用户友好的Android隐私监管机制

针对安卓(Android)应用过度授权导致的隐私泄露问题,提出了一种用户友好的Android隐私监管机制UFMDroid。该机制使用服务代理重定向技术在Android控制流中插入隐私行为监控和细粒度运行时资源约束模块。UFMDroid通过对安卓市场已有软件的权限进行分层聚类和欧几里得距离度量以构建各类应用的预置权限轮廓,从而过滤可疑权限。UFMDroid通过计算当前权限配置与预置权限的距离获得应用静态威胁值;通过对涉隐私行为分类,同时考虑不同类别隐私行为的个体威胁和组合威胁,为用户提供应用实时威胁量化值。此外,UFMDroid通过提供虚假数据的方式防止应用因权限撤销引发程序崩溃。实验结果表明,UFMDroid可以成功监控应用对21种隐私数据的获取行为并可按用户配置进行隐私行为实时拦截响应,在一定程度上加强隐私保护。     

Hadoop平台数据访问监控机制研究

针对Hadoop平台数据被任务调度感知,进行本地化处理的新特征,探索Haoop平台中Map任务数据访问监控机制。提出Hadoop平台数据访问监控不仅应服务于数据存取效率的提升,还应服务于Map/Reduce并行作业执行效率提升的基本思想,并增加对并行执行多Map任务数据访问开销均衡性的监控。基于该思想,定义Hadoop平台数据访问监控的粒度和监控信息组成;依托Hadoop平台现有结构,设计了基于master-slave的监控体系结构,并给出了监控主要功能模块的具体实现技术及测试结果。     

改进的Android强制访问控制模型

为了降低Android平台受应用层权限提升攻击的可能性,研究分析了对利用隐蔽信道进行的合谋攻击具有较好防御能力的XManDroid模型,针对该模型存在无法检测多应用多权限合谋攻击的问题,采用构建进程间通信连接图并利用有色图记录应用通信历史的方法,提出了一种基于通信历史的细粒度强制访问控制模型。对原型系统的测试结果表明：所提出的模型能够很好地解决XManDroid模型存在的问题。     

基于访问控制列表机制的Android权限管控方案

Android采用基于权限的访问控制方式对系统资源进行保护,其权限管控存在管控力度过粗的问题。同时,部分恶意程序会在用户不知情的情况下,在隐私场景下偷偷地对资源进行访问,给用户隐私和系统资源带来一定的威胁。在原有权限管控的基础上引入了访问控制列表（ACL）机制,设计并实现了一个基于ACL机制的Android细粒度权限管控系统。所提系统能根据用户的策略动态地设置应用程序的访问权限,避免恶意代码的访问,保护系统资源。对该系统的兼容性、有效性的测试结果表明,该系统能够为应用程序提供稳定的环境。     

基于模糊聚类的Web浏览路径分析方法

在Web挖掘研究中,传统硬聚类技术常被用来分析网站浏览者对网页的浏览偏好.然而该方法只能将每一用户浏览路径归类到单一群组中,即事先假设每一浏览路径只包含单一种用户偏好,却忽略了同一用户浏览路径可能包含多个网页偏好.针对这种情况,提出用模糊聚类技术取代传统的硬聚类技术以弥补不足,使聚类结果更符合实际浏览情况.     

Mobile context-based framework for threat monitoring in urban environment with social threat monitor

Engaging users in threat reporting is important in order to improve threat monitoring in urban environments. Today, mobile applications are mostly used to provide basic reporting interfaces. With a rapid evolution of mobile devices, the idea of context awareness has gained a remarkable popularity in recent years. Modern smartphones and tablets are equipped with a variety of sensors including accelerometers, gyroscopes, pressure gauges, light and GPS sensors. Additionally, the devices become computationally powerful which allows for real-time processing of data gathered by their sensors. Universal access to the Internet via WiFi hot-spots and GSM network makes mobile devices perfect platforms for ubiquitous computing. Although there exist numerous frameworks for context-aware systems, they are usually dedicated to static, centralized, client-server architectures. There is still space for research in the field of context modeling and reasoning for mobile devices. In this paper, we propose a lightweight context-aware framework for mobile devices that uses data gathered by mobile device sensors and performs on-line reasoning about possible threats based on the information provided by the Social Threat Monitor system developed in the INDECT project.     

Improving Web access for visually impaired users

Technology advances and the continuing convergence of computing and telecommunications have made an unprecedented amount of information available to the public. For many people with disabilities, however, accessibility issues limit the impact of such widespread availability. Of the many types of disabilities-mobility, hearing, and learning impairments, for example-vision impairments are most pervasive in the general population, especially among seniors. The world's rapidly aging population is redefining visually impaired, which refers to individuals with low vision (that is, people for whom ordinary eyeglasses, contact lenses, or intraocular lens implants don't provide clear vision), color blindness, and blindness. In 1998, the US Congress amended the Rehabilitation Act, strengthening provisions covering access to government-posted information for people with disabilities. As amended, Section 508 requires federal agencies to ensure that all assets and technologies are accessible and usable by employees and the public, regardless of physical, sensory, or cognitive disabilities. Most current assistive technologies for visually impaired users are expensive, difficult to use, and platform dependent. A new approach by the US National Library of Medicine (NLM), National Institutes of Health (NIH), addresses these weaknesses by locating the assistive capability at the server, thus freeing visually impaired individuals from the software expense, technical complexity, and substantial learning curve of other assistive technologies. NLM's Senior Health Web site (http://nihseniorhealth.gov), a talking Web (a Web application that presents Web content as speech to users), demonstrates the approach's effectiveness.     

基于担保的Web服务访问控制模型

提出的基于担保的Web服务访问控制模型采用形式化的方式描述,核心思想就是主体与对象之间通过担保人建立联系,担保人为主体颁发授权担保,多级担保形成一条担保链,通过担保链,主体可以得到对象一定信任度的授权;给出了基于担保的Web服务访问控制模型的授权决策算法,并通过实例说明了基于担保的授权决策过程。     

面向Android系统的目录自适应日志模式选择机制

在写磁盘的过程中如果意外掉电或系统崩溃很有可能导致文件系统中用户数据和元数据不一致,现有文件系统主要采取写前日志或写时拷贝等一致性技术来解决该问题,但均没有考虑目录对可靠性需求的差异性。针对现有的文件自适应日志模式存在的需要逐一修改应用程序的不足,提出了面向Android系统的目录自适应的日志模式选择机制,即针对不同的目录对可靠性需求的高低等级,选择相应的强弱程度不同的日志模式,同时分配可靠性不同的存储区域,这种机制对开发者完全透明,也符合Android系统的应用特征,在可靠性需求不变的前提下最大限度地减少了一致性保证引入的额外开销。实验结果表明,修改后的文件系统可以识别文件所在目录,并根据目录选择预先定义的日志模式。     

以Web用户关联关系为属性的浏览模式聚类

在Web使用挖掘中,用户浏览模式的聚类结果有助于网站设计者理解Web用户的浏览特点和需要。设计了一种有效的Web浏览模式的聚类方法,网页是否被浏览及网页上的浏览时间反映了用户的浏览兴趣,它们被刻画成等长的用户浏览模式向量中的相应分量,此外,浏览模式之间的关系被刻画并被作为属性加入到该向量中,形成扩展的用户浏览模式向量,对这些向量使用粗糙k-均值法可对用户浏览模式进行有效的聚类。实例和实验分析说明,使用该方法的聚类结果更合理。聚类结果可用于个性化网站的设计。     

Behavioral Attestation for Web Services using access policies

Service Oriented Architecture with underlying technologies like web services and web service orchestration opens new vistas for integration among business processes operating in heterogeneous environments. However, such dynamic collaborations require a highly secure environment at each respective business partner site. Existing web services standards address the issue of security only on the service provider platform. The partner platforms to which sensitive information is released have till now been neglected. Remote Attestation is a relatively new field of research which enables an authorized party to verify that a trusted environment actually exists on a partner platform. To incorporate this novel concept in to the web services realm, a new mechanism called WS-Attestation has been proposed. This mechanism provides a structural paradigm upon which more fine-grained solutions can be built. In this paper, we present a novel framework, Behavioral Attestation for Web Services, in which XACML is built on top of WS-Attestation in order to enable more flexible remote attestation at the web services level. We propose a new type of XACML policy called XACML behavior policy, which defines the expected behavior of a partner platform. Existing web service standards are used to incorporate remote attestation at the web services level and a prototype is presented, which implements XACML behavior policy using low-level attestation techniques.     

无线Web访问的缓存和预取机制

缓存和预取在提高无线环境下的Web访问性能方面发挥着重要作用。文章研究针对无线局域网的Web缓存和预取机制,分别基于数据挖掘和信息论提出了采用序列挖掘和延迟更新的预测算法,设计了上下文感知的预取算法和获益驱动的缓存替换机制,上述算法已在Web缓存系统OnceEasyCache中实现。性能评估实验结果表明,上述算法的集成能有效地提高缓存命中率和延迟节省率。     

WebAccel: Accelerating Web access for low-bandwidth hosts

Current popular Web browsers simply fetch the entire Web page from the server in a greedy fashion. This simple Web-fetching mechanism employed by browsers is inappropriate for use in low-bandwidth networks since they unnecessarily cause large response time for users. In this paper, we first analyze the reasons that cause large response time by considering several factors, including the properties of typical Web pages and browsers, the interaction between the HTTP and TCP protocols, and the impact of server-side optimization techniques. We then propose a new Web-acceleration solution called WebAccel, which consists of three easy-to-deploy browser-side optimization mechanisms to reduce the user response time. Through ns2 simulations and a prototype implementation, we compare the performance of our solution with that of current browsers and show that WebAccel brings significant performance benefits in terms of user-perceived response time.     

Actively deployable mobile services for adaptive Web access

The proliferation of mobile devices in wireless environments has put special requirements on the ability to access the Web seamlessly. To address the impact of varying contextual characteristics on mobile access, the authors developed the WebPADS framework, which can actively deploy new mobile services. Moreover, WebPADS can dynamically reconfigure its services and migrate them to adapt to the vigorous changes in the wireless environment.     

基于属性树的Web服务访问控制模型

提出了基于属性树的Web服务访问控制模型,引入属性树来描述结构化属性,使用限制树来描述结构化属性的各种限制,解决了结构化属性的描述、属性的限制评估以及策略描述等问题。     

面向语义Web的基于语义和上下文的访问控制模型

对语义Web上资源的访问需要授权决策充分考虑其中实体之间的语义关系和上下文因素,而传统的访问控制模型不能处理这些问题。结合基于本体的语义描述技术和基于SWRL规则的推理机制,并将不同的语义关系归纳为一种包含关系,提出了一种面向语义Web的基于语义和上下文的访问控制（CSBAC）模型,并讨论了其语义授权推理、授权传播及冲突解决和实现架构。     

基于角色的Web Services动态访问控制模型

已有模型对Web Services的访问控制多数是静态的、粗粒度的,不能满足动态的面向服务的Web Services环境。为此提出了一个基于角色的Web Services动态访问控制模型(RBDAC),此模型可以根据用户访问时的上下文信息来激活角色分配和权限分配,并动态地做出访问控制决定。     

Web服务访问控制策略研究

Web服务环境中,交互实体通常位于不同安全域,具有不可预见性。Web服务应该基于其他与领域无关的信息而非身份来实施访问控制,以实现对跨域未知用户的访问授权。为此,提出了适应于Web服务的基于上下文的访问控制策略模型。模型的核心思想是将各种与访问控制有关的信息统一抽象表示为一个上下文概念,以上下文为中心来制定和执行访问控制策略,上下文担当了类似基于角色的访问控制(RBAC)中角色的概念。基于描述逻辑语言(DL),定义了基于上下文的访问控制策略公理,建立了访问控制策略知识库,提出了访问控制策略的逻辑推理方法。最后基于Racer推理系统,通过实验验证了方法的可行性和有效性。     

Android application behavioural analysis for data leakage

An android application requires specific permissions from the user to access the system resources and perform required functionalities. Recently, the android market has experienced exponential growth, which leads to malware applications. These applications are purposefully developed by hackers to access private data of the users and adversely affect the application usability. A suitable tool to detect malware is urgently needed, as malware may harm the user. As both malware and clean applications require similar types of permissions, so it becomes a very challenging task to differentiate between them. A novel algorithm is proposed to identify the malware‐based applications by probing the permission patterns. The proposed method uses the k‐means algorithm to quarantine the malware application by obtaining permission clusters. An efficiency of 90% (approx.) is attained for malicious behaviour, which validates this work. This work substantiates the use of application permissions for potential applications in android malware detection.     

Performance comparison of power-saving strategies for mobile Web access

One of the critical issues in mobile Web access is the usage of limited energy resources of mobile computers. Unfortunately, the legacy TCP/IP architecture is very inefficient. This work proposes and analyzes power-saving strategies for mobile Web access. Specifically, in this paper we develop an energy-consumption model for Web transactions and, based on it, we propose and compare four different energy saving strategies: ideal, Indirect-TCP (I-TCP), local and global. The ideal strategy is unfeasible but it is used as a reference bound as it guarantees the lowest energy consumption. The other strategies have been implemented and compared in a real test-bed. The performance comparison is carried out by measuring two main performance figures: the energy spent for downloading a Web page, and the associated transfer-time. Experimental results show that relevant energy saving is achievable and that, among the feasible strategies, the global one gives the best performance: with this strategy we can save (on average) up to 88% of the energy. Furthermore, our results indicate that this power saving is obtained without a significant increase in the transfer-time perceived by the users (on average, 0.2 s). Finally, by comparing the feasible strategies, we observe that the global one is much closer to the ideal case than the other strategies. In detail, the global strategy is about twice more efficient than the local one, and eight times more efficient than the I-TCP strategy.