Physical Sciences and Mathematics Commons^™

The Potentials And Challenges Of Big Data In Public Health, Rena N. Vithiatharan

Australian eHealth Informatics and Security Conference

The potential to use big data sources for public health increases with the broadening availability of data and improved methods of analysis. Whilst there are some well-known examples of the opportunistic use of big data, such as GoogleFlu, public health has not yet realised the full potential of such data sources. A literature review was undertaken to identify the potential of such data collections to impact public health, and to identify what challenges are currently limiting this potential. The potential include improved real-time analysis, research and development and genome studies. However, challenges listed are poor universal standardisation and classification, privacy …

Byod In Ehealth: Herding Cats And Stable Doors, Or A Catastrophe Waiting To Happen?, Krishnun Sansurooh, Patricia A H Williams

Australian eHealth Informatics and Security Conference

The use of personal devices in the work environment has crossed the boundaries of work and socially related tasks. With cyber criminals seriously targeting healthcare for medical identity theft, the lack of control of new technologies within healthcare networks becomes an increasing vulnerability. The prolific adoption of personal mobile devices in the healthcare environment requires a proactive approach to the management of Bring Your Own Device (BYOD). This paper analysed the current state of the problem and the challenges that this creates in an environment that has stringent privacy and security requirements. The discourse demonstrates that the issue is not …

3rd Australian Ehealth Informatics And Security Conference, 2014, Edith Cowan University: Conference Details, Security Research Institute, Edith Cowan University

Australian eHealth Informatics and Security Conference

No abstract provided.

Customising Doctor-Nurse Communications, Brian Cusack, Dave Parry

Australian eHealth Informatics and Security Conference

Doctor-Nurse communications are critical for patient safety and workflow effectiveness. Our research question was: What further improvements can be made to current communication systems? A variety of mobile and land based communication systems have been used and experimented with. In the study, the pager was found to be most common and more recent attempts to provide broadband capability with systems such as the iBeep. We built an alternative information system using Android phones and a software application that was customised by feedback from the medical professionals. The trial in five wards with 22 doctors and 170 nurses over one month …

Managing Wireless Security Risks In Medical Services, Brian Cusack, Akar Kyaw

Australian eHealth Informatics and Security Conference

Medical systems are designed for a range of end users from different professional skill groups and people who carry the devices in and on their bodies. Open, accurate, and efficient communication is the priority for medical systems and consequently strong protection costs are traded against the utility benefits for open systems. In this paper we assess the vulnerabilities created by the professional and end user expectations, and theorise ways to mitigate wireless security vulnerabilities. The benefits of wireless medical services are great in terms of efficiencies, mobility, and information management. These benefits may be realised by treating the vulnerabilities and …

Security Of Electronic Health Records In A Resource Limited Setting: The Case Of Smart-Care Electronic Health Record In Zambia, Keith Mweebo

Australian eHealth Informatics and Security Conference

This paper presents a case study of security issues related to the operationalization of smart-care, an electronic medical record (EMR) used to manage Human Immunodeficiency Virus (HIV) health information in Zambia. The aim of the smart-care program is to link up services and improve access to health information, by providing a reliable way to collect, store, retrieve and analyse health data in a secure way. As health professionals gain improved access to patient health information electronically, there is need to ensure this information is secured, and that patient privacy and confidentiality is maintained. During the initial stages of the program …

Avoiding Epic Fails: Software And Standards Directions To Increase Clinical Safety, Patricia A H Williams, Vincent B. Mccauley

Australian eHealth Informatics and Security Conference

No abstract provided.

Big Data In Healthcare: What Is It Used For?, Rebecca Hermon, Patricia A H Williams

Australian eHealth Informatics and Security Conference

Big data analytics is a growth area with the potential to provide useful insight in healthcare. Whilst many dimensions of big data still present issues in its use and adoption, such as managing the volume, variety, velocity, veracity, and value, the accuracy, integrity, and semantic interpretation are of greater concern in clinical application. However, such challenges have not deterred the use and exploration of big data as an evidence source in healthcare. This drives the need to investigate healthcare information to control and reduce the burgeoning cost of healthcare, as well as to seek evidence to improve patient outcomes. Whilst …

Android Or Ios For Better Privacy Protection?, Jin Han, Qiang Yan, Debin Gao, Jianying Zhou, Huijie Robert Deng

Research Collection School Of Computing and Information Systems

With the rapid growth of the mobile market, security of mobile platforms is receiving increasing attention from both research community as well as the public. In this paper, we make the first attempt to establish a baseline for security comparison between the two most popular mobile platforms. We investigate applications that run on both Android and iOS and examine the difference in the usage of their security sensitive APIs (SS-APIs). Our analysis over 2,600 applications shows that iOS applications consistently access more SS-APIs than their counterparts on Android. The additional privileges gained on iOS are often associated with accessing private …

Detecting Camouflaged Applications On Mobile Application Markets, Mon Kywe Su, Yingjiu Li, Huijie Robert Deng, Jason Hong

Research Collection School Of Computing and Information Systems

Application plagiarism or application cloning is an emerging threat in mobile application markets. It reduces profits of original developers and sometimes even harms the security and privacy of users. In this paper, we introduce a new concept, called camouflaged applications, where external features of mobile applications, such as icons, screenshots, application names or descriptions, are copied. We then propose a scalable detection framework, which can find these suspiciously similar camouflaged applications. To accomplish this, we apply text-based retrieval methods and content-based image retrieval methods in our framework. Our framework is implemented and tested with 30,625 Android applications from the official …

Ironfox: Securing The Web, Stephen Mcmurtry, William Johnson, Khadija Stewart (Advisor)

Annual Student Research Poster Session

No abstract provided.

Web Application Vulnerability Prediction Using Hybrid Program Analysis And Machine Learning, Lwin Khin Shar, Lionel Briand, Hee Beng Kuan Tan

Research Collection School Of Computing and Information Systems

Due to limited time and resources, web software engineers need support in identifying vulnerable code. A practical approach to predicting vulnerable code would enable them to prioritize security auditing efforts. In this paper, we propose using a set of hybrid (staticþdynamic) code attributes that characterize input validation and input sanitization code patterns and are expected to be significant indicators of web application vulnerabilities. Because static and dynamic program analyses complement each other, both techniques are used to extract the proposed attributes in an accurate and scalable way. Current vulnerability prediction techniques rely on the availability of data labeled with vulnerability …

Semantics-Aware Android Malware Classification Using Weighted Contextual Api Dependency Graphs, Mu Zhang, Yue Duan, Heng Yin, Zhiruo Zhao

Research Collection School Of Computing and Information Systems

The drastic increase of Android malware has led to a strong interest in developing methods to automate the malware analysis process. Existing automated Android malware detection and classification methods fall into two general categories: 1) signature-based and 2) machine learning-based. Signature-based approaches can be easily evaded by bytecode-level transformation attacks. Prior learning-based works extract features from application syntax, rather than program semantics, and are also subject to evasion. In this paper, we propose a novel semantic-based approach that classifies Android malware via dependency graphs. To battle transformation attacks, we extract a weighted contextual API dependency graph as program semantics to …

Stopwatch: A Cloud Architecture For Timing Channel Mitigation, Peng Li, Debin Gao, Michael K Reiter

Research Collection School Of Computing and Information Systems

This article presents StopWatch, a system that defends against timing-based side-channel attacks that arise from coresidency of victims and attackers in infrastructure-as-a-service clouds. StopWatch triplicates each cloud-resident guest virtual machine (VM) and places replicas so that the three replicas of a guest VM are coresident with nonoverlapping sets of (replicas of) other VMs. StopWatch uses the timing of I/O events at a VM’s replicas collectively to determine the timings observed by each one or by an external observer, so that observable timing behaviors are similarly likely in the absence of any other individual, coresident VMs. We detail the design and …

Workplace Surveillance, Tamara Kneese

Media Studies

Employers have long devised techniques and used new technologies to surveil employees in order to increase efficiency, decrease theft, and otherwise assert power and control over subordinates. New and cheaper networked technologies make surveillance easier to implement, but what are the ramifications of widespread workplace surveillance?

The Infosys Times, Vol. 1, No. 1, St. Cloud State University

The Infosys TIMES

Articles in this issue include:

• IS Department Recent Highlights
• IS Celebrates new office space and staff
• 5-Year BS/MS Fast Track Program
• Industry Partner Program: Telcomm Construction
• Students Tour Stearns County Courthouse
• Message from Department Chair
• NSF STEM Scholarship
• Students Present at IBCIB
• Maverick IT Internship Program
• Graduation at Last: Where one journey ends another begins, by Bonyeag Warzecha
• SAP Integration
• Digi-Key Competition
• Employment Outlook

Attribute-Based Signing Right Delegation, Weiwei Liu, Yi Mu, Guomin Yang

Research Collection School Of Computing and Information Systems

Attribute-based signature and proxy signature are both very useful in many real-world applications. In this paper, we combine the special features of both signatures and propose an attribute-based proxy signature scheme, where the original signer, who possesses a set of attributes, can delegate his/her signing right to a designated proxy signer. By verifying the signature, a verifier can be convinced that the signature is generated by the proxy signer who has obtained the delegation from a legitimate signer whose attributes satisfy a predicate. However, the verifier cannot tell from the signature who is the original signer. We provide the formal …

Analyzing The Dangers Posed By Chrome Extensions, Lujo Bauer, Shaoying Cai, Limin Jia, Timothy Passaro, Yuan Tian

Research Collection School Of Computing and Information Systems

A common characteristic of modern web browsers is that their functionality can be extended via third-party addons. In this paper we focus on Chrome extensions, to which the Chrome browser exports a rich API: extensions can potentially make network requests, access the local file system, get low-level information about running processes, etc. To guard against misuse, Chrome uses a permission system to curtail an extension's privileges. We demonstrate a series of attacks by which extensions can steal data, track user behavior, and collude to elevate their privileges. Although some attacks have previously been reported, we show that subtler versions can …

Authorized Keyword Search On Encrypted Data, Jie Shi, Junzuo Lai, Yingjiu Li, Huijie Robert Deng, Jian Weng

Research Collection School Of Computing and Information Systems

Cloud computing has drawn much attention from research and industry in recent years. Plenty of enterprises and individuals are outsourcing their data to cloud servers. As those data may contain sensitive information, it should be encrypted before outsourced to cloud servers. In order to ensure that only authorized users can search and further access the encrypted data, two important capabilities must be supported: keyword search and access control. Recently, rigorous efforts have been made on either keyword search or access control over encrypted data. However, to the best of our knowledge, there is no encryption scheme supporting both capabilities in …

Verifiable Computation On Outsourced Encrypted Data, Junzuo Lai, Robert H. Deng, Hwee Hwa Pang, Jian Weng

Research Collection School Of Computing and Information Systems

On one hand, homomorphic encryption allows a cloud server to perform computation on outsourced encrypted data but provides no verifiability that the computation is correct. On the other hand, homomorphic authenticator, such as homomorphic signature with public verifiability and homomorphic MAC with private verifiability, guarantees authenticity of computation over outsourced data but does not provide data confidentiality. Since cloud servers are usually operated by third-party providers which are almost certain to be outside the trust domain of cloud users, neither homomorphic encryption nor homomorphic authenticator suffices for verifiable computation on outsourced encrypted data in the cloud. In this paper, we …

Potential Biases In Bug Localization: Do They Matter?, Pavneet Singh Kochhar, Yuan Tian, David Lo

Research Collection School Of Computing and Information Systems

Issue tracking systems are valuable resources during software maintenance activities and contain information about the issues faced during the development of a project as well as after its release. Many projects receive many reports of bugs and it is challenging for developers to manually debug and fix them. To mitigate this problem, past studies have proposed information retrieval (IR)-based bug localization techniques, which takes as input a textual description of a bug stored in an issue tracking system, and returns a list of potentially buggy source code files. These studies often evaluate their effectiveness on issue reports marked as bugs …

Dupfinder: Integrated Tool Support For Duplicate Bug Report Detection, Ferdian Thung, Pavneet Singh Kochhar, David Lo

Research Collection School Of Computing and Information Systems

To track bugs that appear in a software, developers often make use of a bug tracking system. Users can report bugs that they encounter in such a system. Bug reporting is inherently an uncoordinated distributed process though and thus when a user submits a new bug report, there might be cases when another bug report describing exactly the same problem is already present in the system. Such bug reports are duplicate of each other and these duplicate bug reports need to be identified. A number of past studies have proposed a number of automated approaches to detect duplicate bug reports. …

Uncovering Embarrassing Moments In In-Situ Exposure Of Incoming Mobile Messages, Chulhong Min, Saumay Pushp, Seungchul Lee, Inseok Hwang, Youngki Lee, Seungwoo Kang, Junehwa Song

Research Collection School Of Computing and Information Systems

Mobile instant messengers serve as major interaction media for everyday chats. Contrary to the belief that a message is seen only by a designated receiver, it can be accidentally exposed to someone nearby and could result in embarrassing moments, for example, when the receiver is viewing pictures together with his friend upon the message arrival. To understand the significance of the problem and core factors that cause such embarrassments, we collected 961 in-situ responses from 14 participants upon the actual message arrival and analyzed them from the perspective of the receiver's situation. The results showed that 29% of message arrivals …

Efficient Hidden Vector Encryption With Constant-Size Ciphertext, Tran Viet Xuan Phuong, Guomin Yang, Willy Susilo

Research Collection School Of Computing and Information Systems

A Hidden Vector Encryption (HVE) scheme is a special type of anonymous identity-based encryption (IBE) scheme where the attribute string associated with the ciphertext or the user secret key can contain wildcards. In this paper, we introduce two constant-size ciphertext-policy hidden vector encryption (CP-HVE) schemes. Our first scheme is constructed on composite order bilinear groups, while the second one is built on prime order bilinear groups. Both schemes are proven secure in a selective security model which captures plaintext (or payload) and attribute hiding. To the best of our knowledge, our schemes are the first HVE constructions that can achieve …

Privatedroid: Private Browsing Mode For Android, Su Mon Kywe, Christopher Landis, Yutong Pei, Justin Satterfield, Yuan Tian, Patrick Tague

Research Collection School Of Computing and Information Systems

Private browsing mode is a privacy feature adopted by many modern computer browsers. With the increased use of mobile devices and escalating privacy concerns for mobile users, browser applications on mobile devices have also started incorporating private browsing mode. Even so, the use of private browsing mode is limited to the browser applications and cannot be applied directly on other third-party mobile applications. In this paper, we propose PrivateDroid, which provides a private browsing mode for third-party applications on the Android platform. First, we discuss three possible approaches of implementing mobile private browsing mode: code instrumentation, an extra sandbox, and …

Control Flow Obfuscation Using Neural Network To Fight Concolic Testing, Haoyu Ma, Xinjie Ma, Weijie Liu, Zhipeng Huang, Debin Gao, Chunfu Jia

Research Collection School Of Computing and Information Systems

Concolic testing is widely regarded as the state-of-the-art technique in dynamic discovering and analyzing trigger-based behavior in software programs. It uses symbolic execution and an automatic theorem prover to generate new concrete test cases to maximize code coverage for scenarios like software verification and malware analysis. While malicious developers usually try their best to hide malicious executions, there are also circumstances in which legitimate reasons are presented for a program to conceal trigger-based conditions and the corresponding behavior, which leads to the demand of control flow obfuscation techniques. We propose a novel control flow obfuscation design based on the incomprehensibility …

Preliminary Forensic Analysis Of The Xbox One, Jason Moore, Ibrahim Baggili, Andrew Marrington, Armindo Rodrigues

Electrical & Computer Engineering and Computer Science Faculty Publications

Video game consoles can no longer be viewed as just gaming consoles but rather as full multimedia machines, capable of desktop computer-like performance. The past has shown that game consoles have been used in criminal activities such as extortion, identity theft, and child pornography, but with their ever-increasing capabilities, the likelihood of the expansion of criminal activities conducted on or over the consoles increases. This research aimed to take the initial step of understanding the Xbox One, the most powerful Microsoft console to date. We report the outcome of conducting a forensic examination of the Xbox One, and we provide …

Testing The Forensic Soundness Of Forensic Examination Environments On Bootable Media, Ahmed F.A.L. Mohamed, Andrew Marrington, Farkhund Iqbal, Ibrahim Baggili

Electrical & Computer Engineering and Computer Science Faculty Publications

In this work we experimentally examine the forensic soundness of the use of forensic bootable CD/DVDs as forensic examination environments. Several Linux distributions with bootable CD/DVDs which are marketed as forensic examination environments are used to perform a forensic analysis of a captured computer system. Before and after the bootable CD/DVD examination, the computer system's hard disk is removed and a forensic image acquired by a second system using a hardware write blocker. The images acquired before and after the bootable CD/DVD examination are hashed and the hash values compared. Where the hash values are inconsistent, a differential analysis is …

Deconstructing The Welch Equation Using P-Adic Methods, Abigail Mann, Adelyn Yeoh

Mathematical Sciences Technical Reports (MSTR)

The Welch map x -> g^x-1+c is similar to the discrete exponential map x -> g^x, which is used in many cryptographic applications including the ElGamal signature scheme. This paper analyzes the number of solutions to the Welch equation: g^x-1+c = x (mod p^e) where p is a prime, and looks at other patterns of the equation that could possibly exploited in a similar cryptographic system. Since the equation is modulo p^e, where p is a prime number, p-adic methods of analysis are used in counting the number of solutions modulo p …

Deconstructing The Welch Equation Using P-Adic Methods, Abigail Mann, Adelyn Yeoh

Rose-Hulman Undergraduate Research Publications

The Welch map x -> g^x-1+c is similar to the discrete exponential map x -> g^x, which is used in many cryptographic applications including the ElGamal signature scheme. This paper analyzes the number of solutions to the Welch equation: g^x-1+c = x (mod p^e) where p is a prime, and looks at other patterns of the equation that could possibly exploited in a similar cryptographic system. Since the equation is modulo p^e, where p is a prime number, p-adic methods of analysis are used in counting the number of solutions modulo p …