A Cloud-based Framework for Security Analysis of Browser Extensions

In today's internet world, web browsers are an integral part of our day-to-day activities. Therefore, web browser security is a serious concern for all of us. Browsers can be breached in different ways. Because of the over privileged access, extensions are responsible for many security issues. Browser vendors try to keep safe extensions in their official extension galleries. However, their security control measures are not always effective and adequate. The distribution of unsafe extensions through different social engineering techniques is also a very common practice. Therefore, before installation, users should thoroughly analyze the security of browser extensions. Extensions are not only available for desktop browsers, but many mobile browsers, for example, Firefox for Android and UC browser for Android, are also furnished with extension features. Mobile devices have various resource constraints in terms of computational capabilities, power, network bandwidth, etc. Hence, conventional extension security analysis techniques cannot be efficiently used by end users to examine mobile browser extension security issues. To overcome the inadequacies of the existing approaches, we propose CLOUBEX, a CLOUd-based security analysis framework for both desktop and mobile Browser EXtensions. This framework uses a client-server architecture model. In this framework, compute-intensive security analysis tasks are generally executed in a high-speed computing server hosted in a cloud environment. CLOUBEX is also enriched with a number of essential features, such as client-side analysis, requirements-driven analysis, high performance, and dynamic decision making. At present, the Firefox extension ecosystem is most susceptible to different security attacks. Hence, the framework is implemented for the security analysis of the Firefox desktop and Firefox for Android mobile browser extensions. A static taint analysis is used to identify malicious information flows in the Firefox extensions. In CLOUBEX, there are three analysis modes. A dynamic decision making algorithm assists us to select the best option based on some important parameters, such as the processing speed of a client device and network connection speed. Using the best analysis mode, performance and power consumption are improved significantly. In the future, this framework can be leveraged for the security analysis of other desktop and mobile browser extensions, too.

Quality Physical Activity Participation for Military Veterans with a Physical Disability

Minimal research has explored what comprises a quality physical activity (PA) participation experience, particularly among military Veterans with a physical disability for whom evidence of the benefits of PA is growing. To address this research gap, this dissertation examines quality PA participation among military Veterans with a physical disability. Manuscript 1 explores the views of Veterans with a physical disability regarding what elements constitute a quality PA experience, and how these elements may be fostered. Eighteen Veterans with various physical disabilities and PA experiences participated in interviews. Four quality elements were identified via thematic analysis: group cohesion, challenge, having a role, and independence and choice. A further three factors (the physical and social environments, and program structure) were identified as precursors for a quality experience. Manuscript 2 explores how PA programs for Veterans with a physical disability are delivered, and how these delivery strategies link conceptually to quality participation. Interviews were conducted with program staff from three PA programs for Veterans, and program documentation collected, to develop an understanding of program delivery strategies. Four strategies with potential links to quality participation were identified through thematic analysis: foster social connections, challenge participants, tailor programs and outcomes to match participant needs, and include knowledgeable coaches and instructors. Manuscript 3 evaluates the participation of Veterans with functional impairments in PA events, and examines the relationships among quality precursors, quality elements, and participation outcomes. Results indicate that program participation did not promote long-term increases in PA indicators. However, an indicator of the quality element belongingness mediated the relationship at particular time-points between coach interpersonal skills and three participation outcomes: family integration, PA intentions, and PA planning. These findings suggest that a quality participation experience created by coaches may positively impact the transition to civilian life, and promote efforts to engage in ongoing PA. Overall, this dissertation contributes towards a greater depth in understanding of the experiences of Veterans with a physical disability in PA programs. The findings begin to provide a foundation for researchers and practitioners aiming to create, deliver, and promote quality PA interventions and programming for Veterans with a physical disability.

Classifying And Predicting Software Security Vulnerabilities based on Reproducibility

Security defects are common in large software systems because of their size and complexity. Although efficient development processes, testing, and maintenance policies are applied to software systems, there are still a large number of vulnerabilities that can remain, despite these measures. Some vulnerabilities stay in a system from one release to the next one because they cannot be easily reproduced through testing. These vulnerabilities endanger the security of the systems. We propose vulnerability classification and prediction frameworks based on vulnerability reproducibility. The frameworks are effective to identify the types and locations of vulnerabilities in the earlier stage, and improve the security of software in the next versions (referred to as releases). We expand an existing concept of software bug classification to vulnerability classification (easily reproducible and hard to reproduce) to develop a classification framework for differentiating between these vulnerabilities based on code fixes and textual reports. We then investigate the potential correlations between the vulnerability categories and the classical software metrics and some other runtime environmental factors of reproducibility to develop a vulnerability prediction framework. The classification and prediction frameworks help developers adopt corresponding mitigation or elimination actions and develop appropriate test cases. Also, the vulnerability prediction framework is of great help for security experts focus their effort on the top-ranked vulnerability-prone files. As a result, the frameworks decrease the number of attacks that exploit security vulnerabilities in the next versions of the software. To build the classification and prediction frameworks, different machine learning techniques (C4.5 Decision Tree, Random Forest, Logistic Regression, and Naive Bayes) are employed. The effectiveness of the proposed frameworks is assessed based on collected software security defects of Mozilla Firefox.