Designing the Health-related Internet of Things: Ethical Principles and Guidelines

The conjunction of wireless computing, ubiquitous Internet access, and the miniaturisation of sensors have opened the door for technological applications that can monitor health and well-being outside of formal healthcare systems. The health-related Internet of Things (H-IoT) increasingly plays a key role in health management by providing real-time tele-monitoring of patients, testing of treatments, actuation of medical devices, and fitness and well-being monitoring. Given its numerous applications and proposed benefits, adoption by medical and social care institutions and consumers may be rapid. However, a host of ethical concerns are also raised that must be addressed. The inherent sensitivity of health-related data being generated and latent risks of Internet-enabled devices pose serious challenges. Users, already in a vulnerable position as patients, face a seemingly impossible task to retain control over their data due to the scale, scope and complexity of systems that create, aggregate, and analyse personal health data. In response, the H-IoT must be designed to be technologically robust and scientifically reliable, while also remaining ethically responsible, trustworthy, and respectful of user rights and interests. To assist developers of the H-IoT, this paper describes nine principles and nine guidelines for ethical design of H-IoT devices and data protocols

Options for Securing RTP Sessions

The Real-time Transport Protocol (RTP) is used in a large number of different application domains and environments. This heterogeneity implies that different security mechanisms are needed to provide services such as confidentiality, integrity, and source authentication of RTP and RTP Control Protocol (RTCP) packets suitable for the various environments. The range of solutions makes it difficult for RTP-based application developers to pick the most suitable mechanism. This document provides an overview of a number of security solutions for RTP and gives guidance for developers on how to choose the appropriate security mechanism

Credit bureaus between risk-management, creditworthiness assessment and prudential supervision

"This text may be downloaded for personal research purposes only. Any additional reproduction for other purposes, whether in hard copy or electronically, requires the consent of the author. If cited or quoted, reference should be made to the full name of the author, the title, the working paper or other series, the year, and the publisher."This paper discusses the role and operations of consumer Credit Bureaus in the European Union in the context of the economic theories, policies and law within which they work. Across Europe there is no common practice of sharing the credit data of consumers which can be used for several purposes. Mostly, they are used by the lending industry as a practice of creditworthiness assessment or as a risk-management tool to underwrite borrowing decisions or price risk. However, the type, breath, and depth of information differ greatly from country to country. In some Member States, consumer data are part of a broader information centralisation system for the prudential supervision of banks and the financial system as a whole. Despite EU rules on credit to consumers for the creation of the internal market, the underlying consumer data infrastructure remains fragmented at national level, failing to achieve univocal, common, or defined policy objectives under a harmonised legal framework. Likewise, the establishment of the Banking Union and the prudential supervision of the Euro area demand standardisation and convergence of the data used to measure debt levels, arrears, and delinquencies. The many functions and usages of credit data suggest that the policy goals to be achieved should inform the legal and institutional framework of Credit Bureaus, as well as the design and use of the databases. This is also because fundamental rights and consumer protection concerns arise from the sharing of credit data and their expanding use

When mobility is not a choice Problematising asylum seekers’ secondary movements and their criminalisation in the EU. CEPS Paper in Liberty and Security in Europe No. 2019-11, December 2019

The notion of ‘secondary movements’ is commonly used to describe the mobility of third country nationals for the purpose of seeking international protection in an EU member state other than the one of first irregular entry according to the EU Dublin Regulation. Secondary movements are often identified as a major insecurity factor undermining the sustainability of the Schengen regime and the functioning of the EU Dublin system. Consequently, EU policies have focused on their ‘criminalisation’, as testified by the range of sanctions included in the 2016 CEAS reform package, and on a ‘policing’ approach, which has materialised in the expanded access to data stored in the EURODAC database by police authorities, and its future interconnection with other EU databases under the 2019 EU Interoperability Regulations. This Paper shows that the EU notion of secondary movements is flawed and must be reconsidered in any upcoming reform of the CEAS. The concept overlooks the fact that asylum seekers’ mobility may be non-voluntary and thus cannot be understood as a matter of ‘free choice’ or in terms of ‘preferences’ about the member state of destination. Such an understanding is based on the wrong assumption that asylum seekers’ decisions to move to a different EU country are illegitimate, as all EU member states are assumed to be ‘safe’ for people in need of international protectio

Online advertising: analysis of privacy threats and protection approaches

Online advertising, the pillar of the “free” content on the Web, has revolutionized the marketing business in recent years by creating a myriad of new opportunities for advertisers to reach potential customers. The current advertising model builds upon an intricate infrastructure composed of a variety of intermediary entities and technologies whose main aim is to deliver personalized ads. For this purpose, a wealth of user data is collected, aggregated, processed and traded behind the scenes at an unprecedented rate. Despite the enormous value of online advertising, however, the intrusiveness and ubiquity of these practices prompt serious privacy concerns. This article surveys the online advertising infrastructure and its supporting technologies, and presents a thorough overview of the underlying privacy risks and the solutions that may mitigate them. We first analyze the threats and potential privacy attackers in this scenario of online advertising. In particular, we examine the main components of the advertising infrastructure in terms of tracking capabilities, data collection, aggregation level and privacy risk, and overview the tracking and data-sharing technologies employed by these components. Then, we conduct a comprehensive survey of the most relevant privacy mechanisms, and classify and compare them on the basis of their privacy guarantees and impact on the Web.Peer ReviewedPostprint (author's final draft

JXTA security in basic peer operations

Open Access Documen

Practical Fine-grained Privilege Separation in Multithreaded Applications

An inherent security limitation with the classic multithreaded programming model is that all the threads share the same address space and, therefore, are implicitly assumed to be mutually trusted. This assumption, however, does not take into consideration of many modern multithreaded applications that involve multiple principals which do not fully trust each other. It remains challenging to retrofit the classic multithreaded programming model so that the security and privilege separation in multi-principal applications can be resolved. This paper proposes ARBITER, a run-time system and a set of security primitives, aimed at fine-grained and data-centric privilege separation in multithreaded applications. While enforcing effective isolation among principals, ARBITER still allows flexible sharing and communication between threads so that the multithreaded programming paradigm can be preserved. To realize controlled sharing in a fine-grained manner, we created a novel abstraction named ARBITER Secure Memory Segment (ASMS) and corresponding OS support. Programmers express security policies by labeling data and principals via ARBITER's API following a unified model. We ported a widely-used, in-memory database application (memcached) to ARBITER system, changing only around 100 LOC. Experiments indicate that only an average runtime overhead of 5.6% is induced to this security enhanced version of application