Danger is My Middle Name: Experimenting with SSL Vulnerabilities in Android Apps

This paper presents a measurement study of information leakage and SSL vulnerabilities in popular Android apps. We perform static and dynamic analysis on 100 apps, downloaded at least 10M times, that request full network access. Our experiments show that, although prior work has drawn a lot of attention to SSL implementations on mobile platforms, several popular apps (32/100) accept all certificates and all hostnames, and four actually transmit sensitive data unencrypted. We set up an experimental testbed simulating man-in-the-middle attacks and find that many apps (up to 91% when the adversary has a certificate installed on the victim's device) are vulnerable, allowing the attacker to access sensitive information, including credentials, files, personal details, and credit card numbers. Finally, we provide a few recommendations to app developers and highlight several open research problems.Comment: A preliminary version of this paper appears in the Proceedings of ACM WiSec 2015. This is the full versio

Towards an Open Platform for Legal Information

Recent advances in the area of legal information systems have led to a variety of applications that promise support in processing and accessing legal documents. Unfortunately, these applications have various limitations, e.g., regarding scope or extensibility. Furthermore, we do not observe a trend towards open access in digital libraries in the legal domain as we observe in other domains, e.g., economics of computer science. To improve open access in the legal domain, we present our approach for an open source platform to transparently process and access Legal Open Data. This enables the sustainable development of legal applications by offering a single technology stack. Moreover, the approach facilitates the development and deployment of new technologies. As proof of concept, we implemented six technologies and generated metadata for more than 250,000 German laws and court decisions. Thus, we can provide users of our platform not only access to legal documents, but also the contained information.Comment: Accepted at ACM/IEEE Joint Conference on Digital Libraries (JCDL) 202

Academic Use of Open Digital Archives

Open access academic archives are the proper instrument to make visible the majority of the coursework done during the years and to propagate the results of already paid research activities, thus raising their value. By offering proper services, archives become the media which facilitates the forming of interim research and learning societies among students and teachers. This is the way to achieve an improved management of intellectual assets of the whole university community. In this paper the authors try to summarize the advantages of open access university archives and to discuss some issues arising from rules for deploying and accessing course materials and research papers. ACM Classification Keywords. H3.5 On-line information services– Data sharing; H3.7 Digital libraries-Collection

First Women, Second Sex: Gender Bias in Wikipedia

Contributing to history has never been as easy as it is today. Anyone with access to the Web is able to play a part on Wikipedia, an open and free encyclopedia. Wikipedia, available in many languages, is one of the most visited websites in the world and arguably one of the primary sources of knowledge on the Web. However, not everyone is contributing to Wikipedia from a diversity point of view; several groups are severely underrepresented. One of those groups is women, who make up approximately 16% of the current contributor community, meaning that most of the content is written by men. In addition, although there are specific guidelines of verifiability, notability, and neutral point of view that must be adhered by Wikipedia content, these guidelines are supervised and enforced by men. In this paper, we propose that gender bias is not about participation and representation only, but also about characterization of women. We approach the analysis of gender bias by defining a methodology for comparing the characterizations of men and women in biographies in three aspects: meta-data, language, and network structure. Our results show that, indeed, there are differences in characterization and structure. Some of these differences are reflected from the off-line world documented by Wikipedia, but other differences can be attributed to gender bias in Wikipedia content. We contextualize these differences in feminist theory and discuss their implications for Wikipedia policy.Comment: 10 pages, ACM style. Author's version of a paper to be presented at ACM Hypertext 201

A systematic literature review of cloud computing in eHealth

Cloud computing in eHealth is an emerging area for only few years. There needs to identify the state of the art and pinpoint challenges and possible directions for researchers and applications developers. Based on this need, we have conducted a systematic review of cloud computing in eHealth. We searched ACM Digital Library, IEEE Xplore, Inspec, ISI Web of Science and Springer as well as relevant open-access journals for relevant articles. A total of 237 studies were first searched, of which 44 papers met the Include Criteria. The studies identified three types of studied areas about cloud computing in eHealth, namely (1) cloud-based eHealth framework design (n=13); (2) applications of cloud computing (n=17); and (3) security or privacy control mechanisms of healthcare data in the cloud (n=14). Most of the studies in the review were about designs and concept-proof. Only very few studies have evaluated their research in the real world, which may indicate that the application of cloud computing in eHealth is still very immature. However, our presented review could pinpoint that a hybrid cloud platform with mixed access control and security protection mechanisms will be a main research area for developing citizen centred home-based healthcare applications

The perioperative use of oral anticoagulants during surgical procedures for carpal tunnel syndrome. A preliminary study

Contains fulltext : 87781.pdf (publisher's version ) (Closed access)BACKGROUND: To evaluate the feasibility of designing a randomized controlled study whether open carpal tunnel release (OCTR) surgery can be performed safely under systemic anticoagulant therapy using acetylsalicylacid (ASA) or acenocoumarol (ACM), this preliminary, observational study was performed. METHODS: Prospectively, during 1 year, data were collected from all patients who underwent conventional OCTR at the neurosurgical department of the Canisius Wilhelmina Hospital, Nijmegen, The Netherlands. Patients continued anticoagulant treatment perioperatively. RESULTS: A total of 364 patients were operated on, of whom 45 continued ASA and seven ACM treatment. Only one patient using ASA complained of a postoperative subcutaneous hemorrhage. In the control group without anticoagulants, none of the patients had a bleeding postoperatively. CONCLUSION: Continuation of anticoagulant treatment is safe for OCTR. The adverse effects of stopping treatment for surgery can be severe. As a result of this study, we have changed our surgery protocol for OCTR and continue anticoagulant treatment perioperatively.1 juli 201

Emerging Topics in Textual Modelling

This is the final version. Available on open access via the link in this recordOCL 2019: Object Constraint Language and Textual Modeling 2019. 19th International Workshop in OCL and Textual Modeling (OCL 2019) co-located with IEEE/ACM 22nd International Conference on Model Driven Engineering Languages and Systems (MODELS 2019), 16 September 2019, Munich, GermanyThe 19th edition of the OCL workshop featured a lightning talk session where authors were invited to present their recent work and open questions related to textual modeling in general and OCL in particular. These 5 minute presentations triggered fruitful discussions within the OCL community on the usage of textual modeling, model validation, and specific technical points of the OCL specification. This community paper provides an overview of the presented contributions (one per section), as well as a summary of the questions and discussions they have triggered during the session

The complexity of resolving conflicts on MAC

We consider the fundamental problem of multiple stations competing to transmit on a multiple access channel (MAC). We are given $n$ stations out of which at most $d$ are active and intend to transmit a message to other stations using MAC. All stations are assumed to be synchronized according to a time clock. If $l$ stations node transmit in the same round, then the MAC provides the feedback whether $l=0$, $l=2$ (collision occurred) or $l=1$. When $l=1$, then a single station is indeed able to successfully transmit a message, which is received by all other nodes. For the above problem the active stations have to schedule their transmissions so that they can singly, transmit their messages on MAC, based only on the feedback received from the MAC in previous round. For the above problem it was shown in [Greenberg, Winograd, {\em A Lower bound on the Time Needed in the Worst Case to Resolve Conflicts Deterministically in Multiple Access Channels}, Journal of ACM 1985] that every deterministic adaptive algorithm should take $\Omega(d (\lg n)/(\lg d))$ rounds in the worst case. The fastest known deterministic adaptive algorithm requires $O(d \lg n)$ rounds. The gap between the upper and lower bound is $O(\lg d)$ round. It is substantial for most values of $d$: When $d =$ constant and $d \in O(n^{\epsilon})$ (for any constant $\epsilon \leq 1$, the lower bound is respectively $O(\lg n)$ and O(n), which is trivial in both cases. Nevertheless, the above lower bound is interesting indeed when $d \in$ poly($\lg n$). In this work, we present a novel counting argument to prove a tight lower bound of $\Omega(d \lg n)$ rounds for all deterministic, adaptive algorithms, closing this long standing open question.}Comment: Xerox internal report 27th July; 7 page