1,985 research outputs found
Multidisciplinary perspectives on Artificial Intelligence and the law
This open access book presents an interdisciplinary, multi-authored, edited collection of chapters on Artificial Intelligence (‘AI’) and the Law. AI technology has come to play a central role in the modern data economy. Through a combination of increased computing power, the growing availability of data and the advancement of algorithms, AI has now become an umbrella term for some of the most transformational technological breakthroughs of this age. The importance of AI stems from both the opportunities that it offers and the challenges that it entails. While AI applications hold the promise of economic growth and efficiency gains, they also create significant risks and uncertainty. The potential and perils of AI have thus come to dominate modern discussions of technology and ethics – and although AI was initially allowed to largely develop without guidelines or rules, few would deny that the law is set to play a fundamental role in shaping the future of AI. As the debate over AI is far from over, the need for rigorous analysis has never been greater. This book thus brings together contributors from different fields and backgrounds to explore how the law might provide answers to some of the most pressing questions raised by AI. An outcome of the Católica Research Centre for the Future of Law and its interdisciplinary working group on Law and Artificial Intelligence, it includes contributions by leading scholars in the fields of technology, ethics and the law.info:eu-repo/semantics/publishedVersio
2023-2024 Catalog
The 2023-2024 Governors State University Undergraduate and Graduate Catalog is a comprehensive listing of current information regarding:Degree RequirementsCourse OfferingsUndergraduate and Graduate Rules and Regulation
NEMISA Digital Skills Conference (Colloquium) 2023
The purpose of the colloquium and events centred around the central role that data plays
today as a desirable commodity that must become an important part of massifying digital
skilling efforts. Governments amass even more critical data that, if leveraged, could
change the way public services are delivered, and even change the social and economic
fortunes of any country. Therefore, smart governments and organisations increasingly
require data skills to gain insights and foresight, to secure themselves, and for improved
decision making and efficiency. However, data skills are scarce, and even more
challenging is the inconsistency of the associated training programs with most curated for
the Science, Technology, Engineering, and Mathematics (STEM) disciplines.
Nonetheless, the interdisciplinary yet agnostic nature of data means that there is
opportunity to expand data skills into the non-STEM disciplines as well.College of Engineering, Science and Technolog
EavesDroid: Eavesdropping User Behaviors via OS Side-Channels on Smartphones
As the Internet of Things (IoT) continues to evolve, smartphones have become
essential components of IoT systems. However, with the increasing amount of
personal information stored on smartphones, user privacy is at risk of being
compromised by malicious attackers. Although malware detection engines are
commonly installed on smartphones against these attacks, attacks that can evade
these defenses may still emerge. In this paper, we analyze the return values of
system calls on Android smartphones and find two never-disclosed vulnerable
return values that can leak fine-grained user behaviors. Based on this
observation, we present EavesDroid, an application-embedded side-channel attack
on Android smartphones that allows unprivileged attackers to accurately
identify fine-grained user behaviors (e.g., viewing messages and playing
videos) via on-screen operations. Our attack relies on the correlation between
user behaviors and the return values associated with hardware and system
resources. While this attack is challenging since these return values are
susceptible to fluctuation and misalignment caused by many factors, we show
that attackers can eavesdrop on fine-grained user behaviors using a CNN-GRU
classification model that adopts min-max normalization and multiple return
value fusion. Our experiments on different models and versions of Android
smartphones demonstrate that EavesDroid can achieve 98% and 86% inference
accuracy for 17 classes of user behaviors in the test set and real-world
settings, highlighting the risk of our attack on user privacy. Finally, we
recommend effective malware detection, carefully designed obfuscation methods,
or restrictions on reading vulnerable return values to mitigate this attack.Comment: 15 pages, 25 figure
Analysis of the Adherence of mHealth Applications to HIPAA Technical Safeguards
The proliferation of mobile health technology, or mHealth apps, has made it essential to protect individual health details. People now have easy access to digital platforms that allow them to save, share, and access their medical data and treatment information as well as easily monitor and manage health-related issues. It is crucial to make sure that protected health information (PHI) is effectively and securely transmitted, received, created, and maintained in accordance with the rules outlined by the Health Insurance Portability and Accountability Act (HIPAA), as the use of mHealth apps increases. Unfortunately, many mobile app developers, particularly those of mHealth apps, do not completely understand the HIPAA security and privacy requirements. This offers a unique opportunity for research to create an analytical framework that can help programmers maintain safe and HIPAA-compliant source code while also educating users about the security and privacy of private health information. The plan is to develop a framework which will serve as the foundation for developing an integrated development environment (IDE) plugin for mHealth app developers and a web-based interface for mHealth app consumers. This will help developers identify and address HIPAA compliance issues during the development process and provide consumers with a tool to evaluate the privacy and security of mHealth apps before downloading and using them. The goal is to encourage the development of secure and compliant mHealth apps that safeguard personal health information
Control Flow Graph-based Path Reconstruction in Android applications
openOver the years, the field of Android security research has faced significant limitations due to the absence of reliable methods for achieving automated interaction with mobile applications. The lack of such tools has resulted in the widespread use of automatic exercising software, which randomly interfaces with apps in the hopes of obtaining desired outcomes. However, this approach cannot always be considered a satisfactory solution, as it lacks solid criteria and fails to provide any Proof-of-Reachability.
In the context of my thesis, I employed Control Flow Graphs to reconstruct pathways that lead to specified target methods within Android applications. This approach allowed me to extract high-level instructions that automatic interaction software can accurately and reliably execute in order to reach a designated endpoint.
Tests and evaluations conducted on this technique demonstrate its potential to facilitate more precise and goal-oriented testing. Its applications in the future could span from fuzzing and exploitation to aiding in the disclosure of privacy violations.Over the years, the field of Android security research has faced significant limitations due to the absence of reliable methods for achieving automated interaction with mobile applications. The lack of such tools has resulted in the widespread use of automatic exercising software, which randomly interfaces with apps in the hopes of obtaining desired outcomes. However, this approach cannot always be considered a satisfactory solution, as it lacks solid criteria and fails to provide any Proof-of-Reachability.
In the context of my thesis, I employed Control Flow Graphs to reconstruct pathways that lead to specified target methods within Android applications. This approach allowed me to extract high-level instructions that automatic interaction software can accurately and reliably execute in order to reach a designated endpoint.
Tests and evaluations conducted on this technique demonstrate its potential to facilitate more precise and goal-oriented testing. Its applications in the future could span from fuzzing and exploitation to aiding in the disclosure of privacy violations
Smart object-oriented access control: Distributed access control for the Internet of Things
Ensuring that data and devices are secure is of critical importance to information technology. While access control has held a key role in traditional computer security, its role in the evolving Internet of Things is less clear. In particular, the access control literature has suggested that new challenges, such as multi-user controls, fine-grained controls, and dynamic controls, prompt a foundational re-thinking of access control. We analyse these challenges, finding instead that the main foundational challenge posed by the Internet of Things involves decentralization: accurately describing access control in Internet of Things environments (e.g., the Smart Home) requires a new model of multiple, independent access control systems. To address this challenge, we propose a meta-model (i.e., a model of models): Smart Object-Oriented Access Control (SOOAC). This model is an extension of the XACML framework, built from principles relating to modularity adapted from object-oriented programming and design.
SOOAC draws attention to a new class of problem involving the resolution of policy conflicts that emerge from the interaction of smart devices in the home. Contrary to traditional (local) policy conflicts, these global policy conflicts emerge when contradictory policies exist across multiple access control systems. We give a running example of a global policy conflict involving transitive access. To automatically avoid global policy conflicts before they arise, we extend SOOAC with a recursive algorithm through which devices communicate access requests before allowing or denying access themselves. This algorithm ensures that both individual devices and the collective smart home are secure. We implement SOOAC within a prototype smart home and assess its validity in terms of effectiveness and efficiency. Our analysis shows that SOOAC is successful at avoiding policy conflicts before they emerge, in real time. Finally, we explore improvements that can be made to SOOAC and suggest directions for future work
- …