Yiming Jing scite author profile

Mobile operating systems, such as Apple's iOS and Google's Android, have supported a ballooning market of featurerich mobile applications. However, helping users understand and mitigate security risks of mobile applications is still an ongoing challenge. While recent work has developed various techniques to reveal suspicious behaviors of mobile applications, there exists little work to answer the following question: are those behaviors necessarily inappropriate? In this paper, we seek an approach to cope with such a challenge and present a continuous and automated risk assessment framework called RISKMON that uses machinelearned ranking to assess risks incurred by users' mobile applications, especially Android applications. RISKMON combines users' coarse expectations and runtime behaviors of trusted applications to generate a risk assessment baseline that captures appropriate behaviors of applications. With the baseline, RISKMON assigns a risk score on every access attempt on sensitive information and ranks applications by their cumulative risk scores. Furthermore, we demonstrate how RISKMON supports risk mitigation with automated permission revocation. We also discuss a proof-of-concept implementation of RISKMON as an extension of the Android mobile platform and provide both system evaluation and usability study of our methodology.

show abstract

Towards Memory Safe Enclave Programming with Rust-SGX

Wang

Wang²,

Ding³

et al. 2019

View full text Add to dashboard Cite

Intel Software Guard eXtension (SGX), a hardware supported trusted execution environment (TEE), is designed to protect security critical applications. However, it does not terminate traditional memory corruption vulnerabilities for the software running inside enclave, since enclave software is still developed with type unsafe languages such as C/C++. This paper presents Rust-SGX, an efficient and layered approach to exterminating memory corruption for software running inside SGX enclaves. The key idea is to enable the development of enclave programs with an efficient memory safe system language Rust with a Rust-SGX SDK by solving the key challenges of how to (1) make the SGX software memory safe and (2) meanwhile run as efficiently as with the SDK provided by Intel. We therefore propose to build Rust-SGX atop Intel SGX SDK, and tame unsafe components with formally proven memory safety. We have implemented Rust-SGX and tested with a series of benchmark programs. Our evaluation results show that Rust-SGX imposes little extra overhead (less than 5% with respect to the SGX specific features and services compared to software developed by Intel SGX SDK), and meanwhile have stronger memory safety. CCS CONCEPTS• Security and privacy → Formal methods and theory of security; Systems security;

show abstract

An atlas-based geometry pipeline for cardiac Hermite model construction and diffusion tensor reorientation

Zhang

Liang

et al. 2012

Medical Image Analysis

View full text Add to dashboard Cite

Here we present a novel atlas-based geometry pipeline for constructing three-dimensional cubic Hermite finite element meshes of the whole human heart from tomographic patient image data. To build the cardiac atlas, two superior atria, two inferior ventricles as well as the aorta and the pulmonary trunk are first segmented, and epicardial and endocardial boundary surfaces are extracted and smoothed. Critical points and skeletons (or central-line paths) are identified, following the cardiac topology. The surface model and the path tree are used to construct a hexahedral control mesh via a skeleton-based sweeping method. Derivative parameters are computed from the control mesh, defining cubic Hermite finite elements. The thickness of the atria and the ventricles is obtained using segmented epicardial boundaries or via offsetting from the endocardial surfaces in regions where the image resolution is insufficient. We also develop a robust optical flow approach to deform the constructed atlas and align it with the image from a second patient. This registration method is fully-automatic, and avoids manual operations required by segmentation and path extraction. Moreover, we demonstrate that this method can also be used to deformably map diffusion tensor MRI data with patient geometries to include fiber and sheet orientations in the finite element model.

show abstract

Application of Improved Simulated Annealing Optimization Algorithms in Hardware/Software Partitioning of the Reconfigurable System-on-Chip

Jing¹,

Kuang²,

Du³

et al. 2014

View full text Add to dashboard Cite

Model-Based Conformance Testing for Android

Jing

Ahn

2012

View full text Add to dashboard Cite

Abstract. With the surging computing power and network connectivity of smartphones, more third-party applications and services are deployed on these platforms and enable users to customize their mobile devices. Due to the lack of rigorous security analysis, fast evolving smartphone platforms, however, have suffered from a large number of system vulnerabilities and security flaws. In this paper, we present a model-based conformance testing framework for mobile platforms, focused on Android platform. Our framework systematically generates test cases from the formal specification of the mobile platform and performs conformance testing with the generated test cases. We also demonstrate the feasibility and effectiveness of our framework through case studies on Android Inter-Component Communication module.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Yiming Jing

Towards Automated Risk Assessment and Mitigation of Mobile Applications

Towards Memory Safe Enclave Programming with Rust-SGX

An atlas-based geometry pipeline for cardiac Hermite model construction and diffusion tensor reorientation

Application of Improved Simulated Annealing Optimization Algorithms in Hardware/Software Partitioning of the Reconfigurable System-on-Chip

Model-Based Conformance Testing for Android

Contact Info

Product

Resources

About