4,298 research outputs found

    Privacy and Accountability in Black-Box Medicine

    Get PDF
    Black-box medicine—the use of big data and sophisticated machine learning techniques for health-care applications—could be the future of personalized medicine. Black-box medicine promises to make it easier to diagnose rare diseases and conditions, identify the most promising treatments, and allocate scarce resources among different patients. But to succeed, it must overcome two separate, but related, problems: patient privacy and algorithmic accountability. Privacy is a problem because researchers need access to huge amounts of patient health information to generate useful medical predictions. And accountability is a problem because black-box algorithms must be verified by outsiders to ensure they are accurate and unbiased, but this means giving outsiders access to this health information. This article examines the tension between the twin goals of privacy and accountability and develops a framework for balancing that tension. It proposes three pillars for an effective system of privacy-preserving accountability: substantive limitations on the collection, use, and disclosure of patient information; independent gatekeepers regulating information sharing between those developing and verifying black-box algorithms; and information-security requirements to prevent unintentional disclosures of patient information. The article examines and draws on a similar debate in the field of clinical trials, where disclosing information from past trials can lead to new treatments but also threatens patient privacy

    Big Data Analytics for QoS Prediction Through Probabilistic Model Checking

    Get PDF
    As competitiveness increases, being able to guaranting QoS of delivered services is key for business success. It is thus of paramount importance the ability to continuously monitor the workflow providing a service and to timely recognize breaches in the agreed QoS level. The ideal condition would be the possibility to anticipate, thus predict, a breach and operate to avoid it, or at least to mitigate its effects. In this paper we propose a model checking based approach to predict QoS of a formally described process. The continous model checking is enabled by the usage of a parametrized model of the monitored system, where the actual value of parameters is continuously evaluated and updated by means of big data tools. The paper also describes a prototype implementation of the approach and shows its usage in a case study.Comment: EDCC-2014, BIG4CIP-2014, Big Data Analytics, QoS Prediction, Model Checking, SLA compliance monitorin

    Fighting Cybercrime with Zero Trust

    Get PDF
    Zero Trust Architecture focuses on securing critical data and access paths by eliminating trust as much as possible by “assuming breach.” It establishes trust every time a user tries to access an asset in the system by questioning the premise that users, devices, and network components should be implicitly trusted based on their location within the network. We have chosen Zero Trust to help reduce the impact of cybercrime and establish baseline security practices. It is a dramatic paradigm shift in the philosophy of securing our infrastructure, networks, and data, from verifying once at the perimeter to continually verifying each user, device, application, and transaction. Trust in humans is essential to forming connections; however, trust in network connections can create dangers and potential security gaps in the digital world. In a hyper-connected world, anyone can launch an attack virtually and participate in cybercrime by violating the trust of systems or networks. The cost of not implementing good security practices is evident in the growing number of data breaches and ransomware attacks that erode consumers' trust in tech and online space. Considering Zero Trust and Zero Trust Architecture developed by the National Institute of Standards and Technology (NIST) should help reduce the impact of cybercrime and protect the crown jewels in cyberspace from a malicious insider or an external attacker

    A Framework for an Adaptive Early Warning and Response System for Insider Privacy Breaches

    Get PDF
    Organisations such as governments and healthcare bodies are increasingly responsible for managing large amounts of personal information, and the increasing complexity of modern information systems is causing growing concerns about the protection of these assets from insider threats. Insider threats are very difficult to handle, because the insiders have direct access to information and are trusted by their organisations. The nature of insider privacy breaches varies with the organisation’s acceptable usage policy and the attributes of an insider. However, the level of risk that insiders pose depends on insider breach scenarios including their access patterns and contextual information, such as timing of access. Protection from insider threats is a newly emerging research area, and thus, only few approaches are available that systemise the continuous monitoring of dynamic insider usage characteristics and adaptation depending on the level of risk. The aim of this research is to develop a formal framework for an adaptive early warning and response system for insider privacy breaches within dynamic software systems. This framework will allow the specification of multiple policies at different risk levels, depending on event patterns, timing constraints, and the enforcement of adaptive response actions, to interrupt insider activity. Our framework is based on Usage Control (UCON), a comprehensive model that controls previous, ongoing, and subsequent resource usage. We extend UCON to include interrupt policy decisions, in which multiple policy decisions can be expressed at different risk levels. In particular, interrupt policy decisions can be dynamically adapted upon the occurrence of an event or over time. We propose a computational model that represents the concurrent behaviour of an adaptive early warning and response system in the form of statechart. In addition, we propose a Privacy Breach Specification Language (PBSL) based on this computational model, in which event patterns, timing constraints, and the triggered early warning level are expressed in the form of policy rules. The main features of PBSL are its expressiveness, simplicity, practicality, and formal semantics. The formal semantics of the PBSL, together with a model of the mechanisms enforcing the policies, is given in an operational style. Enforcement mechanisms, which are defined by the outcomes of the policy rules, influence the system state by mutually interacting between the policy rules and the system behaviour. We demonstrate the use of this PBSL with a case study from the e-government domain that includes some real-world insider breach scenarios. The formal framework utilises a tool that supports the animation of the enforcement and policy models. This tool also supports the model checking used to formally verify the safety and progress properties of the system over the policy and the enforcement specifications

    From Data Transparency and Security to Interfirm Collaboration-A Blockchain Technology Perspective

    Get PDF
    In recent years, blockchain technology has gained significant attention and recognition in both academic and practical contexts, due to its remarkable attributes of scalability, security, and sustainability. However, despite the growing interest, there is still a lack of exploration regarding the potential of blockchain to improve data transparency, enhance information security, and facilitate knowledge sharing. To address this gap, this study conducts a focused review of recent studies to examine precisely these aspects of blockchain technology. Various paradigms that highlight how the utilization of blockchain can enhance data transparency, bolster information security, and enable seamless knowledge sharing among organizations, are identified and proposed. These advancements surpass the capabilities of traditional methods of storing and sharing information
    • …
    corecore