Registered user since Mon 24 Oct 2022
Contributions
View general profile
Registered user since Mon 24 Oct 2022
Contributions
Short Papers and Posters
Wed 14 Jun 2023 10:00 - 10:30 at Aurora Hall - PosterThe exponential increase in smartphone usage has fueled the rapid growth of Android applications (apps). Unfortunately, this growth has also resulted in an alarming rise in security vulnerabilities, posing a significant challenge for developers of smartphone apps. In this paper, we conducted a quantitative and qualitative study to analyze security-related issues in open-source Android apps available on GitHub. Our study included a total set of 689 security-related commits identified from 111,224 commits distributed over 2,187 apps. We proposed a taxonomy of ten distinct categories of security issues, which we identified using the card-sorting technique. Our findings showed that permission issues were the most prevalent in our dataset (370, 53.7%), followed by Login issues (160, 23.22%). Issues such as Privacy (5, 0.72%) and Framework (3, 0.43%) were rare in our dataset. Other security issues were related to Encryption, Authentication, Generic Security, Decryption, Network, and Database. Our taxonomy also included 91 sub-categories/sub-themes, with permission issues having the highest number of sub-categories (37). Developers discussed permission sub-categories, such as permission sub-categories in their commits are camera permission, WiFi permissions, storage permission, WRITE/READ_PHONE_STATE permission, and location permission, among others, in their code commits. These preliminary findings serve as an initial step towards comprehending the primary security concerns from the perspective of both developers and researchers. Furthermore, our long-term objective is to investigate how developers address these security issues in their apps and determine whether they effectively resolve them. This research could provide valuable insights into improving the security of Android apps and preventing potential security breaches.
Vision and Emerging Results
Thu 15 Jun 2023 11:20 - 11:30 at Aurora Hall - Software Architecture Chair(s): Andrea JanesArchitecting software-intensive systems can be a complex process. It deals with the daunting tasks of unifying stakeholders’ perspectives, designers’ intellect, tool-based automation, pattern-driven reuse, and so on, to sketch a blueprint that guides software implementation and evaluation. Despite its benefits, architecture-centric software engineering (ACSE) inherits a multitude of challenges. ACSE challenges could stem from a lack of standardized processes, socio-technical limitations, and scarcity of human expertise etc. that can impede the development of existing and emergent classes of software (e.g., IoTs, blockchain, quantum systems). Software Development Bots (DevBots) trained on large language models can help synergise architects’ knowledge with artificially intelligent decision support to enable rapid architecting in a human-bot collaborative ACSE. An emerging solution to enable this collaboration is ChatGPT, a disruptive technology not primarily introduced for software engineering, but is capable of articulating and refining architectural artifacts based on natural language processing. We detail a case study that involves collaboration between a novice software architect and ChatGPT for architectural analysis, synthesis, and evaluation of a services-driven software application. Preliminary results indicate that ChatGPT can mimic an architect’s role to support and often lead ACSE, however; it requires human oversight and decision support for collaborative architecting. Future research focuses on harnessing empirical evidence about architects’ productivity and exploring socio-technical aspects of architecting with ChatGPT to tackle emerging and futuristic challenges of ACSE.
Link to publication Pre-print