158,293 research outputs found
ConXsense - Automated Context Classification for Context-Aware Access Control
We present ConXsense, the first framework for context-aware access control on
mobile devices based on context classification. Previous context-aware access
control systems often require users to laboriously specify detailed policies or
they rely on pre-defined policies not adequately reflecting the true
preferences of users. We present the design and implementation of a
context-aware framework that uses a probabilistic approach to overcome these
deficiencies. The framework utilizes context sensing and machine learning to
automatically classify contexts according to their security and privacy-related
properties. We apply the framework to two important smartphone-related use
cases: protection against device misuse using a dynamic device lock and
protection against sensory malware. We ground our analysis on a sociological
survey examining the perceptions and concerns of users related to contextual
smartphone security and analyze the effectiveness of our approach with
real-world context data. We also demonstrate the integration of our framework
with the FlaskDroid architecture for fine-grained access control enforcement on
the Android platform.Comment: Recipient of the Best Paper Awar
A web-based teleoperative mobile robotic system : Master of Engineering in Information Engineering at Massey University, Albany, Auckland, New Zealand
With the rapid development of internet technology, it becomes real that human beings can access, modify and control a remote hardware device via internet connection. Such remote operations can replace the human to be present at a dangerous or unreachable place or can make as many as possible users to access the hardware in different places at a low cost. The thesis research was aimed at developing a web based mobile robot control framework for education purpose. It should be composed of a mobile robot. Http server, dynamic user interface and video server. With it users can view and control the real robot via a normal web browser and can choose to run either simulation or the real robot. This is done by setting up operational parameters via a friendly GUI (graphic user interface). Users also can upload and compile their own C code to control the robot and get back the running results. The main objectives of this thesis research are hardware upgrading for Nomadic Super Scout mobile robot and web based php programming. For the first objective, the onboard PC was replaced by a laptop that is remotely placed and connected to the robot control system via Bluetooth wireless. The Nserver for robot simulation was set up in the Linux operating environment. For the second objective, the software programming was focused on building a web control platform which should be user friendly. An Apache server was developed where PHP program was used for the user interface. The main advantage of using PHP is that it does not need to install or download any software or script to get access to the remote robot via a normal web browser on any operation like windows or Linux. The web-based mobile robot system was tested using two different cases. One case demonstrated how the user specifies a set of motion parameters of the robot that is programmed to perform a wall-following behaviour. The other demonstrated how the user uploads a collision avoidance program to run the robot that is placed among obstacles. Both case studies were performed in real environments and the results proved the success of the developed web-based robotic system
Context-sensitive authorization for asynchronous communications
Main requirement of recent computing environments, like mobile and then ubiquitous computing, is to adapt applications to context. On the other hand, access control generally trust users once they have authenticated, despite the fact that they may reach unauthorized situations. We analyse how dynamic information can be used to improve security in the authorization process, especially in the case of asynchronous communications, like messaging or eventing. We experiment and validate our approach using context as an authorization factor for eventing in Web service for device (like UPnP or DPWS)
Combining Static and Dynamic Permission Analysis for Android
As the world becomes increasingly reliant on mobile technologies, so has the importance of research in the area of mobile security in order to protect users and their data. My research is focused on the Android permissions-based security model and enhancing the effectiveness of Android application permission analysis. Android provides a permission-based security model in which access to privileged system resources is protected through security mechanisms known as Permissions. By default, an Android application does not have any privileges, but applications can request additional privileges through the use of these permissions. I present a novel method in which an Android application can be analyzed to determine the precise set of permissions an application needs to run properly and more securely on a mobile Android device. I present the tool, ACE4Android (Access-Control Explorer for Android), a Dynamic Analysis tool which, when combined with a Static Analysis tool, will allow application end users to know what they are installing when they download an application, and will allow application developers to improve the runnability and security of their applications
Automated Privacy Protection for Mobile Device Users and Bystanders in Public Spaces
As smartphones have gained popularity over recent years, they have provided usersconvenient access to services and integrated sensors that were previously only available through larger, stationary computing devices. This trend of ubiquitous, mobile devices provides unparalleled convenience and productivity for users who wish to perform everyday actions such as taking photos, participating in social media, reading emails, or checking online banking transactions. However, the increasing use of mobile devices in public spaces by users has negative implications for their own privacy and, in some cases, that of bystanders around them.
Specifically, digital photography trends in public have negative implications for bystanders who can be captured inadvertently in users’ photos. Those who are captured often have no knowledge of being photographed and have no control over how photos of them are distributed. To address this growing issue, a novel system is proposed for protecting the privacy of bystanders captured in public photos. A fully automated approach to accurately distinguish the intended subjects from strangers is explored. A feature-based classification scheme utilizing entire photos is presented. Additionally, the privacy-minded case of only utilizing local face images with no contextual information from the original image is explored with a convolutional neural network-based classifier. Three methods of face anonymization are implemented and compared: black boxing, Gaussian blurring, and pose-tolerant face swapping. To validate these methods, a comprehensive user survey is conducted to understand the difference in viability between them.
Beyond photographing, the privacy of mobile device users can sometimes be impacted in public spaces, as visual eavesdropping or “shoulder surfing” attacks on device screens become feasible. Malicious individuals can easily glean personal data from smartphone and mobile device screens while they are accessed visually. In order to protect displayed user content, anovel, sensor-based visual eavesdropping detection scheme using integrated device cameras is proposed. In order to selectively obfuscate private content while an attacker is nearby, a dynamic scheme for detecting and hiding private content is also developed utilizing User-Interface-as-an-Image (UIaaI). A deep, convolutional object detection network is trained and utilized to identify sensitive content under this scheme. To allow users to customize the types ofcontent to hide, dynamic training sample generation is introduced to retrain the content detection network with very few original UI samples. Web applications are also considered with a Chrome browser extension which automates the detection and obfuscation of sensitive web page fields through HTML parsing and CSS injection
Context-Sensitive Authorization in Interaction Patterns
Main requirement of recent computing environments, like mobile and then ubiquitous computing, is to adapt applications to context. On the other hand, access control generally trust users once they have authenticated, despite the fact that they may reach unauthorized situations. We analyse how dynamic information can be used to improve security in the authorization process, and what are the implications when applied to interaction patterns. We experiment and validate our approach using context as an authorization factor for eventing in Web service for device (like UPnP or DPWS)
The contribution of mobile ICT to the dynamic capabilities of SMEs: a focus on informal traders in Windhoek, Namibia
As Mobile ICT usage surges, there is a case for making sense of how it contributes to
innovation. This study sought to determine Mobile ICT's contribution to the dynamic
capabilities of informal traders in Windhoek. Through the qualitative interpretive
paradigm, data were collected from 34 informal traders located at the Hilton Hotel
market and Post Street Mall in Windhoek.
The study revealed that informal traders possess innovative dynamic capabilities
[introduction of new products], absorptive dynamic capabilities [marketing], adaptive
dynamic capabilities [responding to market activities], and network dynamic
capabilities [use of various ways of mobile communication], but they do not effectively
implement Mobile ICT to enhance these capabilities. The majority of the users use
basic functionalities [text messages and phone calls] offered by Mobile ICT. The
primary reasons given for not fully adopting Mobile ICT were the high cost of acquiring
mobile devices and mobile data to access the internet, as well as a lack of technical
knowledge.
The study recommends that over and above financial schemes being made available,
a unique mobile device that intuitively enables dynamic capabilities is required. This
type of device would eliminate the challenges that come with the adoption of Mobile
ICT and enable traders to conduct business better, thereby reducing the effects of
disruptions such as COVID-19 on the economy. This research also contributes to the
use of the theory of dynamic capabilities at a micro level, which has not been
attempted before.Information ScienceM. Tech. (InformationTechnology
ReCon: Revealing and Controlling PII Leaks in Mobile Network Traffic
It is well known that apps running on mobile devices extensively track and
leak users' personally identifiable information (PII); however, these users
have little visibility into PII leaked through the network traffic generated by
their devices, and have poor control over how, when and where that traffic is
sent and handled by third parties. In this paper, we present the design,
implementation, and evaluation of ReCon: a cross-platform system that reveals
PII leaks and gives users control over them without requiring any special
privileges or custom OSes. ReCon leverages machine learning to reveal potential
PII leaks by inspecting network traffic, and provides a visualization tool to
empower users with the ability to control these leaks via blocking or
substitution of PII. We evaluate ReCon's effectiveness with measurements from
controlled experiments using leaks from the 100 most popular iOS, Android, and
Windows Phone apps, and via an IRB-approved user study with 92 participants. We
show that ReCon is accurate, efficient, and identifies a wider range of PII
than previous approaches.Comment: Please use MobiSys version when referencing this work:
http://dl.acm.org/citation.cfm?id=2906392. 18 pages, recon.meddle.mob
- …