Mobile and Smartphone Computing

Active Research Projects

Automated Android Security Testing 

App markets are stirring a paradigm shift in the way software is provisioned to the end users. This, however, has given rise to a new set of security challenges. In parallel with the emergence of app markets, we have witnessed increased security threats that are exploiting this model of provisioning software. This research is developing techniques to rapidly assess and test the security of applications submitted to the Android market. We are developing a scalable approach for intelligent fuzz testing of Android applications. The framework scales both in terms of code size and number of applications by leveraging the unprecedented computational power of cloud computing. The framework uses numerous heuristics and software analysis techniques to intelligently guide the generation of test cases aiming to boost the likelihood of discovering vulnerabilities.

Informed Vulnerability Assessment of Categorized Applications

Security has become the Achilles' heel of most modern software systems, in particular in the domain of mobile and smartphone computing. Techniques ranging from the manual inspection to automated static and dynamic analyses are commonly employed to identify security vulnerabilities prior to the release of the software. However, none of these techniques is perfect, as static analysis is prone to producing lots of false positives and negatives, while dynamic analysis and manual inspection are unwieldy, both in terms of required time and cost. This research aims to improve these techniques by mining relevant information from vulnerabilities found in the categorized software repositories. The approach relies on the fact that many modern software systems are developed using rich application development frameworks (ADF), allowing us to raise the level of abstraction for detecting vulnerabilities and thereby making it possible to classify the types of vulnerabilities that are encountered in a given category of application. By coupling this type of information with severity of the vulnerabilities, we are able to improve the efficiency of static and dynamic analyses, and target the manual effort on the riskiest vulnerabilities. 

Prior Research Projects

RESIST – Resilient Situated Software Systems (selected paper: ASE 2010)

Situated software systems are an emerging class of systems that are predominantly pervasive, embedded, and mobile. They are marked with a high degree of unpredictability and dynamism in the execution context. At the same time, such systems often need to satisfy strict reliability requirements. We propose an approach geared to such systems, which continuously furnishes refined reliability predictions at runtime by incorporating various sources of information. The reliability predictions are leveraged to proactively place the software in the optimal configuration with respect to changing conditions. Our approach considers several representative architectural reconfiguration decisions that impact the system’s reliability, including reallocation of components to processes and changes to the architectural style.

Energy Consumption Framework for Distributed Java-based Systems (selected paper: CBSE 2008)

Efficiency with respect to energy  consumption has increasingly been recognized as an important  quality attribute for distributed software systems in embedded and pervasive environments. This research develops framework for estimating the energy consumption of distributed software systems implemented in Java. Our primary objective in devising the framework is to enable an engineer to make informed decisions when adapting a system’s architecture, such that the energy consumption on hardware devices with a finite battery life is reduced, and the lifetime of the system’s key software services increases. Our framework explicitly takes a component-based perspective, which renders it well suited for a large class of today’s distributed, embedded, and pervasive applications. The framework allows the engineer to estimate the distributed system’s energy consumption at system construction-time  and refine it at runtime.