6,847 research outputs found
APPS 2021: Third International Workshop on Adaptive and Personalized Privacy and Security
The work has been partially supported by the EU Horizon 2020 Grant 826278 “Securing Medical Data in Smart Patient-Centric Healthcare Systems” (Serums), and by a new European project, TRUSTID - Intelligent and Continuous Online Student Identity Management for Improving Security and Trust in European Higher Education Institutions, which is funded by the European Commission within the Erasmus+ 2020 Programme.The Third International Workshop on Adaptive and Personalized Privacy and Security (APPS 2021) aims to bring together researchers and practitioners working on diverse topics related to understanding and improving the usability of privacy and security software and systems, by applying user modeling, adaptation and personalization principles. Our special focus in 2021 is on challenges and opportunities related to the Covid-19 outbreak, more specifically on ensuring security and privacy of sensitive data and secure user interactions in online systems. The third edition of the workshop includes interdisciplinary contributions from Belgium, Cyprus, Germany, Greece, Portugal, the Netherlands, and United Kingdom, that introduce new and disruptive ideas, suggest novel solutions, and present research results about various aspects (theory, applications, tools) for bringing user modeling, adaptation and personalization principles into privacy and systems security. This summary gives a brief overview of APPS 2021, held online in conjunction with the 29th ACM Conference on User Modeling, Adaptation and Personalization (ACM UMAP 2021).Postprin
The Internet-of-Things Meets Business Process Management: Mutual Benefits and Challenges
The Internet of Things (IoT) refers to a network of connected devices
collecting and exchanging data over the Internet. These things can be
artificial or natural, and interact as autonomous agents forming a complex
system. In turn, Business Process Management (BPM) was established to analyze,
discover, design, implement, execute, monitor and evolve collaborative business
processes within and across organizations. While the IoT and BPM have been
regarded as separate topics in research and practice, we strongly believe that
the management of IoT applications will strongly benefit from BPM concepts,
methods and technologies on the one hand; on the other one, the IoT poses
challenges that will require enhancements and extensions of the current
state-of-the-art in the BPM field. In this paper, we question to what extent
these two paradigms can be combined and we discuss the emerging challenges
HardIDX: Practical and Secure Index with SGX
Software-based approaches for search over encrypted data are still either
challenged by lack of proper, low-leakage encryption or slow performance.
Existing hardware-based approaches do not scale well due to hardware
limitations and software designs that are not specifically tailored to the
hardware architecture, and are rarely well analyzed for their security (e.g.,
the impact of side channels). Additionally, existing hardware-based solutions
often have a large code footprint in the trusted environment susceptible to
software compromises. In this paper we present HardIDX: a hardware-based
approach, leveraging Intel's SGX, for search over encrypted data. It implements
only the security critical core, i.e., the search functionality, in the trusted
environment and resorts to untrusted software for the remainder. HardIDX is
deployable as a highly performant encrypted database index: it is logarithmic
in the size of the index and searches are performed within a few milliseconds
rather than seconds. We formally model and prove the security of our scheme
showing that its leakage is equivalent to the best known searchable encryption
schemes. Our implementation has a very small code and memory footprint yet
still scales to virtually unlimited search index sizes, i.e., size is limited
only by the general - non-secure - hardware resources
Recommended from our members
Pairing a Circular Economy and the 5G-Enabled Internet of Things: Creating a Class of “Looping Smart Assets”
The increase in the world’s population has led to a
massive rise in human consumption of the planet’s natural
resources, well beyond their replacement rate. Traditional
recycling concepts and methods are not enough to counter such
effects. In this context, a circular economy (CE), that is, a
restorative and regenerative by-design economy, can reform
today’s “take–make–dispose” economic model. On the other hand,
the Internet of Things (IoT) continues to gradually transform our
everyday lives, allowing for the introduction of novel types of
services while enhancing legacy ones. Taking this as our
motivation, in this article we analyze the CE/IoT interplay,
indicating innovative ways in which this interaction can drastically
affect products and services, their underlying business models,
and the associated ecosystems. Moreover, we present an IoT
architecture that enables smart object integration into the IoT
ecosystem. The presented architecture integrates circularityenabling
features by maximizing the exploitation of assets toward
a new type of IoT ecosystem that is circular by design (CbD).
Finally, we provide a proof-of-concept implementation and an
application study of the proposed architecture and results
regarding the applicability of the proposed approach for the
telecommunications (telecom) sector
Usability heuristics for fast crime data anonymization in resource-constrained contexts
This thesis considers the case of mobile crime-reporting systems that have emerged as an effective and efficient data collection method in low and middle-income countries. Analyzing the data, can be helpful in addressing crime. Since law enforcement agencies in resource-constrained context typically do not have the expertise to handle these tasks, a cost-effective strategy is to outsource the data analytics tasks to third-party service providers. However, because of the sensitivity of the data, it is expedient to consider the issue of privacy. More specifically, this thesis considers the issue of finding low-intensive computational solutions to protecting the data even from an "honest-but-curious" service provider, while at the same time generating datasets that can be queried efficiently and reliably. This thesis offers a three-pronged solution approach. Firstly, the creation of a mobile application to facilitate crime reporting in a usable, secure and privacy-preserving manner. The second step proposes a streaming data anonymization algorithm, which analyses reported data based on occurrence rate rather than at a preset time on a static repository. Finally, in the third step the concept of using privacy preferences in creating anonymized datasets was considered. By taking into account user preferences the efficiency of the anonymization process is improved upon, which is beneficial in enabling fast data anonymization. Results from the prototype implementation and usability tests indicate that having a usable and covet crime-reporting application encourages users to declare crime occurrences. Anonymizing streaming data contributes to faster crime resolution times, and user privacy preferences are helpful in relaxing privacy constraints, which makes for more usable data from the querying perspective. This research presents considerable evidence that the concept of a three-pronged solution to addressing the issue of anonymity during crime reporting in a resource-constrained environment is promising. This solution can further assist the law enforcement agencies to partner with third party in deriving useful crime pattern knowledge without infringing on users' privacy. In the future, this research can be extended to more than one low-income or middle-income countries
- …