Component-based permission management of Android applications

Most Android applications include third-party libraries (3PLs) to make revenues, to facilitate their development, and to track user behaviors. 3PLs generally require specific permissions to realize their functionalities. Current Android systems manage permissions in app (process) granularity. As a result, the permission sets of apps with 3PLs (3PL-apps) may be augmented, introducing overprivilege risks. In this paper, we firstly study how severe the problem is by analyzing the permission sets of 27 718 real-world Android apps with and without 3PLs downloaded in both 2016 and 2017. We find that the usage of 3PLs and the permissions required by 3PL-apps have increased over time. As a result, the possibility of overprivilege risks increases. We then propose Perman, a fine-grained permission management mechanism for Android. Perman isolates the permissions of the host app and those of the 3PLs through dynamic code instrumentation. It allows users to manage permission requests of different modules of 3PL-apps during app runtime. Unlike existing tools, Perman does not need to redesign Android apps and systems. Therefore, it can be applied to millions of existing apps and various Android devices. We conduct experiments to evaluate the effectiveness and efficiency of Perman. The experimental results verify that Perman is capable of managing permission requests of the host app and those of the 3PLs. We also confirm that the overhead introduced by Perman is comparable to that by existing commercial permission management tools.     

Intelligent cruise control applications: real-time embedded hybrid control software

This article presents the use of a model-based approach for the development of real-time, embedded, hybrid control software. The concepts are illustrated with a scenario involving speed-profile tracking and vehicle following applications for passenger vehicles. The model-based approach was developed in partnership between the University of California at Berkeley, Ford Research Labs, and GM. An ACC and CACC system has been tested in prototype phase, both at highway speeds and in stop-and-go situations. Robotic technologies, such as range, velocity, and acceleration measurements, and their processing and fusion were used as part of the system. In addition, vehicles can present very nonlinear behavior, especially at low speeds, and their control presents a formidable challenge. The problem domain of intelligent cruise-control applications has been described in detail, along with control and software development methodologies. We are currently working on applying the same model-based approach to the development of intelligent cruise-control systems for automated transit buses.     

Towards embedded model predictive control for System-on-a-Chip applications

We propose a framework for embedding model predictive control for Systems-on-a-Chip applications. In order to allow the implementation of such a computationally expensive controller on chip, we propose reducing the precision of the microprocessor to the minimum while maintaining near optimal control performance. Taking advantage of the low precision, a logarithmic number system based microprocessor architecture is used, that allows the design of a reduced size processor, providing further energy and computational cost savings. The design parameters for this high-performance embedded controller are chosen using a combination of finite element method simulations and bit-accurate hardware emulations in a number of parametric tests. We provide the methodology for choosing the design parameters for two particular control problems; the temperature regulation in a wafer cross-section geometry, and the control of temperature in a non-isothermal fluid flow problem in a microdevice. Finally, we provide the microprocessor architecture details and estimates for the performance of the resulting embedded model predictive controller.     

Component-based APIs for versioning and distributed applications

Operating system application programming interfaces (APIs) are typically monolithic procedural interfaces that address a single machine's requirements. This design limits evolutionary development and complicates application development for distributed systems. Current APIs tend to be large, rigid, and focus on a single host machine. Component-based APIs could solve these problems through strong versioning capabilities and support for distributed applications. Ideally, obsolete API calls should be deleted, and calls with modified semantics (but unmodified parameters and return values) would remain the same. However, since the OS must continue to support legacy applications, obsolete calls cannot be deleted, and new call semantics are best introduced through new calls. In addition, typical OS APIs do not adequately address the needs of distributed applications: they have support for intermachine communication but lack high-level support for accessing remote OS resources. The primary omission is a uniform method for naming remote resources, such as windows, files, and synchronization objects     

TheEvolve project: Component-based tailorability for CSCW applications

Tailorability is generally regarded as a key property of groupware systems owing to the dynamics and differentiation of cooperative work. This article investigates the use of software components as a generic architectural concept for designing tailorable groupware applications. First, the issues raised by this approach are discussed in the context of an exploratory experiment during which component-based tailorability was applied to a real tailoring problem in thePoliTeam project. The experiment's results led us to concentrate on questions concerning the support of distributed CSCW applications. As a consequence, we have developed theEvolve platform, whose design concepts are described. Furthermore, a concrete example for the application of the approach to the design of a tailorable distributed coordination tool is given. We discuss related work, summarise the current state of the component-based tailorability approach and propose venues of further research.     

Component-based tailorability: Enabling highly flexible software applications

Component technologies are perceived as an important means to keep software architectures flexible. Flexibility offered by component technologies typically addresses software developers at design time. However, the design of software which should support social systems, such as work groups or communities, also demands ‘use-time’, or technically spoken, ‘run-time’ flexibility. In this paper, we summarize a decade of research efforts on component-based approaches to flexibilize groupware applications at run-time. We address the user as a ‘casual programmer’ who develops and individualizes software for his work context. To deal with the challenges of run-time flexibility, we developed a design approach which covers three levels: software architecture, user interface, and collaboration support. With regard to the software architecture, a component model, called FlexiBeans, has been developed. The FreEvolve platform serves as an environment in which component-based applications can be tailored at run-time. Additionally, we have developed three different types of graphical user interfaces, enabling users to tailor their applications by recomposing components. To enable collaborative tailoring activities, we have integrated functions that allow sharing component structures among users. We also present different types of support techniques which are integrated into the user interface in order to enable users’ individual and collaborative tailoring activities. We conclude by elaborating on the notion of ‘software infrastructure’ which offers a holistic approach to support design activities of professional and non-professional programmers.     

面向嵌入式应用的加密算法开销与性能分析

为了找出最适合无线传感器网络应用的加密算法,通过对SEA算法、PRESENT算法、HIGHT算法进行理论分析,利用Atmega128L微处理器作为评估平台,对其开销和性能做了估计,并将仿真结果与其它算法进行比较.实验结果表明,HIGHT具有最优的性能,并且其内存开销也比较小,非常适合用于资源受限的应用中.为了高效地实现一种加密算法,其计算字长必须接近微处理器的字长.此外,SEA和PRESENT并不适合软件实现,硬件实现是更好的选择.     

DICOS: a real-time distributed industrial control system for embedded applications

The Fault-tolerant Systems Research Group of the Technical University of Valencia has developed the distributed industrial control system (DICOS) system. This paper describes DICOS nodes. The architecture of DICOS nodes and the error detection mechanisms used are presented. These mechanisms are based on the internal capabilities of the 16-bit microcontroller used and control flow checking and deadlines control with the aid of a second 8-bit microcontroller. Experimental results about the effectiveness of those mechanisms are shown in this paper.     

Electro-thermal analysis of an embedded boron diffused microheater for thruster applications

One of the important design criteria of micropropulsion systems in particular VLM is the type of microheater, its layout and placement with a view to achieve uniform heating of propellant, fast heat transfer efficiency with minimum input power. Thrust produced by microthruster not only depends on the structural geometry of the thruster and propellant flow rate, but also on the chamber temperature to produce super saturated dry stream at the exit nozzle. Detailed design of microheater in thermal and electrical domains using co-solvers available in MEMS software tools along with material’s thermal property, temperature dependence of electrical resistivity and thermal conductivity have been considered in the present work to achieve precise modeling and experimental accuracy of heater operation. The chamber temperature was analytically calculated and subsequently the required resistance and power were estimated. The boron diffused microheaters of meanderline configuration in silicon substrate has been designed and its finite element based electro-thermal modeling was employed to predict the heater characteristics. The variation of microheater temperature with time, applied voltage and along chamber length has been determined from the modeling. Subsequently the designed microheater was realized on silicon wafer by lithography and boron diffusion process and its detailed testing was evaluated. It was found that boron diffused resistor of 820 Ω can generate 405 K temperature with applied input power 2.4 W. Finally the simulated results were validated by experimental data.     

Model-driven monitoring support for the multi-view performance analysis of parallel embedded applications

This paper describes an approach to carry out performance analysis of parallel embedded applications. The approach is based on measurement, but in addition, the idea of driving the measurement process (application instrumentation and monitoring) by a behavioral model is introduced. Using this model, highly comprehensible performance information can be collected. The whole approach is based on this behavioral model, one instrumentation method and two tools, one for monitoring and the other for visualization and analysis. Each of these is briefly described, and the steps to carry out performance analysis using them are clearly defined. They are explained by means of a case study. Finally, one method to evaluate the intrusiveness of the monitoring approach is proposed, and the intrusiveness results for the case study are presented.     

嵌入式控制系统程序模式的自动分析方法

嵌入式控制系统通常都有模式,比如启动模式、正常工作模式以及紧急模式等。程序模式是由其输入变量值范围组合构成的输入变量约束表达式表示的。基于源程序,获取其模式,不仅能够验证实现的模式与设计是否一致,还能够更加精确地计算程序的WCET。在对源程序进行分析的基础上,提出了一种自动获取程序模式的新方法。该方法基于C语言源程序,针对程序控制流程图,通过调整循环中节点流向以及去除与输入变量无关的节点,获得输入变量相关控制流程图ICFG,通过对ICFG每条路径建立线性规划问题并求解,获得每一个潜在的程序模式及其输入变量约束表达式。对基准程序的实验结果,表明了该方法的可行性和有效性。     

Engineering Web technologies for embedded applications

The founder of Agranat Systems examines the design issues involved in engineering effective Web technologies for embedded systems. Small embedded TCP/IP stacks and Web server software now make it possible to manufacture reliable, inexpensive Web-enabled devices across many industries and markets. Embedded systems require Web servers that are designed to minimize memory footprint and avoid interference with mission-critical and real-time applications. To guarantee a reliable user interface with minimal impact on system performance, the server software should utilize the latest HTTP 1.1 standards from the Internet Engineering Task Force. It won't be long before intelligent devices worldwide will be nodes on a network and managed from Web browsers     

Managing end-to-end QoS in distributed embedded applications

Maintaining end-to-end quality of service (QoS) is a challenge in distributed real time embedded systems due to dynamically changing network environments and resource requirements. The authors' middleware QoS management approach encapsulates QoS behaviors as software components. Using the Corba component model, they build these specialized QoS components and combine them to produce a comprehensive management system that maintains QoS. The authors illustrate the approach by building a real-world medium-scale system with these components. Using this example, they demonstrate the reusability of each component in different contexts.     

嵌入式应用中的循环级线程推测并行性分析

如何有效利用多核提供的丰富晶体管资源对串行程序的执行进行加速是当前研究中的热点问题。线程级推测（thread-level speculation,TLS）技术旨在充分利用多核资源,最大化地开发出串行代码中存在的潜在并行性。目前TLS技术已经在多种串行应用的并行化工作中得到有效利用,但嵌入式应用程序仍未在推测并行化方面进行有效的分析。因此,选取了八个具有代表性的嵌入式应用,对其在循环级推测并行化中的性能提升潜力和运行时特征（数据依赖、线程粒度和并行覆盖率）进行探讨。实验结果表明,利用线程级推测并行化嵌入式应用的加速效果优于指令级并行技术,实验中的最大加速比达到了13.29;在嵌入式应用领域,该技术可以有效地利用4到8核的计算资源。     

Distributed embedded smart cameras for surveillance applications

Recent advances in computing, communication, and sensor technology are pushing the development of many new applications. This trend is especially evident in pervasive computing, sensor networks, and embedded systems. Smart cameras, one example of this innovation, are equipped with a high-performance onboard computing and communication infrastructure, combining video sensing, processing, and communications in a single embedded device. By providing access to many views through cooperation among individual cameras, networks of embedded cameras can potentially support more complex and challenging applications - including smart rooms, surveillance, tracking, and motion analysis - than a single camera. We designed our smart camera as a fully embedded system, focusing on power consumption, QoS management, and limited resources. The camera is a scalable, embedded, high-performance, multiprocessor platform consisting of a network processor and a variable number of digital signal processors (DSPs). Using the implemented software framework, our embedded cameras offer system-level services such as dynamic load distribution and task reconfiguration. In addition, we combined several smart cameras to form a distributed embedded surveillance system that supports cooperation and communication among cameras.     

Processor architecture considerations for embedded controller applications

The ways in which the environment of an embedded controller differs from that of a general-purpose CPU are described. A particular embedded controller application, the network interface is examined. The microprocessor used is the 32-bit VL86C010 Acorn RISC (reduced-instruction-set computer). The features of the network architecture, as they affect the choice of processor, are discussed. The impact of system latency on the choice of hardware is examined.<>     

Verification and analysis of domain-specific models of physical characteristics in embedded control software

ContextA considerable portion of the software systems today are adopted in the embedded control domain. Embedded control software deals with controlling a physical system, and as such models of physical characteristics become part of the embedded control software.ObjectiveDue to the evolution of system properties and increasing complexity, faults can be left undetected in these models of physical characteristics. Therefore, their accuracy must be verified at runtime. Traditional runtime verification techniques that are based on states/events in software execution are inadequate in this case. The behavior suggested by models of physical characteristics cannot be mapped to behavioral properties of software. Moreover, implementation in a general-purpose programming language makes these models hard to locate and verify. Therefore, this paper proposes a novel approach to perform runtime verification of models of physical characteristics in embedded control software.MethodThe development of an approach for runtime verification of models of physical characteristics and the application of the approach to two industrial case studies from the printing systems domain.ResultsThis paper presents a novel approach to specify models of physical characteristics using a domain-specific language, to define monitors that detect inconsistencies by exploiting redundancy in these models, and to realize these monitors using an aspect-oriented approach. We complement runtime verification with static analysis to verify the composition of domain-specific models with the control software written in a general-purpose language.ConclusionsThe presented approach enables runtime verification of implemented models of physical characteristics to detect inconsistencies in these models, as well as broken hardware components and wear and tear of hardware in the physical system. The application of declarative aspect-oriented techniques to realize runtime verification monitors increases modularity and provides the ability to statically verify this realization. The complementary static and runtime verification techniques increase the reliability of embedded control software.     

Component-based LR parsing

A language implementation with proper compositionality enables a compiler developer to divide-and-conquer the complexity of building a large language by constructing a set of smaller languages. Ideally, these small language implementations should be independent of each other such that they can be designed, implemented and debugged individually, and later be reused in different applications (e.g., building domain-specific languages). However, the language composition offered by several existing parser generators resides at the grammar level, which means all the grammar modules need to be composed together and all corresponding ambiguities have to be resolved before generating a single parser for the language. This produces tight coupling between grammar modules, which harms information hiding and affects independent development of language features. To address this problem, we have developed a novel parsing algorithm that we call Component-based LR (CLR) parsing, which provides code-level compositionality for language development by producing a separate parser for each grammar component. In addition to shift and reduce actions, the algorithm extends general LR parsing by introducing switch and return actions to empower the parsing action to jump from one parser to another. Our experimental evaluation demonstrates that CLR increases the comprehensibility, reusability, changeability and independent development ability of the language implementation. Moreover, the loose coupling among parser components enables CLR to describe grammars that contain LR parsing conflicts or require ambiguous token definitions, such as island grammars and embedded languages.     

Towards decentralized system-level security for MPSoC-based embedded applications

With the increasing connectivity and complexity of embedded systems, security issues have become a key consideration in design. In this paper, we propose a decentralized system-level approach for isolating application tasks without the need to rely on a centralized privileged authority at run-time. We discuss the need for isolation to reduce the potential impact of a task compromise or untrustworthy IP block, and present mechanisms to allow for safe sharing of memory regions and IP blocks between tasks in the system. After exploring the architectural requirements for enforcing our security model we present a hardware Isolation Unit, which can be customized for different types of dynamic permission changes depending on task-resource relationships and added to heterogeneous MPSoCs to enforce our security approach.