Tournesol: Permissionless Collaborative Algorithmic Governance with Security Guarantees

Recommendation algorithms play an increasingly central role in our societies. However, thus far, these algorithms are mostly designed and parameterized unilaterally by private groups or governmental authorities. In this paper, we present an end-to-end permissionless collaborative algorithmic governance method with security guarantees. Our proposed method is deployed as part of an open-source content recommendation platform https://tournesol.app, whose recommender is collaboratively parameterized by a community of (non-technical) contributors. This algorithmic governance is achieved through three main steps. First, the platform contains a mechanism to assign voting rights to the contributors. Second, the platform uses a comparison-based model to evaluate the individual preferences of contributors. Third, the platform aggregates the judgements of all contributors into collective scores for content recommendations. We stress that the first and third steps are vulnerable to attacks from malicious contributors. To guarantee the resilience against fake accounts, the first step combines email authentication, a vouching mechanism, a novel variant of the reputation-based EigenTrust algorithm and an adaptive voting rights assignment for alternatives that are scored by too many untrusted accounts. To provide resilience against malicious authenticated contributors, we adapt Mehestan, an algorithm previously proposed for robust sparse voting. We believe that these algorithms provide an appealing foundation for a collaborative, effective, scalable, fair, contributor-friendly, interpretable and secure governance. We conclude by highlighting key challenges to make our solution applicable to larger-scale settings.Comment: 31 pages, 5 figure

From fuzzy to annotated semantic web languages

The aim of this chapter is to present a detailed, selfcontained and comprehensive account of the state of the art in representing and reasoning with fuzzy knowledge in Semantic Web Languages such as triple languages RDF/RDFS, conceptual languages of the OWL 2 family and rule languages. We further show how one may generalise them to so-called annotation domains, that cover also e.g. temporal and provenance extensions

Logical limits of abstract argumentation frameworks

International audienceDung’s (1995) argumentation framework takes as input two abstract entities: a set of arguments and a binary relation encoding attacks between these arguments. It returns acceptable sets of arguments, called extensions, w.r.t. a given semantics. While the abstract nature of this setting is seen as a great advantage, it induces a big gap with the application that it is used to. This raises some questions about the compatibility of the setting with a logical formalism (i.e., whether it is possible to instantiate it properly from a logical knowledge base), and about the significance of the various semantics in the application context. In this paper we tackle the above questions. We first propose to fill in the previous gap by extending Dung’s (1995) framework. The idea is to consider all the ingredients involved in an argumentation process. We start with the notion of an abstract monotonic logic which consists of a language (defining the formulas) and a consequence operator. We show how to build, in a systematic way, arguments from a knowledge base formalised in such a logic. We then recall some basic postulates that any instantiation should satisfy. We study how to choose an attack relation so that the instantiation satisfies the postulates. We show that symmetric attack relations are generally not suitable. However, we identify at least one ‘appropriate’ attack relation. Next, we investigate under stable, semi-stable, preferred, grounded and ideal semantics the outputs of logic-based instantiations that satisfy the postulates. For each semantics, we delimit the number of extensions an argumentation system may have, characterise the extensions in terms of subsets of the knowledge base, and finally characterise the set of conclusions that are drawn from the knowledge base. The study reveals that stable, semi-stable and preferred semantics either lead to counter-intuitive results or provide no added value w.r.t. naive semantics. Besides, naive semantics either leads to arbitrary results or generalises the coherence-based approach initially developed by Rescher and Manor (1970). Ideal and grounded semantics either coincide and generalise the free consequence relation developed by Benferhat, Dubois, and Prade (1997), or return arbitrary results. Consequently, Dung’s (1995) framework seems problematic when applied over deductive logical formalisms

EmC-ICDSST 2019: 5th International Conference on Decision Support System Technology - ICDSST 2019 & EURO Mini Conference 2019 on "Decision Support Systems: Main Developments & Future Trends"

info:eu-repo/semantics/publishedVersio

Using Genetic Programming to Build Self-Adaptivity into Software-Defined Networks

Self-adaptation solutions need to periodically monitor, reason about, and adapt a running system. The adaptation step involves generating an adaptation strategy and applying it to the running system whenever an anomaly arises. In this article, we argue that, rather than generating individual adaptation strategies, the goal should be to adapt the control logic of the running system in such a way that the system itself would learn how to steer clear of future anomalies, without triggering self-adaptation too frequently. While the need for adaptation is never eliminated, especially noting the uncertain and evolving environment of complex systems, reducing the frequency of adaptation interventions is advantageous for various reasons, e.g., to increase performance and to make a running system more robust. We instantiate and empirically examine the above idea for software-defined networking -- a key enabling technology for modern data centres and Internet of Things applications. Using genetic programming,(GP), we propose a self-adaptation solution that continuously learns and updates the control constructs in the data-forwarding logic of a software-defined network. Our evaluation, performed using open-source synthetic and industrial data, indicates that, compared to a baseline adaptation technique that attempts to generate individual adaptations, our GP-based approach is more effective in resolving network congestion, and further, reduces the frequency of adaptation interventions over time. In addition, we show that, for networks with the same topology, reusing over larger networks the knowledge that is learned on smaller networks leads to significant improvements in the performance of our GP-based adaptation approach. Finally, we compare our approach against a standard data-forwarding algorithm from the network literature, demonstrating that our approach significantly reduces packet loss.Comment: arXiv admin note: text overlap with arXiv:2205.0435

Threat Assessment and Risk Analysis (TARA) for Interoperable Medical Devices in the Operating Room Inspired by the Automotive Industry

Prevailing trends in the automotive and medical device industry, such as life cycle overarching configurability, connectivity, and automation, require an adaption of development processes, especially regarding the security and safety thereof. The changing requirements imply that interfaces are more exposed to the outside world, making them more vulnerable to cyberattacks or data leaks. Consequently, not only do development processes need to be revised but also cybersecurity countermeasures and a focus on safety, as well as privacy, have become vital. While vehicles are especially exposed to cybersecurity and safety risks, the medical devices industry faces similar issues. In the automotive industry, proposals and draft regulations exist for security-related risk assessment processes. The medical device industry, which has less experience in these topics and is more heterogeneous, may benefit from drawing inspiration from these efforts. We examined and compared current standards, processes, and methods in both the automotive and medical industries. Based on the requirements regarding safety and security for risk analysis in the medical device industry, we propose the adoption of methods already established in the automotive industry. Furthermore, we present an example based on an interoperable Operating Room table (OR table)