CSE Technical Reports Sorted by Technical Report Number

TR Number Title Authors Date Pages

CSE-TR-585-14 Integrating Spreadsheet Data via Accurate and Low-Effort Extraction Zhe Chen and Michael Cafarella February, 2014 13
Spreadsheets contain valuable data on many topics, but they are difficult to integrate with other sources. Convert- ing spreadsheet data to the relational model would allow relational integration tools to be used, but using manual methods to do this requires large amounts of work for each integration candidate. Automatic data extraction would be useful but it is very challenging: spreadsheet designs gener- ally requires human knowledge to understand the metadata being described. Even if it is possible to obtain this meta- data information automatically, a single mistake can yield an output relation with a huge number of incorrect tuples. We propose a two-phase semiautomatic system that ex- tracts accurate relational metadata while minimizing user effort. Based on conditional random fields (CRFs), our system enables downstream spreadsheet integration applica- tions. First, the automatic extractor uses hints from spread- sheets’ graphical style and recovered metadata to extract the spreadsheet data as accurately as possible. Second, the interactive repair component identifies similar regions in dis- tinct spreadsheets scattered across large spreadsheet cor- pora, allowing a user’s single manual repair to be amortized over many possible extraction errors. Through our method of integrating the repair workflow into the extraction system, a human can obtain the accurate extraction with just 31% of the manual operations required by a standard classification based technique. We demonstrate and evaluate our system using two corpora: more than 1,000 spreadsheets published by the US government and more than 400,000 spreadsheets downloaded from the Web.

CSE-TR-586-14 TIVOs: Trusted Visual I/O Paths for Android Fernandes, Chen, Essl, Halderman, Mao, Prakash May, 2014 11
Stealthy pixel-perfect attacks on smartphone apps are a class of phishing attacks that rely on visual deception to trick users into entering sensitive information into trojan apps. We introduce an operating system abstraction called Trusted Visual I/O Paths (TIVOs) that enables a user to securely verify the app she is interacting with, only assuming that the operating system provides a trusted computing base. As proof of concept, we built a TIVO for Android, one that is activated any time a soft keyboard is used by an application (e.g., for password entry) so that the user can reliably determine the app that receives the user’s keyboard input. We implemented TIVO by modifying Android’s user-interface stack and evaluated the abstraction using a controlled user study where users had to decide whether to trust the login screen of four different applications that were randomly subjected to two forms of pixel-perfect attacks. The TIVO mechanism was found to significantly reduce the effectiveness of pixel-perfect attacks, with acceptable impact on overall usability and only modest performance overhead.

Technical Reports Page