Third Revolution Digital Technology in Disaster Early Warning

Networking societies with electronic based technologies can change social morphology, where key social structures and activities are organized around electronically processed information networks. The application of information and communications technologies (ICT) has been shown to have a positive impact across the emergency or disaster lifecycle. For example, utility of mobile, internet and social network technology, commercial and amateur radio networks, television and video networks and open access technologies for processing data and distributing information can be highlighted. Early warning is the key function during an emergency. Early warning system is an interrelated set of hazard warning, risk assessment, communication and preparedness activities that enable individuals, communities, businesses and others to take timely action to reduce their risks. Third revolution digital technology with semantic features such as standard protocols can facilitate standard data exchange therefore proactive decision making. As a result, people belong to any given hierarchy can access the information simultaneously and make decisions on their own challenging the traditional power relations. Within this context, this paper attempts to explore the use of third revolution digital technology for improving early warning

IIFA: Modular Inter-app Intent Information Flow Analysis of Android Applications

Android apps cooperate through message passing via intents. However, when apps do not have identical sets of privileges inter-app communication (IAC) can accidentally or maliciously be misused, e.g., to leak sensitive information contrary to users expectations. Recent research considered static program analysis to detect dangerous data leaks due to inter-component communication (ICC) or IAC, but suffers from shortcomings with respect to precision, soundness, and scalability. To solve these issues we propose a novel approach for static ICC/IAC analysis. We perform a fixed-point iteration of ICC/IAC summary information to precisely resolve intent communication with more than two apps involved. We integrate these results with information flows generated by a baseline (i.e. not considering intents) information flow analysis, and resolve if sensitive data is flowing (transitively) through components/apps in order to be ultimately leaked. Our main contribution is the first fully automatic sound and precise ICC/IAC information flow analysis that is scalable for realistic apps due to modularity, avoiding combinatorial explosion: Our approach determines communicating apps using short summaries rather than inlining intent calls, which often requires simultaneously analyzing all tuples of apps. We evaluated our tool IIFA in terms of scalability, precision, and recall. Using benchmarks we establish that precision and recall of our algorithm are considerably better than prominent state-of-the-art analyses for IAC. But foremost, applied to the 90 most popular applications from the Google Playstore, IIFA demonstrated its scalability to a large corpus of real-world apps. IIFA reports 62 problematic ICC-/IAC-related information flows via two or more apps/components

Analyzing Android Browser Apps for file:// Vulnerabilities

Securing browsers in mobile devices is very challenging, because these browser apps usually provide browsing services to other apps in the same device. A malicious app installed in a device can potentially obtain sensitive information through a browser app. In this paper, we identify four types of attacks in Android, collectively known as FileCross, that exploits the vulnerable file:// to obtain users' private files, such as cookies, bookmarks, and browsing histories. We design an automated system to dynamically test 115 browser apps collected from Google Play and find that 64 of them are vulnerable to the attacks. Among them are the popular Firefox, Baidu and Maxthon browsers, and the more application-specific ones, including UC Browser HD for tablet users, Wikipedia Browser, and Kids Safe Browser. A detailed analysis of these browsers further shows that 26 browsers (23%) expose their browsing interfaces unintentionally. In response to our reports, the developers concerned promptly patched their browsers by forbidding file:// access to private file zones, disabling JavaScript execution in file:// URLs, or even blocking external file:// URLs. We employ the same system to validate the ten patches received from the developers and find one still failing to block the vulnerability.Comment: The paper has been accepted by ISC'14 as a regular paper (see https://daoyuan14.github.io/). This is a Technical Report version for referenc

Federated Robust Embedded Systems: Concepts and Challenges

The development within the area of embedded systems (ESs) is moving rapidly, not least due to falling costs of computation and communication equipment. It is believed that increased communication opportunities will lead to the future ESs no longer being parts of isolated products, but rather parts of larger communities or federations of ESs, within which information is exchanged for the benefit of all participants. This vision is asserted by a number of interrelated research topics, such as the internet of things, cyber-physical systems, systems of systems, and multi-agent systems. In this work, the focus is primarily on ESs, with their specific real-time and safety requirements. While the vision of interconnected ESs is quite promising, it also brings great challenges to the development of future systems in an efficient, safe, and reliable way. In this work, a pre-study has been carried out in order to gain a better understanding about common concepts and challenges that naturally arise in federations of ESs. The work was organized around a series of workshops, with contributions from both academic participants and industrial partners with a strong experience in ES development. During the workshops, a portfolio of possible ES federation scenarios was collected, and a number of application examples were discussed more thoroughly on different abstraction levels, starting from screening the nature of interactions on the federation level and proceeding down to the implementation details within each ES. These discussions led to a better understanding of what can be expected in the future federated ESs. In this report, the discussed applications are summarized, together with their characteristics, challenges, and necessary solution elements, providing a ground for the future research within the area of communicating ESs

After Over-Privileged Permissions: Using Technology and Design to Create Legal Compliance

Consumers in the mobile ecosystem can putatively protect their privacy with the use of application permissions. However, this requires the mobile device owners to understand permissions and their privacy implications. Yet, few consumers appreciate the nature of permissions within the mobile ecosystem, often failing to appreciate the privacy permissions that are altered when updating an app. Even more concerning is the lack of understanding of the wide use of third-party libraries, most which are installed with automatic permissions, that is permissions that must be granted to allow the application to function appropriately. Unsurprisingly, many of these third-party permissions violate consumers’ privacy expectations and thereby, become “over-privileged” to the user. Consequently, an obscurity of privacy expectations between what is practiced by the private sector and what is deemed appropriate by the public sector is exhibited. Despite the growing attention given to privacy in the mobile ecosystem, legal literature has largely ignored the implications of mobile permissions. This article seeks to address this omission by analyzing the impacts of mobile permissions and the privacy harms experienced by consumers of mobile applications. The authors call for the review of industry self-regulation and the overreliance upon simple notice and consent. Instead, the authors set out a plan for greater attention to be paid to socio-technical solutions, focusing on better privacy protections and technology embedded within the automatic permission-based application ecosystem

Improving patient-provider communication about chronic pain: development and feasibility testing of a shared decision-making tool

BACKGROUND: Chronic pain has emerged as a disease in itself, affecting a growing number of people. Effective patient-provider communication is central to good pain management because pain can only be understood from the patient\u27s perspective. We aimed to develop a user-centered tool to improve patient-provider communication about chronic pain and assess its feasibility in real-world settings in preparation for further evaluation and distribution. METHODS: To identify and prioritize patient treatment goals for chronic pain, strategies to improve patient-provider communication about chronic pain, and facilitate implementation of the tool, we conducted nominal group technique meetings and card sorting with patients with chronic pain and experienced providers (n = 12). These findings informed the design of the PainAPP tool. Usability and beta-testing with patients (n = 38) and their providers refined the tool and assessed its feasibility, acceptability, and preliminary impact. RESULTS: Formative work revealed that patients felt neither respected nor trusted by their providers and focused on transforming providers\u27 negative attitudes towards them, whereas providers focused on gathering patient information. PainAPP incorporated areas prioritized by patients and providers: assessing patient treatment goals and preferences, functional abilities and pain, and providing patients tailored education and an overall summary that patients can share with providers. Beta-testing involved 38 patients and their providers. Half of PainAPP users shared their summaries with their providers. Patients rated PainAPP highly in all areas. All users would recommend it to others with chronic pain; nearly all trusted the information and said it helped them think about my treatment goals (94%), understand my chronic pain (82%), make the most of my next doctor\u27s visit (82%), and not want to use opioids (73%). Beta-testing revealed challenges delivering the tool and summary report to patients and providers in a timely manner and obtaining provider feedback. CONCLUSIONS: PainAPP appears feasible for use, but further adaptation and testing is needed to assess its impact on patients and providers. TRIAL REGISTRATION: This study was approved by the University of New England Independent Review Board for the Protection of Human Subjects in Research (012616-019) and was registered with ClinicalTrials.gov (protocol ID: NCT03425266) prior to enrollment. The trial was prospectively registered and was approved on February 7, 2018

Data, Data Everywhere, and Still Too Hard to Link: Insights from User Interactions with Diabetes Apps

For those with chronic conditions, such as Type 1 diabetes, smartphone apps offer the promise of an affordable, convenient, and personalized disease management tool. How- ever, despite significant academic research and commercial development in this area, diabetes apps still show low adoption rates and underwhelming clinical outcomes. Through user-interaction sessions with 16 people with Type 1 diabetes, we provide evidence that commonly used interfaces for diabetes self-management apps, while providing certain benefits, can fail to explicitly address the cognitive and emotional requirements of users. From analysis of these sessions with eight such user interface designs, we report on user requirements, as well as interface benefits, limitations, and then discuss the implications of these findings. Finally, with the goal of improving these apps, we identify 3 questions for designers, and review for each in turn: current shortcomings, relevant approaches, exposed challenges, and potential solutions