Despite their ability to help with program correctness, assertions have been notoriously unpopular-even with professional programmers. End-user programmers seem even less likely to appreciate the value of assertions; yet end-user programs suffer from serious correctness problems that assertions could help detect. This leads to the following question: can end users be enticed to enter assertions? To investigate this question, we have devised a curiosity-centered approach to eliciting assertions from end users, built on a surprise-explain-reward strategy. Our follow-up work with end-user participants shows that the approach is effective in encouraging end users to enter assertions that help them find errors.
Android's popularity has given rise to myriad application analysis techniques to improve the security and robustness of mobile applications, motivated by the evolving adversarial landscape. These techniques have focused on identifying undesirable behaviors in individual applications, either due to malicious intent or programmer error. We present a collection of tools that provide a static information flow analysis across a set of applications, showing a holistic view of all the applications destined for a particular device. The techniques we present include a static binary single-app analysis, a security lint tool to mitigate the limits of static binary analysis, a multi-app information flow analysis, and an evaluation engine to detect information flows that violate specified security policies.We show that our single-app analysis is comparable with the leading approaches on the DroidBench benchmark suite; we present a brief listing of lint-like heuristics used to show the limits of the single-app analysis in the context of an application; we present a multi-app analysis, and demonstrate information flows that cannot be detected by single-app analyses; and we present a policy evaluation engine to automatically detect violations in collections of Android apps.
General TermsSecurity
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.