SCG News

Security in Android ICC

Patrick Frischknecht. Security in Android ICC. Bachelor’s thesis, University of Bern, June 2018. Details.


Android Inter-Component Communication (ICC) is complex, largely unconstrained, and hard for developers to understand. As a consequence, ICC is a common source of security vulnerability in Android apps. To promote secure programming practices, we have reviewed related research, and identified avoidable ICC vulnerabilities in Android-run devices and the security code smells that indicate their presence. We explain the vulnerabilities and their corresponding smells, and we discuss how they can be eliminated or mitigated during development. We present a lightweight static analysis tool on top of Android Lint that analyzes the code under development and provides just-in-time feedback within the integrated development environment (IDE) about the presence of such security smells in the code. Moreover, with the help of this tool we study the prevalence of security code smells in more than 700 open-source apps, and manually inspect around 15% of these apps to assess the extent to which identifying such smells uncovers ICC security vulnerabilities.

Posted by scg at 25 June 2018, 12:15 pm comment link

A Systematic Literature Review of Software Visualization Evaluation

Leonel Merino, Mohammad Ghafari, Craig Anslow, and Oscar Nierstrasz. A Systematic Literature Review of Software Visualization Evaluation. In Journal of Systems and Software 144 p. 165-180, October 2018. Details.


Abstract Context: Software visualizations can help developers to analyze multiple aspects of complex software systems, but their effectiveness is often uncertain due to the lack of evaluation guidelines. Objective: We identify common problems in the evaluation of software visualizations with the goal of formulating guidelines to improve future evaluations. Method: We review the complete literature body of 387 full papers published in the SOFTVIS/VISSOFT conferences, and study 181 of those from which we could extract evaluation strategies, data collection methods, and other aspects of the evaluation. Results: Of the proposed software visualization approaches, 62% lack a strong evaluation. We argue that an effective software visualization should not only boost time and correctness but also recollection, usability, engagement, and other emotions. Conclusion: We call on researchers proposing new software visualizations to provide evidence of their effectiveness by conducting thorough (i) case studies for approaches that must be studied in situ, and when variables can be controlled, (ii) experiments with randomly selected participants of the target audience and real-world open source software systems to promote reproducibility and replicability. We present guidelines to increase the evidence of the effectiveness of software visualization approaches, thus improving their adoption rate.

Posted by scg at 21 June 2018, 2:15 pm comment link

Visualising Objects in Pharo

Eve Mendoza Quiros. Visualising Objects in Pharo. Bachelor’s thesis, University of Bern, June 2018. Details.


Object inspection in the Pharo IDE is currently focused on the individual object. The inspection of inter-object relationships is possible in a very limited way, making object set inspection difficult. Understanding the relationship between objects and sets of objects is an important debugging aid and facilitates proper code analysis. In order to efficiently understand code, a visualization of data structures in an interactive graph helps programmers get a thorough conceptual overview. This can save time during debugging as well as code analysis and maintenance. In this thesis a tool is presented that facilitates the visualization of object sets in a graph, in Pharo. The tool highlights the relationships between objects while also conveying important information about each individual object. The strengths of this framework are, first subgraphs persist over different graph renderings, making the comparison of similar sets easy and effectively presenting the set evolution. Second the interactive graph and ability to customize the visualization makes it more understandable and useful to the user. By using this tool in Pharo interesting visualizations can be created since Pharo’s mantra is everything is an object, therefore we can also make graphs containing classes as elements and show the relationships between different classes. The tool facilitates node customization, giving the user the possibility to mold the visualization to fit their needs. For each object an individual node representation can be created. In this thesis we present a node customization for linked lists and for abstract syntax trees. Overall the tool is very intuitive and supports program understanding and debugging.

Posted by scg at 19 June 2018, 7:59 pm comment link

Reproducible moldable interactions

Mario Kaufmann. Reproducible moldable interactions. Masters thesis, University of Bern, April 2018. Details.


Object inspectors are tools that allow developers to explore the state of run-time objects. This exploration creates many interaction events between the developer and the inspector. Recording, saving and using those interactions directly in an inspector opens opportunities to reduce the amount of repetitive actions developers need to do during development and debugging. To make this possible we propose an inspector model that records developer interactions as first-class entities and uses them to reduce repetition. This is enabled through a model that uses a tree to keep track of an inspection session, and a recording infrastructure that allows each widget to decide how user interactions should be recorded. To validate this model, we identify several types of problems that can arise in object inspectors and show how they can be addressed if developer interactions are recorded by the inspector. For example, the new model allows developers to replay inspection sessions, restore partial navigation and generate code from an inspection session.

Posted by scg at 2 May 2018, 11:15 am comment link

Personalized Autism Infographics: A Web Development Project with and for Autistic People

Sara Peeters. Personalized Autism Infographics: A Web Development Project with and for Autistic People. Bachelor’s thesis, University of Bern, April 2018. Details.


Autism is a lifelong neurodevelopmental condition influencing a person’s social interaction, communication and sensory perception. Autistic people tend to need a certain level of structure and routine and can often be overwhelmed in day-to-day situations. The fact that autistic people experience the world differently and have different needs than the non-autistic majority often leads to misunderstandings and even conflict situations. So called autism id cards aim to help in such situations, where communication between those unfamiliar with autism and autistic people fails, as well as to raise awareness in general. Their usefulness is, however, limited by the fact that the autism spectrum is rather broad, and the explanations on the cards are very general. This project wants to build on the idea of autism id cards by developing a digitalized, personalizable version of them. It consists of a web app where autistic people can click and write together one or more personalized infographics and make them available to the people they choose through an automatically generated link, or save them on their phone. The project is iteratively developed in partnership with the psychiatric department of the hospital of Frutigen, Meiringen, Interlaken. The input of autistic adults, parents of autistic children, friends and caretakers as potential users is taken into account at various stages of the development through surveys and usability testing. Through the modularity of the infographics and the free text options in each module, the possibilities for personalization are endless. At the same time the preformulated statements, and the example infographics that can be used as a starting point for customization, provide enough guidance for users not to get lost. While the end result is not yet ready for large scale public use, it is a solid proof of concept with extensive functionality.

Posted by scg at 19 April 2018, 3:15 pm comment link
<< 1 2 3 4 5 6 7 8 9 10 >>
Last changed by admin on 21 April 2009