SCG News

Idea: Benchmarking Android Data Leak Detection Tools

Claudio Corrodi, Timo Spring, Mohammad Ghafari, and Oscar Nierstrasz. Idea: Benchmarking Android Data Leak Detection Tools. In Mathias Payer, Awais Rashid, and Jose M. Such (Ed.), Engineering Secure Software and Systems, p. 116—123, Springer International Publishing, Cham, 2018. Details.


Virtual application stores for mobile platforms contain many malign and benign applications that exhibit security issues, such as the leaking of sensitive data. In recent years, researchers have proposed a myriad of techniques and tools to detect such issues automatically. However, it is unclear how these approaches perform compared to each other. The tools are often no longer available, thus comparing different approaches is almost infeasible.

Posted by scg at 1 July 2018, 2:15 pm comment link

Security in Android ICC

Patrick Frischknecht. Security in Android ICC. Bachelor’s thesis, University of Bern, June 2018. Details.


Android Inter-Component Communication (ICC) is complex, largely unconstrained, and hard for developers to understand. As a consequence, ICC is a common source of security vulnerability in Android apps. To promote secure programming practices, we have reviewed related research, and identified avoidable ICC vulnerabilities in Android-run devices and the security code smells that indicate their presence. We explain the vulnerabilities and their corresponding smells, and we discuss how they can be eliminated or mitigated during development. We present a lightweight static analysis tool on top of Android Lint that analyzes the code under development and provides just-in-time feedback within the integrated development environment (IDE) about the presence of such security smells in the code. Moreover, with the help of this tool we study the prevalence of security code smells in more than 700 open-source apps, and manually inspect around 15% of these apps to assess the extent to which identifying such smells uncovers ICC security vulnerabilities.

Posted by scg at 25 June 2018, 12:15 pm 1 comment link

A Systematic Literature Review of Software Visualization Evaluation

Leonel Merino, Mohammad Ghafari, Craig Anslow, and Oscar Nierstrasz. A Systematic Literature Review of Software Visualization Evaluation. In Journal of Systems and Software 144 p. 165-180, October 2018. Details.


Abstract Context: Software visualizations can help developers to analyze multiple aspects of complex software systems, but their effectiveness is often uncertain due to the lack of evaluation guidelines. Objective: We identify common problems in the evaluation of software visualizations with the goal of formulating guidelines to improve future evaluations. Method: We review the complete literature body of 387 full papers published in the SOFTVIS/VISSOFT conferences, and study 181 of those from which we could extract evaluation strategies, data collection methods, and other aspects of the evaluation. Results: Of the proposed software visualization approaches, 62% lack a strong evaluation. We argue that an effective software visualization should not only boost time and correctness but also recollection, usability, engagement, and other emotions. Conclusion: We call on researchers proposing new software visualizations to provide evidence of their effectiveness by conducting thorough (i) case studies for approaches that must be studied in situ, and when variables can be controlled, (ii) experiments with randomly selected participants of the target audience and real-world open source software systems to promote reproducibility and replicability. We present guidelines to increase the evidence of the effectiveness of software visualization approaches, thus improving their adoption rate.

Posted by scg at 21 June 2018, 2:15 pm comment link

Visualising Objects in Pharo

Eve Mendoza Quiros. Visualising Objects in Pharo. Bachelor’s thesis, University of Bern, June 2018. Details.


Object inspection in the Pharo IDE is currently focused on the individual object. The inspection of inter-object relationships is possible in a very limited way, making object set inspection difficult. Understanding the relationship between objects and sets of objects is an important debugging aid and facilitates proper code analysis. In order to efficiently understand code, a visualization of data structures in an interactive graph helps programmers get a thorough conceptual overview. This can save time during debugging as well as code analysis and maintenance. In this thesis a tool is presented that facilitates the visualization of object sets in a graph, in Pharo. The tool highlights the relationships between objects while also conveying important information about each individual object. The strengths of this framework are, first subgraphs persist over different graph renderings, making the comparison of similar sets easy and effectively presenting the set evolution. Second the interactive graph and ability to customize the visualization makes it more understandable and useful to the user. By using this tool in Pharo interesting visualizations can be created since Pharo’s mantra is everything is an object, therefore we can also make graphs containing classes as elements and show the relationships between different classes. The tool facilitates node customization, giving the user the possibility to mold the visualization to fit their needs. For each object an individual node representation can be created. In this thesis we present a node customization for linked lists and for abstract syntax trees. Overall the tool is very intuitive and supports program understanding and debugging.

Posted by scg at 19 June 2018, 7:59 pm comment link

Reproducible moldable interactions

Mario Kaufmann. Reproducible moldable interactions. Masters thesis, University of Bern, April 2018. Details.


Object inspectors are tools that allow developers to explore the state of run-time objects. This exploration creates many interaction events between the developer and the inspector. Recording, saving and using those interactions directly in an inspector opens opportunities to reduce the amount of repetitive actions developers need to do during development and debugging. To make this possible we propose an inspector model that records developer interactions as first-class entities and uses them to reduce repetition. This is enabled through a model that uses a tree to keep track of an inspection session, and a recording infrastructure that allows each widget to decide how user interactions should be recorded. To validate this model, we identify several types of problems that can arise in object inspectors and show how they can be addressed if developer interactions are recorded by the inspector. For example, the new model allows developers to replay inspection sessions, restore partial navigation and generate code from an inspection session.

Posted by scg at 2 May 2018, 11:15 am comment link
<< 1 2 3 4 5 6 7 8 9 10 >>
Last changed by admin on 21 April 2009