Keeping Context In Mind: Automating Mobile App Access Control with User Interface Inspection

Recent studies observe that app foreground is the most striking component that influences the access control decisions in mobile platform, as users tend to deny permission requests lacking visible evidence. However, none of the existing permission models provides a systematic approach that can automatically answer the question: Is the resource access indicated by app foreground? In this work, we present the design, implementation, and evaluation of COSMOS, a context-aware mediation system that bridges the semantic gap between foreground interaction and background access, in order to protect system integrity and user privacy. Specifically, COSMOS learns from a large set of apps with similar functionalities and user interfaces to construct generic models that detect the outliers at runtime. It can be further customized to satisfy specific user privacy preference by continuously evolving with user decisions. Experiments show that COSMOS achieves both high precision and high recall in detecting malicious requests. We also demonstrate the effectiveness of COSMOS in capturing specific user preferences using the decisions collected from 24 users and illustrate that COSMOS can be easily deployed on smartphones as a real-time guard with a very low performance overhead.Comment: Accepted for publication in IEEE INFOCOM'201

The Profiling Potential of Computer Vision and the Challenge of Computational Empiricism

Computer vision and other biometrics data science applications have commenced a new project of profiling people. Rather than using 'transaction generated information', these systems measure the 'real world' and produce an assessment of the 'world state' - in this case an assessment of some individual trait. Instead of using proxies or scores to evaluate people, they increasingly deploy a logic of revealing the truth about reality and the people within it. While these profiling knowledge claims are sometimes tentative, they increasingly suggest that only through computation can these excesses of reality be captured and understood. This article explores the bases of those claims in the systems of measurement, representation, and classification deployed in computer vision. It asks if there is something new in this type of knowledge claim, sketches an account of a new form of computational empiricism being operationalised, and questions what kind of human subject is being constructed by these technological systems and practices. Finally, the article explores legal mechanisms for contesting the emergence of computational empiricism as the dominant knowledge platform for understanding the world and the people within it

The future of Cybersecurity in Italy: Strategic focus area

This volume has been created as a continuation of the previous one, with the aim of outlining a set of focus areas and actions that the Italian Nation research community considers essential. The book touches many aspects of cyber security, ranging from the definition of the infrastructure and controls needed to organize cyberdefence to the actions and technologies to be developed to be better protected, from the identification of the main technologies to be defended to the proposal of a set of horizontal actions for training, awareness raising, and risk management

From banal surveillance to function creep: automated license plate recognition (ALPR) in Denmark

This article discusses how Automated License Plate Recognition (ALPR) has been implemented in Denmark across three different sectors: parking, environmental zoning, and policing. ALPR systems are deployed as a configuration of cameras, servers, and algorithms of computer vision that automatically reads and records license plates of passing cars. Through digital ethnography and interviews with key stakeholders in Denmark, we contribute to the fields of critical algorithm and surveillance studies with a concrete empirical study on how ALPR systems are configured according to user-specific demands. Each case gives nuance to how ALPR systems are implemented: (1) how the seamless charging for a “barrier-free” parking experience poses particular challenges for customers and companies; (2) how environmental zoning enforcement through automated fines avoids dragnet data collection through customized design and regulation; and (3) how the Danish Police has widened its dragnet data collection with little public oversight and questionable efficacy. We argue that ALPR enacts a form of “banal surveillance” because such systems operate inconspicuously under the radar of public attention. As the central analytic perspective, banality highlights how the demand for increasing efficiency in different domains makes surveillance socially and politically acceptable in the long run. Although we find that legal and civic modes of regulation are important for shaping the deployment of ALPR, the potential for function creep is embedded into the very process of infrastructuring due to a lack of public understanding of these technologies. We discuss wider consequences of ALPR as a specific and overlooked instance of algorithmic surveillance, contributing to academic and public debates around the embedding of algorithmic governance and computer vision into everyday life