| 1. |
|
|
| 2. |
- Ahmadpanah, Seyed Mohammad Mehdi, 1996, et al.
(författare)
-
LazyTAP : On-Demand Data Minimization for Trigger-Action Applications
- 2023
-
Ingår i: Proceedings - IEEE Symposium on Security and Privacy, vol. 2023. - : Institute of Electrical and Electronics Engineers Inc.. - 1081-6011. - 9781665493369 ; , s. 3079-3097
-
Konferensbidrag (refereegranskat)abstract
- Trigger-Action Platforms (TAPs) empower applications (apps) for connecting otherwise unconnected devices and services. The current TAPs like IFTTT require trigger services to push excessive amounts of sensitive data to the TAP regardless of whether the data will be used in the app, at odds with the principle of data minimization. Furthermore, the rich features of modern TAPs, including IFTTT queries to support multiple trigger services and nondeterminism of apps, have been out of the reach of previous data minimization approaches like minTAP. This paper proposes LazyTAP, a new paradigm for fine-grained on-demand data minimization. LazyTAP breaks away from the traditional push-all approach of coarse-grained data over-approximation. Instead, LazyTAP pulls input data on-demand, once it is accessed by the app execution. Thanks to the fine granularity, LazyTAP enables tight minimization that naturally generalizes to support multiple trigger services via queries and is robust with respect to nondeterministic behavior of the apps. We achieve seamlessness for third-party app developers by leveraging laziness to defer computation and proxy objects to load necessary remote data behind the scenes as it becomes needed. We formally establish the correctness of LazyTAP and its minimization properties with respect to both IFTTT and minTAP. We implement and evaluate LazyTAP on app benchmarks showing that on average LazyTAP improves minimization by 95% over IFTTT and by 38% over minTAP, while incurring a tolerable performance overhead.
|
|
| 3. |
- Ahmadpanah, Seyed Mohammad Mehdi, 1996, et al.
(författare)
-
Poster : Data Minimization by Construction for Trigger-Action Applications
- 2023
-
Ingår i: CCS 2023 - Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security. - : Association for Computing Machinery, Inc. - 9798400700507 ; , s. 3522-3524
-
Konferensbidrag (övrigt vetenskapligt/konstnärligt)abstract
- Trigger-Action Platforms (TAPs) enable applications to integrate various devices and services otherwise unconnected. Recent features of TAPs introduce additional sources of data such as queries in IFTTT. The current TAPs, like IFTTT, demand that trigger and query services transmit excessive amounts of user data to the TAP. To limit the data to what is actually necessary for the execution to comply with the principle of data minimization, input services should send no more than the necessary data. LazyTAP proposes a new paradigm of data minimization by construction in TAPs, introducing a novel perspective for data collection from input services. While the existing push-all approach of TAPs entails coarse-grained data over-approximation, LazyTAP pulls input data on-demand at the level of attributes, once accessed by the app execution. Thanks to the fine granularity provided by LazyTAP, multiple trigger and query services can be naturally minimized while the behavior of app executions is preserved. In addition, a great benefit of LazyTAP is being seamless for third-party app developers. By leveraging laziness, LazyTAP defers computation and proxies objects to load necessary remote data behind the scenes. Our evaluation study on app benchmarks shows that on average LazyTAP improves minimization by 95% over IFTTT and by 38% over minTAP, with a tolerable performance overhead. This poster goes into further details about LazyTAP and elaborates on its prototype implementation.
|
|
| 4. |
- Ahmadpanah, Seyed Mohammad Mehdi, 1996, et al.
(författare)
-
SandTrap : Securing javascript-driven trigger-action platforms
- 2021
-
Ingår i: Proceedings of the 30th USENIX Security Symposium. - : USENIX Association. - 9781939133243 ; , s. 2899-2916
-
Konferensbidrag (refereegranskat)abstract
- Trigger-Action Platforms (TAPs) seamlessly connect a wide variety of otherwise unconnected devices and services, ranging from IoT devices to cloud services and social networks. TAPs raise critical security and privacy concerns because a TAP is effectively a “person-in-the-middle” between trigger and action services. Third-party code, routinely deployed as “apps” on TAPs, further exacerbates these concerns. This paper focuses on JavaScript-driven TAPs. We show that the popular IFTTT and Zapier platforms and an open-source alternative Node-RED are susceptible to attacks ranging from exfiltrating data from unsuspecting users to taking over the entire platform. We report on the changes by the platforms in response to our findings and present an empirical study to assess the implications for Node-RED. Motivated by the need for a secure yet flexible way to integrate third-party JavaScript apps, we propose SandTrap, a novel JavaScript monitor that securely combines the Node.js vm module with fully structural proxy-based two-sided membranes to enforce fine-grained access control policies. To aid developers, SandTrap includes a policy generation mechanism. We instantiate SandTrap to IFTTT, Zapier, and Node-RED and illustrate on a set of benchmarks how SandTrap enforces a variety of policies while incurring a tolerable runtime overhead.
|
|
| 5. |
- Ahmadpanah, Seyed Mohammad Mehdi, 1996, et al.
(författare)
-
Securing Node-RED Applications
- 2021
-
Ingår i: Protocols, Strands, and LogicEssays Dedicated to Joshua Guttman on the Occasion of his 66.66th Birthday. - Cham : Springer Science and Business Media Deutschland GmbH. ; , s. 1-21, s. 1-21, s. 1-21
-
Konferensbidrag (refereegranskat)abstract
- Trigger-Action Platforms (TAPs) play a vital role in fulfilling the promise of the Internet of Things (IoT) by seamlessly connecting otherwise unconnected devices and services. While enabling novel and exciting applications across a variety of services, security and privacy issues must be taken into consideration because TAPs essentially act as persons-in-the-middle between trigger and action services. The issue is further aggravated since the triggers and actions on TAPs are mostly provided by third parties extending the trust beyond the platform providers. Node-RED, an open-source JavaScript-driven TAP, provides the opportunity for users to effortlessly employ and link nodes via a graphical user interface. Being built upon Node.js, third-party developers can extend the platform’s functionality through publishing nodes and their wirings, known as flows. This paper proposes an essential model for Node-RED, suitable to reason about nodes and flows, be they benign, vulnerable, or malicious. We expand on attacks discovered in recent work, ranging from exfiltrating data from unsuspecting users to taking over the entire platform by misusing sensitive APIs within nodes. We present a formalization of a runtime monitoring framework for a core language that soundly and transparently enforces fine-grained allowlist policies at module-, API-, value-, and context-level. We introduce the monitoring framework for Node-RED that isolates nodes while permitting them to communicate via well-defined API calls complying with the policy specified for each node.
|
|
| 6. |
- Appelgren, Daniel, et al.
(författare)
-
Neutrophil Extracellular Traps (NETs) in the Cerebrospinal Fluid Samples from Children and Adults with Central Nervous System Infections.
- 2020
-
Ingår i: Cells. - : MDPI AG. - 2073-4409. ; 9:1
-
Tidskriftsartikel (refereegranskat)abstract
- Neutrophils operate as part of the innate defence in the skin and may eliminate the Borrelia spirochaete via phagocytosis, oxidative bursts, and hydrolytic enzymes. However, their importance in Lyme neuroborreliosis (LNB) is unclear. Neutrophil extracellular trap (NET) formation, which is associated with the production of reactive oxygen species, involves the extrusion of the neutrophil DNA to form traps that incapacitate bacteria and immobilise viruses. Meanwhile, NET formation has recently been studied in pneumococcal meningitis, the role of NETs in other central nervous system (CNS) infections has previously not been studied. Here, cerebrospinal fluid (CSF) samples from clinically well-characterised children (N = 111) and adults (N = 64) with LNB and other CNS infections were analysed for NETs (DNA/myeloperoxidase complexes) and elastase activity. NETs were detected more frequently in the children than the adults (p = 0.01). NET presence was associated with higher CSF levels of CXCL1 (p < 0.001), CXCL6 (p = 0.007), CXCL8 (p = 0.003), CXCL10 (p < 0.001), MMP-9 (p = 0.002), TNF (p = 0.02), IL-6 (p < 0.001), and IL-17A (p = 0.03). NETs were associated with fever (p = 0.002) and correlated with polynuclear pleocytosis (rs = 0.53, p < 0.0001). We show that neutrophil activation and active NET formation occur in the CSF samples of children and adults with CNS infections, mainly caused by Borrelia and neurotropic viruses. The role of NETs in the early phase of viral/bacterial CNS infections warrants further investigation.
|
|
| 7. |
|
|
| 8. |
- Chemaly, Melody, et al.
(författare)
-
Biliverdin Reductase B Is a Plasma Biomarker for Intraplaque Hemorrhage and a Predictor of Ischemic Stroke in Patients with Symptomatic Carotid Atherosclerosis
- 2023
-
Ingår i: Biomolecules. - : MDPI AG. - 2218-273X. ; 13:6
-
Tidskriftsartikel (refereegranskat)abstract
- Background: Intraplaque hemorrhage (IPH) is a hallmark of atherosclerotic plaque instability. Biliverdin reductase B (BLVRB) is enriched in plasma and plaques from patients with symptomatic carotid atherosclerosis and functionally associated with IPH. Objective: We explored the biomarker potential of plasma BLVRB through (1) its correlation with IPH in carotid plaques assessed by magnetic resonance imaging (MRI), and with recurrent ischemic stroke, and (2) its use for monitoring pharmacotherapy targeting IPH in a preclinical setting. Methods: Plasma BLVRB levels were measured in patients with symptomatic carotid atherosclerosis from the PARISK study (n = 177, 5 year follow-up) with and without IPH as indicated by MRI. Plasma BLVRB levels were also measured in a mouse vein graft model of IPH at baseline and following antiangiogenic therapy targeting vascular endothelial growth factor receptor 2 (VEGFR-2). Results: Plasma BLVRB levels were significantly higher in patients with IPH (737.32 & PLUSMN; 693.21 vs. 520.94 & PLUSMN; 499.43 mean fluorescent intensity (MFI), p = 0.033), but had no association with baseline clinical and biological parameters. Plasma BLVRB levels were also significantly higher in patients who developed recurrent ischemic stroke (1099.34 & PLUSMN; 928.49 vs. 582.07 & PLUSMN; 545.34 MFI, HR = 1.600, CI [1.092-2.344]; p = 0.016). Plasma BLVRB levels were significantly reduced following prevention of IPH by anti-VEGFR-2 therapy in mouse vein grafts (1189 & PLUSMN; 258.73 vs. 1752 & PLUSMN; 366.84 MFI; p = 0.004). Conclusions: Plasma BLVRB was associated with IPH and increased risk of recurrent ischemic stroke in patients with symptomatic low- to moderate-grade carotid stenosis, indicating the capacity to monitor the efficacy of IPH-preventive pharmacotherapy in an animal model. Together, these results suggest the utility of plasma BLVRB as a biomarker for atherosclerotic plaque instability.
|
|
| 9. |
- Eriksson, Elina, 1979-, et al.
(författare)
-
Addressing Students’ Eco-anxiety when Teaching Sustainability in Higher Education
- 2022
-
Ingår i: Proceedings - 2022 International Conference on ICT for Sustainability, ICT4S 2022. - : Institute of Electrical and Electronics Engineers (IEEE). ; , s. 88-98
-
Konferensbidrag (refereegranskat)abstract
- The widespread awareness and the sense of urgency and helplessness regarding the ongoing sustainability crisis (climate change, biodiversity loss etc.) can evoke feelings of grief, sorrow, despair and anxiety. Those emotions are seldom discussed in computing or in computing education. They can have detrimental effects on the well-being of students and others, and also lead to inaction. But concern can on the other hand also be a catalyst for learning. In this paper, we present results and reflections from a research and development project in our introductory course to sustainability and ICT focusing on emotions in sustainability education. We focus on “eco-anxiety” and ask: 1) How is eco-anxiety communicated by students and teachers?, 2) In what ways do students receive support to deal with eco-anxiety? and 3) What could be done to better address eco-anxiety in computing education? We here present an analysis of how we have responded to the phenomenon of eco-anxiety, what activities have been added to the course and an evaluation of these interventions. The results are based on joint reflections that have been guided by literature, a small-scale ethnographic study as well as a course evaluation. The paper will end with recommendations for other ICT4S educators on how they can start addressing eco-anxiety in their education.
|
|
| 10. |
- Eriksson, Elina, 1979-, et al.
(författare)
-
Systems Thinking Exercises in Computing Education: : Broadening the Scope of ICT and Sustainability
- 2020
-
Ingår i: ICT4S2020: Proceedings of the 7th International Conference on ICT for Sustainability. - New York, NY, USA : Association for Computing Machinery (ACM). ; , s. 170-176
-
Konferensbidrag (refereegranskat)abstract
- Integrating sustainability in computing education entails broadening the scope of the education, but how can that be done while maintaining student engagement? Climate change and species extinction can appear far removed from data structures and algorithms to say the least. In our ongoing work of integrating sustainability in our Media Technology programme, we have addressed this gap by introducing systems thinking games and activities to broaden the scope, as well as by situating the issues addressed in the course in relation to their future profession. In this paper, we present our experiences of introducing and playing systems thinking games, how the systems thinking exercise sessions were conducted, outcomes of the sessions and finally some lessons learnt. Furthermore, we present and analyse changes we did to the exercises and that led to a richer material for discussions in the classroom.
|
|
