Matching Items (5)
Filtering by
- All Subjects: Android
- Creators: Doupe, Adam
Description
Different logic-based knowledge representation formalisms have different limitations either with respect to expressivity or with respect to computational efficiency. First-order logic, which is the basis of Description Logics (DLs), is not suitable for defeasible reasoning due to its monotonic nature. The nonmonotonic formalisms that extend first-order logic, such as circumscription and default logic, are expressive but lack efficient implementations. The nonmonotonic formalisms that are based on the declarative logic programming approach, such as Answer Set Programming (ASP), have efficient implementations but are not expressive enough for representing and reasoning with open domains. This dissertation uses the first-order stable model semantics, which extends both first-order logic and ASP, to relate circumscription to ASP, and to integrate DLs and ASP, thereby partially overcoming the limitations of the formalisms. By exploiting the relationship between circumscription and ASP, well-known action formalisms, such as the situation calculus, the event calculus, and Temporal Action Logics, are reformulated in ASP. The advantages of these reformulations are shown with respect to the generality of the reasoning tasks that can be handled and with respect to the computational efficiency. The integration of DLs and ASP presented in this dissertation provides a framework for integrating rules and ontologies for the semantic web. This framework enables us to perform nonmonotonic reasoning with DL knowledge bases. Observing the need to integrate action theories and ontologies, the above results are used to reformulate the problem of integrating action theories and ontologies as a problem of integrating rules and ontologies, thus enabling us to use the computational tools developed in the context of the latter for the former.
ContributorsPalla, Ravi (Author) / Lee, Joohyung (Thesis advisor) / Baral, Chitta (Committee member) / Kambhampati, Subbarao (Committee member) / Lifschitz, Vladimir (Committee member) / Arizona State University (Publisher)
Created2012
Description
Despite the more tightly controlled permissions and Java framework used by most programs in the Android operating system, an attacker can use the same classic vulnerabilities that exist for traditional Linux binaries on the programs in the Android operating system. Some classic vulnerabilities include stack overows, string formats, and heap meta-information corruption. Through the exploitation of these vulnerabilities an attacker can hijack the execution ow of an application. After hijacking the execution ow, an attacker can then violate the con_dentiality, integrity, or availability of the operating system. Over the years, the operating systems and compliers have implemented a number of protections to prevent the exploitation of vulnerable programs. The most widely implemented protections include Non-eXecutable stack (NX Stack), Address Space Layout Randomization (ASLR), and Stack Canaries (Canaries). NX Stack protections prevent the injection and execution of arbitrary code through the use of a permissions framework within a program. Whereas, ASLR and Canaries rely on obfuscation techniques to protect control ow, which requires su_cient entropy between each execution. Early in the implementation of these protections in Linux, researchers discovered that without su_cient entropy between executions, ASLR and Canaries were easily bypassed. For example, the obfuscation techniques were useless in programs that ran continuously because the programs did not change the canaries or re-randomize the address space. Similarly, aws in the implementation of ASLR and Canaries in Android only re-randomizes the values after rebooting, which means the address space locations and canary values remain constant across the executions of an Android program. As a result, an attacker can hijack the control ow Android binaries that contain control ow vulnerabilities. The purpose of this paper is to expose these aws and the methodology used to verify their existence in Android versions 4.1 (Jelly Bean) through 8.0 (Oreo).
ContributorsGibbs, Wil (Author) / Doupe, Adam (Thesis director) / Shoshitaishvili, Yan (Committee member) / Barrett, The Honors College (Contributor) / Computer Science and Engineering Program (Contributor)
Created2018-12
Description
Smartphones are pervasive nowadays. They are supported by mobile platforms that allow users to download and run feature-rich mobile applications (apps). While mobile apps help users conveniently process personal data on mobile devices, they also pose security and privacy threats and put user's data at risk. Even though modern mobile platforms such as Android have integrated security mechanisms to protect users, most mechanisms do not easily adapt to user's security requirements and rapidly evolving threats. They either fail to provide sufficient intelligence for a user to make informed security decisions, or require great sophistication to configure the mechanisms for enforcing security decisions. These limitations lead to a situation where users are disadvantageous against emerging malware on modern mobile platforms. To remedy this situation, I propose automated and systematic approaches to address three security management tasks: monitoring, assessment, and confinement of mobile apps. In particular, monitoring apps helps a user observe and record apps' runtime behaviors as controlled under security mechanisms. Automated assessment distills intelligence from the observed behaviors and the security configurations of security mechanisms. The distilled intelligence further fuels enhanced confinement mechanisms that flexibly and accurately shape apps' behaviors. To demonstrate the feasibility of my approaches, I design and implement a suite of proof-of-concept prototypes that support the three tasks respectively.
ContributorsJing, Yiming (Author) / Ahn, Gail-Joon (Thesis advisor) / Doupe, Adam (Committee member) / Huang, Dijiang (Committee member) / Zhang, Yanchao (Committee member) / Arizona State University (Publisher)
Created2015
Description
Despite incremental improvements over decades, academic planning solutions see relatively little use in many industrial domains despite the relevance of planning paradigms to those problems. This work observes four shortfalls of existing academic solutions which contribute to this lack of adoption.
To address these shortfalls this work defines model-independent semantics for planning and introduces an extensible planning library. This library is shown to produce feasible results on an existing benchmark domain, overcome the usual modeling limitations of traditional planners, and accommodate domain-dependent knowledge about the problem structure within the planning process.
To address these shortfalls this work defines model-independent semantics for planning and introduces an extensible planning library. This library is shown to produce feasible results on an existing benchmark domain, overcome the usual modeling limitations of traditional planners, and accommodate domain-dependent knowledge about the problem structure within the planning process.
ContributorsJonas, Michael (Author) / Gaffar, Ashraf (Thesis advisor) / Fainekos, Georgios (Committee member) / Doupe, Adam (Committee member) / Herley, Cormac (Committee member) / Arizona State University (Publisher)
Created2016
Description
The Java programing language was implemented in such a way as to limit the amount of possible ways that a program written in Java could be exploited. Unfortunately, all of the protections and safeguards put in place for Java can be circumvented if a program created in Java utilizes internal or external libraries that were created in a separate, insecure language such as C or C++. A secure Java program can then be made insecure and susceptible to even classic vulnerabilities such as stack overflows, string format attacks, and heap overflows and corruption. Through the internal or external libraries included in the Java program, an attacker could potentially hijack the execution flow of the program. Once the Attacker has control of where and how the program executes, the attacker can spread their influence to the rest of the system.
However, since these classic vulnerabilities are known weaknesses, special types of protections have been added to the compilers which create the executable code and the systems that run them. The most common forms of protection include Address SpaceLayout Randomization (ASLR), Non-eXecutable stack (NX Stack), and stack cookies or canaries. Of course, these protections and their implementations vary depending on the system. I intend to look specifically at the Android operating system which is used in the daily lives of a significant portion of the planet. Most Android applications execute in a Java context and leave little room for exploitability, however, there are also many applications which utilize external libraries to handle more computationally intensive tasks.
The goal of this thesis is to take a closer look at such applications and the protections surrounding them, especially how the default system protections as mentioned above are implemented and applied to the vulnerable external libraries. However, this is only half of the problem. The attacker must get their payload inside of the application in the first place. Since it is necessary to understand how this is occurring, I will also be exploring how the Android operating system gives outside information to applications and how developers have chosen to use that information.
However, since these classic vulnerabilities are known weaknesses, special types of protections have been added to the compilers which create the executable code and the systems that run them. The most common forms of protection include Address SpaceLayout Randomization (ASLR), Non-eXecutable stack (NX Stack), and stack cookies or canaries. Of course, these protections and their implementations vary depending on the system. I intend to look specifically at the Android operating system which is used in the daily lives of a significant portion of the planet. Most Android applications execute in a Java context and leave little room for exploitability, however, there are also many applications which utilize external libraries to handle more computationally intensive tasks.
The goal of this thesis is to take a closer look at such applications and the protections surrounding them, especially how the default system protections as mentioned above are implemented and applied to the vulnerable external libraries. However, this is only half of the problem. The attacker must get their payload inside of the application in the first place. Since it is necessary to understand how this is occurring, I will also be exploring how the Android operating system gives outside information to applications and how developers have chosen to use that information.
ContributorsGibbs, William (Author) / Doupe, Adam (Thesis advisor) / Wang, Ruoyu (Committee member) / Shoshitaishvilli, Yan (Committee member) / Arizona State University (Publisher)
Created2020