabine and its metabolites. Methods: The study was designed as an open, randomized two-way crossover trial. A single oral dose of 2000 mg capecitabine was administered on two separate days to 25 patients with solid tumors. On one day, the patients received four 500-mg tablets of formulation B (test formulation) and on the other day, four 500-mg tablets of formulation A (reference formulation). The washout period between the two administrations was between 2 and 8 days. After each administration, serial blood and urine samples were collected for up to 12 and 24 h, respectively. Unchanged capecitabine and its metabolites were determined in plasma using LC/MS-MS and in urine by NMRS. Results: Based on the primary pharmacokinetic parameter, AUC(0-∞) of 5'-DFUR, equivalence was concluded for the two formulations, since the 90% confidence interval of the estimate of formulation B relative to formulation A of 97% to 107% was within the acceptance region 80% to 125%. There was no clinically significant difference between the t(max) for the two formulations (median 2.1 versus 2.0 h). The estimate for C(max) was 111% for formulation B compared to formulation A and the 90% confidence interval of 95% to 136% was within the reference region 70% to 143%. Overall, these results suggest no relevant difference between the two formulations regarding the extent to which 5'-DFUR reached the systemic circulation and the rate at which 5'-DFUR appeared in the systemic circulation. The overall urinary excretions were 86.0% and 86.5% of the dose, respectively, and the proportion recovered as each metabolite was similar for the two formulations. The majority of the dose was excreted as FBAL (61.5% and 60.3%), all other chemical species making a minor contribution. Univariate and multivariate regression analysis to explore the influence of age, gender, body surface area and creatinine clearance on the log-transformed pharmacokinetic parameters AUC(0-∞) and C(max) of capecitabine and its metabolites revealed no clinically significant effects. The only statistically significant results were obtained for AUC(0-∞) and C(max) of intact drug and for C(max) of FBAL, which were higher in females than in males. Conclusion: The bioavailability of 5'-DFUR in the systemic circulation was practically identical after administration of the two tablet formulations. Therefore, the two formulations can be regarded as bioequivalent. The variables investigated (age, gender, body surface area, and creatinine clearance) had no clinically significant effect on the pharmacokinetics of capecitabine or its metabolites.

Security metrics for Java bytecode programs

Although there are many approaches for developing secure programs, they are not necessarily helpful for evaluating the security of a pre-existing program. Software metrics promise an easy way of comparing the relative security of two programs or assessing the security impact of modifications to an existing one. Most studies in this area focus on high level source code but this approach fails to take compiler-specific code generation into account. In this work we describe a set of object-oriented Java bytecode security metrics which are capable of assessing the security of a compiled program from the point of view of potential information flow. These metrics can be used to compare the security of programs or assess the effect of program modifications on security using a tool which we have developed to automatically measure the security of a given Java bytecode program in terms of the accessibility of distinguished ‘classified’ attributes.

A rare view: Barbara Hatley’s new book documents a career-long study of, and passion for performance in Central Java

Javanese Performances on an Indonesian Stage: Contesting Culture, Embracing Change, is Barbara Hatley’s first book about the performing arts in Indonesia, a topic that piqued her interest while undergoing a masters program at Yale University in the late 1960s. In this sense, it is a landmark study, for Hatley has since become very well known in Indonesianist circles, especially among those with an interest in matters of culture, popular and elite. Until recently, her writings on Indonesian performing arts have only been available in the form of journal articles and book chapters...

Design of a tablet sized human-computer interface and its effect on situation awareness

Emergency Response Teams increasingly use interactive technology to help manage information and communications. The challenge is to maintain a high situation awareness for different interactive devices sizes. This research specifically compared a handheld interactive device in the form of an iPad with a large interactive multi-touch tabletop. A search and rescue inspired simulator was designed to test operator situation awareness for the two sized devices. The results show that operators had better situation awareness on the tabletop device when the operation related to detecting of moving targets, searching target locations, distinguishing target types, and comprehending displayed information.

Interaction design for tablet based edutainment systems for mathematical education of primary student

Mathematics has been perceived as the core area of learning in most educational systems around the world including Sri Lanka. Unfortunately, it is clearly visible that a majority of Sri Lankan students are failing in their basic mathematics when the recent grade five scholarship examination and ordinary level exam marks are analysed. According to Department of Examinations Sri Lanka , on average, over 88 percent of the students are failing in the grade 5 scholarship examinations where mathematics plays a huge role while about 50 percent of the students fail in there ordinary level mathematics examination. Poor or lack of basic mathematics skills has been identified as the root cause.