Android has become the most popular operating system on mobile devices. However, the Android is an open source system with billions of applications. More users are choosing Android, so Android security problems are receiving much attention in the industry. Android of malware is already a major problem and cannot be avoided in the Android ecosystem. This paper describes a sandbox system based on Android 4.1.2 which can dynamically monitor and record application behavior. A risk assessment approach based on behavior analysis is given so that users can get an explicit risk prognosis for an application to improve their safety. Tests on malware and normal application samples verify the effectiveness of this risk assessment approach.

The number of Android applications is growing rapidly, which is bringing more and more vulnerabilities. However, most existing tools use only simple API scanning with data flow analysis tools rarely used, so some vulnerabilities cannot be found. This paper presents a static analysis framework for Android applications based on common vulnerability patterns. The analysis can detect 7 kinds of vulnerability patterns in Android apps using detection rules. Tests on 323 Android applications show that the framework can detect more than 70% of the vulnerabilities with less than 30% false positives, which shows that it can effectively detect common security vulnerabilities in Android apps.

Android third-party advertising frameworks are deployed in almost every Android app. The vulnerabilities of the Android OS and these advertising frameworks greatly impact the security of the Android market. The attacker can get the users' private data, trigger sensitive operations and execute arbitrary code on the device. This paper summarizes four classes of attacks in Android third-party advertising frameworks and gives two detection algorithms to discover these four classes of vulnerabilities. The first detection algorithm statically analyzes the advertising frameworks using a backward slicing algorithm and a static forward tainting analysis. The second algorithm dynamically detects malicious behavior in advertising frameworks using API hooking and targeted API tracing. An Android malicious ad security threat analysis and detection system is designed and implemented based on these two algorithms. Tests show that this system effectively discovers potential vulnerabilities in advertising frameworks and dynamically detects malicious behavior in advertisements.

Fuzzing testing is one of the most widely used and most effective methods for vulnerability detection. However, the traditional fuzzy analysis method is inefficient and works blindly. This paper describes a refining method that reduces the test sample size with the same code coverage. A weighted testing time model is used to give the better sample more time. A taint based exception analysis method is used to evaluate the severity of exceptions and to improve the vulnerability analysis efficiency. Comparisons with Peach show that this method improves the traditional fuzzy analysis method.

Binary program algorithm identification is widely used for malware detection, software analyse, network encryption analyse and computer system protection. This paper describes a malware algorithm recognition method using offline instruction-flow analyses using binary instrumentation, taint traces, and loop recognition. The algorithm features are described including the behavior semantics and key constants extracted from the instruction-flow algorithm. Two machine learning models trained by these features are merged into one accurate recognition algorithm.

The Common Criteria (CC) does not adequately explain the security architecture and policy model requirements which hinders security evaluations. This paper classifies the requirements through a general CC evaluation model based on design decomposition. The analysis then categorizes the TOE security functionality (TSF) as the TSF meta-functionality and the TSF obligatory functionality to demonstrate the need for justifying the security properties in the architecture design. Then, security architecture description and evaluation approaches are described for vulnerability analysis activity. Then, this paper describes the need for formalizing the security policy model based on observations of the logical gap between the security target (ST) and the functional specification (FSP) requirements. A (semi-) formalization of the security functional requirements is given to bridge the gap. The national standard GB/T18336 (the Chinese version of CC v3.1) will be adopted soon in China, so the analysis in this paper is needed to improve security evaluation activities.

The t-test is a hypothesis test that deals with two Gaussian samples with unknown variances. When the two samples have unequal variances and unequal sample sizes, the Welch t-test is more reliable than the Student's t-test. This paper evaluates the 1st order side-channel information leakage of 3DES with an AES type t-test. Welch t-tests suitable for evaluating 3DES are given with tests on three different devices that show this method is effective.

With the rapid growth of cloud storage, more and more users are choosing to store their data in the cloud to reduce storage costs. However, users then lose control of the data and the data integrity cannot be ensured. Thus, cloud service providers (CSP) need to provide proof to users that their data is secure through an efficient integrity verification protocol. A number of feasible schemes have been proposed, but they have trouble supporting fully dynamic operations including insert, modify, and delete and they have large computing, storage and communication costs. This paper presents a data integrity verification scheme based on a large branching tree (LBT). The scheme supports fully dynamic updates and simplifies the dynamic update process by constructing a simple authentication tree. Tests show that the scheme reduces the computation of burden of the entities so that the method can be efficiently applied in the cloud environment to verify data integrity with frequent update operations.

The huge structures and the complex behavior of threat models in complex networks are given too much computing effort for threat analyse. This paper presents an algebraic framework for threat modeling using algebraic theory to describe the object and its threats which are all implemented in a C program. An algebraic function measures the similarities among different threats and then expands the analysis using matrixes or nonlinear constraint theory. Finally, an equivalence relation for the concurrent theoretical is used to established a threat polymerization rule for similar threats to optimize the threat model and reduce the threat analysis complexity.

A mixed-index evaluation method is given to evaluate the security of system operations using a business effectiveness index. The business effectiveness index was established in Q·S, with real type, interval data and language types using BECM. A complete information system security evaluation then uses a general consideration of both the business effectiveness index and other security indexes. The uncertainty of the overall system security due to incomparable attribute characteristics, such as the security risk and stable operating descriptions is improved by a comprehensive model to evaluate linguistic terms using lattice implication algebra. Examples demonstrate that this method gives intuitive, credible evaluations for decision analyse.

Offshore wind energy resources are more abundant than on land. However, sea and land winds have different meteorological elements so offshore wind resource assessments need to take the impact of the temporal and spatial characteristics of the offshore wind resources into consideration. Data from an offshore wind measurement mast was used to study offshore wind distributions at different time scales. The EM (expectation-maximization) algorithm was used to study the differences in offshore wind distributions between day and night, which is normally not considered in traditional wind assessment methods. The spatial characteristics of offshore winds will than analyzing using a machine learning algorithm, Monin-Obukhov similarity theory, and a parameter replacement scheme in discrete calculations and in an ocean surface aerodynamic roughness model. This method efficiently reflects the impact of ocean surface aerodynamic roughness changes on the vertical variations of the wind speed that is not considered in traditional wind shear formula. The results show the temporal and spatial characteristics of the offshore wind resources as a basis for better offshore wind assessments for planning offshore wind farms.

The status of nuclear reactors in commercial nuclear power plants needs to be closely monitored to maintain normal operations. When a failure occurs, rapid and effective fault diagnostics and proper handling of failures is extremely important. This paper applies dynamic uncertain causality graph (DUCG) theory to fault diagnostics of nuclear power plants. The method was applied to a model with 8 typical second and loop faults based on the Ningde Nuclear Power Plant Unit 1 CPR1000 of the China Guangdong Nuclear Power Group (CGNPC) to verify the fault diagnostics and initial progression forecasts. Simulations were used to test each fault 20 times. The method and stimulator tests both showed that DUCG can accurately, quickly and efficiently diagnose faults.

Student-teacher relationships in a university were analyzed using contact data from surveillance videos to calculate distributions, clustering coefficients, k-cores and community structures. The results show that the contact networks have some characteristics of ER random networks and WS small world networks, but with many more k-cores and communities. The relationships between the teachers and students play an important role in the network structure. The results provide empirical data for building contact network models in workplaces and for the study of information and epidemic spreading in workplaces.

Health Intervention Classifications (CHI) request efficient coding information systems, various information models have better developed for CHI, including a conceptual ontology model, an Object-Oriented UML (unique modeling language) model, and an ER (entity-relationship) model. This work describes a multi-level CHI information model used to create a database with a large amount of data from the various prevailing standards. A mapping mechanism among the standards within the database is also given. The results of this study can assist CHI coding procedures and provide a base for the final IT system implementation that focuses on supporting decision-making in medical management.

The spatio-temporal Kriging method can be significantly improved by extending the variogram definition to the space-time domain. The key step in constructing the spatio-temporal variogram is to calculate the vector distances between the time slices and the space slices. This study analyzes the influence of the vector distance on the spatio-temporal variogram construction and presents a vector distance model that includes both the magnitude and the direction information. The algorithm was evaluated using magnetic field data with the evaluations based on the L1 norm and the L2 norm. The results show that the model with the additional direction information in the vector distance, more effectively represented the data characteristics which improved the spatio-temporal Kriging interpolation accuracy.

There are various stakeholders in hydropower development projects, among which the owners play a key role in managing all the resources involving the stakeholders during the hydropower project lifecycle. This study focuses on the stakeholder cooperation management in hydropower development projects from the perspective of the owners. Ranking, correlation analysis and social network analysis showed the importance of stakeholder cooperation management, inter-organizational linking and the social network relationships of the stakeholders. The results provide guidance for owners to enhance inter-organizational linking and improve stakeholder cooperation management according to different roles.