The Dilemma of Security Smells and How to Escape It

A single mobile app can now be more complex than entire operating systems ten years ago, thus security becomes a major concern for mobile apps. Unfortunately, previous studies focused rather on particular aspects of mobile application security and did not provide a holistic overview of security issues. Therefore, they could not accurately understand the fundamental flaws to propose effective solutions to common security problems. In order to understand these fundamental flaws, we followed a hybrid strategy, i.e., we collected reported issues from existing work, and we actively identified security-related code patterns that violate best practices in software development. We further introduced the term ``security smell,'' i.e., a security issue that could potentially lead to a vulnerability. As a result, we were able to establish comprehensive security smell catalogues for Android apps and related components, i.e., inter-component communication, web communication, app servers, and HTTP clients. Furthermore, we could identify a dilemma of security smells, because most security smells require unique fixes that increase the code complexity, which in return increases the risk of introducing more security smells. With this knowledge, we investigate the interaction of our security smells with the 192 Mitre CAPEC attack mechanism categories of which the majority could be mitigated with just a few additional security measures. These measures, a String class with behavior and the more thorough use of secure default values and paradigms, would simplify the application logic and at the same time largely increase security if implemented appropriately. We conclude that application security has to focus on the String class, which has not largely changed over the last years, and secure default values and paradigms since they are the smallest common denominator for a strong foundation to build resilient applications. Moreover, we provide an initial implementation for a String class with behavior, however the further exploration remains future work. Finally, the term ``security smell'' is now widely used in academia and eases the communication among security researchers

The Dilemma of Security Smells and How to Escape It

A single mobile app can now be more complex than entire operating systems ten years ago, thus security becomes a major concern for mobile apps. Unfortunately, previous studies focused rather on particular aspects of mobile application security and did not provide a holistic overview of security issues. Therefore, they could not accurately understand the fundamental flaws to propose effective solutions to common security problems. In order to understand these fundamental flaws, we followed a hybrid strategy, i.e., we collected reported issues from existing work, and we actively identified security-related code patterns that violate best-practices in software development. Based on these findings, we compiled a list of security smells, i.e., security issues that could potentially lead to a vulnerability. As a result, we were able to establish comprehensive security smell catalogues for Android apps and related components, i.e., inter-component communication, web communication, app servers, and HTTP clients. Furthermore, we could identify a dilemma of security smells, because most security smells require unique fixes that increase the code complexity, which in return increases the risk of introducing more security smells. With this knowledge, we investigate the interaction of our security smells with the 192 Mitre CAPEC attack mechanism categories of which the majority could be mitigated with just a few additional security measures. These measures, a String class with behavior and the more thorough use of secure default values and paradigms, would simplify the application logic and at the same time largely increase security if implemented appropriately. We conclude that application security has to focus on the String class, which has not largely changed over the last years, and secure default values and paradigms since they are the smallest common denominator for a strong foundation to build resilient applications. Moreover, we provide an initial implementation for a String class with behavior, however the further exploration remains future work. Finally, the term "security smell" is now widely used in academia and eases the communication among security researchers

Improving Usability of Mobile Applications Through Speculation and Distraction Minimization

We live in a world where mobile computing systems are increasingly integrated with our day-to-day activities. People use mobile applications virtually everywhere they go, executing them on mobile devices such as smartphones, tablets, and smart watches. People commonly interact with mobile applications while performing other primary tasks such as walking and driving (e.g., using turn-by-turn directions while driving a car). Unfortunately, as an application becomes more mobile, it can experience resource scarcity (e.g., poor wireless connectivity) that is atypical in a traditional desktop environment. When critical resources become scarce, the usability of the mobile application deteriorates significantly. In this dissertation, I create system support that enables users to interact smoothly with mobile applications when wireless network connectivity is poor and when the user’s attention is limited. First, I show that speculative execution can mitigate user-perceived delays in application responsiveness caused by high-latency wireless network connectivity. I focus on cloud-based gaming, because the smooth usability of such application is highly dependent on low latency. User studies have shown that players are sensitive to as little as 60 ms of additional latency and are aggravated at latencies in excess of 100ms. For cloud-based gaming, which relies on powerful servers to generate high-graphics quality gaming content, a slow network frustrates the user, who must wait a long time to see input actions reflected in the game. I show that by predicting the user’s future gaming inputs and by performing visual misprediction compensation at the client, cloud-based gaming can maintain good usability even with 120 ms of network latency. Next, I show that the usability of mobile applications in an attention-limited environment (i.e., driving a vehicle) can be improved by automatically checking whether interfaces meet best-practice guidelines and by adding attention-aware scheduling of application interactions. When a user is driving, any application that demands too much attention is an unsafe distraction. I first develop a model checker that systematically explores all reachable screens for an application and determines whether the application conforms to best-practice vehicular UI guidelines. I find that even well- known vehicular applications (e.g., Google Maps and TomTom) can often demand too much of the driver’s attention. Next, I consider the case where applications run in the background and initiate interactions with the driver. I show that by quantifying the driver’s available attention and the attention demand of an interaction, real-time scheduling can be used to prevent attention overload in varying driving conditions.PHDComputer Science & EngineeringUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttps://deepblue.lib.umich.edu/bitstream/2027.42/136989/1/kyminlee_1.pd

MediaSync: Handbook on Multimedia Synchronization

This book provides an approachable overview of the most recent advances in the fascinating field of media synchronization (mediasync), gathering contributions from the most representative and influential experts. Understanding the challenges of this field in the current multi-sensory, multi-device, and multi-protocol world is not an easy task. The book revisits the foundations of mediasync, including theoretical frameworks and models, highlights ongoing research efforts, like hybrid broadband broadcast (HBB) delivery and users' perception modeling (i.e., Quality of Experience or QoE), and paves the way for the future (e.g., towards the deployment of multi-sensory and ultra-realistic experiences). Although many advances around mediasync have been devised and deployed, this area of research is getting renewed attention to overcome remaining challenges in the next-generation (heterogeneous and ubiquitous) media ecosystem. Given the significant advances in this research area, its current relevance and the multiple disciplines it involves, the availability of a reference book on mediasync becomes necessary. This book fills the gap in this context. In particular, it addresses key aspects and reviews the most relevant contributions within the mediasync research space, from different perspectives. Mediasync: Handbook on Multimedia Synchronization is the perfect companion for scholars and practitioners that want to acquire strong knowledge about this research area, and also approach the challenges behind ensuring the best mediated experiences, by providing the adequate synchronization between the media elements that constitute these experiences

Non-Hierarchical Networks for Censorship-Resistant Personal Communication.

The Internet promises widespread access to the world’s collective information and fast communication among people, but common government censorship and spying undermines this potential. This censorship is facilitated by the Internet’s hierarchical structure. Most traffic flows through routers owned by a small number of ISPs, who can be secretly coerced into aiding such efforts. Traditional crypographic defenses are confusing to common users. This thesis advocates direct removal of the underlying heirarchical infrastructure instead, replacing it with non-hierarchical networks. These networks lack such chokepoints, instead requiring would-be censors to control a substantial fraction of the participating devices—an expensive proposition. We take four steps towards the development of practical non-hierarchical networks. (1) We first describe Whisper, a non-hierarchical mobile ad hoc network (MANET) architecture for personal communication among friends and family that resists censorship and surveillance. At its core are two novel techniques, an efficient routing scheme based on the predictability of human locations anda variant of onion-routing suitable for decentralized MANETs. (2) We describe the design and implementation of Shout, a MANET architecture for censorship-resistant, Twitter-like public microblogging. (3) We describe the Mason test, amethod used to detect Sybil attacks in ad hoc networks in which trusted authorities are not available. (4) We characterize and model the aggregate behavior of Twitter users to enable simulation-based study of systems like Shout. We use our characterization of the retweet graph to analyze a novel spammer detection technique for Shout.PhDComputer Science & EngineeringUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttp://deepblue.lib.umich.edu/bitstream/2027.42/107314/1/drbild_1.pd

A design space for social object labels in museums

Taking a problematic user experience with ubiquitous annotation as its point of departure, this thesis defines and explores the design space for Social Object Labels (SOLs), small interactive displays aiming to support users' in-situ engagement with digital annotations of physical objects and places by providing up-to-date information before, during and after interaction. While the concept of ubiquitous annotation has potential applications in a wide range of domains, the research focuses in particular on SOLs in a museum context, where they can support the institution's educational goals by engaging visitors in the interpretation of exhibits and providing a platform for public discourse to complement official interpretations provided on traditional object labels. The thesis defines and structures the design space for SOLs, investigates how they can support social interpretation in museums and develops empirically validated design recommendations. Reflecting the developmental character of the research, it employs Design Research as a methodological framework, which involves the iterative development and evaluation of design artefacts together with users and other stakeholders. The research identifies the particular characteristics of SOLs and structures their design space into ten high-level aspects, synthesised from taxonomies and heuristics for similar display concepts and complemented with aspects emerging from the iterative design and evaluation of prototypes. It presents findings from a survey exploring visitors' mental models, preferences and expectations of commenting in museums and translates them into requirements for SOLs. It reports on scenario-based design activities, expert interviews with museum professionals, formative user studies and co-design sessions, and two empirical evaluations of SOL prototypes in a gallery environment. Pulling together findings from these research activities it then formulates design recommendations for SOLs and supports them with related evidence and implementation examples. The main contributions are (i) to delineate and structure the design space for SOLs, which helps to ground SOLs in the literature and understand them as a distinct display concept with its own characteristics; (ii) to explore, for the first time, a visitor perspective on commenting in museums, which can inform research, development and policies on user-generated content in museums and the wider cultural heritage sector; (iii) to develop empirically validated design recommendations, which can inform future research and development into SOLs and related display concept. The thesis concludes by summarising findings in relation to its stated research questions, restating its contributions from ubiquitous computing, domain and methodology perspectives, and discussing open issues and future work

Optimising route comfort indices for neonatal transfers by road

The risk of severe brain injuries in sick premature infants increases when transferred between hospitals. Causality is uncertain, but stress levels are elevated during ambulance journeys; potentially due to excessive levels of noise and vibration. It has been proposed that reducing these levels would reduce the risk, with one prospective method being comfort-optimised navigation. An Android app was developed that logs noise level, Inertial Measurement Unit (IMU) and location data during journeys, sampling at the fastest rates possible depending on the hardware and firmware. The smartphone used during development was found to sample noise levels accurate to 0.3 dB up to 80 dB(A) and accelerations accurate to 10\% up to 40~Hz, although considerable jitter was present in the IMU sampling. Recorded data were shown to be repeatable for multiple passes over the same stretch of road (acceleration interquartile range (IQR): 0.14ms^{-2}; noise IQR: 2.8 dB). Data were influenced by both supplementary audio and the smartphone model so an initial idea of gathering data through public engagement was determined unsuitable. Controlled collection of data was planned, utilising the neonatal ambulances operated by CenTre Neonatal Transport (CenTre). A new smartphone model was identified that was capable of sampling accelerations at a sufficient rate to comply with the "Evaluation of human exposure to whole-body vibration" standard, ISO 2631. This model also had greater processing power than the previous model used during initial testing, resulting in reduced jitter, and was found to provide more accurate accelerations (within 5% up to 55 Hz). Logging of periods before and after each journey was added along with meta-data describing each journey. Journeys performed by CenTre were recorded over the course of 12 months. Recorded variables were supplemented by calculation of ISO-weighted vibration parameters. The final dataset comprises 1,487 journeys over 81,901 km and 1,318 hours. Strong similarities between meta-data and officially reported transport data suggested there was no bias in the journeys that the staff recorded. Roads driven between Nottingham City Hospital (NCH) and Leicester Royal Infirmary (LRI) were chosen as a case study. Data from 588 journeys contributed towards the analysis. A range of metrics, derived from previous studies and adult standards, were used to assess the roads of the NCH to LRI network. Both speed and road classification were found to influence vibration and noise level, however the influence could not be separated due to the inherent link between both parameters. All routes involved either use of motorway or a concrete A-road, with the latter producing worse vibration. Although individual road sections varied, differences were reduced between the routes. Assessments were also performed of the metrics at each of the 42 hospitals (36 departing; 38 arriving) present in the data. Results were similar between hospitals, but differed between loading and unloading phases. High magnitude shocks were more abundant during the loading phases, whereas low impact vibrations were more frequent during unloading. Both phases registered greater shocks than those found during journeys. In summary, this work provides a low-cost method of obtaining large amounts of data describing the ambulance environment without requiring any technical knowledge to operate. The theory that the physical environment could be altered through routing has also been confirmed. The data collected during this work could be utilised in the future to aid determination of neonatal responses and subsequently establish optimal routes