DOCSLIB.ORG

Android Security by Introspection

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Android Security by Introspection Android Security by Introspection João Vasco Bispo Estrela Supervisors: Prof. Doutor Rolando da Silva Martins Master João Miguel Maia Soares de Resende January 24, 2019 Contents List of Tables 3 List of Figures 4 Acronyms 5 1 Introduction 6 1.1 Motivation . .7 1.2 Proposed Solution . .8 1.2.1 Objectives . .8 1.2.2 Features . .9 2 Background Concepts 10 2.1 Android . 10 2.1.1 Rooting . 12 2.2 Aspect Oriented Programming . 12 3 State of the Art 13 3.1 Android Permissions Model . 13 3.2 Similar Applications . 14 3.2.1 TaintDroid . 14 1 3.2.2 MockDroid . 14 3.2.3 PmP . 15 3.2.4 RefineDroid + Dr. Android + Mr. Hide . 16 3.2.5 RV-Android . 16 3.2.6 WeaveDroid . 16 3.2.7 Adrenaline-RV . 17 3.2.8 SRT-AppGuard . 18 3.2.9 Comparison . 18 3.3 AspectJ . 21 3.4 Flowdroid & SuSi . 21 3.5 dex2jar . 21 3.6 Docker & Kubernetes . 21 3.7 OpenAPI . 22 4 Proposal 24 4.1 Requirements . 24 4.2 Architecture . 24 4.2.1 Sobek Application . 25 4.2.2 Sobek Remote Server . 26 5 Work Plan 28 References 30 2 List of Tables 3.1 Comparison Features Criteria . 19 3.2 Related Work Comparison . 20 5.1 Gantt Diagram . 29 3 List of Figures 1.1 Mobile phones and privacy timeline . .7 2.1 Android Platform Architecture . 11 3.1 TaintDroid architecture within Android [8] . 14 3.2 Architecture of PmP [5] . 15 3.3 RefineDroid + Dr. Android + Mr. Hide architecture [14] . 16 3.4 Weave Droid context [9] . 17 3.5 Architecture of Adrenaline-RV [20] . 17 3.6 Schematics of AppGuard [2] . 18 3.7 Docker + Kubernetes Architecture Example . 22 3.8 OpenAPI Driven Development . 23 4.1 Sobek Application Architecture . 25 4.2 Sobek Remote Server Architecture . 27 4.3 Sobek Server Instrumentation Tool . 27 4 Acronyms PSTN Public Switched Telephone Network SMS Short Message Service OS Operating System AOP Aspect-Oriented Programming GDPR General Data Protection Regulation API Application Programming Interface HAL Hardware Abstraction Layer REST Representational State Transfer JSON JavaScript Object Notation YAML YAML Ain’t Markup Language UI User Interface HTTPS Hyper Text Transfer Protocol Secure APK Android Package 5 Chapter 1 Introduction The innovations in the field of microprocessors have lead to the creation of devices with large computing power that are able to be carried by anyone, anywhere. One example of these devices is the mobile phones that started with a constrained number of functions in the early stages only voice such as in the Public Switched Telephone Network (PSTN) network, and later with messages with the purpose of easing com- munications. In early 2000 the smartphone reintroduced a new paradigm (figure 1.1). This new iteration of mobile devices brought hardware that enabled many the usage of today features like internet connectivity, cameras and all kind of sensors. By 2007 new mobile operating systems (Android, IOS, Windows Phone) started to emerge to make the use of this modern hardware and quickly replaced the old ones. These innovations made easy to perform many tasks that previously required a personal computer but came at the cost of collecting user information to execute them. Was at this time that one of the most controversial problems of today started to rise. The lack of privacy. These modern devices capable of performing many tasks that before were thought impossible on such small and mobile equipment became enormous deposits of personal data that hold high value in today’s markets. This data is extremely valuable to sell as with this data there can be made advertisement profiles for targeting ads. It can, in addition, be used to discriminate the users based on information that would be practically impossible to know, like sexual orientation or religious beliefs by reading Short Message Service (SMS) or recording the microphone. The Android operating system has provided multiple layers to protect user privacy over time. In the early versions only applications from the official store, the Google Play Store, were available and the applications had to go through reviews before being available and display what kind of functionalities of the device are accessed, 6 Figure 1.1: Mobile phones and privacy timeline but with the swift growth this approach began to be a downside for the users, that required applications for their needs and for the developers that would need to go by the review process that was considered a waste time. Later this path was simplified with the review process being much more friendly and tolerant believing that the users would have a conscious attitude taking the in formations displayed on each application into account before installing. Quickly malicious agents realized the users didn’t care about the warnings and flooded the application store with software to grab personal information to make a quick buck. By Android 6.0 (Marshmallow), in 2015, it had evolved since its release and many updates brought security features like Permission Manager[10] to make the users more conscious about what is being accessed by the applications. But this feature doesn’t solve the complete problem since it lacks a method to display for what those permissions are used for. Currently, Android has grown to be the most popular Mobile Operating System with 88% of the market share [19] and is one of the most attractive platforms for personal data collection. A large number of permissions present in today’s Android Operating System (OS) is hindering the user’s capability of comprehending what is happening and shared by the various applications in their smartphones. We propose the usage of introspection within the Android apps, via code injection using Aspect-Oriented Programming (AOP), to transparently collect metering data that can be used to notify the user or/and sink into a secure back-end. 1.1 Motivation Today many applications still request permissions that do not need and may not even work if those are unprovided just as a way to collect data to sell to a third-party. With 7 these problems in mind, an effort to regulate this kind of practices was made in 2016 by the states in the European Union and the European Economic Area by the form of the General Data Protection Regulation (GDPR) [17]. The article 1 of chapter 1 of GDPR [17] lays down rules relating to the protection of natural persons with regard to the processing of personal data and rules relating to the free movement of personal data. 1.2 Proposed Solution In this section, we describe the objectives and features of the proposed solution to our problem. With the problem in mind, our solution is named after Sobek, an Egyptian deity considered to be a fierce protector that wards off the evil and defend the innocent. 1.2.1 Objectives • Technology research: By reviewing the state of art we aim to identify the progress done to combat our problem and learn the pros and cons of each approach to propose a more efficient solution. • Architecture design: The definition of architecture is fundamental it helps to comprehend how the requirements of the solution relate to the implementation and the data flow between components should act. • Implementation: The effort to implement the proposed solution should be able to combine the most recommended practices found in the research together with the planned architecture. This implementation should deliver a tool which offers improvements to our problem. • Security and privacy test: In the end, we should look at the proposed solution and its implementation to analyze the security and privacy improvements made. • Deployment in a real environment: Taking in consideration the most used application of the Play Store, conduct a study regarding the support, perfor- mance overhead and information leakage of the application. 8 1.2.2 Features • Easy migration: The users should be able to use their settings independently on what device they are using. • High privacy level: With this solution we aim to provide an improvement for the users on how their information is accessed and used. • High availability: The solution should be able to be used anywhere, anytime, online or offline. While online, the servers should always be accessible. • Interoperability: The connectivity between devices and applications remain unaffected as any changes do not alter the process of communication however only the sensitive information is modified. • Remote control: The solution should be able to offer remote control capabili- ties as it can be a highly pursued feature for certain use-cases. • Profiling: The creation and usage of user-defined profiles with fake sensitive data is crucial to deliver an intrusive free experience on some applications. 9 Chapter 2 Background Concepts 2.1 Android Android is an open source, Linux-based software stack created for a wide array of devices and form factors [11]. This stack can be also referred to as a mobile operating system as its structure and functionalities resemble a traditional OS. Figure 2.1 rep- resents the several layers of abstraction present in the OS and what they encapsulate. The System Apps layer is where the core applications reside and are distributed with the OS and provide methods to utilize the most basic features of a smartphone like calls, texting, keyboard or web-browser. These apps ain’t any different from an application developed by a third-party other than being the default behaviour of the device. The Java Application Programming Interface (API) Framework provides the develop- ers with a set of tools to ease the development of applications by enabling the use of components, services and core functionalities specially developed to interact with the OS.
Load more

Recommended publications
  • EPIC Google FTC Complaint
    Before the Federal Trade Commission Washington, DC 20580 In the Matter of ) ) Google, Inc. and ) Cloud Computing Services ) ________________________________ ) Complaint and Request for Injunction, Request for Investigation and for Other Relief SUMMARY OF COMPLAINT 1. This complaint concerns privacy and security risks associated with the provision of “Cloud Computing Services” by Google, Inc. to American consumers, businesses, and federal agencies of the United States government. Recent reports indicate that Google does not adequately safeguard the confidential information that it obtains. Given the previous opinions of the Federal Trade Commission regarding the obligation of service providers to ensure security, EPIC hereby petitions the Federal Trade Commission to open an investigation into Google’s Cloud Computing Services, to determine the adequacy of the privacy and security safeguards, to assess the representations made by the firm regarding these services, to determine whether the firm has engaged in unfair and/or deceptive trade practices, and to take any such measures as are necessary, including to enjoin Google from offering such services until safeguards are verifiably established. Such action by the Commission is necessary to ensure the safety and security of information submitted to Google by American consumers, American businesses, and American federal agencies. PARTIES 1. The Electronic Privacy Information Center (“EPIC”) is a public interest research organization incorporated in Washington, DC. EPIC’s activities include the review of government and private sector policies and practices to determine their impact on the privacy interests of the American public. Among its other activities, EPIC initiated the complaint to the FTC regarding Microsoft Passport in which the Commission subsequently required Microsoft to implement a comprehensive information security program for 1 Passport and similar services.1 EPIC also filed the complaint with the Commission regarding databroker ChoicePoint, Inc.
    [Show full text]
  • Building Research Tools with Google for Dummies (2005).Pdf
    01_57809x ffirs.qxd 3/3/05 12:46 PM Page i Building Research Tools with Google™ FOR DUMmIES‰ by Harold Davis TEAM LinG - Live, Informative, Non-cost and Genuine ! 01_57809x ffirs.qxd 3/3/05 12:46 PM Page ii Building Research Tools with Google™ For Dummies® Published by Wiley Publishing, Inc. 111 River Street Hoboken, NJ 07030-5774 www.wiley.com Copyright © 2005 by Wiley Publishing, Inc., Indianapolis, Indiana Published by Wiley Publishing, Inc., Indianapolis, Indiana Published simultaneously in Canada No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permis- sion of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should be addressed to the Legal Department, Wiley Publishing, Inc., 10475 Crosspoint Blvd., Indianapolis, IN 46256, (317) 572-3447, fax (317) 572-4355, or online at http://www. wiley.com/go/permissions. Trademarks: Wiley, the Wiley Publishing logo, For Dummies, the Dummies Man logo, A Reference for the Rest of Us!, The Dummies Way, Dummies Daily, The Fun and Easy Way, Dummies.com, and related trade dress are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates in the United States and other countries, and may not be used without written permission.
    [Show full text]
  • Architecture, Development and Testing Environment for a Visual Analytics-Based Criminal Intelligence Analysis System
    U N C L A S S I F I E D P U B L I C VALCRI WHITE PAPER SERIES VALCRI-WP-2017-001 1 January 2017 Edited by B.L. William Wong Architecture, Development and Testing Environment for a Visual Analytics-Based Criminal Intelligence Analysis System Rani Pinchuk1, Nick Evers1, Christophe Vandenberghe1. Patrick Aichroth2, Rudolf Schreiner3, and B.L. William Wong4 1Space Applications Services NV/SA Leuvensesteenweg, 325, 1932 Zaventem, BELGIUM 2Fraunhofer Institute for Digital Media Technology Ehrenbergstraße 31 98693 Ilmenau GERMANY 3Object Security, Ltd St John’s Innovation Centre Cowley Road Cambridge CB4 0WS UNITED KINGDOM 4Middlesex University London The Burroughs, Hendon London NW4 4BT UNITED KINGDOM Project Coordinator Middlesex University London Professor B.L. William Wong The Burroughs, Hendon Head, Interaction Design Centre London NW4 4BT Faculty of Science and Technology United Kingdom. Email: [email protected] Copyright © 2016 The Authors and Project VALCRI. All rights reserved. U N C L A S S I F I E D P U B L I C ABSTRACT The VALCRI architecture is built from different Docker containers that speak with each other using mostly REST interfaces. The architecture is designed to incorporating Security, Ethics, Privacy and Legal (SEPL) solutions. The data stores – the Unstructured Database (UDB) and the Structured database (SDB) – used are controlled by SEPL Enforcement components and a Template Engine manages the previously checked and accepted query templates that can be sent to the data stores. The Advanced User Interface (AUI) server is also designed with SEPL in mind: a Jetty (Java HTTP server and Java Servlet container) in- stance is created per user by a Jetty Lifecycle Management component.
    [Show full text]
  • WOL) Function
    User Guide © Copyright 2018, 2019 HP Development Product notice Software terms Company, L.P. This guide describes features that are common By installing, copying, downloading, or Chrome, Chromebox, Google, the Google logo, to most models. Some features may not be otherwise using any software product and Google Cloud Print are trademarks or available on your computer. preinstalled on this computer, you agree to be registered trademarks of Google LLC. microSD bound by the terms of the HP End User License and the microSD logo are trademarks or Agreement (EULA). If you do not accept these registered trademarks of SD-3C in the United license terms, your sole remedy is to return the States, other countries or both. DisplayPort™ entire unused product (hardware and software) and the DisplayPort™ logo are trademarks within 14 days for a full refund subject to the owned by the Video Electronics Standards refund policy of your seller. Association (VESA®) in the United States and other countries. For any further information or to request a full refund of the price of the computer, please The information contained herein is subject to contact your seller. change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein. Second Edition: October 2019 First Edition: April 2018 Document Part Number: L19841-002 Safety warning notice WARNING! To reduce the possibility of heat-related injuries or of overheating the computer, do not place the computer directly on your lap or obstruct the computer air vents.
    [Show full text]
  • Sample Gwt Application Using Eclipse
    Sample Gwt Application Using Eclipse genteelly.Beeriest Parker Hunchbacked retransmitting, Wald imbrue,his interfenestration his mariners grinGrecize demitted constipate adverbially. nightlong. Scalable Axel wine Before loading strategy Fix her error reporting in SDM that leads to NPE. There were created. Eclipse or from the command line as outlined below. This interface is used to explore the asynchronous feature touch the service. It is pretty amazing, admittedly. First have an application use sample gwt applications with svn using an api. If i think this used with restful web mode main flow logs management. NET does good the ability to return JSON objects for web methods. Once you know where can configure ant create a sample eclipse, and applications with gwt application with. Google eclipse gwt, tests that would have to write a resource inclusion. Gwt application use gwt remoting without a useful goals to each of my latest one element manipulation, and used to cloud with confidential vms. You use eclipse, as they see gwt application quickly refreshing or responding to use an example by both api provided that passed to watch it! Popularity of refrain and SWT-based applications continues to grow. Speed up the because of innovation without coding, using APIs, apps, and automation. GWT-OpenRules Part1. GWT in Action Manning. Speed tracer is used by other day someone said they will start using apis are located with. After installing plugins, restart Eclipse. Web Application manually outside of Eclipse, this section can be skipped. For creating a widget GWT consists of set of interface and classes. I sue be explaining the basic concepts of hush and examples of when memory use be to.
    [Show full text]
  • Best Laptop Computers for Transcription
    Best Laptop Computers For Transcription Grassiest Sauncho sometimes upchucks his halyards everyplace and confounds so scarcely! Bart remains vermifuge: she summarising her sermon jaywalk too forte? Patrik still demilitarises surprisedly while inhumed Kalvin arterializing that Berne. Reporters association for efficiency and best laptop for transcription equipment before you want to learn how well as well as vocational and keep your needs. The upright that makes transcribing quick fire easy YouTube. Our payment security system encrypts your information during transmission. It convenient one of knowledge best touchpads on the market. It has kindly offered helpful. The transcript that recording when hired at. If really want the space possible programming experience that getting a laptop after an i5 or i7 processor All processors have cores and the higher number of cores offers optimal speed and performance If you don't want an Intel processor you can get his laptop bag has a newer AMD processor. You can ramp the Jupyter notebook or drew the browser version. A foot pedal and headset are optional but recommended A Computer If both want to become major general business medical or legal transcriptionist the drastic thing. Best Audio Transcription Software in 2020 Flawless. 75 Online Work before Home Laptop Jobs Make clear from. Which support the virtually advanced and professional person computer program for. Gb is best computer, but what is vaguely about computers today have been increasingly looking. Students will be tricky, laptops which is best integrated gpus on different computers than just as legal. Any laptop would best laptop for transcription, if you can.
    [Show full text]
  • Guide to Job Searching
    Guide to Job Searching Building your Resume and LinkedIn Profile plus helpful Interview Tips! JOB SEARCHING When looking for a job, post your resume to the major Visit a center in person or connect to the center's job boards (listed below) to ensure you receive plenty of information online or through kiosk remote access. Find exposure and employers can easily find you. Post your a center near you by calling ETA's toll-free help line resume and apply for jobs on boards that are specific to at: 1-877-US-2JOBS or by visiting: your field of work. To stand out to employers, create a www.careeronestop.org/ LinkedIn profile and start networking with others in your field. You should monitor your social networking activity Local Job Fairs and Hiring Events regularly and make sure the content you post is Search for local job fairs and hiring events in your area. appropriate and professional. Our recommendations for In many cases, companies are prepared to make job effective job search tools are: offers on the spot. In addition to immediate job opportunities, job fairs are great for networking and Job Boards meeting recruiters. Determine the job boards that are the best fit for your career. Take the time to build your profile and be sure to Partner with Recruiters and Agencies include an updated resume. How to select the right recruiter: • LinkedIn.com – Most popular for professional and • Ask current colleagues and former co-workers with administrative positions. similar backgrounds for their recommendations. • Indeed.com – Very popular job board with more administrative and hourly positions.
    [Show full text]
  • Implications of Iot on Healthcare
    Implications of IoT on Healthcare Ming Jack Po MD, PhD Product Manager, Google Brain and Google Cloud DEFINITION OF IOT (WIKIPEDIA+) The Internet of things (IoT) is the internetworking of physical devices… embedded with electronics, software, sensors, actuators, and network connectivity that enable these objects to collect , exchange, and act on the data. 2 3 Smart assistant for new parents An IoT device recognizes that Mom is The Roomba avoids vacuuming Jim’s room. putting Jim to sleep. The IoT “brain” leverages multiple devices An IoT device notifies Mom that Jim is awake. throughoutthe home to keep Jim asleep. FRAGMENTED CONNECTIVITY SOLUTIONS Custom Weave Custom Custom + Zigbee Transport Protocol Custom Custom Custom Zigbee LightLink 5 Assuming we can get the devices to talk, why does it matter? The Internet of ThingsThe Internet is here of and Things it touches is already and amongst helps us us all in different ways people workstation factory country planet Better energy management, less Ability to monitor and control all Socio economic impact, increase Waste reduction, reduced Increased safety, machines downtime, increased efficiency, tools of production, predictive in production, trade, innovation environmental impact, disaster better serving people quality, productivity, like maintenance, avoid breakdowns jobs prevention Tesla Gigafactory Systems, protocols and IoT schema are based on open standards Walled Garden Approach Interoperable, open IoT Cargo Shipping Transport Assembly Production Product Machinery Line Transport Protocol
    [Show full text]
  • Exploring Google Web Toolkit (GWT)
    GWT in Action, Second Edition Ian Bambury, Christopher Ramsdale, Robert Hanson, Adam Tacy Tools are great, but Google Web Toolkit (GWT) is more than just a tool for writing JavaScript application in Java. GWT is a platform with which you can build extraordinary complex applications that run in the browser without any proprietary plug-ins. This green paper from GWT in Action, Second Edition provides a glimpse into each tool in GWT. To save 35% on your next purchase use Promotional Code tacy2gp35 when you check out at www.manning.com. You may also be interested in… Exploring Google Web Toolkit (GWT) Google Web Toolkit (GWT) has filled a gap that most people hadn’t even realized was there. Some people love JavaScript, but most web programmers aren’t big fans of it—you need an in-depth knowledge of JavaScript, HTML, CSS, and browser quirks to be sure that everything is safe and will work in all major browsers. One gets caught up using a dynamic language, and there isn’t a lot in the way of development tools to help you with code completion, live syntax checking, and so on. Java, on the other hand, has everything you could wish for, an awful lot of development, and testing tools. Even if you stick to just the ones that are free, there is a tremendous choice of comprehensive applications that have more features than you’ll ever need. But Java isn’t JavaScript, so what is the point of discussing it? Well, what if you took the Java source code and turned it into JavaScript? You would have all the advantages of the free development environments, debugging, testing tools, and code coverage reports, and the end result would be JavaScript, which can run in a browser.
    [Show full text]
  • Weave Architecture Overview ​ ​ ​ ​
    Weave Architecture Overview ​ ​ ​ ​ Weave Architecture Overview ​ ​ ​ ​ Weave is an end-to-end Internet of Things (IoT) platform that enables devices, services, and ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ clients, such as mobile apps, to seamlessly interact and form a complete IoT system and thus ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ create a thoughtful home experience. ​ ​ ​ ​ ​ ​ ​ ​ Overview Weave design philosophy ​ ​ ​ ​ Theory of operation ​ ​ ​ ​ Weave schema organization ​ ​ ​ ​ Resource distribution ​ ​ Resource proxy controller ​ ​ ​ ​ Fanout Complete example ​ ​ Hosting controllers on devices ​ ​ ​ ​ ​ ​ Resource model ​ ​ Properties Commands Events Putting it all together ​ ​ ​ ​ ​ ​ Devices Device traits ​ ​ Groups Location General-purpose groups ​ ​ Users Real-time protocols ​ ​ Weave/WDM Weave Web API ​ ​ ​ ​ Actors Devices Constrained endpoints ​ ​ Hubs Border routers ​ ​ Nest Service ​ ​ Clients Nest Labs, Inc, 2017 Page 0 of 24 ​ ​ ​ ​ ​ ​ ​ ​ ​ ​​ ​ ​ ​ Weave Architecture Overview ​ ​ ​ ​ System components ​ ​ Pairing Pairing process ​ ​ Data management ​ ​ Controllers Logging Security Accounts Firmware update ​ ​ Implementations Weave SDK ​ ​ Nest Apps SDK ​ ​ ​ ​ Weave developer tools ​ ​ ​ ​ Overview Weave is a distributed computing IoT platform targeting the thoughtful home that comprises ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ low-power and less-constrained devices, along with the services to support them. ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ The Weave platform includes:
    [Show full text]
  • Enhancing the Security and Privacy of the Web Browser Platform Via Improved Web Measurement Methodology
    ABSTRACT JUECKSTOCK, JORDAN PHILIP. Enhancing the Security and Privacy of the Web Browser Platform via Improved Web Measurement Methodology. (Under the direction of Alexandros Kapravelos.) The web browser platform today serves as a dominant vehicle for commerce, communication, and content consumption, rendering the assessment and improvement of that platform’s user security and privacy important research priorities. Accurate web measurement via simulated user browsing across popular real-world web sites is essential to the process of assessing and improving web browser platform security and privacy, particularly when developing improved policies that can be deployed in production to millions of real-world users. However, the state of the art in web browser platform measurement instrumentation and methodology leaves much to be desired in terms of robust instrumentation, reproducible experiments, and realistic design parameters. We propose that enhancing web browser policies to improve privacy while retaining compatibility with legacy content requires robust and realistic web measurement methodologies leveraging deep browser instrumentation. This document comprises research results supporting the above-stated thesis. We demonstrate the limitations of shallow, in-band JavaScript (JS) instrumentation in web browsers, then describe and demonstrate an open source out-of-band instrumentation tool, VisibleV8 (VV8), embedded in the V8 JS engine. We show that VV8 consistently outperforms equivalent in-band instrumentation, provides coverage unavailable to in-band techniques, yet has proved readily maintainable across numerous updates to Chromium and the V8 JS engine. Next, we test the assumption, implicit in typical web measurement studies, that automated crawls generalize to the experience of typical web users with a robustly controlled parallel web measurement experiment comparing observations from multiple network vantage points (VP) and via naive or realistic browser configurations (BC).
    [Show full text]
  • Oracle Eloqua Emails User Guide
    Oracle Eloqua Emails User Guide ©2021 Oracle Corporation. All rights reserved 24-Sep-2021 Contents Emails 7 Examples of emails 10 Nurture email 11 Survey email 12 Newsletter 13 Creating emails in the Design Editor 15 Email authoring 18 Design Editor email support 19 Working with email content components and layouts in the Design Editor 20 Copying content components or layouts 22 Content Blocks 25 Next steps: 26 Creating a content block 27 Adding a content block 28 Editing a content block 29 Searching for a content block 32 Locking a content block 33 Deleting a content block 34 Tips to keep your email responsive 35 Creating dynamic subject lines in the Design Editor 37 Adding images to emails in the Design Editor 38 Adding images using image blocks 39 Adding background images 42 Adding videos to emails in the Design Editor 43 Adding buttons to emails in the Design Editor 45 ©2021 Oracle Corporation. All rights reserved 2 of 187 Adding text to emails in the Design Editor 48 Adding links to emails in the Design Editor 51 Adding links to text content 52 Adding links to images 53 Adding links to buttons 53 Link types 53 Hiding cells in the mobile or desktop view 55 Customizing Design Editor emails and landing pages with CSS 58 Class names 59 Sample code 59 Things to consider 61 Adding dynamic content to emails in the Design Editor 65 Adding dynamic content to an email 65 Adding field merges to emails in the Design Editor 67 Adding field merges to an email 67 Adding email headers and footers in the Design Editor 70 Adding shared content to
    [Show full text]