An App a Day Keeps the Doctor Away: A Visual Case Analysis of the Self-Optimization Ideologies Downloaded onto Apple Users as They Download Applications

This visually thematic qualitative case analysis seeks to advance cyber-sociology by analyzing the hyper-under-attended relationship between interfaces and discourses. Here, the interface under investigation is the Apple App Store, examined for the ways in which the platform is discursively encoded with particular ideologies, ideals, desires and narratives downloaded onto users as they download applications. Such is explored via a two-part research question inquiring: Which type of applications enjoy the most promotion on the Apple App Store and what cyber-architectural tools are herein used to optically exalt them? To investigate this, an iOS 11-operating iPhone was used to frequent the store’s “Today” section over a period of twelve weeks — a segment of the platform manually curated by Apple employees. Data was analyzed on Microsoft Excel, coded by an overarching theme of self-optimization, as well as the subsidiary themes of self-reliance, self-improvement, corporeal regulation, social capital, and non-self-optimization miscellaneous. Findings reveal that promotion on the App Store is not neutrally distributed, as applications oscillating around the behaviour of self-optimization takes promotive spotlight over play-centric and/or miscellaneous mobile programs. Stanfill’s (2015) “interface-as-discourse” framework theoretically informs this paper, with her work later situated in intertextual conversation with Han’s (2010) “achievement societies” and “auto-exploitation”. A discussion section introduces the neologisms “iDeologies” and “technographing” to conceptualize results. This paper concludes with an emphasis on the significance of the interface-discourse nexus to sociology, as these virtual platforms – shot through with top-down ideologies picked bottom-up– complicate the canon’s structure-versus-agency debate in its failure to be slotted into the binary

Addressing Insider Threats from Smart Devices

Smart devices have unique security challenges and are becoming increasingly common. They have been used in the past to launch cyber attacks such as the Mirai attack. This work is focused on solving the threats posed to and by smart devices inside a network. The size of the problem is quantified; the initial compromise is prevented where possible, and compromised devices are identified. To gain insight into the size of the problem, campus Domain Name System (DNS) measurements were taken that allow for wireless traffic to be separated from wired traffic. Two-thirds of the DNS traffic measured came from wireless hosts, implying that mobile devices are playing a bigger role in networks. Also, port scans and service discovery protocols were used to identify Internet of Things (IoT) devices on the campus network and follow-up work was done to assess the state of the IoT devices. Motivated by these findings, three solutions were developed. To handle the scenario when compromised mobile devices are connected to the network, a new strategy for steppingstone detection was developed with both an application layer and a transport layer solution. The proposed solution is effective even when the mobile device cellular connection is used. Also, malicious or vulnerable applications make it through the mobile app store vetting process. A user space tool was developed that identifies apps contacting malicious domains in real time and collects data for research purposes. Malicious app behavior can then be identified on the user’s device, catching malicious apps that were overlooked by software vetting. Last, the variety of IoT device types and manufacturers makes the job of keeping them secure difficult. A generic framework was developed to lighten the management burden of securing IoT devices, serve as a middle box to secure legacy devices, and also use DNS queries as a way to identify misbehaving devices

Trustworthy Wireless Personal Area Networks

In the Internet of Things (IoT), everyday objects are equipped with the ability to compute and communicate. These smart things have invaded the lives of everyday people, being constantly carried or worn on our bodies, and entering into our homes, our healthcare, and beyond. This has given rise to wireless networks of smart, connected, always-on, personal things that are constantly around us, and have unfettered access to our most personal data as well as all of the other devices that we own and encounter throughout our day. It should, therefore, come as no surprise that our personal devices and data are frequent targets of ever-present threats. Securing these devices and networks, however, is challenging. In this dissertation, we outline three critical problems in the context of Wireless Personal Area Networks (WPANs) and present our solutions to these problems. First, I present our Trusted I/O solution (BASTION-SGX) for protecting sensitive user data transferred between wirelessly connected (Bluetooth) devices. This work shows how in-transit data can be protected from privileged threats, such as a compromised OS, on commodity systems. I present insights into the Bluetooth architecture, Intel’s Software Guard Extensions (SGX), and how a Trusted I/O solution can be engineered on commodity devices equipped with SGX. Second, I present our work on AMULET and how we successfully built a wearable health hub that can run multiple health applications, provide strong security properties, and operate on a single charge for weeks or even months at a time. I present the design and evaluation of our highly efficient event-driven programming model, the design of our low-power operating system, and developer tools for profiling ultra-low-power applications at compile time. Third, I present a new approach (VIA) that helps devices at the center of WPANs (e.g., smartphones) to verify the authenticity of interactions with other devices. This work builds on past work in anomaly detection techniques and shows how these techniques can be applied to Bluetooth network traffic. Specifically, we show how to create normality models based on fine- and course-grained insights from network traffic, which can be used to verify the authenticity of future interactions

DECIM: Detecting Endpoint Compromise In Messaging

We present DECIM, an approach to solve the challenge of detecting endpoint compromise in messaging. DECIM manages and refreshes encryption/decryption keys in an automatic and transparent way: it makes it necessary for uses of the key to be inserted in an append-only log, which the device owner can interrogate in order to detect misuse. We propose a multi-device messaging protocol that exploits our concept to allow users to detect unauthorised usage of their device keys. It is co-designed with a formal model, and we verify its core security property using the Tamarin prover. We present a proof-of-concept implementation providing the main features required for deployment. We find that DECIM messaging is efficient even for millions of users. The methods we introduce are not intended to replace existing methods used to keep keys safe (such as hardware devices, careful procedures, or key refreshment techniques). Rather, our methods provide a useful and effective additional layer of security

The Human Use of the Human Face: The Photographic Self-­Portrait in the Age of the Selfie

Karen Ann Donnachie's research explores the phenomenon of the selfie as a vehicle for the mass projection of self and the effect it has on contemporary notions of identity, society and photography. During her practice-led research, Donnachie created electronic, algorithmic and Internet artworks including self-made and self-programmed ‘selfie’ cameras. This thesis maps the complex genre of the selfie between performance, narcissism, social tic, intrinsic desire for self-projection and a quest for authenticity and human connection

Securing Personal IoT Platforms through Systematic Analysis and Design

Our homes, hospitals, cities, and industries are being enhanced with devices that have computational and networking capabilities. This emerging network of connected devices, or Internet of Things (IoT), promises better safety, enhanced management of patients, improved energy efficiency, and optimized manufacturing processes. Although there are many such benefits, security vulnerabilities in these systems can lead to user dissatisfaction (e.g., from random bugs), privacy violation (e.g., from stolen information), monetary loss (e.g., denial-of-service attacks or ``ransomware''), or even loss of life (e.g., from malicious actors manipulating critical processes in a hospital). Security design flaws may manifest at several layers of the IoT software/hardware stack. This work focuses on design flaws that arise in IoT platforms---software systems that manage devices, data analysis results and control logic. Specifically, we show that empirical security-oriented analyses of personal IoT platforms lead to: (1) an understanding of design flaws that can be leveraged in long-range and device-independent attacks; (2) the development of security mechanisms that limit the potential for these attacks. Concretely, we contribute empirical analyses for two categories of personal IoT platforms---Hub-Based (Samsung SmartThings), and Cloud-First (If-This-Then-That). Our analyses reveal overprivilege as a main enabler for attacks, and we propose a set of information flow control techniques (FlowFence and Decoupled-IFTTT) to manage privilege better in these platforms, therefore reducing the potential for attacks.PHDComputer Science & EngineeringUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttps://deepblue.lib.umich.edu/bitstream/2027.42/137083/1/earlence_1.pd

Principles of Security and Trust: 7th International Conference, POST 2018, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2018, Thessaloniki, Greece, April 14-20, 2018, Proceedings

authentication; computer science; computer software selection and evaluation; cryptography; data privacy; formal logic; formal methods; formal specification; internet; privacy; program compilers; programming languages; security analysis; security systems; semantics; separation logic; software engineering; specifications; verification; world wide we

Platform rules : a case study of Samsung’s failure in the smartphone platform industry

By investigating Samsung’s platform strategies, organizational culture and control mechanisms in the Android ecosystem, this research provides a balanced view on the global smartphone platform industry. In addition, this dissertation provides both empirical evidence and critical explanations by exploring the challenges of global leading manufacturer Samsung, especially Samsung’s Media Solution Center (hereinafter, MSC) which was in charge of software and platform services of the company. In the literature review and methodology chapter, this study reviews 1) how successful platform providers actually control other platform participants, 2) how they develop platform ecosystems and extend their businesses, 3) how a fast follower strategy which is considered a typical strategy of Samsung Electronics affects business performance, and 4) how cultural elements of organizations affect the performance of a company, especially an ICT firm. This research poses three research questions: RQ 1: How did Samsung’s platform strategies such as the fast follower strategy affect MSC’s platform services? RQ 2: How did the platform governance and control mechanisms in the global smartphone industry influence Samsung’s platform services? And RQ 3: How did the organizational culture of Samsung and MSC influence Samsung’s platform businesses? The research relies on interviews with 25 platform experts who once designed and worked on platform services such as Samsung Apps or Bada in Samsung’s MSC. This study basically explores business experiences of Samsung’s MSC whose challenges were not successful. Since Samsung’s attempts to control a platform failed, this research is in part a study of failure. In this it deviates from the typical study that pays much attention to the winner’s position or experience rather than that of a loser. Based on the interview data, this research provides significant findings. First, Samsung’s strategy of being the fastest follower generated positive network effects for the Google Play Store instead of Samsung’s platforms. Second, Google tightly controlled its competitors’ platform services in diverse (somewhat unfair) ways in order to maintain its dominance. Lastly, Samsung’s hierarchical and micromanaging organizational culture exerted negative influence on MSC’s platform services.Radio-Television-Fil

Cloud computing and context-awareness: A study of the adapted user experience

This thesis was submitted for the degree of Doctor of Philosophy and awarded by Brunel University.Today, mobile technology is part of everyday life and activities and the mobile ecosystems are blossoming, with smartphones and tablets being the major growth drivers. The mobile phones are no longer just another device, we rely on their capabilities in work and in private. We look to our mobile phones for timely and updated information and we rely on this being provided any time of any day at any place. Nevertheless, no matter how much you trust and love your mobile phone the quality of the information and the user experience is directly associated with the sources and presentation of information. In this perspective, our activities, interactions and preferences help shape the quality of service, content and products we use. Context-aware systems use such information about end-users as input mechanisms for producing applications based on mobile, location, social, cloud and customized content services. This represents new possibilities for extracting aggregated user-centric information and includes novel sources for context-aware applications. Accordingly, a Design Research based approach has been taken to further investigate the creation, presentation and tailoring of user-centric information. Through user evaluated experiments findings show how multi-dimensional context-aware information can be used to create adaptive solutions tailoring the user experience to the users’ needs. Research findings in this work; highlight possible architectures for integration of cloud computing services in a heterogeneous mobile environment in future context-aware solutions. When it comes to combining context-aware results from local computations with those of cloud based services, the results provide findings that give users tailored and adapted experiences based on the collective efforts of the two