1,188 research outputs found
Usage of Network Simulators in Machine-Learning-Assisted 5G/6G Networks
Without any doubt, Machine Learning (ML) will be an important driver of
future communications due to its foreseen performance when applied to complex
problems. However, the application of ML to networking systems raises concerns
among network operators and other stakeholders, especially regarding
trustworthiness and reliability. In this paper, we devise the role of network
simulators for bridging the gap between ML and communications systems. In
particular, we present an architectural integration of simulators in ML-aware
networks for training, testing, and validating ML models before being applied
to the operative network. Moreover, we provide insights on the main challenges
resulting from this integration, and then give hints discussing how they can be
overcome. Finally, we illustrate the integration of network simulators into
ML-assisted communications through a proof-of-concept testbed implementation of
a residential Wi-Fi network
SandTrap: Securing JavaScript-driven Trigger-Action Platforms
Trigger-Action Platforms (TAPs) seamlessly connect a wide variety of otherwise unconnected devices and services, ranging from IoT devices to cloud services and social networks. TAPs raise critical security and privacy concerns because a TAP is effectively a “person-in-the-middle” between trigger and action services. Third-party code, routinely deployed as “apps” on TAPs, further exacerbates these concerns. This paper focuses on JavaScript-driven TAPs. We show that the popular IFTTT and Zapier platforms and an open-source alternative Node-RED are susceptible to attacks ranging from exfiltrating data from unsuspecting users to taking over the entire platform. We report on the changes by the platforms in response to our findings and present an empirical study to assess the implications for Node-RED. Motivated by the need for a secure yet flexible way to integrate third-party JavaScript apps, we propose SandTrap, a novel JavaScript monitor that securely combines the Node.js vm module with fully structural proxy-based two-sided membranes to enforce fine-grained access control policies. To aid developers, SandTrap includes a policy generation mechanism. We instantiate SandTrap to IFTTT, Zapier, and Node-RED and illustrate on a set of benchmarks how SandTrap enforces a variety of policies while incurring a tolerable runtime overhead
Resonating Experiences of Self and Others enabled by a Tangible Somaesthetic Design
Digitalization is penetrating every aspect of everyday life including a
human's heart beating, which can easily be sensed by wearable sensors and
displayed for others to see, feel, and potentially "bodily resonate" with.
Previous work in studying human interactions and interaction designs with
physiological data, such as a heart's pulse rate, have argued that feeding it
back to the users may, for example support users' mindfulness and
self-awareness during various everyday activities and ultimately support their
wellbeing. Inspired by Somaesthetics as a discipline, which focuses on an
appreciation of the living body's role in all our experiences, we designed and
explored mobile tangible heart beat displays, which enable rich forms of bodily
experiencing oneself and others in social proximity. In this paper, we first
report on the design process of tangible heart displays and then present
results of a field study with 30 pairs of participants. Participants were asked
to use the tangible heart displays during watching movies together and report
their experience in three different heart display conditions (i.e., displaying
their own heart beat, their partner's heart beat, and watching a movie without
a heart display). We found, for example that participants reported significant
effects in experiencing sensory immersion when they felt their own heart beats
compared to the condition without any heart beat display, and that feeling
their partner's heart beats resulted in significant effects on social
experience. We refer to resonance theory to discuss the results, highlighting
the potential of how ubiquitous technology could utilize physiological data to
provide resonance in a modern society facing social acceleration.Comment: 18 page
Securing Software in the Presence of Third-Party Modules
Modular programming is a key concept in software development where the program consists of code modules that are designed and implemented independently. This approach accelerates the development process and enhances scalability of the final product. Modules, however, are often written by third parties, aggravating security concerns such as stealing confidential information, tampering with sensitive data, and executing malicious code.Trigger-Action Platforms (TAPs) are concrete examples of employing modular programming. Any user can develop TAP applications by connecting trigger and action services, and publish them on public repositories. In the presence of malicious application makers, users cannot trust applications written by third parties, which can threaten users’ and platform’s security. We present SandTrap, a novel runtime monitor for JavaScript that can be used to securely integrate third-party applications. SandTrap enforces fine-grained access control policies at the levels of module, API, value, and context. We instantiate SandTrap to IFTTT, Zapier, and Node-RED, three popular JavaScript-driven TAPs, and illustrate how it enforces various policies on a set of benchmarks while incurring a tolerable runtime overhead. We also prove soundness and transparency of the monitoring framework on an essential model of Node-RED. Furthermore, nontransitive policies have been recently introduced as a natural fit for coarse-grained information-flow control where labels are specified at the level of modules. The flow relation does not need to be transitive, resulting in nonstandard noninterference and enforcement mechanism. We develop a lattice encoding to prove that nontransitive policies can be reduced to classical transitive policies. We also devise a lightweight program transformation that leverages standard flow-sensitive information-flow analyses to enforce nontransitive policies more permissively
- …