Evaluating LED Street Lighting

The Town of Nantucket has nearly 200 decorative streetlamps that require constant maintenance and repair. The goal of our project was to create a database of the streetlamps and evaluate the feasibility of retrofitting the lights with LEDs. We inventoried the decorative streetlamps, created a database and an interactive map of the streetlamp locations, assessed public opinion about the LED retrofit, and analyzed the economic costs and benefits of the conversion. Based on our findings, we recommend a plan for proactive maintenance and we conclude that an LED conversion would be a feasible option for the Town of Nantucket that would reduce maintenance problems and maintain the desired lighting aesthetics

Understanding and measuring privacy violations in Android apps

Increasing data collection and tracking of consumers by today’s online services is becoming a major problem for individuals’ rights. It raises a serious question about whether such data collection can be legally justified under legislation around the globe. Unfortunately, the community lacks insight into such violations in the mobile ecosystem. In this dissertation, we approach these problems by presenting a line of work that provides a comprehensive understanding of privacy violations in Android apps in the wild and automatically measures such violations at scale. First, we build an automated tool that detects unexpected data access based on user perception when interacting with the apps’ user interface. Subsequently, we perform a large-scale study on Android apps to understand how prevalent violations of GDPR’s explicit consent requirement are in the wild. Finally, until now, no study has systematically analyzed the currently implemented consent notices and whether they conform to GDPR in mobile apps. Therefore, we propose a mostly automated and scalable approach to identify the current practices of implemented consent notices. We then develop an automatic tool that detects data sent out to the Internet with different consent conditions. Our result shows the urgent need for more transparent user interface designs to better inform users of data access and call for new tools to support app developers in this endeavor.Die zunehmende Datenerfassung und Verfolgung von Konsumenten durch die heutigen Online-Dienste wird zu einem großen Problem für individuelle Rechte. Es wirft eine ernsthafte Frage auf, ob eine solche Datenerfassung nach der weltweiten Gesetzgebung juristisch begründet werden kann. Leider hat die Gemeinschaft keinen Einblick in diese Verstöße im mobilen Ökosystem. In dieser Dissertation nähern wir uns diesen Problemen, indem wir eine Arbeitslinie vorstellen, die ein umfassendes Verständnis von Datenschutzverletzungen in Android- Apps in der Praxis bietet und solche Verstöße automatisch misst. Zunächst entwickeln wir ein automatisiertes Tool, das unvorhergesehene Datenzugriffe basierend auf der Nutzung der Benutzeroberfläche von Apps erkennt. Danach führen wir eine umfangreiche Studie zu Android-Apps durch, um zu verstehen, wie häufig Verstöße gegen die ausdrückliche Zustimmung der GDPR vorkommen. Schließlich hat bis jetzt keine Studie systematisch die gegenwärtig implementierten Zustimmungen und deren Übereinstimmung mit der GDPR in mobilen Apps analysiert. Daher schlagen wir einen meist automatisierten und skalierbaren Ansatz vor, um die aktuellen Praktiken von Zustimmungen zu identifizieren. Danach entwickeln wir ein Tool, das Daten erkennt, die mit unterschiedlichen Zustimmungsbedingungen ins Internet gesendet werden. Unser Ergebnis zeigt den dringenden Bedarf an einer transparenteren Gestaltung von Benutzeroberflächen, um die Nutzer besser über den Datenzugriff zu informieren, und wir fordern neue Tools, die App-Entwickler bei diesem Unterfangen unterstützen. ii

Towards a Network-based Approach for Smartphone Security

Smartphones have become an important utility that affects many aspects of our daily life. Due to their large dissemination and the tasks that are performed with them, they have also become a valuable target for criminals. Their specific capabilities and the way they are used introduce new threats in terms of information security. The research field of smartphone security has gained a lot of momentum in the past eight years. Approaches that have been presented so far focus on investigating design flaws of smartphone operating systems as well as their potential misuse by an adversary. Countermeasures are often realized based upon extensions made to the operating system itself, following a host-based design approach. However, there is a lack of network-based mechanisms that allow a secure integration of smartphones into existing IT infrastructures. This topic is especially relevant for companies whose employees use smartphones for business tasks. This thesis presents a novel, network-based approach for smartphone security called CADS: Context-related Signature and Anomaly Detection for Smartphones. It allows to determine the security status of smartphones by analyzing three aspects: (1) their current configuration in terms of installed software and available hardware, (2) their behavior and (3) the context they are currently used in. Depending on the determined security status, enforcement actions can be defined in order to allow or to deny access to services provided by the respective IT infrastructure. The approach is based upon the distributed collection and central analysis of data about smartphones. In contrast to other approaches, it explicitly supports to leverage existing security services both for analysis and enforcement purposes. A proof of concept is implemented based upon the IF-MAP protocol for network security and the Google Android platform. An evaluation verifies (1) that the CADS approach is able to detect so-called sensor sniffing attacks and (2) that reactions can be triggered based on detection results to counter ongoing attacks. Furthermore, it is demonstrated that the functionality of an existing, host-based approach that relies on modifications of the Android smartphone platform can be mimicked by the CADS approach. The advantage of CADS is that it does not need any modifications of the Android platform itself

Data-Driven, Personalized Usable Privacy

We live in the "inverse-privacy" world, where service providers derive insights from users' data that the users do not even know about. This has been fueled by the advancements in machine learning technologies, which allowed providers to go beyond the superficial analysis of users' transactions to the deep inspection of users' content. Users themselves have been facing several problems in coping with this widening information discrepancy. Although the interfaces of apps and websites are generally equipped with privacy indicators (e.g., permissions, policies, ...), this has not been enough to create the counter-effect. We particularly identify three of the gaps that hindered the effectiveness and usability of privacy indicators: - Scale Adaptation: The scale at which service providers are collecting data has been growing on multiple fronts. Users, on the other hand, have limited time, effort, and technological resources to cope with this scale. - Risk Communication: Although providers utilize privacy indicators to announce what and (less often) why they need particular pieces of information, they rarely relay what can be potentially inferred from this data. Without this knowledge, users are less equipped to make informed decisions when they sign in to a site or install an application. - Language Complexity: The information practices of service providers are buried in complex, long privacy policies. Generally, users do not have the time and sometimes the skills to decipher such policies, even when they are interested in knowing particular pieces of it. In this thesis, we approach usable privacy from a data perspective. Instead of static privacy interfaces that are obscure, recurring, or unreadable, we develop techniques that bridge the understanding gap between users and service providers. Towards that, we make the following contributions: - Crowdsourced, data-driven privacy decision-making: In an effort to combat the growing scale of data exposure, we consider the context of files uploaded to cloud services. We propose C3P, a framework for automatically assessing the sensitivity of files, thus enabling realtime, fine-grained policy enforcement on top of unstructured data. - Data-driven app privacy indicators: We introduce PrivySeal, which involves a new paradigm of dynamic, personalized app privacy indicators that bridge the risk under- standing gap between users and providers. Through PrivySeal's online platform, we also study the emerging problem of interdependent privacy in the context of cloud apps and provide a usable privacy indicator to mitigate it. - Automated question answering about privacy practices: We introduce PriBot, the first automated question-answering system for privacy policies, which allows users to pose their questions about the privacy practices of any company with their own language. Through a user study, we show its effectiveness at achieving high accuracy and relevance for users, thus narrowing the complexity gap in navigating privacy policies. A core aim of this thesis is paving the road for a future where privacy indicators are not bound by a specific medium or pre-scripted wording. We design and develop techniques that enable privacy to be communicated effectively in an interface that is approachable to the user. For that, we go beyond textual interfaces to enable dynamic, visual, and hands-free privacy interfaces that are fit for the variety of emerging technologies

e-mission: an open source, extensible platform for human mobility systems

Transportation is the single largest source of carbon emissions in the US. Decarbonizing it is challenging because it depends on individual behaviors, which in turn, depend on local land use planning. The interdisciplinary field of Computational Mobility, focusing on collecting, analysing and influencing human travel behavior, can frame solutions to this challenge.Innovation flows in interdisciplinary fields are bi-directional. The flow to the domain is focused on building a strong foundation for methodological improvements. As the improvements are deployed, they result in use-inspired computational research. This temporal dependency results in our initial focus on the modularity, accuracy and reproducibility of e-mission, an extensible platform for instrumenting human mobility. This open source platform has a modular architecture that supports power efficient duty cycling using virtual sensors, a read-only data model and a pipeline with novel algorithm adaptations for smartphone sensing.We also perform the first empirical evaluations of smartphone-based platforms in this domain. The architectural evaluation is based on three real world deployments: a classic travel diary, a crowdsourcing initiative, and a behavioral study. The accuracy evaluation is based on an novel procedure that uses artificial trips and multiple parallel phones to mitigate concerns over privacy, context sensitive power consumption and inherent sensing error. Data collected from three artifical timelines was used to evaluate the trajectory, segmentation and classification accuracies vs. power for various configurations.On computational side, challenges derived from the deployments can contribute to ongoing CS research in privacy, trustworthiness, incentivization and decision making. On the mobility side, this enables methodological innovations such as Agile Urban Planning for prototyping infrastructure changes

A Micro­Interaction Tool for Online Text Analysis

Mobile devices allow users to remain connected to the World in a ubiquitous way, creating new contexts of media use. Considering the structural changes in the journalistic market, media organizations are trying to lead this digital transition, (re)gaining the attention of the public [WS15]. This digital evolution can bring either many advantages or open the door to rushed journalism, such as the publication of fake news and malicious content, which can have critical effects on both individuals and society as a whole. For this reason, it’s becoming really important to fact­check the sources of information. Misinformation is incorrect or misleading information, which can lead to the distortion of people’s opinions on several matters and unintended consequences. Thus, fact­checking claims with reliable information from credible sources is perhaps the best way to fight the spread of misinformation. By double­checking a claim, you can verify whether or not it’s true. However, it’s important to use verifiable and reputable sources to fact­check that information, otherwise, you risk perpetuating the cycle [Ohi]. In order to help to fight this global issue, we can use the interaction from Internet users with the content producers/journalists, so those users can interact with Web content, validating, commenting, or expressing emotions about it to decrease the percentage of false, malicious or questionable content, as well as simultaneously create a profile of these same users and content producers, through the application of reputation rules. With this strategy, online content producers can get dynamic interaction and feedback from the public about the published content, so they can fact­check it and have a greater degree of truthfulness. This Master’s dissertation presents a Web tool that enables users to perform a fast factchecking, interacting with the media responsible for the news or text. This work, starts by presenting a study on the main tools and techniques that are being used in journalism for fact­check information. Then, it describes in detail the implementation process of the developed tool, that consists on a Web extension to help in this fact­checking domain. Finally, the dissertation presents an assessment and tests that were conducted to evaluate the feasibility of the solution.Os dispositivos móveis permitem que os utilizadores permaneçam conectados ao Mundo de forma ubíqua, criando novos contextos para o uso dos mídia. Diante as mudanças estruturais no mercado jornalístico, as organizações de mídia estão a tentar liderar esta transição digital, (re)ganhando a atenção do público [WS15]. Esta evolução digital pode trazer tanto muitas vantagens ou abrir a porta para o jornalismo apressado, como a publicação de notícias falsas e conteúdo malicioso, que pode ter efeitos críticos sobre os indivíduos e a sociedade como um todo. Por esse motivo, está a tornar­se cada vez mais importante verificar os factos das fontes de informação. A desinformação é informação incorreta ou enganosa, que pode levar à distorção das opiniões das pessoas sobre diversos assuntos e a consequências indesejadas. Portanto, a verificação de factos com informações de fontes confiáveis é talvez a melhor maneira de combater a disseminação de informações incorretas. É portanto muito importante utilizar fontes confiáveis para verificar os factos, caso contrário, corremos o risco de perpetuar o ciclo [Ohi]. Para ajudar a combater este problema global, podemos utilizar a interação dos utilizadores de Internet com os produtores/jornalistas de conteúdo, para que esses utilizadores possam interagir com o conteúdo da Web, validando, comentando ou expressando emoções sobre este, de forma a diminuir a percentagem de conteúdo falso, malicioso ou questionável, bem como simultaneamente criar um perfil desses mesmos utilizadores e produtores de conteúdo, através da aplicação de regras de reputação. Com esta estratégia, os produtores de conteúdo online podem obter uma interação dinâmica e feedback do público sobre o conteúdo publicado, para que possam verificar os factos e ter um maior grau de veracidade. Esta dissertação de mestrado apresenta uma ferramenta Web que permite aos utilizadores realizar uma verificação rápida de factos, interagindo com os mídia responsáveis por uma determinada notícia ou texto. Este trabalho começa por apresentar um estudo sobre as principais ferramentas e técnicas que estão a ser utilizadas no jornalismo para a verificação de factos. Em seguida, descreve detalhadamente o processo de implementação da ferramenta desenvolvida, que consiste numa extensão Web para auxiliar neste domínio de verificação de factos. Por fim, a dissertação apresenta alguns testes que foram realizados para avaliar a viabilidade da solução

A systems thinking approach to business intelligence solutions based on cloud computing

Thesis (S.M. in System Design and Management)--Massachusetts Institute of Technology, Engineering Systems Division, 2010.Cataloged from PDF version of thesis.Includes bibliographical references (p. 73-74).Business intelligence is the set of tools, processes, practices and people that are used to take advantage of information to support decision making in the organizations. Cloud computing is a new paradigm for offering computing resources that work on demand, are scalable and are charged by the time they are used. Organizations can save large amounts of money and effort using this approach. This document identifies the main challenges companies encounter while working on business intelligence applications in the cloud, such as security, availability, performance, integration, regulatory issues, and constraints on network bandwidth. All these challenges are addressed with a systems thinking approach, and several solutions are offered that can be applied according to the organization's needs. An evaluations of the main vendors of cloud computing technology is presented, so that business intelligence developers identify the available tools and companies they can depend on to migrate or build applications in the cloud. It is demonstrated how business intelligence applications can increase their availability with a cloud computing approach, by decreasing the mean time to recovery (handled by the cloud service provider) and increasing the mean time to failure (achieved by the introduction of more redundancy on the hardware). Innovative mechanisms are discussed in order to improve cloud applications, such as private, public and hybrid clouds, column-oriented databases, in-memory databases and the Data Warehouse 2.0 architecture. Finally, it is shown how the project management for a business intelligence application can be facilitated with a cloud computing approach. Design structure matrices are dramatically simplified by avoiding unnecessary iterations while sizing, validating, and testing hardware and software resources.by Eumir P. Reyes.S.M.in System Design and Managemen