203,888 research outputs found
Android Permissions Remystified: A Field Study on Contextual Integrity
Due to the amount of data that smartphone applications can potentially
access, platforms enforce permission systems that allow users to regulate how
applications access protected resources. If users are asked to make security
decisions too frequently and in benign situations, they may become habituated
and approve all future requests without regard for the consequences. If they
are asked to make too few security decisions, they may become concerned that
the platform is revealing too much sensitive information. To explore this
tradeoff, we instrumented the Android platform to collect data regarding how
often and under what circumstances smartphone applications are accessing
protected resources regulated by permissions. We performed a 36-person field
study to explore the notion of "contextual integrity," that is, how often are
applications accessing protected resources when users are not expecting it?
Based on our collection of 27 million data points and exit interviews with
participants, we examine the situations in which users would like the ability
to deny applications access to protected resources. We found out that at least
80% of our participants would have preferred to prevent at least one permission
request, and overall, they thought that over a third of requests were invasive
and desired a mechanism to block them
A survey of real-time crowd rendering
In this survey we review, classify and compare existing approaches for real-time crowd rendering. We first overview character animation techniques, as they are highly tied to crowd rendering performance, and then we analyze the state of the art in crowd rendering. We discuss different representations for level-of-detail (LoD) rendering of animated characters, including polygon-based, point-based, and image-based techniques, and review different criteria for runtime LoD selection. Besides LoD approaches, we review classic acceleration schemes, such as frustum culling and occlusion culling, and describe how they can be adapted to handle crowds of animated characters. We also discuss specific acceleration techniques for crowd rendering, such as primitive pseudo-instancing, palette skinning, and dynamic key-pose caching, which benefit from current graphics hardware. We also address other factors affecting performance and realism of crowds such as lighting, shadowing, clothing and variability. Finally we provide an exhaustive comparison of the most relevant approaches in the field.Peer ReviewedPostprint (author's final draft
A Student-centered Regional Planning Group Activity for Non-science Majors
NOTE: This is a large file, 81.4 mb in size! This article describes the use of an authentic regional planning public workshop activity which was modified and used to introduce the Earth surface portion of an Earth Science lecture course for undergraduate non-science majors. Students applied map-reading skills and learned about the local environment while forming opinions about how the region should grow, exploring the potential consequences of their preferences (for both developers and the environment), and making judgments about the relative importance of various environmental challenges and hazards. A participant survey showed that most supported the continued development and re-use of the activity, as well as the development of one to three additional three-lecture-period activities. Educational levels: Graduate or professional
RAPTOR: Routing Attacks on Privacy in Tor
The Tor network is a widely used system for anonymous communication. However,
Tor is known to be vulnerable to attackers who can observe traffic at both ends
of the communication path. In this paper, we show that prior attacks are just
the tip of the iceberg. We present a suite of new attacks, called Raptor, that
can be launched by Autonomous Systems (ASes) to compromise user anonymity.
First, AS-level adversaries can exploit the asymmetric nature of Internet
routing to increase the chance of observing at least one direction of user
traffic at both ends of the communication. Second, AS-level adversaries can
exploit natural churn in Internet routing to lie on the BGP paths for more
users over time. Third, strategic adversaries can manipulate Internet routing
via BGP hijacks (to discover the users using specific Tor guard nodes) and
interceptions (to perform traffic analysis). We demonstrate the feasibility of
Raptor attacks by analyzing historical BGP data and Traceroute data as well as
performing real-world attacks on the live Tor network, while ensuring that we
do not harm real users. In addition, we outline the design of two monitoring
frameworks to counter these attacks: BGP monitoring to detect control-plane
attacks, and Traceroute monitoring to detect data-plane anomalies. Overall, our
work motivates the design of anonymity systems that are aware of the dynamics
of Internet routing
- …