Komminist Weldemariam

Effective detection of vulnerable and malicious browser extensions

Unsafely coded browser extensions can compromise the security of a browser, making them attractive targets for attackers as a primary vehicle for conducting cyber-attacks. Among others, the three factors making vulnerable extensions a high-risk security threat for browsers include: i) the wide popularity of browser extensions, ii) the similarity of browser extensions with web applications, and iii) the high privilege of browser extension scripts. Furthermore, mechanisms that specifically target to mitigate browser extension-related attacks have received less attention as opposed to solutions that have been deployed for common web security problems (such as SQL injection, XSS, logic flaws, client-side vulnerabilities, drive-by-download, etc.). To address these challenges, recently some techniques have been proposed to defend extension-related attacks. These techniques mainly focus on information flow analysis to capture suspicious data flows, impose privilege restriction on API calls by malicious extensions, apply digital signatures to monitor process and memory level activities, and allow browser users to specify policies in order to restrict the operations of extensions.This article presents a model-based approach to detect vulnerable and malicious browser extensions by widening and complementing the existing techniques. We observe and utilize various common and distinguishing characteristics of benign, vulnerable, and malicious browser extensions. These characteristics are then used to build our detection models, which are based on the Hidden Markov Model constructs. The models are well trained using a set of features extracted from a number of browser extensions together with user supplied specifications. Along the course of this study, one of the main challenges we encountered was the lack of vulnerable and malicious extension samples. To address this issue, based on our previous knowledge on testing web applications and heuristics obtained from available vulnerable and malicious extensions, we have defined rules to generate training samples. The approach is implemented in a prototype tool and evaluated using a number of Mozilla Firefox extensions. Our evaluation indicated that the approach not only detects known vulnerable and malicious extensions, but also identifies previously undetected extensions with a negligible performance overhead.

Twende-twende: a mobile application for traffic congestion awareness and routing

According to the UN-HABITAT, the city of Nairobi loses half a million USD daily due to congestion on roads designed for a city 10 times smaller. Therefore, there is a great need for traffic management and awareness solutions. Many existing solutions are unsuitable for cities like Nairobi due to economic constraints, dynamic events, uncertainty, and poor infrastructure. n Recently, a novel approach called Frugal Innovation has been adopted at IBM Tokyo Research. The approach combines very low quality images (VLQI) captured by existing low-cost cameras with network flow algorithms to accurately estimate traffic flow. We extend their work to develop a mobile app, called Twende-Twende, that provides drivers with real-time traffic information and suggested routes. We incorporate locally relevant context (such as references to landmarks) to predict congestion and create traffic awareness. We deployed the app and evaluated its effectiveness, accuracy and usability. Our initial evaluation indicates that the app enhances the driving experience and can be deployed in other developing countries.

FPGuard: Detection and Prevention of Browser Fingerprinting

Fingerprinting is an identification method used by enterprises to personalize services for their end-users and detect online fraud or by adversaries to launch targeted attacks. Various tools have been proposed to protect online users from undesired identification probes to enhance the privacy and security of the users. However, we have observed that new fingerprinting methods can easily evade the existing protection mechanisms. This paper presents a runtime fingerprinting detection and prevention approach, called FPGuard. FPGuard relies on the analysis of predefined metrics to identify fingerprinting attempts. While FPGuard’s detection capability is evaluated using the top 10,000 Alexa websites, its prevention mechanism is evaluated against four fingerprinting providers. Our evaluation results show that FPGuard can effectively recognize and mitigate fingerprinting-related activities and distinguish normal from abnormal webpages (or fingerprinters).

An Empirical Evaluation of Web-Based Fingerprinting

Adversaries employ sophisticated fingerprinting techniques to identify Web users and record their browsing history and Web interactions. Fingerprinting leaves no footprint on the browser and is invisible to general Web users, who often lack basic knowledge of it. An analysis of fingerprinting techniques and tools revealed the fingerprinting workflow. This helped define fine-grained properties that precisely model the workflow, allowing development of a client-side fingerprinting-detection tool. This article is part of a special issue on Security and Privacy on the Web.

Seamless blended learning using the Cognitive Learning Companion: A systemic view

We present the motivation, design, and preliminary study of a mobile-enabled, blended learning technology called the Cognitive Learning Companion (CLC). The CLC concept emerged from field studies with teachers and students in Africa. These studies led to two key high-level requirements that shaped the design philosophy of CLC: 1) seamless support for different modes of learning and teaching in a blended scenario (where a student learns in part through face-to-face interactions with a teacher in a classroom, and in part through a combination of teacher and system supervision/direction outside of class) and 2) support for tracking student engagement and sentiment during this blended learning journey, and the interplay of these affective processes with concept and skill-building processes as part of learning. In this paper, we discuss findings from the field studies and outline our approach to address the requirements. We present the overall architecture and design of CLC. The first version supporting a core set of capabilities for blended learning has been implemented as mobile applications for teachers and students. We conducted a limited pilot to test the technology in an actual classroom setting. We also report on a usability study of CLC that demonstrates user awareness and support for data-driven cognitive decision-making in education.

Low-power Low-cost Wireless Sensors for Real-time Plant Stress Detection

Farm yields and crop quality are closely linked to environmental exposures during growth. Stresses can occur when too much or too little water is delivered. These nuances of farm production are often overlooked by the typical small scale farmer in sub-Saharan Africa. The result is that small scale farms, on average, underproduce by more than forty percent. In this paper, we describe the development of a small scale precision farming approach where fast soil moisture sensing via wireless sensor networks provides a low-cost, low-power option to reduce the potential for water induced plant stresses and increase yields. The solution is particularly suited to resource constrained environments with no access to grid power and poor network connectivity. By monitoring water intake by plants, we demonstrate the potential for fast data collection from wireless soil moisture sensors in the farm. Finally, we show that the developed wireless sensor nodes can run for more than five years with limited human intervention.

Leveraging Raspberry Pi for interactive education

This paper describes our ongoing project whose goal is to combine existing technologies in order to make secondary school curriculum more interactive and practical.

Studying engagement and performance with learning technology in an African classroom

In this paper, we study the engagement and performance of students in a classroom using a system the Cognitive Learning Companion (CLC). CLC is designed to keep track of the relationship between the student, content interaction and learning progression. It also provides evidence-based engagement-oriented actionable insights to teachers by assessing information from a sensor-rich instrumented learning environment in order to infer a learners cognitive and affective states. Data captured from the instrumented environment is aggregated and analyzed to create interlinked insights helping teachers identify how students engage with learning content and view their performance records on selected assignments. We conducted a 1 month pilot with 27 learners in a primary school in Nairobi, Kenya during their maths and science instructional periods. We present our primary analysis of content-level interactions and engagement at the individual student and classroom level.

Towards Blockchain-enabled School Information Hub

Several initiatives have been proposed to collect, report, and analyze data about school systems for supporting decision-making. These initiatives rely mostly on self-reported and summarized data collected irregularly and rarely. They also lack a single independent and systematic process to validate the collected data during its entire lifecycle. Furthermore, schools in developing countries still do not maintain complete and up-to-date school records. Due to these and other factors addressing the education challenges in those countries remains a high priority for local and international governments, donor and non-governmental agencies across the world. In this paper, we discuss our initial design, implementation, and evaluation of a blockchain-enabled School Information Hub (SIH) using Kenyas school system as a case study.

Modeling user behavior data in systems of engagement

Abstract The proliferation of mobile devices has changed the way digital information is consumed and its efficacy measured. These personal devices know a lot about user behavior from embedded sensors along with monitoring the daily activities users perform through various applications on these devices. This data can be used to get a deep understanding of the context of the users and provide personalized services to them. However, there are a lot of challenges in capturing, modeling, storing, and processing such data from these systems of engagement, both in terms of achieving the right balance of redundancy in the captured and stored data, along with ensuring the usefulness of the data for analysis. There are additional challenges in balancing how much of the captured data should be processed through client or server applications. In this article, we present the modeling of user behavior in the context of personalized education which has generated a lot of recent interest. More specifically, we present an architecture and the issues of modeling student behavior data, captured from different activities the student performs during the process of learning. The user behavior data is modeled and sent to the cloud-enabled backend where detailed analytics are performed to understand different aspects of a student, such as engagement, difficulties, and preferences and to also analyze the quality of the data.