A ubiquidade e a contextualização no acesso à informação e serviços turísticos

Com a distinção da região do Alto Douro Vinhateiro a Património da Humanidade, na categoria de Paisagem Cultural, em dezembro de 2001, a região teve eco internacional, alcançando nova visibilidade. A natureza pristina convida o visitante a conhecer todo este património, transformando-o num recurso turístico que necessita de ser explicado e/ou interpretado (a história, as tradições, os artefactos, a arte, entre outros) de forma célere assente no pressuposto da ubiquidade de acesso à informação

How pervasive and mobile computing can help organizations to include people with visual disabilities on their client-approach strategy?

Organizations have in-built social responsibility to society. The evolution of technology have enable organizations to interact in an innovatively and more close approach to their clients. But this evolution has not included people with special needs like blind people. And, even those organizations that have enable some kind of support-approach to blind people, have typically disjointed, incomplete and typically parallel approaches; compared to their massclient standard approach. This paper discusses the potential of Pervasive and Mobile Computing to support, not just an innovative and unified approach, but also a real possibility of promoting real inclusion of blind people in what concerns to the delivery of information and services organizations offer. This paper also represents a reflection and a mind shaking attempt, while the authors are working in allowing blind people an autonomous buying process, in hypermarkets, supported by the use of wireless networks and modern mobile devices, with multiple technologies support, like Wi-Fi and inertial and magnetic sensors

Attacks on WebView in the Android System

WebView is an essential component in both Android and iOS platforms, enabling smartphone and tablet apps to embed a simple but powerful browser inside them. To achieve a better interaction between apps and their embedded\browsers , WebView provides a number of APIs, allowing code in apps to invoke and be invoked by the JavaScript code within the web pages, intercept their events, and modify those events. Using these features, apps can become customized \browsers for their intended web applications. Currently, in the Android market, 86 percent of the top 20 most downloaded apps in 10 diverse categories use WebView. The design ofWebView changes the landscape of theWeb, especially from the security perspective. Two essential pieces of the Web\u27s security infrastructure are weakened if Web- View and its APIs are used: the Trusted Computing Base (TCB) at the client side, and the sandbox protection implemented by browsers. As results, many attacks can be launched either against apps or by them. The objective of this paper is to present these attacks, analyze their fundamental causes, and discuss potential solutions

A Feasibility Analysis of a Mobile Interface for a Web Site

Internetin verkkosivustoja käytetään tietokoneilla, kannettavilla tietokoneilla ja kannettavilla mobiililaitteilla. Tässä työssä tutkitaan Jatkoaika-verkkolehden mobiilikäyttöliittymäprojektin toteutettavuutta. Työssä käytetään STOF-mallia työkaluna mobiilikäyttöliittymävaihtoehtojen liiketoimintasuunnitelmien arvioimiseen. Liiketoimintasuunnitelmassa on kaksi tärkeää tekijää: käyttäjien mobiiliselauskokemus STOF-mallin palvelu- ja tekniikkakentissä ja sivuston ansaintamalli taloudellisessa kentässä. Käyttäjäkysely toteutettiin vahvistamaan kirjallisuuskatsauksessa saatuja tietoja käyttäjien mobiilikäytön mieltymyksistä. Projektin taloudellista puolta mallinnettiin ja estimoitiin työssä ja tulosten arvioimiseksi malleille tehtiin myös herkkyysanalyysiä. Työssä päästiin johtopäätöksiin, jotka suosittavat yksinkertaisen mobiilikäyttöliittymän rakentamista. Kokonaisuudessaan mobiilin Internetin liiketoiminta vaikuttaa tällä hetkellä rajallisen kokoiselta. Se on kuitenkin selvästi kasvussa, joten siinä mukana oleminen olisi hyödyllistä.Internet web sites are being used with desktop and laptop computers and mobile pocket devices. In this thesis the feasibility of a mobile interface project of Jatkoaika.com web site is analyzed. STOF model, a research method, is used as a tool to evaluate business models for the web site's mobile interface. The business model has two important factors. User's mobile browsing experience is on the service and technological domains of STOF and the revenue model for the mobile interface in on the financial domain. A user questionnaire was conducted to confirm the literature study on the mobile usage preferences of the users. To model the finances, estimations are done and sensitivity analyses are used to evaluate the results. The work reaches the conclusion to recommend building a simple mobile interface for the web site. Overall the mobile web business is seen as small at the moment, but at the same time clearly growing area, where involvement would be beneficial

ATTACKS AND COUNTERMEASURES FOR WEBVIEW ON MOBILE SYSTEMS

ABSTRACT All the mainstream mobile operating systems provide a web container, called ``WebView\u27\u27. This Web-based interface can be included as part of the mobile application to retrieve and display web contents from remote servers. WebView not only provides the same functionalities as web browser, more importantly, it enables rich interactions between mobile apps and webpages loaded inside WebView. Through its APIs, WebView enables the two-way interaction. However, the design of WebView changes the landscape of the Web, especially from the security perspective. This dissertation conducts a comprehensive and systematic study of WebView\u27s impact on web security, with a particular focus on identifying its fundamental causes. This dissertation discovers multiple attacks on WebView, and proposes new protection models to enhance the security of WebView. The design principles of these models are also described as well as the prototype implementation in Android platform. Evaluations are used to demonstrate the effectiveness and performance of these protection models

Web browsing interactions inferred from a flow-level perspective

Desde que su uso se extendiera a mediados de los noventa, la web ha sido probablemente el servicio de Internet más popular. De hecho, muchos usuarios la utilizan prácticamente como sinónimo de Internet. Hoy en día los usuarios de la web utilizan una gran cantidad dispositivos distintos para acceder a ella desde ordenadores tradicionales a teléfonos móviles, tabletas, lectores de libros electrónicos o, incluso, relojes inteligentes. Además, los usuarios se han acostumbrado a acceder a diferentes servicios a través de sus navegadores web en vez de utilizar aplicaciones dedicadas a ello. Este es el caso, por ejemplo del correo electrónico, del streaming de vídeo o de suites ofimáticas (como la proporcionada por Google Docs). Como consecuencia de todo esto, hoy en día el tráfico web es muy complejo y el efecto que tiene en las redes es muy importante. La comunidad científica ha reaccionado a esta situación impulsando muchos estudios que caracterizan la web y su tráfico y que proponen maneras de mejorar su funcionamiento. Sin embargo, muchos estudios centrados en el tráfico web han considerado el tráfico de los clientes o los servidores en su totalidad con el objetivo de describirlo estadísticamente. En otros casos, se han introducido en el nivel de aplicación al centrarse en los mensajes HTTP. Pocos trabajos han buscado describir el efecto que las sesiones de un sitio web y las visitas a páginas web tienen en el tráfico de un usuario. No obstante, esas interacciones son las que el usuario experimenta al navegar y, por tanto, son las que mejor representan su comportamiento. El trabajo que se presenta en esta tesis gira alrededor de esas interacciones y se enfoca especialmente en identificarlas en el tráfico de los usuarios. Esta tesis aborda el problema desde una perspectiva a nivel de flujo. En otras palabras, el estudio que se presenta se centra en una caracterización del tráfico web obtenida para cada conexión mediante datos de los niveles de transporte y red, nunca mediante datos de aplicación. La perspectiva a nivel de flujo introduce ciertas limitaciones en las propuestas desarrolladas, pero lo compensa al permitir desarrollar sistemas escalables, fáciles de instalar en cualquier red y que evitan acceder a información de usuario que podría ser sensible. En los capítulos de este documento se introducen varios métodos para identificar sesiones a sitios web y descargas de páginas web en el tráfico de los usuarios. Para desarrollar dichos métodos se ha caracterizado tráfico web capturado de varias formas: accediendo a páginas automáticamente, con la ayuda de voluntarios en un entorno controlado y en el enlace de la Universidad Pública de Navarra. Los métodos que presentamos se basan en parámetros a nivel de conexión como los tiempos de inicio y final de los flujos o las direcciones IP de servidor. Estos parámetros se emplean para encontrar conexiones relacionadas en el tráfico de los usuarios. La validación de los resultados obtenidos con los distintos métodos ha sido complicada al no disponer de trazas etiquetadas correctamente que puedan usarse para verificar que las clasificaciones se han realizado de forma correcta. Además, al no haber propuestas similares en la literatura científica ha sido imposible comparar los resultados obtenidos con los de otros autores. Por todo esto ha sido necesario diseña métodos específicos de validación que también se describen en este documento. Ser capaces de identificar sesiones a sitios web y descargas de páginas web tiene aplicaciones inmediatas para administradores de red y proveedores de servicio ya que les permitiría recoger datos sobre el perfil de navegación de sus usuarios e incluso bloquear tráfico indeseado y dar prioridad al importante. Además, las ventajas de trabajar a nivel de conexión se aplican especialmente en su caso. Por último, los resultados obtenidos a través de los métodos presentados en esta tesis podrían emplearse en diseñar esquemas capaces de clasificar el tráfico web dependiendo del servicio que lo haya producido ya que se podrían utilizar como parámetros de entrada las características de múltiples conexiones relacionadas.Since its use became widespread during the mid 1990s, the web has probably been the most popular Internet service. In fact, for many lay users, the web is almost a synonym for the Internet. Web users today access it from a myriad of different devices from traditional computers to smartphones, tablets, ebook readers and even smart watches. Moreover, users have become accustomed to accessing multiple different services through their web browsers instead of through dedicated applications. This is the case, for example, of e-mail, video-streaming or office suites (such as the one provided by Google Docs). As a consequence, web traffic nowadays is complex and its effect on the networks is very important. The scientific community has reacted to this providing many works that characterize the web and its traffic and propose ways of improving its operation. Nevertheless, studies focused on web traffic have often considered the traffic of web clients or servers as a whole in order to describe their particular performance, or have delved into the application level by focusing on HTTP messages. Few works have attempted to describe the effect of website sessions and webpage visits on web traffic. Those web browsing interactions are, however, the elements of web operation that the user actually experiences and thus are the most representative of his behavior. The work presented in this thesis revolves around these web interactions with the special focus of identifying them in user traffic. This thesis offers a distinctive approach in that the problem at hand is faced from a flow-level perspective. That is, the study presented here centers on a characterization of web traffic obtained on a per connection basis and using information from the transport and network levels rather than relying on deep packet inspection. This flow-level perspective introduces various constraints to the proposals developed, but pays off by offering scalability, ease of deployment, and by avoiding the need to access potentially sensitive application data. In the chapters of this document, different methods for identifying website sessions and webpage downloads in user traffic are introduced. In order to develop those methods, web traffic is characterized from a connection perspective using traces captured by accessing the web automatically, with the help of voluntary users in a controlled environment, and captured in the wild from users of the Public University of Navarre. The methods rely on connection-level parameters such as start and end timestamps or server IP addresses in order to find related connections in the traffic of web users. Evaluating the performance of the different methods has been problematic because of the absence of ground truth (labeled web traffic traces are hard to obtain and the labeling process is very complex) and the lack of similar research which could be used for comparison purposes. As a consequence, specific validation methods have been designed and they are also described in this document. Identifying website sessions and webpage downloads in user traffic has multiple immediate applications for network administrators and Internet service providers as it would allow them to gather additional insight into their users browsing behavior and even block undesired traffic or prioritize important one. Moreover, the advantages of a connection-level perspective would be specially interesting for them. Finally, this work could also help in research directed to classifying thee services provided through the web as grouping the connections related to the same website session may offer additional information for the classification process.Programa Oficial de Doctorado en Tecnologías de las Comunicaciones (RD 1393/2007)Komunikazioen Teknologietako Doktoretza Programa Ofiziala (ED 1393/2007

Conception et mise en place sur le web d'un système interactif d'aide à la décision utilisant des bases de connaissances

La facilité grandissante de la communication entre les intervenants d’une équipe de projet n’a pas résolu le problème de la capitalisation des connaissances malgré l’apparition de l’Internet. La construction d’une logique d’exécution adaptée aux projets lors de la phase de conception est souvent une étape répétitive. Nous chercherons à fournir une méthodologie de conception d’un outil d’aide à la décision basé sur des connaissances en ordonnancement dont le but est de générer des échéanciers. Ces connaissances seront capitalisées à une grande échelle grâce au Web. Notre premier objectif sera de stocker et gérer des connaissances portant sur la logique d’ordonnancement. Les planificateurs pourront contribuer à l’amélioration continue du système de décision en maintenant les connaissances sur une base publique. Nous mettrons ensuite en place un protocole d’évaluation et de consolidation des connaissances par des experts désignés au sein du système. Enfin nous présenterons l’outil d’aide à la décision basé sur les connaissances, pour la génération d’une logique d’ordonnancement. Nous développerons donc une méthodologie de conception d’un SIAD dans un environnement Web 2.0. Nous étudierons la conception de la base de connaissances, du système d’inférence, de l’outil d’ingénierie des connaissances et des comportements de l’interface. L’application de cette méthodologie aboutira sur la conception d’un prototype. Une validation sera effectuée à travers la construction d’une base de connaissances de 4000 activités permettant de s’assurer de la fonctionnalité du prototype. L’environnement Web permettra ensuite de le valider à grande échelle à travers des tests d’application effectués en simultané à travers le monde

A Framework to Enhance Privacy-Awareness in Mobile Web Systems

In the last decade, the use of online social network sites has dramatically increased and these sites have succeeded in attracting a large number of users. The social network site has become a daily tool people use to find out about the latest news and to share details of their personal information. Many people use Internet mobile devices to browse these sites. The widespread use of some technologies unnecessarily puts the privacy of users at risk, even when these users remain anonymous. This study examines the risks to privacy surrounding the misuse of users' personal information, such as maintaining trustworthy sites, as well as privacy issues associated with sharing personal information with others. This study also develops a framework to enhance privacy awareness in mobile Web systems. A privacy framework is proposed that incorporates suitability in the design and flexibility in the use to suit different types of Web mobile devices, and provides simple ways of adjusting and creating different privacy policies. This framework allows the user to create different levels of privacy settings and to better manage the exchange of personal information with other sites. The proposed conceptual model for this study is derived from a review of the literature and the current privacy models. It shows how online users are able to create different privacy policies and set different policies to access the data. It also explains how the centrality of personal information details in one server will limit the distribution of personal information over the Internet and will provide users with more authority to control the sharing of their information with other websites. The design of the proposed framework is derived from developing other privacy models and adding new ideas that enhance the security level of protecting the privacy of users' information. The study consists of five main tasks that include two different qualitative methodologies, programming two applications and testing the framework