The authors proposed a new Android repackaging method based on Android app characteristics. The new method can repackage apps without decompiling nor modifying the code and also supports packed apps. The method leverages multiple new code injection techniques to attach code to the app. Then, it adds a hook framework to provide capabilities to modify the code behaviors. Finally, the app’s behaviors will be changed during runtime, thus the app is repackaged. A prototype framework is also implemented. The experiments demonstrate that the framework is compatible to different Android platforms and multiple packers. This research has proved that the current packing techniques have some flaws and the method can be used in dynamic code analysis, defense policies deployment and app modification.
The authors propose a practical and accurate cross site script prevention method based on delimiters for UTF-8 encoded web applications. Only trusted delimiters are tainted into corresponding UTF-8 shadow bytes, and these tainted shadow bytes are automatically propagated in web applications and can be directly delivered into output pages. Cross site script is prevented by analyzing the tainted delimiters and HTML context of output pages. A prototype called XSSCleaner is implemented on PHP. The evaluation shows that XSSCleaner can accurately protect web applications from real world cross site script attacks with an average overhead 12.9%.
Current Chinese font library generation systems bear a major drawback that the user is required to write all characters contained in the font library, which is rather boring and time consuming. This paper proposes a system to automatically generate Chinese font libraries of high quality based on component assembling. An input set of a few characters for users is selected to write according to the instructive information of Chinese characters. Then components of each written characters are extracted. Several selected components are combined to construct each unwritten character. Finally the complete Chinese personal font library is obtained, which contains 6763 Chinese characters according to the GB2312 standard. Experimental results show that the proposed system can generate personal Chinese font libraries with dramatically shorter time and still keep excellent quality.