An Empirical Study on Android-related Vulnerabilities

Mobile devices are used more and more in everyday life. They are our cameras, wallets, and keys. Basically, they embed most of our private information in our pocket. For this and other reasons, mobile devices, and in particular the software that runs on them, are considered first-class citizens in the software-vulnerabilities landscape. Several studies investigated the software-vulnerabilities phenomenon in the context of mobile apps and, more in general, mobile devices. Most of these studies focused on vulnerabilities that could affect mobile apps, while just few investigated vulnerabilities affecting the underlying platform on which mobile apps run: the Operating System (OS). Also, these studies have been run on a very limited set of vulnerabilities. In this paper we present the largest study at date investigating Android-related vulnerabilities, with a specific focus on the ones affecting the Android OS. In particular, we (i) define a detailed taxonomy of the types of Android-related vulnerability; (ii) investigate the layers and subsystems from the Android OS affected by vulnerabilities; and (iii) study the survivability of vulnerabilities (i.e., the number of days between the vulnerability introduction and its fixing). Our findings could help OS and apps developers in focusing their verification & validation activities, and researchers in building vulnerability detection tools tailored for the mobile world

Safety Net or Tangled Web? An Overview of Programs and Services for Adults with Disabilities

Assessing the New Federalism is a multiyear Urban Institute project designed to analyze the devolution of responsibility for social programs from the federal government to the states, focusing primarily on health care, income security, employment and training programs, and social services. The project aims to provide timely, nonpartisan information to inform public debate and to help state and local decisionmakers carry out their new responsibilities more effectively. This report describes 15 major public programs serving low-income, non-elderly adults with disabilities. The authors conclude that the safety net for low-income adults with disabilities is more like a tangled web of conflicting goals and gaps in needed services. Opportunities for temporary cash, training, and rehabilitation support are especially limited for disabled adults with limited work histories and/or who experienced their disability outside of work. SSI, a permanent cash benefit program that could likely lead to a lifetime of program participation, is the primary option for these adults. The authors discuss promising policy options that take a more coordinated approach in serving the complex needs of adults with disabilities

DNS to the rescue: Discerning Content and Services in a Tangled Web

A careful perusal of the Internet evolution reveals two major trends - explosion of cloud-based services and video stream- ing applications. In both of the above cases, the owner (e.g., CNN, YouTube, or Zynga) of the content and the organiza- tion serving it (e.g., Akamai, Limelight, or Amazon EC2) are decoupled, thus making it harder to understand the asso- ciation between the content, owner, and the host where the content resides. This has created a tangled world wide web that is very hard to unwind, impairing ISPs' and network ad- ministrators' capabilities to control the traffic flowing on the network. In this paper, we present DN-Hunter, a system that lever- ages the information provided by DNS traffic to discern the tangle. Parsing through DNS queries, DN-Hunter tags traffic flows with the associated domain name. This association has several applications and reveals a large amount of useful in- formation: (i) Provides a fine-grained traffic visibility even when the traffic is encrypted (i.e., TLS/SSL flows), thus en- abling more effective policy controls, (ii) Identifies flows even before the flows begin, thus providing superior net- work management capabilities to administrators, (iii) Un- derstand and track (over time) different CDNs and cloud providers that host content for a particular resource, (iv) Discern all the services/content hosted by a given CDN or cloud provider in a particular geography and time, and (v) Provides insights into all applications/services running on any given layer-4 port number. We conduct extensive experimental analysis and show that the results from real traffic traces, ranging from FTTH to 4G ISPs, that support our hypothesis. Simply put, the informa- tion provided by DNS traffic is one of the key components required to unveil the tangled web, and bring the capabilities of controlling the traffic back to the network carrier

The Tangled Web: Studying Online Fake News

Fake news has become a ubiquitous and extremely worrying phenomenon, capturing the attention of academics, governments, businesses, media, and the general public. Despite this notoriety, many questions remain to be answered about the generation, diffusion, consumption, and impacts of fake news that are spread through social media and online communities. A nascent body of IS research is emerging that addresses some of these questions. In this panel, we aim to motivate further IS research and produce an agenda by highlighting some of the important issues that need to be discussed with regard to fake news. We examine how IS scholarship can address these issues by drawing on its existing body of knowledge as well as considering less-studied but potentially fruitful areas of research