ConXsense - Automated Context Classification for Context-Aware Access Control

We present ConXsense, the first framework for context-aware access control on mobile devices based on context classification. Previous context-aware access control systems often require users to laboriously specify detailed policies or they rely on pre-defined policies not adequately reflecting the true preferences of users. We present the design and implementation of a context-aware framework that uses a probabilistic approach to overcome these deficiencies. The framework utilizes context sensing and machine learning to automatically classify contexts according to their security and privacy-related properties. We apply the framework to two important smartphone-related use cases: protection against device misuse using a dynamic device lock and protection against sensory malware. We ground our analysis on a sociological survey examining the perceptions and concerns of users related to contextual smartphone security and analyze the effectiveness of our approach with real-world context data. We also demonstrate the integration of our framework with the FlaskDroid architecture for fine-grained access control enforcement on the Android platform.Comment: Recipient of the Best Paper Awar

A web-based teleoperative mobile robotic system : Master of Engineering in Information Engineering at Massey University, Albany, Auckland, New Zealand

With the rapid development of internet technology, it becomes real that human beings can access, modify and control a remote hardware device via internet connection. Such remote operations can replace the human to be present at a dangerous or unreachable place or can make as many as possible users to access the hardware in different places at a low cost. The thesis research was aimed at developing a web based mobile robot control framework for education purpose. It should be composed of a mobile robot. Http server, dynamic user interface and video server. With it users can view and control the real robot via a normal web browser and can choose to run either simulation or the real robot. This is done by setting up operational parameters via a friendly GUI (graphic user interface). Users also can upload and compile their own C code to control the robot and get back the running results. The main objectives of this thesis research are hardware upgrading for Nomadic Super Scout mobile robot and web based php programming. For the first objective, the onboard PC was replaced by a laptop that is remotely placed and connected to the robot control system via Bluetooth wireless. The Nserver for robot simulation was set up in the Linux operating environment. For the second objective, the software programming was focused on building a web control platform which should be user friendly. An Apache server was developed where PHP program was used for the user interface. The main advantage of using PHP is that it does not need to install or download any software or script to get access to the remote robot via a normal web browser on any operation like windows or Linux. The web-based mobile robot system was tested using two different cases. One case demonstrated how the user specifies a set of motion parameters of the robot that is programmed to perform a wall-following behaviour. The other demonstrated how the user uploads a collision avoidance program to run the robot that is placed among obstacles. Both case studies were performed in real environments and the results proved the success of the developed web-based robotic system

Context-sensitive authorization for asynchronous communications

Main requirement of recent computing environments, like mobile and then ubiquitous computing, is to adapt applications to context. On the other hand, access control generally trust users once they have authenticated, despite the fact that they may reach unauthorized situations. We analyse how dynamic information can be used to improve security in the authorization process, especially in the case of asynchronous communications, like messaging or eventing. We experiment and validate our approach using context as an authorization factor for eventing in Web service for device (like UPnP or DPWS)

Combining Static and Dynamic Permission Analysis for Android

As the world becomes increasingly reliant on mobile technologies, so has the importance of research in the area of mobile security in order to protect users and their data. My research is focused on the Android permissions-based security model and enhancing the effectiveness of Android application permission analysis. Android provides a permission-based security model in which access to privileged system resources is protected through security mechanisms known as Permissions. By default, an Android application does not have any privileges, but applications can request additional privileges through the use of these permissions. I present a novel method in which an Android application can be analyzed to determine the precise set of permissions an application needs to run properly and more securely on a mobile Android device. I present the tool, ACE4Android (Access-Control Explorer for Android), a Dynamic Analysis tool which, when combined with a Static Analysis tool, will allow application end users to know what they are installing when they download an application, and will allow application developers to improve the runnability and security of their applications

Automated Privacy Protection for Mobile Device Users and Bystanders in Public Spaces

As smartphones have gained popularity over recent years, they have provided usersconvenient access to services and integrated sensors that were previously only available through larger, stationary computing devices. This trend of ubiquitous, mobile devices provides unparalleled convenience and productivity for users who wish to perform everyday actions such as taking photos, participating in social media, reading emails, or checking online banking transactions. However, the increasing use of mobile devices in public spaces by users has negative implications for their own privacy and, in some cases, that of bystanders around them. Specifically, digital photography trends in public have negative implications for bystanders who can be captured inadvertently in users’ photos. Those who are captured often have no knowledge of being photographed and have no control over how photos of them are distributed. To address this growing issue, a novel system is proposed for protecting the privacy of bystanders captured in public photos. A fully automated approach to accurately distinguish the intended subjects from strangers is explored. A feature-based classification scheme utilizing entire photos is presented. Additionally, the privacy-minded case of only utilizing local face images with no contextual information from the original image is explored with a convolutional neural network-based classifier. Three methods of face anonymization are implemented and compared: black boxing, Gaussian blurring, and pose-tolerant face swapping. To validate these methods, a comprehensive user survey is conducted to understand the difference in viability between them. Beyond photographing, the privacy of mobile device users can sometimes be impacted in public spaces, as visual eavesdropping or “shoulder surfing” attacks on device screens become feasible. Malicious individuals can easily glean personal data from smartphone and mobile device screens while they are accessed visually. In order to protect displayed user content, anovel, sensor-based visual eavesdropping detection scheme using integrated device cameras is proposed. In order to selectively obfuscate private content while an attacker is nearby, a dynamic scheme for detecting and hiding private content is also developed utilizing User-Interface-as-an-Image (UIaaI). A deep, convolutional object detection network is trained and utilized to identify sensitive content under this scheme. To allow users to customize the types ofcontent to hide, dynamic training sample generation is introduced to retrain the content detection network with very few original UI samples. Web applications are also considered with a Chrome browser extension which automates the detection and obfuscation of sensitive web page fields through HTML parsing and CSS injection

Context-Sensitive Authorization in Interaction Patterns

Main requirement of recent computing environments, like mobile and then ubiquitous computing, is to adapt applications to context. On the other hand, access control generally trust users once they have authenticated, despite the fact that they may reach unauthorized situations. We analyse how dynamic information can be used to improve security in the authorization process, and what are the implications when applied to interaction patterns. We experiment and validate our approach using context as an authorization factor for eventing in Web service for device (like UPnP or DPWS)

The contribution of mobile ICT to the dynamic capabilities of SMEs: a focus on informal traders in Windhoek, Namibia

As Mobile ICT usage surges, there is a case for making sense of how it contributes to innovation. This study sought to determine Mobile ICT's contribution to the dynamic capabilities of informal traders in Windhoek. Through the qualitative interpretive paradigm, data were collected from 34 informal traders located at the Hilton Hotel market and Post Street Mall in Windhoek. The study revealed that informal traders possess innovative dynamic capabilities [introduction of new products], absorptive dynamic capabilities [marketing], adaptive dynamic capabilities [responding to market activities], and network dynamic capabilities [use of various ways of mobile communication], but they do not effectively implement Mobile ICT to enhance these capabilities. The majority of the users use basic functionalities [text messages and phone calls] offered by Mobile ICT. The primary reasons given for not fully adopting Mobile ICT were the high cost of acquiring mobile devices and mobile data to access the internet, as well as a lack of technical knowledge. The study recommends that over and above financial schemes being made available, a unique mobile device that intuitively enables dynamic capabilities is required. This type of device would eliminate the challenges that come with the adoption of Mobile ICT and enable traders to conduct business better, thereby reducing the effects of disruptions such as COVID-19 on the economy. This research also contributes to the use of the theory of dynamic capabilities at a micro level, which has not been attempted before.Information ScienceM. Tech. (InformationTechnology

ReCon: Revealing and Controlling PII Leaks in Mobile Network Traffic

It is well known that apps running on mobile devices extensively track and leak users' personally identifiable information (PII); however, these users have little visibility into PII leaked through the network traffic generated by their devices, and have poor control over how, when and where that traffic is sent and handled by third parties. In this paper, we present the design, implementation, and evaluation of ReCon: a cross-platform system that reveals PII leaks and gives users control over them without requiring any special privileges or custom OSes. ReCon leverages machine learning to reveal potential PII leaks by inspecting network traffic, and provides a visualization tool to empower users with the ability to control these leaks via blocking or substitution of PII. We evaluate ReCon's effectiveness with measurements from controlled experiments using leaks from the 100 most popular iOS, Android, and Windows Phone apps, and via an IRB-approved user study with 92 participants. We show that ReCon is accurate, efficient, and identifies a wider range of PII than previous approaches.Comment: Please use MobiSys version when referencing this work: http://dl.acm.org/citation.cfm?id=2906392. 18 pages, recon.meddle.mob