ConXsense - Automated Context Classification for Context-Aware Access Control

We present ConXsense, the first framework for context-aware access control on mobile devices based on context classification. Previous context-aware access control systems often require users to laboriously specify detailed policies or they rely on pre-defined policies not adequately reflecting the true preferences of users. We present the design and implementation of a context-aware framework that uses a probabilistic approach to overcome these deficiencies. The framework utilizes context sensing and machine learning to automatically classify contexts according to their security and privacy-related properties. We apply the framework to two important smartphone-related use cases: protection against device misuse using a dynamic device lock and protection against sensory malware. We ground our analysis on a sociological survey examining the perceptions and concerns of users related to contextual smartphone security and analyze the effectiveness of our approach with real-world context data. We also demonstrate the integration of our framework with the FlaskDroid architecture for fine-grained access control enforcement on the Android platform.Comment: Recipient of the Best Paper Awar

Exploring the Eastern Frontier: A First Look at Mobile App Tracking in China

Many mobile apps are integrated with mobile advertising and tracking services running in the background to collect information for tracking users. Considering China currently tops mobile traffic growth globally, this paper aims to take a first look at China’s mobile tracking patterns from a large 4G network. We observe the dominance of the top popular domestic trackers and the pervasive tracking on mobile apps. We also discover a very well-connected tracking community, where the non-popular trackers form many local communities with each community tracking a particular category of mobile apps. We further conclude that some trackers have a monopoly on specific groups of mobile users and 10% of users upload Personally Identifiable Information (PII) to trackers (with 90% of PII tracking flows local to China). Our results consistently show a distinctive mobile tracking market in China. We hope the results can inform users and stakeholders on the interplay between mobile tracking and potential security and privacy issues

Characterization of nanometer scale compositionally inhomogeneous AlGaN active regions on bulk AlN substrates

The optical and structural properties of AlGaN active regions containing nanoscale compositional inhomogeneities (NCI) grown on low dislocation density bulk AlN substrates are reported. These substrates are found to improve the internal quantum efficiency and structural quality of NCI-AlGaN active regions for high Al content alloys, as well as the interfaces of the NCI with the surrounding wider bandgap matrix, as manifested in the absence of any significant long decay component of the low temperature radiative lifetime, which is well characterized by a single exponential photoluminescence decay with a 330 ps time constant. However, room temperature results indicate that non-radiative recombination associated with the high point defect density becomes a limiting factor in these films even at low dislocation densities for larger AlN mole fractions

Constructing Independently Verifiable Privacy-Compliant Type Systems for Message Passing between Black-Box Components

Privacy by design (PbD) is the principle that privacy should be considered at every stage of the software engineering process. It is increasingly both viewed as best practice and required by law. It is therefore desirable to have formal methods that provide guarantees that certain privacy-relevant properties hold. We propose an approach that can be used to design a privacy-compliant architecture without needing to know the source code or internal structure of any individual component. We model an architecture as a set of agents or components that pass messages to each other. We present in this paper algorithms that take as input an architecture and a set of privacy constraints, and output an extension of the original architecture that satisfies the privacy constraints

ESCAPADE: Encryption-type-ransomeware: system call based pattern detection

Encryption-type ransomware has risen in prominence lately as the go-to malware for threat actors aiming to compromise Android devices. In this paper, we present a ransomware detection technique based on behaviours observed in the system calls performed by the malware. We identify and present some common high-level system call behavioural patterns targeted at encryption-type ransomware and evaluate these patterns. We further present our repeatable and extensible methodology for extracting the system call log and patterns

Are we drawing the right conclusions from randomised placebo-controlled trials? A post-hoc analysis of data from a randomised controlled trial

<p>Abstract</p> <p>Background</p> <p>Assumptions underlying placebo controlled trials include that the placebo effect impacts on all study arms equally, and that treatment effects are additional to the placebo effect. However, these assumptions have recently been challenged, and different mechanisms may potentially be operating in the placebo and treatment arms. The objective of the current study was to explore the nature of placebo versus pharmacological effects by comparing predictors of the placebo response with predictors of the treatment response in a randomised, placebo-controlled trial of a phytotherapeutic combination for the treatment of menopausal symptoms. A substantial placebo response was observed but no significant difference in efficacy between the two arms.</p> <p>Methods</p> <p>A <it>post hoc </it>analysis was conducted on data from 93 participants who completed this previously published study. Variables at baseline were investigated as potential predictors of the response on any of the endpoints of flushing, overall menopausal symptoms and depression. Focused tests were conducted using hierarchical linear regression analyses. Based on these findings, analyses were conducted for both groups separately. These findings are discussed in relation to existing literature on placebo effects.</p> <p>Results</p> <p>Distinct differences in predictors were observed between the placebo and active groups. A significant difference was found for study entry anxiety, and Greene Climacteric Scale (GCS) scores, on all three endpoints. Attitude to menopause was found to differ significantly between the two groups for GCS scores. Examination of the individual arms found anxiety at study entry to predict placebo response on all three outcome measures individually. In contrast, <it>low </it>anxiety was significantly associated with improvement in the active treatment group. None of the variables found to predict the placebo response was relevant to the treatment arm.</p> <p>Conclusion</p> <p>This study was a <it>post hoc </it>analysis of predictors of the placebo versus treatment response. Whilst this study does not explore neurobiological mechanisms, these observations are consistent with the hypotheses that 'drug' effects and placebo effects are not necessarily additive, and that mutually exclusive mechanisms may be operating in the two arms. The need for more research in the area of mechanisms and mediators of placebo versus active responses is supported.</p> <p>Trial Registration</p> <p>International Clinical Trials Registry ISRCTN98972974.</p

The placebo effect and its determinants in fibromyalgia: meta-analysis of randomized controlled trials

The aims of this study were to determine whether placebo treatment in randomised controlled trials (RCTs) is effective for fibromyalgia and to identify possible determinants of the magnitude of any such placebo effect. A systematic literature search was undertaken for RCTs in people with fibromyalgia that included a placebo and/or a no-treatment (observation only or waiting list) control group. Placebo effect size (ES) for pain and other outcomes was measured as the improvement of each outcome from baseline divided by the standard deviation of the change from baseline. This effect was compared with changes in the no-treatment control groups. Meta-analysis was undertaken to combine data from different studies. Subgroup analysis was conducted to identify possible determinants of the placebo ES. A total of 3912 studies were identified from the literature search. After scrutiny, 229 trials met the inclusion criteria. Participants who received placebo in the RCTs experienced significantly better improvements in pain, fatigue, sleep quality, physical function, and other main outcomes than those receiving no treatment. The ES of placebo for pain relief was clinically moderate (0.53, 95%CI 0.48 to 0.57). The ES increased with increasing strength of the active treatment, increasing participant age and higher baseline pain severity, but decreased in RCTS with more women and with longer duration of fibromyalgia. In addition, placebo treatment in RCTs is effective in fibromyalgia. A number of factors (expected strength of treatment, age, gender, disease duration) appear to influence the magnitude of the placebo effect in this condition

Privaros: A Framework for Privacy-Compliant Delivery Drones

We present Privaros, a framework to enforce privacy policies on drones. Privaros is designed for commercial delivery drones, such as the ones that will likely be used by Amazon Prime Air. Such drones visit a number of host airspaces, each of which may have different privacy requirements. Privaros provides an information flow control framework to enforce the policies of these hosts on the guest delivery drones. The mechanisms in Privaros are built on top of ROS, a middleware popular in many drone platforms. This paper presents the design and implementation of these mechanisms, describes how policies are specified, and shows that Privaros's policy specification can be integrated with India's Digital Sky portal. Our evaluation shows that a drone running Privaros can robustly enforce various privacy policies specified by hosts, and that its core mechanisms only marginally increase communication latency and power consumption