Multi-level Policy-aware Privacy Analysis

Projekt NAPLES (Novel Tools for Analysing Privacy Leakages – Privaatslekete Analüüsi Uudsed Vahendid) on Tartu Ülikooli ja Cybernetica AS-i ühine teadusprojekt, mida rahastab Kaitsealase Täiustatud Uurimisprojektide Agentuuri (DARPA) Brandeisi programm.NAPLES-i raames on välja töötatud teooria ja erinevaid tööriistu, et tuvastada ning kirjeldada infosüsteemide andmelekkeid. PLEAK on tööriist, mille sisendiks on äriprotsessimudeli ja -notatsiooni (BPMN) abil kirja pandud äriprotsess. Lisaks standardsele notatsioonile on mudelile lisatud arvutuslikke detaile ning infot privaatsuskaitse tehnoloogiate kohta, mis võimaldavad erinevatel tasemetel privaatsuslekete analüüse. NAPLES-i projekti käigus on loodud mitu erinevat analüüsitööriista. Peamiselt keskenduvad analüsaatorid niinimetatud "SQL koostöövoole" - BPMN-i koostöö mudelile, mille tegevused ning andmeobjektid on kirjeldatud vastavalt SQL päringute ning tabeli skeemidega. Binaarne avalikustamise analüüs annab privaatsuskaitse tehnoloogiate põhjal kõrgtasemelise ülevaate selle kohta, kellele on mingid andmed kättesaadavad. Teised analüüsivahendid nagu Leaks-When (Millal lekib) ja Guessing Advantage (äraarvamise edukus) lisavad detailsemad kvalitatiivseid ning kvantitatiivseid meetmeid lekete paremaks mõistmiseks.Minu töö oli NAPLE projekti osa ning minu panused olid mitmesugused.Esiteks ma lisasin globaalse ja lokaalse privaatsuspoliitika ideed SQL koostöövoogudessse. Privaatsuspoliitika tagab äriprotsessis osalejale ligipääsuõiguse mingile osale SQL skeemiga kirjeldatud andmetest. Teiseks ma kavandasin ning integreerisin mitmekihilise lekkanalüüsi alates binaarsest avalikustamise analüüsist (millised andmed on nähtaval) kuni tingimusliku avalikustamise (mis tingimustel leke toimub) ja kvantitatiivse meetmeni (kui palju andmete kohta lekib). Mitmekihiline analüüs põhineb PLEAK-i analüsaatoritel, kuid neid oli vaja täiendada, et nad toetaksid ühtseid sisendeid ning et Leaks-When ja Guessing Advantage tööriistad põhineksid privaatsuspoliitikatel. Lisaks arendasin juhtumiuuringu, et demonstreerida integreeritud mitmetasandilist privaatsusanalüüsi ning PLEAK-i tööriistu.The NAPLES (Novel Tools for Analysing Privacy Leakages) project is a research initiative conducted as a collaboration between Cybernetica AS and the University of Tartu, with funds of the Brandeis program of the Defense Advanced Research Projects Agency (DARPA). The research project has produced the theory and a set of tools for the analysis of privacy-related concerns, to determine the potential leakage of the data from the information systems. Specifically, PLEAK is a tool that takes as input business processes specified with the Business Process Model and Notation (BPMN), where modelentities are associated with privacy-enhancing technologies, in order to enable the analysis of privacy concerns at different levels of granularity. With the time, the NAPLES project has produced several analyzers. Such analyzers target SQLcollaborative workflows, that is, BPMN collaborative models that specify the steps of computation that correspond to SQL manipulation statements over the data objects representing the SQL data sources. The simple disclosure analysis performs a high-level data reachability analysis that reveals potentialdata leakages in the privacy-enhanced model of a business process: it tells whether a data object is visible to a given party. Other analyzers, such as the Leaks-When and the Guessing Advantage ones, provide finer-grained, qualitative and quantitative measures of data leakage to stakeholders.My work was part of the NAPLES project and my contributions are manifold. First, I added the concept of Global and Local privacy policies in the SQL collaborative workflows, which endow a party of the business process with access rights to the selected SQL entities with defined constraints. Second,I designed an integrated multi-level approach to the disclosure analysis: from the high-level declarative disclosure (What data might leak?) to the conditional disclosure (When does data leak?) and quantitative measure (How much does data leak?). This approach is based on existing tools of PLEAK for privacyanalysis. However, I refined these tools to accept more unified set of inputs and integrated the privacy policies with the Leaks-When and Guessing Advantage analyzers. Finally, I developed a case study, which has been used for showcasing the aforementioned integrated multi-level approach to the disclosure analysis, and that has been used as a proof-of-concept for NAPLES tools

Tool Support for Privacy-Enhanced Business Process Model and Notation

Käesolev töö käsitleb tugitööriista äriprotsessimudeli ja -notatsiooni privaatsuslaiendusele, mis täiendab äriprotsesside modelleerimiskeelt võimalustega lisada äriprotsessi mudelitele privaatsustehnoloogiate kirjeldusi. Äriprotsessimudeli ja -notatsiooni privaatsuslaiendus võimaldab visualiseerida privaatse informatsiooni liikumist ja avalikustamist äriprotsessides erinevate osapoolte vahel.Töö tulemusena valminud tööriist nimega PE-BPMN editor võimaldab luua privaatsuslaiendusega äriprotsessimudeli ja -notatsiooni mudeleid. Sealjuures pakub tööriist võimalust kontrollida nende mudelite süntaktilist korrektsust, mis on aluseks nende mudelite edasisteks analüüsideks. Praeguseks on võimalik kasutada kahte analüüsimeetodit, mille kombineeritud tulemus annab ülevaate äriprotsessis kasutatavast privaatsest informatsioonist, millel on oht lekkida. Saadud tulemus võimaldab täiustada olemasolevaid ja planeerida uusi turvalisemaid äriprotsesse.This paper presents an implementation tool for a Privacy-Enhanced Business Process Model And Notation language (PE-BPMN) that extends Business Process Modal And Notation (BPMN) by adding constructs to specify privacy enhancing technologies to be used in process models. PE-BPMN language allows to visualize the movement and disclosure of private information between participants of business processes. The language is used as a basis for detecting privacy leakages in business processes.The result of this work, the PE-BPMN editor provides a modelling tool for PE-BPMN. In addition, the tool supports the user by providing analyzers to check the syntactical correctness of these extended models. Syntactical correctness is a prerequisite of further analysis on PE-BPMN models. Currently, there are two analysis implemented. Combined results of these analysis give an overview of whether some information used in the business process is at risk of being leaked. Also, these results give an insight how to improve already existing processes or how to plan more secure new processes

Exploiting Process Algebras and BPM Techniques for Guaranteeing Success of Distributed Activities

The communications and collaborations among activities, pro- cesses, or systems, in general, are the base of complex sys- tems defined as distributed systems. Given the increasing complexity of their structure, interactions, and functionali- ties, many research areas are interested in providing mod- elling techniques and verification capabilities to guarantee their correctness and satisfaction of properties. In particular, the formal methods community provides robust verification techniques to prove system properties. However, most ap- proaches rely on manually designed formal models, making the analysis process challenging because it requires an expert in the field. On the other hand, the BPM community pro- vides a widely used graphical notation (i.e., BPMN) to design internal behaviour and interactions of complex distributed systems that can be enhanced with additional features (e.g., privacy technologies). Furthermore, BPM uses process min- ing techniques to automatically discover these models from events observation. However, verifying properties and ex- pected behaviour, especially in collaborations, still needs a solid methodology. This thesis aims at exploiting the features of the formal meth- ods and BPM communities to provide approaches that en- able formal verification over distributed systems. In this con- text, we propose two approaches. The modelling-based ap- proach starts from BPMN models and produces process al- gebra specifications to enable formal verification of system properties, including privacy-related ones. The process mining- based approach starts from logs observations to automati- xv cally generate process algebra specifications to enable veri- fication capabilities

Energy efficiency perspectives of femtocells in internet of things : recent advances and challenges

Energy efficiency is a growing concern in every aspect of the technology. Apart from maintaining profitability, energy efficiency means a decrease in the overall environmental effects, which is a serious concern in today's world. Using a femtocell in Internet of Things (IoT) can boost energy efficiency. To illustrate, femtocells can be used in smart homes, which is a subpart of the smart grid, as a communication mechanism in order to manage energy efficiency. Moreover, femtocells can be used in many IoT applications in order to provide communication. However, it is important to evaluate the energy efficiency of femtocells. This paper investigates recent advances and challenges in the energy efficiency of the femtocell in IoT. First, we introduce the idea of femtocells in the context of IoT and their role in IoT applications. Next, we describe prominent performance metrics in order to understand how the energy efficiency is evaluated. Then, we elucidate how energy can be modeled in terms of femtocell and provide some models from the literature. Since femtocells are used in heterogeneous networks to manage energy efficiency, we also express some energy efficiency schemes for deployment. The factors that affect the energy usage of a femtocell base station are discussed and then the power consumption of user equipment under femtocell coverage is mentioned. Finally, we highlight prominent open research issues and challenges. © 2013 IEEE

The Common Law Right to Information

A once-thriving doctrine, today the common law right to information has been largely forgotten by U.S. courts at both the state and federal level. But courts have not paused to question whether the common law right still has a role to play in modern litigation. One reason may be the dearth of case law explaining the common law right\u27s operation. Another may be that courts believe this doctrine has been eradicated by the advent of freedom of information laws. This article first brings together the disparate authority on the common law right in an attempt to pin down the precise contours of the doctrine. It then examines the operation of the various federal and state freedom of information statutes and compares them to the common law right. Then it considers whether these statutes preempt or displace the common law rights, ultimately concluding that the state common law right is unlikely to be displaced, while the federal common law right is more likely displaced. Finally, this article suggests several relatively narrow uses the common law may still serve today in the realm of public access to information

Discovering business process simulation models in the presence of multitasking and availability constraints

Business process simulation is a versatile technique for quantitative analysis of business processes. A well-known limitation of process simulation is that the accuracy of the simulation results is limited by the faithfulness of the process model and simulation parameters given as input to the simulator. To tackle this limitation, various authors have proposed to discover simulation models from process execution logs, so that the resulting simulation models more closely match reality. However, existing techniques in this field make certain assumptions about resource behavior that do not typically hold in practice, including: (i) that each resource performs one task at a time; and (ii) that resources are continuously available (24/7). In reality, resources may engage in multitasking behavior and they work only during certain periods of the day or the week. This article proposes an approach to discover process simulation models from execution logs in the presence of multitasking and availability constraints. To account for multitasking, we adjust the processing times of tasks in such a way that executing the multitasked tasks sequentially with the adjusted times is equivalent to executing them concurrently with the original times. Meanwhile, to account for availability constraints, we use an algorithm for discovering calendar expressions from collections of time-points to infer resource timetables from an execution log. We then adjust the parameters of this algorithm to maximize the similarity between the simulated log and the original one. We evaluate the approach using real-life and synthetic datasets. The results show that the approach improves the accuracy of simulation models discovered from execution logs both in the presence of multitasking and availability constraintsEuropean Research Council PIX 834141Ministerio de Ciencia, Innovación y Universidades OPHELIA RTI2018-101204-B-C22Junta de Andalucía EKIPMENTPLUS (P18–FR–2895

Plugging Leaks and Lowering Levees in the Federal Government: Practical Solutions for Securities Trading Based on Political Intelligence

From its founding, the federal government of the United States has been a potential gold mine for nonpublic market-moving information. By selectively disclosing this information to securities traders outside the government (or to persons who advise them), federal officials can substantially privilege certain wealthy or otherwise well-connected investors over ordinary investors in the securities market. The trading profits that can be derived from the use of this material nonpublic government information are often tremendous. This disparity of access to government information may be unfair. But absent an identifiable personal benefit on the part of the government insider, neither the selective disclosure of government information nor the securities trading by persons on the outside constitutes a violation of the federal securities laws-even under the newly enacted Stop Trading on Congressional Knowledge (STOCK) Act. Moreover, this political intelligence problem appears to be worsening: in recent months, news reports about federal officials\u27 selective disclosure of nonpublic government information have proliferated, and the SEC and DOJ are currently investigating how these leaks may have occurred. To address the problem of selective disclosure, this Article proposes practical solutions that focus on the source of the political intelligence problem: the federal government itself. Solving-or at least reducing the amount of-selective disclosure is a complex endeavor. Equal treatment of investors is an admirable goal, but in many situations, the government has legitimate interests in communicating with members of the public and disclosing information only to certain parties. Thus, this Article attempts to carve out a middle ground that neither unduly inhibits governmental functions nor allows for patently unequal treatment of investors

Plugging Leaks and Lowering Levees in the Federal Government: Practical Solutions for Securities Trading Based on Political Intelligence

From its founding, the U.S. federal government has been a potential gold mine for nonpublic market-moving information. By selectively disclosing this information to securities traders outside the government (or to persons who advise them), federal officials can substantially privilege certain wealthy or otherwise well-connected investors over ordinary investors in the securities market. The trading profits that can be derived from the use of this material nonpublic government information are often tremendous. Such disparity of access to government information undermines the public’s confidence in the fairness and integrity of securities markets -- and in the federal government itself. But absent an identifiable personal benefit on the part of the government insider, neither the selective disclosure of government information nor the securities trading by persons on the outside constitutes a violation of the federal securities laws -- even under the newly enacted Stop Trading on Congressional Knowledge (STOCK) Act. Moreover, this political intelligence problem appears to be worsening: in recent months, news reports about the selective disclosure of nonpublic government information have proliferated, and the SEC and DOJ are investigating how some of these leaks may have occurred.To address the problem of selective disclosure, this Article proposes practical solutions that focus on the source of the political intelligence problem: the federal government itself. Solving – or at least reducing the amount of -- selective disclosure is a complex endeavor. Equal treatment of investors is an admirable goal, but in many situations, the government has legitimate interests in communicating with members of the public and disclosing information only to certain parties. Thus, this Article attempts to carve out a middle ground that neither unduly inhibits governmental functions nor allows for patently unequal treatment of investors. insider trading, Stock Act, selective disclosure, political intelligence, information leaks, FOIA, open government, transparenc

Transgender Identity Development in a Rural Area: A Multiple Case Study

A transgender person develops an identity over time and must overcome several obstacles such as stigma, transphobia, discrimination, and sexism, which can be even more difficult for transgender people who choose to come out and transition in a rural area. Grounded in queer theory, social constructivism, and rural identity development theory, the purpose of this qualitative multiple case study was to explore the lived experiences of 4 transgender persons who came out and transitioned in a rural area, and who accessed online communities as a source of information during their identity development. A 4-stage process was used to collect data, including a semistructured interview, artifact analysis, participant observations, and an art project created by the participants. The data were loaded into the NVivo qualitative data analysis software and analyzed using coding, memoing, within-case, and cross-case analysis from the case histories of the participants. The principle findings of the study were that these transgender people living in a rural area used the Internet for both gathering information and connecting to the larger transgender community. Many other significant details provided insight into the lives of these transgender people, such as shopping for clothes, spending time in public, dealing with personal safety, and managing family and friend relationships during their transitions. These findings may inform mental health professionals about the potential identity developmental trajectory of transgender persons living in a rural area; the findings also give a voice to a population that is often hidden in rural areas