Resolving the predicament of android custom permissions

Android leverages a set of system permissions to protect platform resources. At the same time, it allows untrusted third-party applications to declare their own custom permissions to regulate access to app components. However, Android treats custom permissions the same way as system permissions even though they are declared by entities of different trust levels. In this work, we describe two new classes of vulnerabilities that arise from the ‘predicament’ created by mixing system and custom permissions in Android. These have been acknowledged as serious security flaws by Google and we demonstrate how they can be exploited in practice to gain unauthorized access to platform resources and to compromise popular Android apps. To address the shortcomings of the system, we propose a new modular design called Cusper for the Android permission model. Cusper separates the management of system and custom permissions and introduces a backward-compatible naming convention for custom permissions to prevent custom permission spoofing. We validate the correctness of Cusper by 1) introducing the first formal model of Android runtime permissions, 2) extending it to describe Cusper, and 3) formally showing that key security properties that can be violated in the current permission model are always satisfied in Cusper. To demonstrate Cusper’s practicality, we implemented it in the Android platform and showed that it is both effective and efficient

Minimum Two-Year Follow-Up of Cases with Recurrent Disc Herniation Treated with Microdiscectomy and Posterior Dynamic Transpedicular Stabilisation

The objective of this article is to evaluate two-year clinical and radiological follow-up results for patients who were treated with microdiscectomy and posterior dynamic transpedicular stabilisation (PDTS) due to recurrent disc herniation. This article is a prospective clinical study. We conducted microdiscectomy and PDTS (using a cosmic dynamic screw-rod system) in 40 cases (23 males, 17 females) with a diagnosis of recurrent disc herniation. Mean age of included patients was 48.92 ± 12.18 years (range: 21-73 years). Patients were clinically and radiologically evaluated for follow-up for at least two years. Patients’ postoperative clinical results and radiological outcomes were evaluated during the 3rd, 12th, and 24th months after surgery. Forty patients who underwent microdiscectomy and PDTS were followed for a mean of 41 months (range: 24-63 months). Both the Oswestry and VAS scores showed significant improvements two years postoperatively in comparison to preoperative scores (p<0.01). There were no significant differences between any of the three measured radiological parameters (α, LL, IVS) after two years of follow-up (p > 0.05). New recurrent disc herniations were not observed during follow-up in any of the patients. We observed complications in two patients. Performing microdiscectomy and PDTS after recurrent disc herniation can decrease the risk of postoperative segmental instability. This approach reduces the frequency of failed back syndrome with low back pain and sciatica

Smartphone security behavioral scale: a new psychometric measurement for smartphone security

Despite widespread use of smartphones, there is no measurement standard targeted at smartphone security behaviors. In this paper we translate a well-known cybersecurity behavioral scale into the smartphone domain and show that we can improve on this translation by following an established psychometrics approach surveying 1011 participants. We design a new 14-item Smartphone Security Behavioral Scale (SSBS) exhibiting high reliability and good fit to a two-component behavioural model based on technical versus social protection strategies. We then demonstrate how SSBS can be applied to measure the influence of mental health issues on smartphone security behavior intentions. We found significant correlations that predict SSBS profiles from three types of MHIs. Conversely, we are able to predict presence of MHIs using SSBS profiles.We obtain prediction AUCs of 72.1% for Internet addiction,75.8% for depression and 66.2% for insomnia