Paranoid operative system methodology for anonymous & secure web browsing, doctoral project

Recently the world knew by the media, that its leading nations follow closely their citizens, disregarding any moral and technological threshold, that internal and external security agencies in the USA and Europe closely follow telephone conversations, e-mail, web traffic of their counterparts, using powerful monitoring and surveillance programs. In other corners of the globe nations in turmoil or wrapped in the cloak of censorship persecute and deny uncontrolled web access without harmful repercussions to their citizens. This work is a research-in-progress project and consists in showing the research done so far to develop a methodology. This consists in the construction of an operative system with an academic scientific source that permits a secure and anonymous use of the web. For such methodology, first is required to comprehend and get acquaintance with the technologies that controls usage of web consumers, solutions that enable and grant some anonymity and security in web traffic

Trusted S/MIME Gateways

The utility of Web-based email clients is clear: a user is able to access their email account from any computer anywhere at any time. However, this option is unavailable to users whose security depends on their key pair being stored either on their local computer or in their browser. Our implementation seeks to solve two problems with secure email services. The first that of mobility: users must have access to their key pairs in order to perform the necessary cryptographic operations. The second is one of transition: initially, users would not want to give up their regular email clients. Keeping these two restrictions in mind, we decided on the implementation of a secure gateway system that works in conjunction with an existing mail server and client. Our result is PKIGate, an S/MIME gateway that uses the DigitalNet (formerly Getronics) S/MIME Freeware Library and IBM\u27s 4758 secure coprocessor. This thesis presents motivations for the project, a comparison with similar existing products, software and hardware selection, the design, use case scenarios, a discussion of implementation issues, and suggestions for future work

Quire: Lightweight Provenance for Smart Phone Operating Systems

Smartphone apps often run with full privileges to access the network and sensitive local resources, making it difficult for remote systems to have any trust in the provenance of network connections they receive. Even within the phone, different apps with different privileges can communicate with one another, allowing one app to trick another into improperly exercising its privileges (a Confused Deputy attack). In Quire, we engineered two new security mechanisms into Android to address these issues. First, we track the call chain of IPCs, allowing an app the choice of operating with the diminished privileges of its callers or to act explicitly on its own behalf. Second, a lightweight signature scheme allows any app to create a signed statement that can be verified anywhere inside the phone. Both of these mechanisms are reflected in network RPCs, allowing remote systems visibility into the state of the phone when an RPC is made. We demonstrate the usefulness of Quire with two example applications. We built an advertising service, running distinctly from the app which wants to display ads, which can validate clicks passed to it from its host. We also built a payment service, allowing an app to issue a request which the payment service validates with the user. An app cannot not forge a payment request by directly connecting to the remote server, nor can the local payment service tamper with the request

Android Application Security Scanning Process

This chapter presents the security scanning process for Android applications. The aim is to guide researchers and developers to the core phases/steps required to analyze Android applications, check their trustworthiness, and protect Android users and their devices from being victims to different malware attacks. The scanning process is comprehensive, explaining the main phases and how they are conducted including (a) the download of the apps themselves; (b) Android application package (APK) reverse engineering; (c) app feature extraction, considering both static and dynamic analysis; (d) dataset creation and/or utilization; and (e) data analysis and data mining that result in producing detection systems, classification systems, and ranking systems. Furthermore, this chapter highlights the app features, evaluation metrics, mechanisms and tools, and datasets that are frequently used during the app’s security scanning process

Secure services integration and edge computing for effective beekeeping

Many of the issues that require resolution are not easy to mitigate just from the technology perspective. The ancestral learned logic of processes, the people traditions, and many other variants define inner contexts that make the adhesion and efficient use of information technologies a delicate process. The enormous geographical dispersion of the beekeeping economic activity, the mostly amateur profile of beekeepers, and the specificity in the traditional way as the activity is managed, compromises the applicability of integrative measures based on ICTE. Efficient and integrated management of a no-professionalized economic activity depends on two basic principles: i) the existence of effective tools capable of managing that activity and its synergies with other related activities, and ii) an infrastructure (technological, procedural, legal) that supports services properly profiled for any actor in that activity. This paper describes the work-in-process sBee - Smart Beekeeping, an applied research project that sought to integrate emerging technologies on the innovative management of critical issues that beekeeping needs to overcome. Electronic devices, Internet-of-things, advanced management algorithms, and innovative visualization services were explored. The global system architecture, its supporting services, and the communication infrastructure are here described. The integration of both internet-of-things and communications services, with the common beekeeping?s management tasks, levered a proposal for improving this activity to become more effective. Furthermore, an advanced technological supporting platform was created and experimented, prepared for further developments, on mitigating emergent challenges that the digitization promotes, namely the security and traceability on food and related agriculture value-chains, as well as on the predictive and intelligent perception of current and future scenarios.911A-2C18-106F | Carlos Jorge Enes Capit?o de AbreuN/

How inclusive, user-centered design research can improve psychological therapies for psychosis: Development of SlowMo

Real-world implementation of psychological interventions for psychosis is poor. Barriers include therapy being insufficiently usable and useful for a diverse range of people. User-centered, inclusive design approaches could improve the usability of therapy, which may increase uptake, adherence, and effectiveness. This study aimed to optimize the usability of an existing psychological intervention, Thinking Well, which targets reasoning processes in paranoia using a basic digital interface. We conducted inclusive, user-centered design research characterized by purposive sampling of extreme users from the margins of groups, ethnographic investigation of the problem context, and iterative prototyping of solutions. The UK Design Council's double diamond method was used. This consisted of 4 phases: discover, including a case series of Thinking Well, stakeholder interviews, desk research, user profiling, system mapping, and a mood board; define, consisting of workshops to synthesize findings and generate the design brief; develop, involving concept workshops and prototype testing; and deliver, in which the final minimal viable product was storyboarded and iteratively coded. Consistent with our previous work, the Thinking Well case series showed medium to large effects on paranoia and well-being and small effects on reasoning. These were maintained at follow-up despite some participants reporting difficulties with the therapy interface. Insights from the discover phase confirmed that usability was challenged by information complexity and poor accessibility. Participants were generally positive about the potential of technology to be enjoyable, help manage paranoia, and provide tailored interpersonal support from therapists and peers, although they reported privacy and security concerns. The define phase highlighted that the therapy redesign should support monitoring, simplify information processing, enhance enjoyment and trust, promote personalization and normalization, and offer flexible interpersonal support. During the develop phase over 60 concepts were created, with 2 key concepts of thoughts visualized as bubbles and therapy as a journey selected for storyboarding. The output of the deliver phase was a minimal viable product of an innovative digital therapy, SlowMo. SlowMo works by helping people to notice their worries and fast thinking habits, and encourages them to slow down for a moment to find ways of feeling safer. A Web app supports the delivery of 8 face-to-face sessions, which are synchronized to a native mobile app. SlowMo makes use of personalization, ambient information, and visual metaphors to tailor the appeal, engagement, and memorability of therapy to a diversity of needs. Feasibility testing has been promising, and the efficacy of SlowMo therapy is now being tested in a multicentered randomized controlled trial. The study demonstrates that developments in psychological theory and techniques can be enhanced by improving the usability of the therapy interface to optimize its impact in daily life. [Abstract copyright: ©Amy Hardy, Anna Wojdecka, Jonathan West, Ed Matthews, Christopher Golby, Thomas Ward, Natalie D Lopez, Daniel Freeman, Helen Waller, Elizabeth Kuipers, Paul Bebbington, David Fowler, Richard Emsley, Graham Dunn, Philippa Garety. Originally published in JMIR Mental Health (http://mental.jmir.org), 05.12.2018.

Global Production Networks and Industrial Upgrading in China: The Case in Electronics Contract Manufacturing.

The paper analyzes the networks of U.S. and Taiwan based electronics contract manufacturers in South China, today the world´s most important location for low-cost mass production in the electronics industry. Based on extensive empirical research, the paper traces the production sites, the organization of manufacturing, and the workforce policies of contract manufacturers in the region, and discusses perspectives and limits of industrial upgrading, especially with regard to the role of labor. In theoretical terms, the author attempts to integrate an analysis of "global flagship networks" with concepts of industrial sociology.