49,833 research outputs found
Towards a Formal Model of Privacy-Sensitive Dynamic Coalitions
The concept of dynamic coalitions (also virtual organizations) describes the
temporary interconnection of autonomous agents, who share information or
resources in order to achieve a common goal. Through modern technologies these
coalitions may form across company, organization and system borders. Therefor
questions of access control and security are of vital significance for the
architectures supporting these coalitions.
In this paper, we present our first steps to reach a formal framework for
modeling and verifying the design of privacy-sensitive dynamic coalition
infrastructures and their processes. In order to do so we extend existing
dynamic coalition modeling approaches with an access-control-concept, which
manages access to information through policies. Furthermore we regard the
processes underlying these coalitions and present first works in formalizing
these processes. As a result of the present paper we illustrate the usefulness
of the Abstract State Machine (ASM) method for this task. We demonstrate a
formal treatment of privacy-sensitive dynamic coalitions by two example ASMs
which model certain access control situations. A logical consideration of these
ASMs can lead to a better understanding and a verification of the ASMs
according to the aspired specification.Comment: In Proceedings FAVO 2011, arXiv:1204.579
AI for the Common Good?! Pitfalls, challenges, and Ethics Pen-Testing
Recently, many AI researchers and practitioners have embarked on research
visions that involve doing AI for "Good". This is part of a general drive
towards infusing AI research and practice with ethical thinking. One frequent
theme in current ethical guidelines is the requirement that AI be good for all,
or: contribute to the Common Good. But what is the Common Good, and is it
enough to want to be good? Via four lead questions, I will illustrate
challenges and pitfalls when determining, from an AI point of view, what the
Common Good is and how it can be enhanced by AI. The questions are: What is the
problem / What is a problem?, Who defines the problem?, What is the role of
knowledge?, and What are important side effects and dynamics? The illustration
will use an example from the domain of "AI for Social Good", more specifically
"Data Science for Social Good". Even if the importance of these questions may
be known at an abstract level, they do not get asked sufficiently in practice,
as shown by an exploratory study of 99 contributions to recent conferences in
the field. Turning these challenges and pitfalls into a positive
recommendation, as a conclusion I will draw on another characteristic of
computer-science thinking and practice to make these impediments visible and
attenuate them: "attacks" as a method for improving design. This results in the
proposal of ethics pen-testing as a method for helping AI designs to better
contribute to the Common Good.Comment: to appear in Paladyn. Journal of Behavioral Robotics; accepted on
27-10-201
Assessing Security Risk and Requirements for Systems of Systems
A System of Systems (SoS) is a term used to describe independent systems converging for a purpose that could only be carried out through this interdependent collaboration. Many examples of SoSs exist, but the term has become a source of confusion across domains. Moreover, there are few illustrative SoS examples demonstrating their initial classification and structure. While there are many approaches for engineering of systems, less exist for SoS engineering. More specifically, there is a research gap towards approaches addressing SoS security risk assessment for engineering and operational needs, with a need for tool-support to assist modelling and visualising security risk and requirements in an interconnected SoS. From this, security requirements can provide a systematic means to identify constraints and related risks of the SoS, mitigated by human-user and system requirements. This work investigates specific challenges and current approaches for SoS security and risk, and aims to identify the alignment of SoS factors and concepts suitable for eliciting, analysing, validating risks with use of a tool-support for assessing security risk in the SoS context
Alcuni abstract di articoli che trattano argomenti relativi all'eHealth
Non utile per esam
Secure data sharing and processing in heterogeneous clouds
The extensive cloud adoption among the European Public Sector Players empowered them to own and operate a range of cloud infrastructures. These deployments vary both in the size and capabilities, as well as in the range of employed technologies and processes. The public sector, however, lacks the necessary technology to enable effective, interoperable and secure integration of a multitude of its computing clouds and services. In this work we focus on the federation of private clouds and the approaches that enable secure data sharing and processing among the collaborating infrastructures and services of public entities. We investigate the aspects of access control, data and security policy languages, as well as cryptographic approaches that enable fine-grained security and data processing in semi-trusted environments. We identify the main challenges and frame the future work that serve as an enabler of interoperability among heterogeneous infrastructures and services. Our goal is to enable both security and legal conformance as well as to facilitate transparency, privacy and effectivity of private cloud federations for the public sector needs. © 2015 The Authors
- …