Static analysis of executables for collaborative malware detection on Android

Smartphones are getting increasingly popular and several malwares appeared targeting these devices. General countermeasures to smartphone malwares are currently limited to signature-based antivirus scanners which efficiently detect known malwares, but they have serious shortcomings with new and unknown malwares creating a window of opportunity for attackers. As smartphones become host for sensitive data and applications, extended malware detection mechanisms are necessary complying with the corresponding resource constraints. The contribution of this paper is twofold. First, we perform static analysis on the executables to extract their function calls in Android environment using the command readelf. Function call lists are compared with malware executables for classifying them with PART, Prism and Nearest Neighbor Algorithms. Second, we present a collaborative malware detection approach to extend these results. Corresponding simulation results are presented.

Using static analysis for automatic assessment and mitigation of unwanted and malicious activities within Android applications

In the last decade, smartphones have gained widespread usage. Since the advent of online application stores, hundreds of thousands of applications have become instantly available to millions of smart-phone users. Within the Android ecosystem, application security is governed by digital signatures and a list of coarse-grained permissions. However, this mechanism is not fine-grained enough to provide the user with a sufficient means of control of the applications' activities. Abuse of highly sensible private information such as phone numbers without users' notice is the result. We show that there is a high frequency of privacy leaks even among widely popular applications. Together with the fact that the majority of the users are not proficient in computer security, this presents a challenge to the engineers developing security solutions for the platform. Our contribution is twofold: first, we propose a service which is able to assess Android Market applications via static analysis and provide detailed, but readable reports to the user. Second, we describe a means to mitigate security and privacy threats by automated reverse-engineering and refactoring binary application packages according to the users' security preferences.

Static analysis of infinite laminated cylindrical shell panel

This paper presents an approximate three-dimensional elasticity solution for an infinitely long, cross-ply laminated circular cylindrical shell panel with simply supported boundary conditions, subjected to an arbitrary discontinuous transverse loading. The solution is based on the principal assumption that the ratio of the thickness of the lamina to its middle surface radius is negligible compared to unity. The validity of this assumption and the range of application of this approximate solution have been established through a comparison with an exact solution. Results of classical and first-order shear deformation shell theories have been compared with the results of the present solution to bring out the accuracy of these theories. It is also shown that for very shallow shell panels the definition of a thin shell should be based on the ratio of thickness to chord width rather than the ratio of thickness to mean radius.

A constraint Jacobian based approach for static analysis of pantograph masts

This paper presents a constraint Jacobian matrix based approach to obtain the stiffness matrix of widely used deployable pantograph masts with scissor-like elements (SLE). The stiffness matrix is obtained in symbolic form and the results obtained agree with those obtained with the force and displacement methods available in literature. Additional advantages of this approach are that the mobility of a mast can be evaluated, redundant links and joints in the mast can be identified and practical masts with revolute joints can be analysed. Simulations for a hexagonal mast and an assembly with four hexagonal masts is presented as illustrations.

Static analysis for checking data format compatibility of programs

Large software systems are developed by composing multiple programs. If the programs manip-ulate and exchange complex data, such as network packets or files, it is essential to establish that they follow compatible data formats. Most of the complexity of data formats is associated with the headers. In this paper, we address compatibility of programs operating over headers of network packets, files, images, etc. As format specifications are rarely available, we infer the format associated with headers by a program as a set of guarded layouts. In terms of these formats, we define and check compatibility of (a) producer-consumer programs and (b) different versions of producer (or consumer) programs. A compatible producer-consumer pair is free of type mismatches and logical incompatibilities such as the consumer rejecting valid outputs gen-erated by the producer. A backward compatible producer (resp. consumer) is guaranteed to be compatible with consumers (resp. producers) that were compatible with its older version. With our prototype tool, we identified 5 known bugs and 1 potential bug in (a) sender-receiver modules of Linux network drivers of 3 vendors and (b) different versions of a TIFF image library.

Static analysis of Euler-Bernoulli beams with multiple unilateral cracks under combined axial and transverse loads

The paper deals with the static analysis of pre-damaged Euler-Bernoulli beams with any number of unilateral cracks and subjected to tensile or compression forces combined with arbitrary transverse loads. The mathematical representation of cracks with a bilateral behaviour (i.e. always open) via Dirac delta functions is extended by introducing a convenient switching variable, which allows each crack to be open or closed depending on the sign of the axial strain at the crack centre. The proposed model leads to analytical solutions, which depend on four integration constants (to be computed by enforcing the boundary conditions) along with the Boolean switching variables associated with the cracks (whose role is to turn on and off the additional flexibility due to the presence of the cracks). An efficient computational procedure is also presented and numerically validated. For this purpose, the proposed approach is applied to two pre-damaged beams, with different damage and loading conditions, and the results so obtained are compared against those given by a standard finite element code (in which the correct opening of the cracks is pre-assigned), always showing a perfect agreement. © 2013 Elsevier Ltd. All rights reserved.

Predicting Accurate and Actionable Static Analysis Warnings: An Experimental Approach

Static analysis tools report software defects that may or may not be detected by other verification methods. Two challenges complicating the adoption of these tools are spurious false positive warnings and legitimate warnings that are not acted on. This paper reports automated support to help address these challenges using logistic regression models that predict the foregoing types of warnings from signals in the warnings and implicated code. Because examining many potential signaling factors in large software development settings can be expensive, we use a screening methodology to quickly discard factors with low predictive power and cost-effectively build predictive models. Our empirical evaluation indicates that these models can achieve high accuracy in predicting accurate and actionable static analysis warnings, and suggests that the models are competitive with alternative models built without screening.

Static analysis of functionally graded cylindrical and conical shells or panels using the generalized unconstrained third order theory coupled with the stress recovery

A 2D Unconstrained Third Order Shear Deformation Theory (UTSDT) is presented for the evaluation of tangential and normal stresses in moderately thick functionally graded conical and cylindrical shells subjected to mechanical loadings. Several types of graded materials are investigated. The functionally graded material consists of ceramic and metallic constituents. A four parameter power law function is used. The UTSDT allows the presence of a finite transverse shear stress at the top and bottom surfaces of the graded shell. In addition, the initial curvature effect included in the formulation leads to the generalization of the present theory (GUTSDT). The Generalized Differential Quadrature (GDQ) method is used to discretize the derivatives in the governing equations, the external boundary conditions and the compatibility conditions. Transverse and normal stresses are also calculated by integrating the three dimensional equations of equilibrium in the thickness direction. In this way, the six components of the stress tensor at a point of the conical or cylindrical shell or panel can be given. The initial curvature effect and the role of the power law functions are shown for a wide range of functionally conical and cylindrical shells under various loading and boundary conditions. Finally, numerical examples of the available literature are worked out.

Inverse Static Analysis of Massive Parallel Arrays of Three-State Actuators via Artificial Intelligence

Massive parallel robots (MPRs) driven by discrete actuators are force regulated robots that undergo continuous motions despite being commanded through a finite number of states only. Designing a real-time control of such systems requires fast and efficient methods for solving their inverse static analysis (ISA), which is a challenging problem and the subject of this thesis. In particular, five Artificial intelligence methods are proposed to investigate the on-line computation and the generalization error of ISA problem of a class of MPRs featuring three-state force actuators and one degree of revolute motion.

Combining static analysis and profiling for estimating execution times

Effective static analyses have been proposed which infer bounds on the number of resolutions. These have the advantage of being independent from the platform on which the programs are executed and have been shown to be useful in a number of applications, such as granularity control in parallel execution. On the other hand, in distributed computation scenarios where platforms with different capabilities come into play, it is necessary to express costs in metrics that include the characteristics of the platform. In particular, it is specially interesting to be able to infer upper and lower bounds on actual execution times. With this objective in mind, we propose an approach which combines compile-time analysis for cost bounds with a one-time profiling of a given platform in order to determine the valúes of certain parameters for that platform. These parameters calibrate a cost model which, from then on, is able to compute statically time bound functions for procedures and to predict with a significant degree of accuracy the execution times of such procedures in that concrete platform. The approach has been implemented and integrated in the CiaoPP system.