A Mediated Definite Delegation Model allowing for Certified Grid Job Submission

Grid computing infrastructures need to provide traceability and accounting of their users" activity and protection against misuse and privilege escalation. A central aspect of multi-user Grid job environments is the necessary delegation of privileges in the course of a job submission. With respect to these generic requirements this document describes an improved handling of multi-user Grid jobs in the ALICE ("A Large Ion Collider Experiment") Grid Services. A security analysis of the ALICE Grid job model is presented with derived security objectives, followed by a discussion of existing approaches of unrestricted delegation based on X.509 proxy certificates and the Grid middleware gLExec. Unrestricted delegation has severe security consequences and limitations, most importantly allowing for identity theft and forgery of delegated assignments. These limitations are discussed and formulated, both in general and with respect to an adoption in line with multi-user Grid jobs. Based on the architecture of the ALICE Grid Services, a new general model of mediated definite delegation is developed and formulated, allowing a broker to assign context-sensitive user privileges to agents. The model provides strong accountability and long- term traceability. A prototype implementation allowing for certified Grid jobs is presented including a potential interaction with gLExec. The achieved improvements regarding system security, malicious job exploitation, identity protection, and accountability are emphasized, followed by a discussion of non- repudiation in the face of malicious Grid jobs

Multilateral Economic Institutions and U.S. Foreign Policy: Hearing Before the Subcomm. on Multilateral Int\u27l Dev., Multilateral Insts., & Int\u27l Econ., Energy, & Envtl. Pol\u27y of the S. Comm. on Foreign Relations, 115th Cong., Nov. 27, 2018 (Statement of Jennifer A. Hillman)

Virtually every major international gathering of world leaders recently has ended in failure—or at least failure to reach enough agreement to issue a concluding statement or communique. These failures come at a time when many have been looking for signs that world leaders would come together to address the most pressing problems facing the world—including climate change, the breakdown in the rules of the international trading system, the need everywhere for good jobs that pay a living wage, and rapidly growing income inequality. The failure of these meetings to produce formal agreements—or even specific paths to reaching agreements in the future—despite the high stakes has left many questioning the ability of the world’s leaders to meet global challenges, shedding a spotlight on the institutions and fora that were established for the purpose of achieving multilateral solutions—particularly the World Trade Organization (WTO), the World Bank and the International Monetary Fund (IMF). The failure to reach agreements can best be seen as part of a long-term trend toward increased complexity in the world that makes it nearly impossible to reach traditional multilateral binding accords, combined with a waning of faith on the part of many countries in multilateralism and multilateral institutions. A number of clear trends emerge from the failures to reach accords at virtually all recent international gatherings: 1) Government policies and international arrangements for collective decision-making have not kept pace with changes in the world, especially the high degree of international economic integration and interdependence. Much of the increasing complexity in the international economic order stems from the explosive growth in the number and size of multinational corporations and financial institutions, many of which now dwarf the size of most of the nations in the world. Added to the complexity is the increase in the speed at which goods, money and technology moves around the globe in our digital age. 2) Learning to operate in this vastly more complex world will require more multilateralism, not less. As countries emerged from the era of colonialization and began opening their markets, the number of players on global stage increased, making reaching consensus among a much larger group of disparate interests more difficult. But because the most significant problems facing the world cross many international boundaries, solving them will require that countries come together to find regional, plurilateral, or global solutions. 3) It is essential that the international economic institutions be updated and improved, not destroyed or left to wither. Because it is clear that reaching major new binding accords or creating new international institutions is quite difficult, the best and most achievable solution is to renovate our existing institutions. Each needs to modernize and improve their governance structures to ensure that work can get done despite the increases in complexities and to update their mandates to ensure the ability to address the problems of the 21st century, many of which are quite different from those that existed in the 1940s when these institutions were created. Given that the crisis is most acute at the WTO, this testimony will focus on what must be done to renovate the World Trade Organization and why doing so is critical, both for the trading system and for the continued existence of a rules-based international economic order. The need for the WTO and its dispute settlement system to remain viable is particularly critical if we are to address the challenges presented by the explosive growth of China and its transformation into the largest exporter of goods in the world

Questions related to Bitcoin and other Informational Money

A collection of questions about Bitcoin and its hypothetical relatives Bitguilder and Bitpenny is formulated. These questions concern technical issues about protocols, security issues, issues about the formalizations of informational monies in various contexts, and issues about forms of use and misuse. Some questions are formulated in the more general setting of informational monies and near-monies. We also formulate questions about legal, psychological, and ethical aspects of informational money. Finally we formulate a number of questions concerning the economical merits of and outlooks for Bitcoin.Comment: 31 pages. In v2 the section on patterns for use and misuse has been improved and expanded with so-called contaminations. Other small improvements were made and 13 additional references have been include

The Data Breach Dilemma: Proactive Solutions for Protecting Consumers’ Personal Information

Data breaches are an increasingly common part of consumers’ lives. No institution is immune to the possibility of an attack. Each breach inevitably risks the release of consumers’ personally identifiable information and the strong possibility of identity theft. Unfortunately, current solutions for handling these incidents are woefully inadequate. Private litigation like consumer class actions and shareholder lawsuits each face substantive legal and procedural barriers. States have their own data security and breach notification laws, but there is currently no unifying piece of legislation or strong enforcement mechanism. This Note argues that proactive solutions are required. First, a national data security law—setting minimum data security standards, regulating the use and storage of personal information, and expanding the enforcement role of the Federal Trade Commission—is imperative to protect consumers’ data. Second, a proactive solution requires reconsidering how to minimize the problem by going to its source: the collection of personally identifiable information in the first place. This Note suggests regulating companies’ collection of Social Security numbers, and, eventually, using a system based on distributed ledger technology to replace the ubiquity of Social Security numbers

Privacy and Accountability in Black-Box Medicine

Black-box medicine—the use of big data and sophisticated machine learning techniques for health-care applications—could be the future of personalized medicine. Black-box medicine promises to make it easier to diagnose rare diseases and conditions, identify the most promising treatments, and allocate scarce resources among different patients. But to succeed, it must overcome two separate, but related, problems: patient privacy and algorithmic accountability. Privacy is a problem because researchers need access to huge amounts of patient health information to generate useful medical predictions. And accountability is a problem because black-box algorithms must be verified by outsiders to ensure they are accurate and unbiased, but this means giving outsiders access to this health information. This article examines the tension between the twin goals of privacy and accountability and develops a framework for balancing that tension. It proposes three pillars for an effective system of privacy-preserving accountability: substantive limitations on the collection, use, and disclosure of patient information; independent gatekeepers regulating information sharing between those developing and verifying black-box algorithms; and information-security requirements to prevent unintentional disclosures of patient information. The article examines and draws on a similar debate in the field of clinical trials, where disclosing information from past trials can lead to new treatments but also threatens patient privacy