24,615 research outputs found
The Discourse of Digital Deceptions and ‘419’ Emails
This study applies a computer-mediated discourse analysis
(CMDA) to the study of discourse structures and functions of ‘419’ emails – the Nigerian term for online/financial fraud. The hoax mails are in the form of online lottery winning announcements, and email ‘business proposals’
involving money transfers/claims of dormant bank accounts overseas. Data comprise 68 email samples collected from the researcher’s inboxes and colleagues’ and students’ mail boxes between January 2008 and March 2009 in Ota, Nigeria. The study reveals that the writers of the mails apply
discourse/pragmatic strategies such as socio-cultural greeting formulas,self-identification, reassurance/confidence building, narrativity and action
prompting strategies to sustain the interest of the receivers. The study also shows that this genre of computer-mediated communication (CMC) has become a regular part of our Internet experience, and is not likely to be extinct in the near future as previous studies of email hoaxes have predicted. It is believed that as the global economy witnesses a recession, chances are that more creative and complex ways of combating the situation will arise.
Economic hardship has been blamed for fraud/online scams, inadvertently prompting youths to engage in various anti-social activities. K E Y W O R D S : computer-media communication, deceptions, discourse,
email, ‘419’, fraud, hoax
A Semantic Hierarchy for Erasure Policies
We consider the problem of logical data erasure, contrasting with physical
erasure in the same way that end-to-end information flow control contrasts with
access control. We present a semantic hierarchy for erasure policies, using a
possibilistic knowledge-based semantics to define policy satisfaction such that
there is an intuitively clear upper bound on what information an erasure policy
permits to be retained. Our hierarchy allows a rich class of erasure policies
to be expressed, taking account of the power of the attacker, how much
information may be retained, and under what conditions it may be retained.
While our main aim is to specify erasure policies, the semantic framework
allows quite general information-flow policies to be formulated for a variety
of semantic notions of secrecy.Comment: 18 pages, ICISS 201
Shopping For Privacy: How Technology in Brick-and-Mortar Retail Stores Poses Privacy Risks for Shoppers
As technology continues to rapidly advance, the American legal system has failed to protect individual shoppers from the technology implemented into retail stores, which poses significant privacy risks but does not violate the law. In particular, I examine the technologies implemented into many brick-and-mortar stores today, many of which the average everyday shopper has no idea exists. This Article criticizes these technologies, suggesting that many, if not all of them, are questionable in their legality taking advantage of their status in a legal gray zone. Because the American judicial system cannot adequately protect the individual shopper from these questionable privacy practices, I call upon the Federal Trade Commission, the de facto privacy regulator in the United States, to increase its policing of physical retail stores to protect the shopper from any further harm
Glimmers: Resolving the Privacy/Trust Quagmire
Many successful services rely on trustworthy contributions from users. To
establish that trust, such services often require access to privacy-sensitive
information from users, thus creating a conflict between privacy and trust.
Although it is likely impractical to expect both absolute privacy and
trustworthiness at the same time, we argue that the current state of things,
where individual privacy is usually sacrificed at the altar of trustworthy
services, can be improved with a pragmatic , which allows
services to validate user contributions in a trustworthy way without forfeiting
user privacy. We describe how trustworthy hardware such as Intel's SGX can be
used client-side -- in contrast to much recent work exploring SGX in cloud
services -- to realize the Glimmer architecture, and demonstrate how this
realization is able to resolve the tension between privacy and trust in a
variety of cases
Checking Interaction-Based Declassification Policies for Android Using Symbolic Execution
Mobile apps can access a wide variety of secure information, such as contacts
and location. However, current mobile platforms include only coarse access
control mechanisms to protect such data. In this paper, we introduce
interaction-based declassification policies, in which the user's interactions
with the app constrain the release of sensitive information. Our policies are
defined extensionally, so as to be independent of the app's implementation,
based on sequences of security-relevant events that occur in app runs. Policies
use LTL formulae to precisely specify which secret inputs, read at which times,
may be released. We formalize a semantic security condition, interaction-based
noninterference, to define our policies precisely. Finally, we describe a
prototype tool that uses symbolic execution to check interaction-based
declassification policies for Android, and we show that it enforces policies
correctly on a set of apps.Comment: This research was supported in part by NSF grants CNS-1064997 and
1421373, AFOSR grants FA9550-12-1-0334 and FA9550-14-1-0334, a partnership
between UMIACS and the Laboratory for Telecommunication Sciences, and the
National Security Agenc
- …