User-activity aware strategies for mobile information access

Information access suffers tremendously in wireless networks because of the low correlation between content transferred across low-bandwidth wireless links and actual data used to serve user requests. As a result, conventional content access mechanisms face such problems as unnecessary bandwidth consumption and large response times, and users experience significant performance degradation. In this dissertation, we analyze the cause of those problems and find that the major reason for inefficient information access in wireless networks is the absence of any user-activity awareness in current mechanisms. To solve these problems, we propose three user-activity aware strategies for mobile information access. Through simulations and implementations, we show that our strategies can outperform conventional information access schemes in terms of bandwidth consumption and user-perceived response times.Ph.D.Committee Chair: Raghupathy Sivakumar; Committee Member: Chuanyi Ji; Committee Member: George Riley; Committee Member: Magnus Egerstedt; Committee Member: Umakishore Ramachandra

Before-Commit Client State Management Services for AJAX Applications

Heavily script-based browser applications change the manner in which users interact with Web browsers. Instead of downloading a succession of HTML pages, users download a single application and use that application for a long period of time. The application is not a set of HTML pages, but rather a single page that can possible modify its own presentation based on data exchanged with a server. In such an environment, it is necessary to provide some means for the client to manage its own state. We describe the initial results of our work in providing client-side state management services for these script-based applications. We focus on browser-based services that can help the user before any data is committed on the server. Our services include state checkpointing, property binding, operation logging, operational replay, ATOM/RSS data updates, and application-controlled persistence

UNCOVERING AND MITIGATING UNSAFE PROGRAM INTEGRATIONS IN ANDROID

Android’s design philosophy encourages the integration of resources and functionalities from multiple parties, even with different levels of trust. Such program integrations, on one hand, connect every party in the Android ecosystem tightly on one single device. On the other hand, they can also pose severe security problems, if the security design of the underlying integration schemes is not well thought-out. This dissertation systematically evaluates the security design of three integration schemes on Android, including framework module, framework proxy and 3rd-party code embedding. With the security risks identified in each scheme, it concludes that program integrations on Android are unsafe. Furthermore, new frameworks have been designed and implemented to detect and mitigate the threats. The evaluation results on the prototypes have demonstrated their effectiveness

An Analysis of Modern Password Manager Security and Usage on Desktop and Mobile Devices

Security experts recommend password managers to help users generate, store, and enter strong, unique passwords. Prior research confirms that managers do help users move towards these objectives, but it also identified usability and security issues that had the potential to leak user data or prevent users from making full use of their manager. In this dissertation, I set out to measure to what extent modern managers have addressed these security issues on both desktop and mobile environments. Additionally, I have interviewed individuals to understand their password management behavior. I begin my analysis by conducting the first security evaluation of the full password manager lifecycle (generation, storage, and autofill) on desktop devices, including the creation and analysis of a corpus of 147 million generated passwords. My results show that a small percentage of generated passwords are weak against both online and offline attacks, and that attacks against autofill mechanisms are still possible in modern managers. Next, I present a comparative analysis of autofill frameworks on iOS and Android. I find that these frameworks fail to properly verify webpage security and identify a new class of phishing attacks enabled by incorrect handling of autofill within WebView controls hosted in apps. Finally, I interview users of third-party password managers to understand both how and why they use their managers as they do. I find evidence that many users leverage multiple password managers to address issues with existing managers, as well as provide explanations for why password reuse continues even in the presence of a password manager. Based on these results, I conclude with recommendations addressing the attacks and usability issues identified in this work

Cheating Prevention in E-proctoring Systems Using Secure Exam Browsers: A Case Study

In this research, a case study has been conducted to analyze the possibility of preventing cheating or reducing it by using one of the lockdown browsers during the exam. An e-exam has been created using Moodle platform, and the exam has been conducted with the Safe Exam Browser (SEB) as a restriction program at one time and without it at another time, and an analysis has been made of the extent of the possibility of cheating during the exam for both cases. Wireshark and Registry Changes View programs have been used to observe the possibility of opening programs and applications or the ability of the examinee to use Windows tools during the exam. The use of Wireshark and Registry Changes View software showed high effectiveness in analyzing the examinee's device data and identifying the examinee's activity during the electronic exam, to give a clear perception of the possibility of preventing access to resources and applications on the examinee's device. The researchers concluded that the use of lockdown browsers is very necessary to prevent the examinee from accessing the resources on his device, which leads to a significant reduction in cheating during the electronic exam. The research contributions are two, the first one is the use of analyzing programs to observe the examinee`s activity during the exam, and the second one is presenting the lockdown browsers` features

Administration Service for the Tourist Information System (TIP)

The modern day tourists do not want to deal with the hassle of using a large number of travel guides and paper maps while travelling. They would prefer to be able to access required information via their mobile phones or Personal Digital Assistants (PDAs). We realise that the delivered information may be originally available in numerous information formats. To support the administrator of the tourist guides the programme is required to help sorting information from these different sources and to help inserting them into a system. Our goal with this project is to develop a software support for processing information import via a graphical user interface, to support the administrator in identifying and extracting the appropriate sight information from various resources. The interface also helps in transferring and storing the structured and unstructured data into the TIP database

Mobile Usability: An Experiment to Check Whether Current Mobile Devices are Ready to Support Frames and iFrames

Frames have traditionally been identified as a usability issue in websites for computers. Literature points out that they may also be a problem for mobile websites but no studies have been carried out to prove it. Since mobile devices have changed a lot in recent years, it is necessary to check whether frames are still a problem for those devices. In this paper we have performed an experiment with twenty-two mobile devices, to test whether the content can be showed in their browsers, as well as their behavior with different configuration of frames and iframes and whether behavior of bookmarks and the back button is correct or not. The results show that frames and iframes should be avoided in mobile devices because they can cause many problems, which are explained in detail in this paper

To study the application of Data Visualization and Analysis tools

In today’s world the amount of data has been exploding. Companies capture trillions of bytes of information every day about their customers, suppliers, and operations. Physical devices such as mobile phones, smart phones, and various other communicating devices generate loads of data similarly data on social networking sites will continue to grow.            Large pools of data that can be captured, communicated, aggregated, stored, and analyzed—is now part of every sector and function of the global economy. Hence it’s high time to preserve and secure this data and apply tools that can better visualize and analyse data.There are many data visualizing and analytical tools available in the market today and analyst are still working to improve these tools. In this paper we present a brief review of most of the data visualization and analysis tools. We have focused on two such tools i.e. “Data Wrangler†and “Tableau Publicâ€. Wrangler combines direct manipulation of visualized data, enabling analysts to iteratively explore the space of applicable operations and preview their effects. Through the case study presented in the paper we have shown that Wrangler significantly reduces editing time as compared to manual editing and one can focus and spend more time on analysis instead of editing.†Tableau Public†turns data into any number of visualizations from simple to complex. It also provides drag and drop options into work area which we have applied on the data and presented in this paper