The secret life of software applications

One of the most undervalued problems by smartphone users is the security of data on their mobile devices. Today smartphones and tablets are used to send messages and photos and especially to stay connected with social networks, forums and other platforms. These devices contain a lot of private information like passwords, phone numbers, private photos, emails, etc. and an attacker may choose to steal or destroy this information. The main topic of this thesis is the security of the applications present on the most popular stores (App Store for iOS and Play Store for Android) and of their mechanisms for the management of security. The analysis is focused on how the architecture of the two systems protects users from threats and highlights the real presence of malware and spyware in their respective application stores. The work described in subsequent chapters explains the study of the behavior of 50 Android applications and 50 iOS applications performed using network analysis software. Furthermore, this thesis presents some statistics about malware and spyware present on the respective stores and the permissions they require. At the end the reader will be able to understand how to recognize malicious applications and which of the two systems is more suitable for him. This is how this thesis is structured. The first chapter introduces the security mechanisms of the Android and iOS platform architectures and the security mechanisms of their respective application stores. The Second chapter explains the work done, what, why and how we have chosen the tools needed to complete our analysis. The third chapter discusses about the execution of tests, the protocol followed and the approach to assess the “level of danger” of each application that has been checked. The fourth chapter explains the results of the tests and introduces some statistics on the presence of malicious applications on Play Store and App Store. The fifth chapter is devoted to the study of the users, what they think about and how they might avoid malicious applications. The sixth chapter seeks to establish, following our methodology, what application store is safer. In the end, the seventh chapter concludes the thesis.

La traduzione per l'infanzia in Italia: le traduzioni de "The Secret Garden" (1921-2013)

Questa tesi si concentra sulle traduzioni italiane del classico in lingua inglese The Secret Garden (1911) di Frances Hodgson Burnett, con particolare attenzione all'uso della lingua e all'evoluzione della prassi traduttiva. Nella prima parte di questa tesi ho approfondito temi di natura teorica, quali la sfuggente e complessa definizione di letteratura per l'infanzia, la sua duplice appartenenza al sistema letterario e a quello pedagogico, e le peculiarità della sua traduzione. Inoltre ho presentato un excursus sulla storia di questo genere letterario, con particolare attenzione alla scena italiana e all'opera di propagazione della lingua portata avanti dai libri per ragazzi. Tali basi teoriche sono state necessarie allo scopo di inquadrare il romanzo in una cornice definita e utile in riferimento all'analisi e alla comparazione delle sue traduzioni. Il corpus delle traduzioni scelte consiste nei lavori di: Maria Ettlinger Fano (1921), Angela Restelli Fondelli (1956), F. Ghidoni (1973), Giorgio van Straten (1992) e Beatrice Masini (2013). Di ciascuna opera ho dato una descrizione generale, per poi concentrarmi sugli snodi traduttivi principali: da un lato i problemi di mediazione culturale come l'onomastica, i cibi, le lingue non standard nel testo originale, la religione e così via; dall'altro le soluzioni linguistiche adottate. Al fine di presentare e comparare questi parametri, ho portato a supporto i passaggi delle diverse traduzioni significativi in tal senso. Ho concluso con alcune considerazioni finali sull'evoluzione delle traduzioni italiane di The Secret Garden, viste attraverso l'ottica del rapporto fra adulti (traduttore, editore, educatori, genitori...) e lettore bambino.

"Who Fears Death" di Nnedi Okorafor, una proposta di traduzione

This dissertaton deals with the translation of selected chapters from Nnedi Okorafor’s novel Who Fears Death. The novel, set in a post-apocalyptic Africa ravaged by inter-ethnic violence, narrates the tale of Onyesonwu, an Ewu, a half-breed born of rape, facing the rejection of her community. Growing up Onyesonwu realizes that the color of her skin is not the only thing that sets her apart from the other inhabitants of Jwahir, as she starts to manifest magical powers, and during an unintentional visit to the spirit realms she finds out that her biological father, a very powerful sorcerer, wants to kill her. At this point the only option left to her is to learn the secret arts of magic under the guidance of Aro, the sorcerer, and then embark on a journey to put and end to the menace posed by her biological father, stop the massacres between the Okeke and Nuru people, and rewrite history. This work is structured in five chapters. The first presents a brief retelling of the author’s life and works. The second chapter constitutes the theoretical frame according to which the novel will be described, and illustrates an analysis on the function of sci-fi literature. The third chapter introduces the novel itself, dealing with its setting and cultural peculiarities, the literary genre to which it belongs, and analysing the themes deemed most relevant, among which the racial and gender issues. The fourth chapter consists of the translation of some chapters from the novel Who Fears Death, and the fifth of a comment on the translation, presenting both a textual analysis, and notes on the choices deemed most interesting or challenging in a translation process perspective.

Ray-tracing assessment of the robustness of Physical Layer Security key generation protocol

Nowadays, information security is a very important topic. In particular, wireless networks are experiencing an ongoing widespread diffusion, also thanks the increasing number of Internet Of Things devices, which generate and transmit a lot of data: protecting wireless communications is of fundamental importance, possibly through an easy but secure method. Physical Layer Security is an umbrella of techniques that leverages the characteristic of the wireless channel to generate security for the transmission. In particular, the Physical Layer based-Key generation aims at allowing two users to generate a random symmetric keys in an autonomous way, hence without the aid of a trusted third entity. Physical Layer based-Key generation relies on observations of the wireless channel, from which harvesting entropy: however, an attacker might possesses a channel simulator, for example a Ray Tracing simulator, to replicate the channel between the legitimate users, in order to guess the secret key and break the security of the communication. This thesis work is focused on the possibility to carry out a so called Ray Tracing attack: the method utilized for the assessment consist of a set of channel measurements, in different channel conditions, that are then compared with the simulated channel from the ray tracing, to compute the mutual information between the measurements and simulations. Furthermore, it is also presented the possibility of using the Ray Tracing as a tool to evaluate the impact of channel parameters (e.g. the bandwidth or the directivity of the antenna) on the Physical Layer based-Key generation. The measurements have been carried out at the Barkhausen Institut gGmbH in Dresden (GE), in the framework of the existing cooperation agreement between BI and the Dept. of Electrical, Electronics and Information Engineering "G. Marconi" (DEI) at the University of Bologna.

Cyber threat intelligence: identifying hardcoded secrets in GitHub

The usage of version control systems and the capabilities of storing the source code in public platforms such as GitHub increased the number of passwords, API Keys and tokens that can be found and used causing a massive security issue for people and companies. In this project, SAP's secret scanner Credential Digger is presented. How it can scan repositories to detect hardcoded secrets and how it manages to filter out the false positives between them. Moreover, how I have implemented the Credential Digger's pre-commit hook. A performance comparison between three different implementations of the hook based on how it interacts with the Machine Learning model is presented. This project also includes how it is possible to use already detected credentials to decrease the number false positive by leveraging the similarity between leaks by using the Bucket System.