Umeå University's logo

Smartphone users rely on Apps for their daily lives but simultaneously struggle to protect their privacy and device security from potentially harmful and malicious Apps. However, scientific literature lacks in-depth studies mapping user struggles, factors undermining their efforts, and implications. We cover this gap by engaging 24 smartphone users in 44 interview sessions. We observe them performing different App acquisition and management tasks, seek explanations, and analyze collected data to make the following contributions. First, we develop a theoretical App acquisition and management model describing different phenomena involved in App acquisition and management in Android smartphones. Causal conditions of these phenomena and contexts, and intervening conditions influencing user strategies are discovered grounded in the data acquired through the interview sessions. It shows the challenges they face, the strategies they develop and use to deal with the faced challenges, and their consequences. Second, we systematically discover and relate different App acquisition and management concepts in 34 subcategories related to user struggles. None of the existing studies discovers, explains, and relates actual user behaviors involving this many factors in one place. Third, this research discovers six problems unaddressed by the literature: the usage of untrusted App repositories, mandatory and forced installations, the installation process changes, the Settings App complexities, the void contracts problem, and the psychological consequences of failure to protect privacy in Android phones. Finally, we provide general guidelines for users, App stores, developers, and regulators to assist them in enhancing privacy and security protection in the Android ecosystem.

Forward-porting reintroduces previously detected and patched software bugs from older versions into later ones to create benchmarking workloads for fuzzing. These benchmarks gauge a fuzzer's performance by testing its ability to detect or trigger these bugs during a fuzzing campaign. In this study, we evaluate the reliability of forward porting in establishing dependable fuzzing benchmarks and their suitability for fair and accurate fuzzer evaluation. We utilize online resources, forward porting, fuzzing experiments, and triaging to scrutinize the workloads of a state-of-the-art fuzzing benchmark. We uncover seven factors, including software architecture changes, misconfigurations, supply chain issues, and developer errors, all of which compromise the success of forward porting. We determine that the ‘ground truth’ established through forward porting is only occasionally ‘true’ due to unaccounted-for underlying bugs in all examined software applications undergoing this process. These findings question the reliability of forward porting in generating dependable fuzzing benchmarks. Furthermore, our experimental results suggest that relying on forward porting-based ground truth and verification metrics could lead to misleading evaluations of fuzzer performance. Ultimately, we propose insights into the development of fuzzing benchmarks to ensure more dependable assessments of fuzzers.

Model migration can accelerate model convergence during federated learning on the Internet of Things (IoT) devices and reduce training costs by transferring feature extractors from fast to slow devices, which, in turn, enables sustainable computing. However, malicious or lazy devices may migrate the fake models or resist sharing models for their benefit, reducing the desired efficiency and reliability of a federated learning system. To this end, this work presents a blockchain-based model migration approach for resource-constrained IoT systems. The proposed approach aims to achieve secure model migration and speed up model training while minimizing computation cost. We first develop an incentive mechanism considering the economic benefits of fast devices, which breaks the Nash equilibrium established by lazy devices and encourages capable devices to train and share models. Second, we design a clustering-based algorithm for identifying malicious devices and preventing them from defrauding incentives. Third, we use blockchain to ensure trustworthiness in model migration and incentive processes. Blockchain records the interaction between the central server and IoT devices and runs the incentive algorithm without exposing the devices’ private data. Theoretical analysis and experimental results show that the proposed approach can accelerate federated learning rates, reduce model training computation costs to increase sustainability, and resist malicious attacks.

Directed Acyclic Graph (DAG)-based scheduling applications are critical to resource allocation in the Cloud, Edge, and Fog layers of cyber-physical systems (CPS). However, thermal anomalies in DVFS-enabled homogeneous multiprocessor systems (HMSS) may be exploited by malicious applications posing risks to the availability of the underlying CPS. This can negatively affect the trustworthiness of CPS. This paper proposes an algorithm to address the thermal risks in DVFS-enabled HMSS for periodic DAG-based applications. It also improves the current list scheduling-based Depth-First and Breadth-First techniques without violating the timing constraints of the system. We test the algorithm using standard benchmarks and synthetic applications in a simulation setup. The results show a reduction in the temperature peaks by up to 30%, average temperature by up to 22%, temperature variations up to 3 times, and temperature spatial gradients by up to 4 times as compared to the conventional Depth-First Scheduling algorithms.

Social Internet of Vehicles (SIoV) falls under the umbrella of social Internet of Things (IoT), where vehicles are socially connected to other vehicles and roadside units that can reliably share information and services with other social entities by leveraging the capabilities of 5G technology, which brings new opportunities and challenges, e.g., collaborative power trading can address the mileage anxiety of electric vehicles. However, it relies on a trusted central party for scheduling, which introduces performance bottlenecks and cannot be set up in a distributed network, in addition, the lack of transparency in state-of-the-art Vehicle-to-Vehicle (V2V) power trading schemes can introduce further trust issues. In this paper, we propose a blockchain-based trustworthy collaborative power trading scheme for 5G-enabled social vehicular networks that uses a distributed market mechanism to introduce trusted power trading and avoids the dependence on a centralized dispatch center. Based on the game theory, we design the pricing and trading matching mechanism for V2V power trading to obtain maximum social welfare. We use blockchain to record power trading data for trusted pricing and use smart contracts for transaction matching. The simulation results verify the effectiveness of the proposed scheme in improving social welfare and reducing the load on the grid.

Assistive technology (AT) supports individuals who experience difficulties in carrying out daily life physical activities, for example, people with disabilities, the elderly, and people with chronic diseases, such as diabetes, bone and joint disorders, heart disease, or stroke. Thanks to assistive technologies, these patients can regain their independence by using permissive devices to carry out physical activities without human assistance, and in ways that mirror healthy individuals. Hence, ATs support the autonomy of people who have been physically limited or have cognitive dysfunction. AT is also known as access technology, including mechanical, optical, electronic, and computer solutions to benefit people with sensory or motor impairments, thus allowing them to perform routine tasks that were previously impossible to execute. This chapter presents a prosthesis that has been designed for people with locomotor disabilities and deficiencies. The device is low cost, has low energy consumption, and is easy to use by a person with a hand disability. The subsequent developing stage will consist of transitioning from a traditional prosthesis to a neuroprosthesis, by using sensor networks and controlling the device (bionic prosthesis) through smart sensors and actuators, with control systems having microcontroller unit (MCU), brain-computer interface, and NextMind interfaces.