An identity- and trust-based computational model for privacy

The seemingly contradictory need and want of online users for information sharing and privacy has inspired this thesis work. The crux of the problem lies in the fact that a user has inadequate control over the flow (with whom information to be shared), boundary (acceptable usage), and persistence (duration of use) of their personal information. This thesis has built a privacy-preserving information sharing model using context, identity, and trust to manage the flow, boundary, and persistence of disclosed information. In this vein, privacy is viewed as context-dependent selective disclosures of information. This thesis presents the design, implementation, and analysis of a five-layer Identity and Trust based Model for Privacy (ITMP). Context, trust, and identity are the main building blocks of this model. The application layer identifies the counterparts, the purpose of communication, and the information being sought. The context layer determines the context of a communication episode through identifying the role of a partner and assessing the relationship with the partner. The trust layer combines partner and purpose information with the respective context information to determine the trustworthiness of a purpose and a partner. Given that the purpose and the partner have a known level of trustworthiness, the identity layer constructs a contextual partial identity from the user's complete identity. The presentation layer facilitates in disclosing a set of information that is a subset of the respective partial identity. It also attaches expiration (time-to-live) and usage (purpose-to-live) tags into each piece of information before disclosure. In this model, roles and relationships are used to adequately capture the notion of context to address privacy. A role is a set of activities assigned to an actor or expected of an actor to perform. For example, an actor in a learner role is expected to be involved in various learning activities, such as attending lectures, participating in a course discussion, appearing in exams, etc. A relationship involves related entities performing activities involving one another. Interactions between actors can be heavily influenced by roles. For example, in a learning-teaching relationship, both the learner and the teacher are expected to perform their respective roles. The nuances of activities warranted by each role are dictated by individual relationships. For example, two learners seeking help from an instructor are going to present themselves differently. In this model, trust is realized in two forms: trust in partners and trust of purposes. The first form of trust assesses the trustworthiness of a partner in a given context. For example, a stranger may be considered untrustworthy to be given a home phone number. The second form of trust determines the relevance or justification of a purpose for seeking data in a given context. For example, seeking/providing a social insurance number for the purpose of a membership in a student organization is inappropriate. A known and tested trustee can understandably be re-trusted or re-evaluated based on the personal experience of a trustor. In online settings, however, a software manifestation of a trusted persistent public actor, namely a guarantor, is required to help find a trustee, because we interact with a myriad of actors in a large number of contexts, often with no prior relationships. The ITMP model is instantiated as a suite of Role- and Relationship-based Identity and Reputation Management (RRIRM) features in iHelp, an e-learning environment in use at the University of Saskatchewan. This thesis presents the results of a two-phase (pilot and larger-scale) user study that illustrates the effectiveness of the RRIRM features and thus the ITMP model in enhancing privacy through identity and trust management in the iHelp Discussion Forum. This research contributes to the understanding of privacy problems along with other competing interests in the online world, as well as to the development of privacy-enhanced communications through understanding context, negotiating identity, and using trust

A Brain-Inspired Trust Management Model to Assure Security in a Cloud based IoT Framework for Neuroscience Applications

Rapid popularity of Internet of Things (IoT) and cloud computing permits neuroscientists to collect multilevel and multichannel brain data to better understand brain functions, diagnose diseases, and devise treatments. To ensure secure and reliable data communication between end-to-end (E2E) devices supported by current IoT and cloud infrastructure, trust management is needed at the IoT and user ends. This paper introduces a Neuro-Fuzzy based Brain-inspired trust management model (TMM) to secure IoT devices and relay nodes, and to ensure data reliability. The proposed TMM utilizes node behavioral trust and data trust estimated using Adaptive Neuro-Fuzzy Inference System and weighted-additive methods respectively to assess the nodes trustworthiness. In contrast to the existing fuzzy based TMMs, the NS2 simulation results confirm the robustness and accuracy of the proposed TMM in identifying malicious nodes in the communication network. With the growing usage of cloud based IoT frameworks in Neuroscience research, integrating the proposed TMM into the existing infrastructure will assure secure and reliable data communication among the E2E devices.Comment: 17 pages, 10 figures, 2 table

Trust Management Approach for Detection of Malicious Devices in SIoT

Internet of Things (IoT) is an innovative era of interrelated devices to provide services to other devices or users. In Social Internet of Thing (SIoT), social networking aspect is used for building relationships between devices. For providing or utilizing services, devices need to trust each other in complex and heterogeneous environments. Separating benign and malicious devices in SIoT is a prime security objective. In literature, several works proposed trust computation models based on trust features. But these models fail to identify malicious devices. This paper focuses on detection of malicious devices. In this paper, basic fundamentals, properties, models and attacks of trust in SIoT are discussed. Up-to-date research distributions on trust management and trust attacks are reviewed and idea of Trust Management using Machine Learning Algorithm (TM-MLA) is proposed for identification of malicious devices

Trust Management in the Internet of Everything

Digitalization is leading us towards a future where people, processes, data and things are not only interacting with each other, but might start forming societies on their own. In these dynamic systems enhanced by artificial intelligence, trust management on the level of human-to-machine as well as machine-to-machine interaction becomes an essential ingredient in supervising safe and secure progress of our digitalized future. This tutorial paper discusses the essential elements of trust management in complex digital ecosystems, guiding the reader through the definitions and core concepts of trust management. Furthermore, it explains how trust-building can be leveraged to support people in safe interaction with other (possibly autonomous) digital agents, as trust governance may allow the ecosystem to trigger an auto-immune response towards untrusted digital agents, protecting human safety.Comment: Proceedings of the 16th European Conference on Software Architecture-Companion Volum

Security : always too much and never enough. Anthropology of a non-starter market

The security market, based on public Key Infrastructures (PKI) did not succeed because security remains a paradoxical market. We observed security practices and reciprocal expectations, in this study the ones generated by the design of PKI devices. Using the framework of Actor Network Theory, we describe all the mediations required for sustaining a digital security chain... often based on very material stuff. A whole vision of the world should be designed, an ontology, doomed to failure if it formats practices and users by constraint. This vision should retain a variable-geometry, while calling on guarantors that transcend it, and not merely on commercial certification authorities. Will security architecture design be able to integrate the users' demand for "adequate security", which renders security policies bearable as long as users are not aware of them?Le marché de la sécurité basé sur les Public Key Infrastructures (Infrastructure de gestion de clés) n'est pas parvenu à décoller car la sécurité reste un marché paradoxal. Nous avons observé les pratiques de sécurité et les attentes réciproques créées par la conception de ces systèmes, plus spécifiquement ceux à base de PKI pour cette étude, dans les termes de la théorie de l'acteur-réseau, en reconstituant toutes les médiations nécessaires à l'existence d'une chaîne de sécurité informatique... souvent bien matérielle. C'est une vision sécuritaire du monde qui doit être produite, une ontologie, qui échoue quand elle veut trop formater les pratiques et les utilisateurs: elle doit rester « à géométrie variable » tout en mobilisant des garants qui la dépassent et non les seules autorités de certification marchandes. La conception d'architectures de sécurité peut elle admettre cette « sécurité suffisante » qui rend sup- portable les politiques de sécurité dès lors qu'elles disparaissent de la conscience des utilisateurs

Exploitation in Human Trafficking and Smuggling

This article explores the mechanisms that underpin human smuggling and trafficking. It argues for the continued analytical relevance of the distinction between “trafficking” and “smuggling”, as posited by the 2000 UN Protocols. While this distinction has come under sustained criticism from several authors over the last 15 years, it nonetheless continues to capture the essential features of two distinct phenomena (control over a human being vs. illegal entry into a country), and acknowledges the role of agency in smuggling. The paper goes on to discuss three different scenarios that may emerge as a result of the interplay between smugglers and smuggled persons, and it specifies the role of exploitation in each scenario. In addition, the paper offers empirical evidence of the key building blocks of smuggling – namely the search for reliable information and the reaching of an agreement in regard to the service offered – and of how smuggling can turn into trafficking. This work concludes by drawing out the relevant policy implications.This work was supported by the European Union / FP7 Framework (Fiducia Project, Grant agreement 290563, FP7-SSH-2011-12).This is the author accepted manuscript. The final version is available from Springer via http://dx.doi.org/10.1007/s10610-015-9286-

Adaptive and survivable trust management for Internet of Things systems

Abstract The Internet of Things (IoT) is characterized by the seamless integration of heterogeneous devices into information networks to enable collaborative environments, specifically those concerning the collection of data and exchange of information and services. Security and trustworthiness are among the critical requirements for the effective deployment of IoT systems. However, trust management in IoT is extremely challenging due to its open environment, where the quality of information is often unknown because entities may misbehave. A hybrid context‐aware trust and reputation management protocol is presented for fog‐based IoT that addresses adaptivity, survivability, and scalability requirements. Through simulation, the effectiveness of the proposed protocol is demonstrated

How to set a business in China and what are the managerial factors for success?

During this dissertation we will present the specificities and impact of intercultural management in the success of a company abroad and more specifically in China. We will thus thanks to interviews and by conducting a survey try to determine which are the international and local/cultural management theories to implement and the one that are universal.Durante esta dissertação, apresentaremos as especificidades e o impacto do gerenciamento físico no sucesso de uma empresa no exterior e mais especificamente na China. Por conseguinte, agradeceremos as entrevistas e, ao realizar uma pesquisa, tentaremos determinar quais são as teorias de gestão internacional e local / cultural a implementar e a universal

ICIS Panel Summary: Should Institutional Trust Matter in Information Systems Research?

This paper summarizes and expands the panel on Should Institutional Trust Matter in Information Systems Research? that was presented during the ICIS 2005 Conference in Las Vegas. The panel was co-chaired by Paul A. Pavlou of the University of California and by David Gefen of Drexel University. The panelists were Izak Benbasat of the University of British Columbia, Harrison McKnight of Michigan State University, Katherine Stewart of the University of Maryland, and Detmar W. Straub of Georgia State University. There were about 150 people attending the panel and taking part in the lively discussion that pursued. Due to the interest the panel aroused, this paper expands on the topics discussed and presents them in a much broader perspective in a set of appendices