The secret life of software applications

One of the most undervalued problems by smartphone users is the security of data on their mobile devices. Today smartphones and tablets are used to send messages and photos and especially to stay connected with social networks, forums and other platforms. These devices contain a lot of private information like passwords, phone numbers, private photos, emails, etc. and an attacker may choose to steal or destroy this information. The main topic of this thesis is the security of the applications present on the most popular stores (App Store for iOS and Play Store for Android) and of their mechanisms for the management of security. The analysis is focused on how the architecture of the two systems protects users from threats and highlights the real presence of malware and spyware in their respective application stores. The work described in subsequent chapters explains the study of the behavior of 50 Android applications and 50 iOS applications performed using network analysis software. Furthermore, this thesis presents some statistics about malware and spyware present on the respective stores and the permissions they require. At the end the reader will be able to understand how to recognize malicious applications and which of the two systems is more suitable for him. This is how this thesis is structured. The first chapter introduces the security mechanisms of the Android and iOS platform architectures and the security mechanisms of their respective application stores. The Second chapter explains the work done, what, why and how we have chosen the tools needed to complete our analysis. The third chapter discusses about the execution of tests, the protocol followed and the approach to assess the “level of danger” of each application that has been checked. The fourth chapter explains the results of the tests and introduces some statistics on the presence of malicious applications on Play Store and App Store. The fifth chapter is devoted to the study of the users, what they think about and how they might avoid malicious applications. The sixth chapter seeks to establish, following our methodology, what application store is safer. In the end, the seventh chapter concludes the thesis.

Engineering Concurrent and Event-driven Web Apps: An Agent-Oriented Approach based on the simpAL Language

Web is constantly evolving, thanks to the 2.0 transition, HTML5 new features and the coming of cloud-computing, the gap between Web and traditional desktop applications is tailing off. Web-apps are more and more widespread and bring several benefits compared to traditional ones. On the other hand reference technologies, JavaScript primarly, are not keeping pace, so a paradim shift is taking place in Web programming, and so many new languages and technologies are coming out. First objective of this thesis is to survey the reference and state-of-art technologies for client-side Web programming focusing in particular on what concerns concurrency and asynchronous programming. Taking into account the problems that affect existing technologies, we finally design simpAL-web, an innovative approach to tackle Web-apps development, based on the Agent-oriented programming abstraction and the simpAL language. == Versione in italiano: Il Web è in continua evoluzione, grazie alla transizione verso il 2.0, alle nuove funzionalità introdotte con HTML5 ed all’avvento del cloud-computing, il divario tra le applicazioni Web e quelle desktop tradizionali va assottigliandosi. Le Web-apps sono sempre più diffuse e presentano diversi vantaggi rispetto a quelle tradizionali. D’altra parte le tecnologie di riferimento, JavaScript in primis, non stanno tenendo il passo, motivo per cui la programmazione Web sta andando incontro ad un cambio di paradigma e nuovi linguaggi e tecnologie stanno spuntando sempre più numerosi. Primo obiettivo di questa tesi è di passare al vaglio le tecnologie di riferimento ed allo stato dell’arte per quel che riguarda la programmmazione Web client-side, porgendo particolare attenzione agli aspetti inerenti la concorrenza e la programmazione asincrona. Considerando i principali problemi di cui soffrono le attuali tecnologie passeremo infine alla progettazione di simpAL-web, un approccio innovativo con cui affrontare lo sviluppo di Web-apps basato sulla programmazione orientata agli Agenti e sul linguaggio simpAL.

A Collaborative Mobile Crowdsensing System for Smart Cities

Nowadays words like Smart City, Internet of Things, Environmental Awareness surround us with the growing interest of Computer Science and Engineering communities. Services supporting these paradigms are definitely based on large amounts of sensed data, which, once obtained and gathered, need to be analyzed in order to build maps, infer patterns, extract useful information. Everything is done in order to achieve a better quality of life. Traditional sensing techniques, like Wired or Wireless Sensor Network, need an intensive usage of distributed sensors to acquire real-world conditions. We propose SenSquare, a Crowdsensing approach based on smartphones and a central coordination server for time-and-space homogeneous data collecting. SenSquare relies on technologies such as CoAP lightweight protocol, Geofencing and the Military Grid Reference System.

Mobile TuCSoN: theoretical and technological requirements for TuCSoN's porting over Android mobile devices

Communication and coordination are two key-aspects in open distributed agent system, being both responsible for the system’s behaviour integrity. An infrastructure capable to handling these issues, like TuCSoN, should to be able to exploit modern technologies and tools provided by fast software engineering contexts. Thesis aims to demonstrate TuCSoN infrastructure’s abilities to cope new possibilities, hardware and software, offered by mobile technology. The scenarios are going to configure, are related to the distributed nature of multi-agent systems where an agent should be located and runned just on a mobile device. We deal new mobile technology frontiers concerned with smartphones using Android operating system by Google. Analysis and deployment of a distributed agent-based system so described go first to impact with quality and quantity considerations about available resources. Engineering issue at the base of our research is to use TuCSoN against to reduced memory and computing capability of a smartphone, without the loss of functionality, efficiency and integrity for the infrastructure. Thesis work is organized on two fronts simultaneously: the former is the rationalization process of the available hardware and software resources, the latter, totally orthogonal, is the adaptation and optimization process about TuCSoN architecture for an ad-hoc client side release.

Portare la tecnologia in cabina: le nuove tecnologie a servizio dell'interprete e il caso della simultanea con testo

The digital revolution has affected all aspects of human life, and interpreting is no exception. This study will provide an overview of the technology tools available to the interpreter, but it will focus more on simultaneous interpretation, particularly on the “simultaneous interpretation with text” method. The decision to analyse this particular method arose after a two-day experience at the Court of Justice of the European Union (CJEU), during research for my previous Master’s dissertation. During those days, I noticed that interpreters were using "simultaneous interpretation with text" on a daily basis. Owing to the efforts and processes this method entails, this dissertation will aim at discovering whether technology can help interpreters, and if so, how. The first part of the study will describe the “simultaneous with text” approach, and how it is used at the CJEU; the data provided by a survey for professional interpreters will describe its use in other interpreting situations. The study will then describe Computer-Assisted Language Learning technologies (CALL) and technologies for interpreters. The second part of the study will focus on the interpreting booth, which represents the first application of the technology in the interpreting field, as well as on the technologies that can be used inside the booth: programs, tablets and apps. The dissertation will then analyse the programs which might best help the interpreter in "simultaneous with text" mode, before providing some proposals for further software upgrades. In order to give a practical description of the possible upgrades, the domain of “judicial cooperation in criminal matters” will be taken as an example. Finally, after a brief overview of other applications of technology in the interpreting field (i.e. videoconferencing, remote interpreting), the conclusions will summarize the results provided by the study and offer some final reflections on the teaching of interpreting.

Smart execution of distributed application by balancing resources in mobile devices and cloud-based avatars

L’obiettivo del progetto di tesi svolto è quello di realizzare un servizio di livello middleware dedicato ai dispositivi mobili che sia in grado di fornire il supporto per l’offloading di codice verso una infrastruttura cloud. In particolare il progetto si concentra sulla migrazione di codice verso macchine virtuali dedicate al singolo utente. Il sistema operativo delle VMs è lo stesso utilizzato dal device mobile. Come i precedenti lavori sul computation offloading, il progetto di tesi deve garantire migliori performance in termini di tempo di esecuzione e utilizzo della batteria del dispositivo. In particolare l’obiettivo più ampio è quello di adattare il principio di computation offloading a un contesto di sistemi distribuiti mobili, migliorando non solo le performance del singolo device, ma l’esecuzione stessa dell’applicazione distribuita. Questo viene fatto tramite una gestione dinamica delle decisioni di offloading basata, non solo, sullo stato del device, ma anche sulla volontà e/o sullo stato degli altri utenti appartenenti allo stesso gruppo. Per esempio, un primo utente potrebbe influenzare le decisioni degli altri membri del gruppo specificando una determinata richiesta, come alta qualità delle informazioni, risposta rapida o basata su altre informazioni di alto livello. Il sistema fornisce ai programmatori un semplice strumento di definizione per poter creare nuove policy personalizzate e, quindi, specificare nuove regole di offloading. Per rendere il progetto accessibile ad un più ampio numero di sviluppatori gli strumenti forniti sono semplici e non richiedono specifiche conoscenze sulla tecnologia. Il sistema è stato poi testato per verificare le sue performance in termini di mecchanismi di offloading semplici. Successivamente, esso è stato anche sottoposto a dei test per verificare che la selezione di differenti policy, definite dal programmatore, portasse realmente a una ottimizzazione del parametro designato.