The fluidity of application markets complicate smartphone security. Although recent efforts have shed light on particular security issues, there remains little insight into broader security characteristics of smartphone applications. This paper seeks to better understand smartphone application security by studying 1,100 popular free Android applications. We introduce the ded decompiler, which r...

Ecological security is an important basis of the entire human security system, the cornerstone for human survival. Knowing the status of ecological security is crucial for making decisions to avoid ecological disaster. Existing research, both the basic research on ecological security mechanism and information service systems, is still primitive in their abilities to resolve eco-security problem...

Revealing security vulnerabilities is one of great challenges for the Android ecosystem. Static analysis is the usual approach of the security analysis for computer software. However, it is undirected and time-consuming for the common static analysis methods to analyze the entire Android application systematically from the main entry point. In order to adapt to the event-driven feature of Andro...

In deregulated operating regime power system security is an issue that needs due thoughtfulness from researchers in the horizon of unbundling of generation and transmission. Electric power systems are exposed to various contingencies. Network contingencies often contribute to overloading of branches, violation of voltages and also leading to problems of security/stability. To maintain the secur...

In this paper, we design a non-uniform static analysis for formally verifying a protocol used in large-scale Grid systems for achieving delegations from users to critical system services. The analysis reveals a few shortcomings in the protocol, such as the lack of token integrity and the possibility of repudiating a delegation session. It also reveals the vulnerability of nondeterministic deleg...

We present a non-uniform static analysis for the π-calculus that is built on a denotational semantics of the language and is useful in detecting instances of information leakage and insecure communications in systems with multi-level security policies. To ensure the termination of the analysis, we propose an abstraction, which maintains a finite number of names to be generated by any process. W...

We describe a new technique for finding potential buffer overrun vulnerabilities in security-critical C code. The key to success is to use static analysis: we formulate detection of buffer overruns as an integer range analysis problem. One major advantage of static analysis is that security bugs can be eliminated before code is deployed. We have implemented our design and used our prototype to ...