Learn More
Google's Android platform includes a permission model that protects access to sensitive capabilities, such as Internet access, GPS use, and telephony. While permissions provide an important level of security, for many applications they allow broader access than actually required. In this paper, we introduce a novel framework that addresses this issue by(More)
We present an app automation tool called Brahmastra for helping app stores and security researchers to test third-party components in mobile apps at runtime. The main challenge is that call sites that invoke third-party code may be deeply embedded in the app, beyond the reach of traditional GUI testing tools. Our approach uses static analysis to construct a(More)
Program synthesis tools work by searching for an implementation that satisfies a given specification. Two popular search strategies are symbolic search, which reduces synthesis to a formula passed to a SAT solver, and explicit search, which uses brute force or random search to find a solution. In this paper, we propose adaptive concretization, a novel(More)
As the amount of data used by programs increases due to the growth of hardware storage capacity and computing power, efficient memory usage becomes a key factor for performance. Since modern applications heavily use structures allocated in the heap, this paper proposes an efficient structure layout based on static analyses. Unlike most of the previous work,(More)
Mobile apps can access a wide variety of secure information, such as contacts and location. However, current mobile platforms include only coarse access control mechanisms to protect such data. In this paper , we introduce interaction-based declassification policies, in which the user's interactions with the app constrain the release of sensitive(More)
Symbolic execution is a powerful program analysis technique, but it is difficult to apply to programs built using frameworks such as Swing and Android, because the framework code itself is hard to symbolically execute. The standard solution is to manually create a framework <i>model</i> that can be symbolically executed, but developing and maintaining a(More)
Unless the speed gap between CPU and memory disappears, efficient memory usage remains a decisive factor for performance. To optimize data usage of programs in the presence of the memory hierarchy, we are particularly interested in two compiler techniques: <i>pool allocation</i> and <i>field layout restructuring</i>. Since foreseeing runtime behaviors of(More)
Sketch-based synthesis, epitomized by the Sketch tool, lets developers synthesize software starting from a partial program, also called a sketch or template. This paper presents JSketch, a tool that brings sketch-based synthesis to Java. JSketch&#039;s input is a partial Java program that may include holes, which are unknown constants, expression(More)
Staphylococcus aureus is an important pathogenic bacterium that causes various infectious diseases. Extracellular vesicles (EVs) released from S. aureus contain bacterial proteins, nucleic acids, and lipids. These EVs can induce immune responses leading to similar symptoms as during staphylococcal infection condition and have the potential as vaccination(More)
Gut microbes might influence host metabolic homeostasis and contribute to the pathogenesis of type 2 diabetes (T2D), which is characterized by insulin resistance. Bacteria-derived extracellular vesicles (EVs) have been suggested to be important in the pathogenesis of diseases once believed to be non-infectious. Here, we hypothesize that gut microbe-derived(More)