Today
Bookmark and Share    
Full Text
Peer Reviewed
See detailDon't Trust Me, Test Me: 100% Code Coverage for a 3rd-party Android App
Pilgun, Aleksandr UL

in Pilgun, Aleksandr (Ed.) Don't Trust Me, Test Me: 100% Code Coverage for a 3rd-party Android App (in press)

The incompleteness of 3rd-party app testing is an accepted fact in Software Engineering. This issue makes it impossible to verify the app functionality and to confirm its safety to the end-user. To solve ... [more ▼]

The incompleteness of 3rd-party app testing is an accepted fact in Software Engineering. This issue makes it impossible to verify the app functionality and to confirm its safety to the end-user. To solve this problem, enterprises developed strict policies. A company, willing to use modern apps, may perform an expensive security analysis, rely on trust or forbid the app. These strategies may lead companies to high direct and indirect spending with no guarantee of safety. In this work, we present a novel approach, called Dynamic Binary Shrinking, that allows a user to review app functionality and leave only tested code. The shrunk app produces 100% instruction coverage on observed behaviors and in this way guarantees the absence of unexplored, and therefore, potentially malicious code. On our running examples, we demonstrate that apps use less than 20% of the codebase. We developed an approach and the ACVCut tool to shrink Android apps towards the executed code. Repository — http://github.com/pilgun/acvcut. [less ▲]

Detailed reference viewed: 44 (0 UL)
See detail[GitHub] pilgun/acvcut: ACVCut 1.0
Pilgun, Aleksandr UL

Software (2020)

ACVCut shrinks Android apps towards executed code. The tool is based on ACVTool instruction coverage.

Detailed reference viewed: 45 (0 UL)
Full Text
See detailBioKC: a platform for quality controlled curation and annotation of systems biology models
Vega Moreno, Carlos Gonzalo UL; Groues, Valentin UL; Ostaszewski, Marek UL et al

Scientific Conference (2020, September 04)

Standardisation of biomedical knowledge into systems biology models is essential for the study of the biological function. However, biomedical knowledge curation is a laborious manual process aggravated ... [more ▼]

Standardisation of biomedical knowledge into systems biology models is essential for the study of the biological function. However, biomedical knowledge curation is a laborious manual process aggravated by the ever increasing growth of biomedical literature. High quality curation currently relies on pathway databases where outsider participation is minimal. The increasing demand of systems biology knowledge presents new challenges regarding curation, calling for new collaborative functionalities to improve quality control of the review process. These features are missing in the current systems biology environment, whose tools are not well suited for an open community-based model curation workflow. On one hand, diagram editors such as CellDesigner or Newt provide limited annotation features. On the other hand, most popular text annotations tools are not aimed for biomedical text annotation or model curation. Detaching the model curation and annotation tasks from diagram editing improves model iteration and centralizes the annotation of such models with supporting evidence. In this vain, we present BioKC, a web-based platform for systematic quality-controlled collaborative curation and annotation of biomedical knowledge following the standard data model from Systems Biology Markup Language (SBML). [less ▲]

Detailed reference viewed: 36 (0 UL)
Full Text
Peer Reviewed
See detailAssessment of the production of biodiesel from urban wastewater-derived lipids
Frkova, Zuzana UL; Venditti, Silvia UL; Patrick, Herr et al

in Resources, Conservation and Recycling (2020), 162

Production of biodiesel is one of the most important European targets within renewables for the future. To consider biodiesel a feasible alternative to fossil fuel, unconventional resources need to be ... [more ▼]

Production of biodiesel is one of the most important European targets within renewables for the future. To consider biodiesel a feasible alternative to fossil fuel, unconventional resources need to be exploited. This review aims to provide up-to-date knowledge on the existing reuse of lipids from urban wastewater to produce biodiesel. Lipids are readily removed by mixed microbial populations during wastewater treatments in sewage plants. Assessment results on potential annual European market supply indicate 3 – 414 104 tons (min for activated and max for grease trap sludge) of potentially extractable biodiesel from wastewater and an expected biodiesel demand of 14.8 106 tons. Considering the prospect of transforming sewage plants into biorefineries, we may cover on average 1.5, 6.2, 6.7 and 24.4% of activated, primary, scum and grease trap sludge respectively, of the European biodiesel market from wastewater-derived lipids. In addition, by implementing an optimized biotechnology selector, the overall biodiesel yield could be higher due to increased lipid incorporation into microbial biomass. This is not an insignificant amount and, if efficiently implemented, could represent an exploitable resource for biofuel production, an important and desired step towards a circular economy. The technology readiness level is still very low. There are several challenges and possible drawbacks, e.g., biogas yield loss, substrate depletion, or formation of floating sludge. Finally, no definitive legislative barriers towards wastewater-derived lipids have been identified; however, quality criteria as well as waste status have to be defined. [less ▲]

Detailed reference viewed: 33 (0 UL)
Full Text
Peer Reviewed
See detailFine-grained Code Coverage Measurement in Automated Black-box Android Testing
Pilgun, Aleksandr UL; Gadyatskaya, Olga UL; Zhauniarovich, Yury et al

in ACM Transactions on Software Engineering and Methodology (2020), 29(4), 1-35

Today, there are millions of third-party Android applications. Some of them are buggy or even malicious. To identify such applications, novel frameworks for automated black-box testing and dynamic ... [more ▼]

Today, there are millions of third-party Android applications. Some of them are buggy or even malicious. To identify such applications, novel frameworks for automated black-box testing and dynamic analysis are being developed by the Android community. Code coverage is one of the most common metrics for evaluating effectiveness of these frameworks. Furthermore, code coverage is used as a fitness function for guiding evolutionary and fuzzy testing techniques. However, there are no reliable tools for measuring fine-grained code coverage in black-box Android app testing. We present the Android Code coVerage Tool, ACVTool for short, that instruments Android apps and measures code coverage in the black-box setting at class, method and instruction granularity. ACVTool has successfully instrumented 96.9% of apps in our experiments. It introduces a negligible instrumentation time overhead, and its runtime overhead is acceptable for automated testing tools. We demonstrate practical value of ACVTool in a large-scale experiment with Sapienz, a state-of-art automated testing tool. Using ACVTool on the same cohort of apps, we have compared different coverage granularities applied by Sapienz in terms of the found amount of crashes. Our results show that none of the applied coverage granularities clearly outperforms others in this aspect. [less ▲]

Detailed reference viewed: 22 (1 UL)
See detailFatigue and fracture of rubber: Accelerated and experimentally validated phase-field damage models
Loew, Pascal Juergen UL

Doctoral thesis (2020)

Rubbers behave very particularly. Anyone who has stretched a rubber band knows that large elastic deformations over 400% can be attained with a minimal force. In order to utilize the full potential of the ... [more ▼]

Rubbers behave very particularly. Anyone who has stretched a rubber band knows that large elastic deformations over 400% can be attained with a minimal force. In order to utilize the full potential of the material and to improve the performance of a product, it is imperative to accurately model the material's failure. This thesis focuses on the development, experimental validation and application of a fatigue damage model for rubber. Cohesive zone models or nodal enrichment strategies, which treat cracks as sharp discontinuities, require a priori knowledge of the crack path or are limited in their ability to handle complex crack phenomena like branching and coalescence. On the other hand, the results of standard continuum damage models are affected by the mesh size. Phase-field damage models avoid sharp discontinuities by adding a smooth damage process zone to the crack. The width of this zone is controlled by a length scale parameter. Because of this pure continuum description, the mentioned complex phenomena are simulated without additional effort. Furthermore, the introduction of the length scale ensures mesh-independence during strain softening. Despite these advantages, phase-field models to describe the failure of rubber parts are still limited. Firstly, most published works focus only on monotonic loading. Fatigue damage of rubber has never been considered in a phase-field model. Secondly, the computational burden is too large so that only examples with limited practical relevance can be simulated. Thirdly, there is insufficient experimental validation in the literature and the process of parameter identification is not adequately addressed. For instance, the selection of the length scale parameter is often arbitrary. This thesis collects three works that have been presented to the scientific community in an effort to overcome the mentioned problems. Because the fracture resistance of rubbers is a function of the loading rate, the first work presents a rate-dependent phase-field damage model for rubber and finite strains. Rate-dependency is considered in the constitutive description of the bulk as well as in the damage driving force. All the material parameters are identified from experiments. Particular attention is paid to the length scale parameter, which is calibrated by means of local strain measurements close to the crack tip obtained via digital image correlation. The second work extends the phase-field damage model so that fatigue failure can be predicted. For this purpose, an additional fatigue damage source depending on an accumulated load history variable is introduced. The thermodynamical consistency is demonstrated by measuring the energy storage and dissipation of the various model components. Dedicated fatigue experiments are conducted in order to identify additional (fatigue) parameters. The extended model reproduces Woehler curves and Paris theory for fatigue crack growth. Using explicit and implicit cycle jump schemes, the third work focuses on the reduction of the computation time. A finite number of load cycles is simulated and the results for the next cycles are extrapolated. By alternating simulations and jumps until the component failure is reached, the total number of simulated cycles is significantly reduced, with respect to the full simulations. As the size of the cycle jump governs the acceleration of the simulations, but also the numerical stability, an adaptive cycle jump scheme for the implicit acceleration framework is proposed. Consequently, no manual adjustment of the step size is necessary. Additional experiments validate both the numerical model and the identified material parameters. Finally, the fatigue phase-field damage model is used in two industry-relevant examples demonstrating how this technology creates immediate benefits in product development. [less ▲]

Detailed reference viewed: 27 (2 UL)
Full Text
Peer Reviewed
See detailDefeating State-of-the-Art White-Box Countermeasures with Advanced Gray-Box Attacks
Goubin, Louis; Rivain, Matthieu UL; Wang, Junwei UL

in IACR Transactions on Cryptographic Hardware and Embedded Systems (2020), 2020(3), 454482

The goal of white-box cryptography is to protect secret keys embedded in a cryptographic software deployed in an untrusted environment. In this article, we revisit state-of-the-art countermeasures ... [more ▼]

The goal of white-box cryptography is to protect secret keys embedded in a cryptographic software deployed in an untrusted environment. In this article, we revisit state-of-the-art countermeasures employed in white-box cryptography, and we discuss possible ways to combine them. Then we analyze the different gray-box attack paths and study their performances in terms of required traces and computation time. Afterward, we propose a new paradigm for the gray-box attack against white-box cryptography, which exploits the data-dependency of the target implementation. We demonstrate that our approach provides substantial complexity improvements over the existing attacks. Finally, we showcase this new technique by breaking the three winning AES-128 white-box implementations from WhibOx 2019 white-box cryptography competition. [less ▲]

Detailed reference viewed: 19 (0 UL)
Full Text
Peer Reviewed
See detailWOW! Sewage is valuable!
Frkova, Zuzana UL; Venditti, Silvia UL; Lacroix, Mark et al

Scientific Conference (2020, February)

There are market opportunities for raw materials from sewage, but for this the sewage treatment plants and the industry need alignment. This calls for a transition: sewage treatment plants need to switch ... [more ▼]

There are market opportunities for raw materials from sewage, but for this the sewage treatment plants and the industry need alignment. This calls for a transition: sewage treatment plants need to switch from treating sewage to producing valuable materials. On the other hand, market parties need to regard sewage as a valuable source instead of ‘dirty unsafe water’. Last but not least, the policies should better fit this new circular practice. To realize these opportunities WOW! aims to develop value chains for three different raw materials from sewage: cellulose, PHA bioplastics and lipids. [less ▲]

Detailed reference viewed: 20 (0 UL)
Full Text
Peer Reviewed
See detailAnalysis and Improvement of Differential Computation Attacks against Internally-Encoded White-Box Implementations
Rivain, Matthieu UL; Wang, Junwei UL

in IACR Transactions on Cryptographic Hardware and Embedded Systems (2019), 2019(2), 225-255

White-box cryptography is the last security barrier for a cryptographic software implementation deployed in an untrusted environment. The principle of internal encodings is a commonly used white-box ... [more ▼]

White-box cryptography is the last security barrier for a cryptographic software implementation deployed in an untrusted environment. The principle of internal encodings is a commonly used white-box technique to protect block cipher implementations. It consists in representing an implementation as a network of look-up tables which are then encoded using randomly generated bijections (the internal encodings). When this approach is implemented based on nibble (i.e. 4-bit wide) encodings, the protected implementation has been shown to be vulnerable to differential computation analysis (DCA). The latter is essentially an adaptation of differential power analysis techniques to computation traces consisting of runtime information, e.g., memory accesses, of the target software. In order to thwart DCA, it has then been suggested to use wider encodings, and in particular byte encodings, at least to protect the outer rounds of the block cipher which are the prime targets of DCA. In this work, we provide an in-depth analysis of when and why DCA works. We pinpoint the properties of the target variables and the encodings that make the attack (in)feasible. In particular, we show that DCA can break encodings wider than 4-bit, such as byte encodings. Additionally, we propose new DCA-like attacks inspired from side-channel analysis techniques. Specifically, we describe a collision attack particularly effective against the internal encoding countermeasure. We also investigate mutual information analysis (MIA) which naturally applies in this context. Compared to the original DCA, these attacks are also passive and they require very limited knowledge of the attacked implementation, but they achieve significant improvements in terms of trace complexity. All the analyses of our work are experimentally backed up with various attack simulation results. We also verified the practicability of our analyses and attack techniques against a publicly available white-box AES implementation protected with byte encodings –which DCA has failed to break before– and against a “masked” white-box AES implementation –which intends to resist DCA. [less ▲]

Detailed reference viewed: 19 (0 UL)
Full Text
Peer Reviewed
See detailNumerical investigation into the blasting-induced damage characteristics of rocks considering the role of in-situ stresses and discontinuity persistence
Jayasinghe, Laddu Bhagya UL; Shang, J.; Zhao, Z. et al

in Computers and Geotechnics (2019), 116

This paper presents a 3D coupled Smoothed Particle Hydrodynamics (SPH) and Finite Element Method (FEM) model, which was developed to investigate the extent of damage zone and fracture patterns in rock due ... [more ▼]

This paper presents a 3D coupled Smoothed Particle Hydrodynamics (SPH) and Finite Element Method (FEM) model, which was developed to investigate the extent of damage zone and fracture patterns in rock due to blasting. The RHT material model was used to simulate the blasting-induced damage in rock. The effects of discontinuity persistence and high in-situ stresses on the evolution of blasting-induced damage were investigated. Results of this study indicate that discontinuity persistence and spatial distribution of rock bridges have a significant influence on the evolution of blasting-induced damage. Furthermore, high in-situ stresses also have a significant influence on the propagation of blasting-induced fractures, as well as the patterns of fracture networks. It is also shown that the blasting-induced cracks are often induced along the direction of the applied high initial stresses. Moreover, additional cracks are normally generated at the edges of the rock bridges probably due to the relatively high stress concentration. � 2019 Elsevier Ltd [less ▲]

Detailed reference viewed: 45 (4 UL)
Full Text
Peer Reviewed
See detailAssessment of the production of biodiesel from urban wastewater-derived lipids
Frkova, Zuzana UL; Herr, Patrick; Venditti, Silvia UL et al

Scientific Conference (2019)

By adopting a Circular Economy Package in 2015, European Commission aimed at stimulating transition towards a stronger and more circular economy where waste (including sewage) is no longer recognized as ... [more ▼]

By adopting a Circular Economy Package in 2015, European Commission aimed at stimulating transition towards a stronger and more circular economy where waste (including sewage) is no longer recognized as waste, but as a valuable resource of raw materials. This review study assesses the existing methodologies to produce biodiesel from wastewater-derived lipids. Depending on the stage of wastewater treatment where biodiesel would be extracted, it may cover up to 20% of the current European biodiesel demand. Further studies in regards to the biodiesel quality, legislative conditions and techno-economic assessment towards respective transition are needed. [less ▲]

Detailed reference viewed: 31 (0 UL)
See detail[GitHub] pilgun/acvtool: ACVTool v0.2
Pilgun, Aleksandr UL; Zhauniarovich, Yury; Gadyatskaya, Olga

Software (2018)

ACVTool (Android Code Coverage Tool) is a tool to measure fine-grained code coverage of 3rd-party Android apps.

Detailed reference viewed: 29 (0 UL)