Suchergebnisse

This article aims to revisit and to adapt the Norman's theory of action by focusing on the design of interactive systems for disabled people. The background section demonstrates that there is a need to include all the stakeholders involved in the environment of the disabled person in the design process, constituting his or her ecosystem. Then the adaptation of the Norman's theory action, considering explicitly the ecosystem is justified; examples of the both role of the disabled people and members of his/her ecosystem are given for the seven components of Norman's model. Two cases studies are after presented to illustrate the crucial role of the ecosystem in case of assistive interactive system design. The benefits of taking into account the ecosystem in the design of interactive systems for disabled persons are discussed. The article ends with a conclusion and research perspectives.

This book makes important aspects of the international discussion on End User Development (EUD) available to a broader audience. It offers a unique set of contributions from research institutes worldwide, addressing relevant issues and proposing original solutions. This broad look at the emerging paradigm of End-User Development will inspire every reader to appreciate its potential for the future. Indeed, the editors hope that readers - 'end-users' - will themselves become developers.

One of the current trends in computer science is the use of ontologies in Software Engineering. In this context, several academic and industrial works have used ontologies as mechanism for system requirements representation and automatic code generation. However, most of current works propose generic development platforms regardless the reuse of components for a specific domain. In this paper, a Model-Driven Development Framework, called SemanticWebBuilder (SWB) is presented. SWB provides an agile development platform for the Web application domain, where system requirements are modeled through ontologies and from this knowledge representation, the infrastructure of the system is automatically generated. The resultant system can be extended by reusing of code, thus allowing to build complex systems in a short time. Moreover, system data is represented as RDF triples, making this data available in the Semantic Web. SWB has been widely used to develop Web applications for several government dependencies in Mexico.

In this thesis, we studied security and privacy threats in web applications and browser extensions. There are many attacks targeting the web of which XSS (Cross-Site Scripting) is one of the most notorious. Third party tracking is the ability of an attacker to benefit from its presence in many web applications in order to track the user has she browses the web, and build her browsing profile. Extensions are third party software that users install to extend their browser functionality and improve their browsing experience. Malicious or poorly programmed extensions can be exploited by attackers in web applications, in order to benefit from extensions privileged capabilities and access sensitive user information. Content Security Policy (CSP) is a security mechanism for mitigating the impact of content injection attacks in general and in particular XSS. The Same Origin Policy (SOP) is a security mechanism implemented by browsers to isolate web applications of different origins from one another. In a first work on CSP, we analyzed the interplay of CSP with SOP and demonstrated that the latter allows the former to be bypassed. Then we scrutinized the three CSP versions and found that a CSP is differently interpreted depending on the browser, the version of CSP it implements, and how compliant the implementation is with respect to the specification. To help developers deploy effective policies that encompass all these differences in CSP versions and browsers implementations, we proposed the deployment of dependency-free policies that effectively protect against attacks in all browsers. Finally, previous studies have identified many limitations of CSP. We reviewed the different solutions proposed in the wild, and showed that they do not fully mitigate the identified shortcomings of CSP. Therefore, we proposed to extend the CSP specification, and showed the feasibility of our proposals with an example of implementation. Regarding third party tracking, we introduced and implemented a tracking preserving architecture, that can be deployed by web developers willing to include third party content in their applications while preventing tracking. Intuitively, third party requests are automatically routed to a trusted middle party server which removes tracking information from the requests. Finally considering browser extensions, we first showed that the extensions that users install and the websites they are logged into, can serve to uniquely identify and track them. We then studied the communications between browser extensions and web applications and demonstrate that malicious or poorly programmed extensions can be exploited by web applications to benefit from extensions privileged capabilities. Also, we demonstrated that extensions can disable the Same Origin Policy by tampering with CORS headers. All this enables web applications to read sensitive user information. To mitigate these threats, we proposed countermeasures and a more fine-grained permissions system and review process for browser extensions. We believe that this can help browser vendors identify malicious extensions and warn users about the threats posed by extensions they install. ; Dans cette thèse, nous nous sommes intéressés aux problématiques de sécurité et de confidentialité liées à l'utilisation d'applications web et à l'installation d'extensions de navigateurs. Parmi les attaques dont sont victimes les applications web, il y a celles très connues de type XSS (ou Cross-Site Scripting). Les extensions sont des logiciels tiers que les utilisateurs peuvent installer afin de booster les fonctionnalités des navigateurs et améliorer leur expérience utilisateur. Content Security Policy (CSP) est une politique de sécurité qui a été proposée pour contrer les attaques de type XSS. La Same Origin Policy (SOP) est une politique de sécurité fondamentale des navigateurs, régissant les interactions entre applications web. Par exemple, elle ne permet pas qu'une application accède aux données d'une autre application. Cependant, le mécanisme de Cross-Origin Resource Sharing (CORS) peut être implémenté par des applications désirant échanger des données entre elles. Tout d'abord, nous avons étudié l'intégration de CSP avec la Same Origin Policy (SOP) et démontré que SOP peut rendre CSP inefficace, surtout quand une application web ne protège pas toutes ses pages avec CSP, et qu'une page avec CSP imbrique ou est imbriquée dans une autre page sans ou avec un CSP différent et inefficace. Nous avons aussi élucidé la sémantique de CSP, en particulier les différences entre ses 3 versions, et leurs implémentations dans les navigateurs. Nous avons ainsi introduit le concept de CSP sans dépendances qui assure à une application la même protection contre les attaques, quelque soit le navigateur dans lequel elle s'exécute. Finalement, nous avons proposé et démontré comment étendre CSP dans son état actuel, afin de pallier à nombre de ses limitations qui ont été révélées dans d'autres études. Les contenus tiers dans les applications web permettent aux propriétaires de ces contenus de pister les utilisateurs quand ils naviguent sur le web. Pour éviter cela, nous avons introduit une nouvelle architecture web qui une fois déployée, supprime le pistage des utilisateurs. Dans un dernier temps, nous nous sommes intéressés aux extensions de navigateurs. Nous avons d'abord démontré que les extensions qu'un utilisateur installe et/ou les applications web auxquelles il se connecte, peuvent le distinguer d'autres utilisateurs. Nous avons aussi étudié les interactions entre extensions et applications web. Ainsi avons-nous trouvé plusieurs extensions dont les privilèges peuvent être exploités par des sites web afin d'accéder à des données sensibles de l'utilisateur. Par exemple, certaines extensions permettent à des applications web d'accéder aux contenus d'autres applications, bien que cela soit normalement interdit par la Same Origin Policy. Finalement, nous avons aussi trouvé qu'un grand nombre d'extensions a la possibilité de désactiver la Same Origin Policy dans le navigateur, en manipulant les entêtes CORS. Cela permet à un attaquant d'accéder aux données de l'utilisateur dans n'importe qu'elle autre application, comme par exemple ses mails, son profile sur les réseaux sociaux, et bien plus. Pour lutter contre ces problèmes, nous préconisons aux navigateurs un système de permissions plus fin et une analyse d'extensions plus poussée, afin d'alerter les utilisateurs des dangers réels liés aux extensions.

Purpose and Approach Women in recovery describe stigma, negative treatment, and limited support as barriers to achieving their health and parenting goals. Mobile health technologies carefully tailored to support the unique needs of recovery communities can provide less burdensome alternatives to in-person services for women transitioning out of substance use treatment. An iterative design process integrated women's interests into the structure, content, and interaction flow of a mobile health (mHealth) app. Setting and Participants Participants included women in recovery from opioid, alcohol, and polysubstance use disorders in a comprehensive housing program in urban Arizona. Methods Five focus groups with 3–7 participants each (n = 27 total) informed creation of the mHealth app. Informed by theoretical models of usability and person-centered design, development involved an iterative series of focus groups in which we asked women to comment on interest in using each feature. This provided a qualitative priority framework for feature development. We then modified the app and repeated the process to gauge consensus and continually refine our prototype. Results Women were interested in access to resources, such as housing, counseling, and parenting advice in settings known to treat women in recovery with respect. They also asked for positive messages, chatting with peers, and access to expert answers. They were less interested in points-based learning modules and "scored" activities, leading us to develop a "daily challenges" concept that builds good habits, but does not feel like "classwork". Women's recommendations shaped an mHealth app tailored to maximize utility, access, and safety for this at-risk population. Conclusion Integration of user-centered design with applied ethnographic techniques guided the development of a custom-tailored mHealth app responsive to lived experiences and needs of women in recovery. Future research should evaluate the potential for user-centered apps to increase self-efficacy, perceived social support, and to reduce risk of relapse.

The number of patients with multimorbidity has been steadily increasing in the modern aging societies. The European C3-Cloud project provides a multidisciplinary and patient-centered "Collaborative Care and Cure-system" for the management of elderly with multimorbidity, enabling continuous coordination of care activities between multidisciplinary care teams (MDTs), patients and informal caregivers (ICG). In this study various components of the infrastructure were tested to fulfill the functional requirements and the entire system was subjected to an early application testing involving different groups of end-users. MDTs from participating European regions were involved in requirement elicitation and test formulation, resulting in 57 questions, distributed via an internet platform to 48 test participants (22 MDTs, 26 patients) from three pilot sites. The results indicate a high level of satisfaction with all components. Early testing also provided feedback for technical improvement of the entire system, and the paper points out useful evaluation methods.

Purpose– "User" is the lingua franca term used across IT design, often critiqued for giving a reductionist portrayal of the human relationship with technologies. The purpose of this paper is to argue that equating "user" with flesh and blood "people out there" is naïve. Not only that, it closes important options in conducting human-centered design.Design/methodology/approach– The authors conceptually elaborate a relational understanding of the user and integrate research findings on user representations found at the intersection of human-centered design and social studies of technology.Findings– The user is best understood as a relational term that bridges between people out there and renditions of them relevant for design. A distinction between "user representations" and "engaged use" is a key distinction to clarify this further. Research to date demonstrates that R & D organizations have a wide range of user representations and positioning human-centered design to these would advance its likely yield.Research limitations/implications– The strategic positioning of user studies and other human-centered design within R & D organizations is a growing research area that merits further research.Practical implications– Descriptions of users would benefit from being more strategic in order to become viable amidst other design concerns. This can be aided by, for instance, visualizing the "users" that different fractions in the company rely on and compare these to the users indicated by human-centered design.Originality/value– The paper makes an original reconceptualization of the user and integrates literature on user representations to open new options for conducting human-centered design.