108,414 research outputs found
Quantitative analysis of the leakage of confidential data
Basic information theory is used to analyse the amount of confidential information which may be leaked by programs written in a very simple imperative language. In particular, a detailed analysis is given of the possible leakage due to equality tests and if statements. The analysis is presented as a set of syntax-directed inference rules and can readily be automated
Mandatory Enforcement of Privacy Policies using Trusted Computing Principles
Modern communication systems and information technology create significant new threats to information privacy. In this paper, we discuss the need for proper privacy protection in cooperative intelligent transportation systems (cITS), one instance of such systems. We outline general principles for data protection and their legal basis and argue why pure legal protection is insufficient. Strong privacy-enhancing technologies need to be deployed in cITS to protect user data while it is generated and processed. As data minimization cannot always prevent the need for disclosing relevant personal information, we introduce the new concept of mandatory enforcement of privacy policies. This concept empowers users and data subjects to tightly couple their data with privacy policies and rely on the system to impose such policies onto any data processors. We also describe the PRECIOSA Privacy-enforcing Runtime Architecture that exemplifies our approach. Moreover, we show how an application can utilize this architecture by applying it to a pay as you drive (PAYD) car insurance scenario
Usable Security: Why Do We Need It? How Do We Get It?
Security experts frequently refer to people as “the weakest link in the chain” of system
security. Famed hacker Kevin Mitnick revealed that he hardly ever cracked a password,
because it “was easier to dupe people into revealing it” by employing a range of social
engineering techniques. Often, such failures are attributed to users’ carelessness and
ignorance. However, more enlightened researchers have pointed out that current security
tools are simply too complex for many users, and they have made efforts to improve
user interfaces to security tools. In this chapter, we aim to broaden the current perspective,
focusing on the usability of security tools (or products) and the process of designing
secure systems for the real-world context (the panorama) in which they have to operate.
Here we demonstrate how current human factors knowledge and user-centered design
principles can help security designers produce security solutions that are effective in practice
Synthetic Establishment Microdata Around the World
In contrast to the many public-use microdata samples available for individual and household data from many statistical agencies around the world, there are virtually no establishment or firm microdata available. In large part, this difficulty in providing access to business micro data is due to the skewed and sparse distributions that characterize business data. Synthetic data are simulated data generated from statistical models. We organized sessions at the 2015 World Statistical Congress and the 2015 Joint Statistical Meetings, highlighting work on synthetic \emph{establishment} microdata. This overview situates those papers, published in this issue, within the broader literature
Practical LDPC coded modulation schemes for the fading broadcast channel with confidential messages
The broadcast channel with confidential messages is a well studied scenario
from the theoretical standpoint, but there is still lack of practical schemes
able to achieve some fixed level of reliability and security over such a
channel. In this paper, we consider a quasi-static fading channel in which both
public and private messages must be sent from the transmitter to the receivers,
and we aim at designing suitable coding and modulation schemes to achieve such
a target. For this purpose, we adopt the error rate as a metric, by considering
that reliability (security) is achieved when a sufficiently low (high) error
rate is experienced at the receiving side. We show that some conditions exist
on the system feasibility, and that some outage probability must be tolerated
to cope with the fading nature of the channel. The proposed solution exploits
low-density parity-check codes with unequal error protection, which are able to
guarantee two different levels of protection against noise for the public and
the private information, in conjunction with different modulation schemes for
the public and the private message bits.Comment: 6 pages, 4 figures, to be presented at IEEE ICC'14 - Workshop on
Wireless Physical Layer Securit
- …