A model and framework for online security benchmarking

The variety of threats and vulnerabilities within the online business environment are dynamic and thus constantly changing in how they impinge upon online functionality, compromise organizational or customer information, contravene security implementations and thereby undermine online customer confidence. To nullify such threats, online security management must become proactive, by reviewing and continuously improving online security to strengthen the enterpriseis online security measures and policies, as modelled. The benchmarking process utilises a proposed benchmarking framework to guide both the development and application of security benchmarks created in the first instance, from recognized information technology (IT) and information security standards (ISS) and then their application to the online security measures and policies utilized within online business. Furthermore, the benchmarking framework incorporates a continuous improvement review process to address the relevance of benchmark development over time and the changes in threat focus.<br /

SWIFT: Super-fast and Robust Privacy-Preserving Machine Learning

Performing machine learning (ML) computation on private data while maintaining data privacy, aka Privacy-preserving Machine Learning~(PPML), is an emergent field of research. Recently, PPML has seen a visible shift towards the adoption of the Secure Outsourced Computation~(SOC) paradigm due to the heavy computation that it entails. In the SOC paradigm, computation is outsourced to a set of powerful and specially equipped servers that provide service on a pay-per-use basis. In this work, we propose SWIFT, a robust PPML framework for a range of ML algorithms in SOC setting, that guarantees output delivery to the users irrespective of any adversarial behaviour. Robustness, a highly desirable feature, evokes user participation without the fear of denial of service. At the heart of our framework lies a highly-efficient, maliciously-secure, three-party computation (3PC) over rings that provides guaranteed output delivery (GOD) in the honest-majority setting. To the best of our knowledge, SWIFT is the first robust and efficient PPML framework in the 3PC setting. SWIFT is as fast as (and is strictly better in some cases than) the best-known 3PC framework BLAZE (Patra et al. NDSS'20), which only achieves fairness. We extend our 3PC framework for four parties (4PC). In this regime, SWIFT is as fast as the best known fair 4PC framework Trident (Chaudhari et al. NDSS'20) and twice faster than the best-known robust 4PC framework FLASH (Byali et al. PETS'20). We demonstrate our framework's practical relevance by benchmarking popular ML algorithms such as Logistic Regression and deep Neural Networks such as VGG16 and LeNet, both over a 64-bit ring in a WAN setting. For deep NN, our results testify to our claims that we provide improved security guarantee while incurring no additional overhead for 3PC and obtaining 2x improvement for 4PC.Comment: This article is the full and extended version of an article to appear in USENIX Security 202

Work-related wellbeing in UK prison officers: a benchmarking approach

Purpose-The purpose of this paper is to examine the well-being of UK prison officers by utilising a benchmarking approach. Design/methodology/approach-The Health and Safety Executive (HSE) Stress Indicator Tool is widely used in the UK to assess key psychosocial hazards in the workplace encompassing demands, control, support from managers and co-workers, relationship quality, role and change management. This study utilises this approach to examine the extent to which a sample of UK prison officers meets the HSE recommended minimum standards for the management of work-related well-being. Levels of mental health and job satisfaction in the sector are also assessed using measures with extensive occupational norms. The psychosocial hazards that make the strongest contribution to mental health and job satisfaction are also considered. Findings-Respondents reported lower levels of well-being for all of the hazard categories than recommended. Moreover, mental health and job satisfaction were considerably poorer among prison officers than other occupational groups within the emergency and security services in the UK. Considerable variation was found in the psychosocial hazards that predicted mental health and job satisfaction. Practical implications-The high levels of stressors and strains experienced by UK prison officers gives serious cause for concern. Priority areas for interventions to enhance well-being in the sector are considered and areas for future research discussed. Originality/value-This study highlights the wide-ranging benefits of a benchmarking approach to investigate work-related stressors and strains at the sector level

Every Cloud Has a Push Data Lining: Incorporating Cloud Services in a Context-Aware Application

We investigated context-awareness by utilising multiple sources of context in a mobile device setting. In our experiment we developed a system consisting of a mobile client, running on the Android platform, integrated with a cloud-based service. These components were integrated using pushmessaging technology.One of the key featureswas the automatic adaptation of smartphones in accordance with implicit user needs. The novelty of our approach consists in the use of multiple sources of context input to the system, which included the use of calendar data and web based user configuration tool, as well as that of an external, cloud-based, configuration file storing user interface preferences which, pushed at log-on time irrespective of access device, frees the user from having to manually configure its interface.The systemwas evaluated via two rounds of user evaluations (n = 50 users), the feedback of which was generally positive and demonstrated the viability of using cloud-based services to provide an enhanced context-aware user experience