Self-Adaptive and Lightweight Real-Time Sleep Recognition With Smartphone

It is widely recognized that sleep is a basic phys- iological process having fundamental effects on human health, performance and well-being. Such evidence stimulates the re- search of solutions to foster self-awareness of personal sleeping habits, and correct living environment management policies to encourage sleep. In this context, the use of mobile technologies powered with automatic sleep recognition capabilities can be helpful, and ubiquitous computing devices like smartphones can be leveraged as proxies to unobtrusively analyse the human behaviour. To this aim, we propose a real-time sleep recognition methodology relied on a smartphone equipped with a mobile app that exploits contextual and usage information to infer sleep habits. During an initial training stage, the selected features are processed by k-Nearest Neighbors, Decision Tree, Random Forest, and Support Vector Machine classifiers, to select the best performing one. Moreover, a 1st-order Markov Chain is applied to improve the recognition performance. Experimental results, both offline in a Matlab environment, and online through a fully functional Android app, demonstrate the effectiveness of the proposed approach, achieving acceptable results in term of Precision, Recall, and F1-score

Retrofitting privacy controls to stock Android

Android ist nicht nur das beliebteste Betriebssystem für mobile Endgeräte, sondern auch ein ein attraktives Ziel für Angreifer. Um diesen zu begegnen, nutzt Androids Sicherheitskonzept App-Isolation und Zugangskontrolle zu kritischen Systemressourcen. Nutzer haben dabei aber nur wenige Optionen, App-Berechtigungen gemäß ihrer Bedürfnisse einzuschränken, sondern die Entwickler entscheiden über zu gewährende Berechtigungen. Androids Sicherheitsmodell kann zudem nicht durch Dritte angepasst werden, so dass Nutzer zum Schutz ihrer Privatsphäre auf die Gerätehersteller angewiesen sind. Diese Dissertation präsentiert einen Ansatz, Android mit umfassenden Privatsphäreeinstellungen nachzurüsten. Dabei geht es konkret um Techniken, die ohne Modifikationen des Betriebssystems oder Zugriff auf Root-Rechte auf regulären Android-Geräten eingesetzt werden können. Der erste Teil dieser Arbeit etabliert Techniken zur Durchsetzung von Sicherheitsrichtlinien für Apps mithilfe von inlined reference monitors. Dieser Ansatz wird durch eine neue Technik für dynamic method hook injection in Androids Java VM erweitert. Schließlich wird ein System eingeführt, das prozessbasierte privilege separation nutzt, um eine virtualisierte App-Umgebung zu schaffen, um auch komplexe Sicherheitsrichtlinien durchzusetzen. Eine systematische Evaluation unseres Ansatzes konnte seine praktische Anwendbarkeit nachweisen und mehr als eine Million Downloads unserer Lösung zeigen den Bedarf an praxisgerechten Werkzeugen zum Schutz der Privatsphäre.Android is the most popular operating system for mobile devices, making it a prime target for attackers. To counter these, Android’s security concept uses app isolation and access control to critical system resources. However, Android gives users only limited options to restrict app permissions according to their privacy preferences but instead lets developers dictate the permissions users must grant. Moreover, Android’s security model is not designed to be customizable by third-party developers, forcing users to rely on device manufacturers to address their privacy concerns. This thesis presents a line of work that retrofits comprehensive privacy controls to the Android OS to put the user back in charge of their device. It focuses on developing techniques that can be deployed to stock Android devices without firmware modifications or root privileges. The first part of this dissertation establishes fundamental policy enforcement on thirdparty apps using inlined reference monitors to enhance Android’s permission system. This approach is then refined by introducing a novel technique for dynamic method hook injection on Android’s Java VM. Finally, we present a system that leverages process-based privilege separation to provide a virtualized application environment that supports the enforcement of complex security policies. A systematic evaluation of our approach demonstrates its practical applicability, and over one million downloads of our solution confirm user demand for privacy-enhancing tools

Linked Data Access Goes Mobile: Context-Aware Authorization for Graph Stores

International audienceTo encourage data providers to publish a maximum of data on the Web, we propose a mechanism to define lightweight access control policies for graph stores. Influenced by the steep growth of the mobile web, our Linked Data access control framework features context-aware control policies. The proposed framework is exclusively grounded on standard Semantic Web languages. The framework architecture is designed as a pluggable filter for generic SPARQL endpoints, and it has been evaluated on a test dataset

Securing Communication Channels in IoT using an Android Smart Phone

In today's world, smart devices are a necessity to have, and represent an essential tool for performing daily activities. With this comes the need to secure the communication between the IoT devices in the consumer's home, to prevent attacks that may jeopardize the confidentiality and integrity of communication between the IoT devices. The life cycle of a a simple device includes a series of stages that the device undergoes: from construction and production to decommissioning. In this thesis, the Manufacturing, Bootstrapping and Factory Reset parts of IoT device's life cycle are considered, focusing on security. For example, the Controller of user's home network (e.g., user's smart phone) should bootstrap the ``right'' IoT device and the IoT device should bootstrap with the ``right'' Controller. The security is based on device credentials, such as the device certificate during the bootstrapping process, and the operational credentials that are provisioned to the IoT device from the Controller during the bootstrapping. The goal of this thesis is to achieve easy-to-use and secure procedure for setting up the IoT device into a home network, and for controlling that IoT device from an Android mobile phone (Controller). The objectives are: (1) explore the different aspects of using a smartphone as a Controller device to securely manage the life cycle of a simple device; (2) propose a system design for securely managing the life cycle of a simple device from a Controller compliant with existing standards, (e.g. Lightweight Machine to Machine (LwM2M) is an industrial standard used to manage and control industrial IoT Devices); (3) implement a proof of concept based on the system design; (4) provide a user-friendly interface for a better experience for the user by using popular bootsrapping methods such as QR code scanning; (5) discuss the choices regarding securing credentials and managing data, and achieve a good balance between usability and security during the bootstrapping process. In order to achieve those goals, the state-of-art technologies for IoT device management were studied. Then an Android application that uses LwM2M standard in consumer's home setting was specified, designed and implemented. The Android application is wrapped in a smooth user interface that allows the user a good experience when attempting to connect and control the target IoT device

Context-Aware Access Control for RDF Graph Stores

International audienceWe present SHI3LD, an access control framework for RDF stores. Our solution supports access from mobile devices with context-aware policies and is exclusively grounded on stan- dard Semantic Web languages. Designed as a pluggable filter for generic SPARQL endpoints, the module uses RDF named graphs and SPARQL to protect triples. Evaluation shows faster execution time for low-selective queries and less impact on larger datastores

Self-Adaptive and Lightweight Real-Time Sleep Recognition With Smartphone

It is widely recognized that sleep is a basic phys- iological process having fundamental effects on human health, performance and well-being. Such evidence stimulates the re- search of solutions to foster self-awareness of personal sleeping habits, and correct living environment management policies to encourage sleep. In this context, the use of mobile technologies powered with automatic sleep recognition capabilities can be helpful, and ubiquitous computing devices like smartphones can be leveraged as proxies to unobtrusively analyse the human behaviour. To this aim, we propose a real-time sleep recognition methodology relied on a smartphone equipped with a mobile app that exploits contextual and usage information to infer sleep habits. During an initial training stage, the selected features are processed by k-Nearest Neighbors, Decision Tree, Random Forest, and Support Vector Machine classifiers, to select the best performing one. Moreover, a 1st-order Markov Chain is applied to improve the recognition performance. Experimental results, both offline in a Matlab environment, and online through a fully functional Android app, demonstrate the effectiveness of the proposed approach, achieving acceptable results in term of Precision, Recall, and F1-score