Refine
Year of publication
- 2018 (19) (remove)
Document Type
- Conference Proceeding (13)
- Article (3)
- Report (2)
- Other Publications (1)
Keywords
- Bio-vital data (1)
- FSR sensor (1)
- Freistellungssemesterbericht (2)
- Heart rate (1)
- Movement detection (2)
- Multinomial logistic regression (1)
- Non-invasive sleep study (2)
- Pattern recognition (1)
- Physical activity (1)
- Pressure sensor (1)
Institute
- Fakultät Informatik (19) (remove)
We investigated 50 randomly selected buffer overflow vulnerabilities in Firefox. The source code of these vulnerabilities and the corresponding patches were manually reviewed and patterns were identified. Our main contribution are taxonomies of errors, sinks and fixes seen from a developer's point of view. The results are compared to the CWE taxonomy with an emphasis on vulnerability details. Additionally, some ideas are presented on how the taxonomy could be used to improve the software security education.
To get a better understanding of Cross Site Scripting vulnerabilities, we investigated 50 randomly selected CVE reports which are related to open source projects. The vulnerable and patched source code was manually reviewed to find out what kind of source code patterns were used. Source code pattern categories were found for sources, concatenations, sinks, html context and fixes. Our resulting categories are compared to categories from CWE. A source code sample which might have led developers to believe that the data was already sanitized is described in detail. For the different html context categories, the necessary Cross Site Scripting prevention mechanisms are described.
We identify 74 generic, reusable technical requirements based on the GDPR that can be applied to software products which process personal data. The requirements can be traced to corresponding articles and recitals of the GDPR and fulfill the key principles of lawfulness and transparency. Therefore, we present an approach to requirements engineering with regard to developing legally compliant software that satisfies the principles of privacy by design, privacy by default as well as security by design.
Objective: This paper presents an algorithm for non-invasive sleep stage identification using respiratory, heart rate and movement signals. The algorithm is part of a system suitable for long-term monitoring in a home environment, which should support experts analysing sleep. Approach: As there is a strong correlation between bio-vital signals and sleep stages, multinomial logistic regression was chosen for categorical distribution of sleep stages. Several derived parameters of three signals (respiratory, heart rate and movement) are input for the proposed method. Sleep recordings of five subjects were used for the training of a machine learning model and 30 overnight recordings collected from 30 individuals with about 27 000 epochs of 30 s intervals each were evaluated. Main results: The achieved rate of accuracy is 72% for Wake, NREM, REM (with Cohen's kappa value 0.67) and 58% for Wake, Light (N1 and N2), Deep (N3) and REM stages (Cohen's kappa is 0.50). Our approach has confirmed the potential of this method and disclosed several ways for its improvement. Significance: The results indicate that respiratory, heart rate and movement signals can be used for sleep studies with a reasonable level of accuracy. These inputs can be obtained in a non-invasive way applying it in a home environment. The proposed system introduces a convenient approach for a long-term monitoring system which could support sleep laboratories. The algorithm which was developed allows for an easy adjustment of input parameters that depend on available signals and for this reason could also be used with various hardware systems.
Smart-Future-Living-Bodensee
(2018)