An identity- and trust-based computational model for privacy

The seemingly contradictory need and want of online users for information sharing and privacy has inspired this thesis work. The crux of the problem lies in the fact that a user has inadequate control over the flow (with whom information to be shared), boundary (acceptable usage), and persistence (duration of use) of their personal information. This thesis has built a privacy-preserving information sharing model using context, identity, and trust to manage the flow, boundary, and persistence of disclosed information. In this vein, privacy is viewed as context-dependent selective disclosures of information. This thesis presents the design, implementation, and analysis of a five-layer Identity and Trust based Model for Privacy (ITMP). Context, trust, and identity are the main building blocks of this model. The application layer identifies the counterparts, the purpose of communication, and the information being sought. The context layer determines the context of a communication episode through identifying the role of a partner and assessing the relationship with the partner. The trust layer combines partner and purpose information with the respective context information to determine the trustworthiness of a purpose and a partner. Given that the purpose and the partner have a known level of trustworthiness, the identity layer constructs a contextual partial identity from the user's complete identity. The presentation layer facilitates in disclosing a set of information that is a subset of the respective partial identity. It also attaches expiration (time-to-live) and usage (purpose-to-live) tags into each piece of information before disclosure. In this model, roles and relationships are used to adequately capture the notion of context to address privacy. A role is a set of activities assigned to an actor or expected of an actor to perform. For example, an actor in a learner role is expected to be involved in various learning activities, such as attending lectures, participating in a course discussion, appearing in exams, etc. A relationship involves related entities performing activities involving one another. Interactions between actors can be heavily influenced by roles. For example, in a learning-teaching relationship, both the learner and the teacher are expected to perform their respective roles. The nuances of activities warranted by each role are dictated by individual relationships. For example, two learners seeking help from an instructor are going to present themselves differently. In this model, trust is realized in two forms: trust in partners and trust of purposes. The first form of trust assesses the trustworthiness of a partner in a given context. For example, a stranger may be considered untrustworthy to be given a home phone number. The second form of trust determines the relevance or justification of a purpose for seeking data in a given context. For example, seeking/providing a social insurance number for the purpose of a membership in a student organization is inappropriate. A known and tested trustee can understandably be re-trusted or re-evaluated based on the personal experience of a trustor. In online settings, however, a software manifestation of a trusted persistent public actor, namely a guarantor, is required to help find a trustee, because we interact with a myriad of actors in a large number of contexts, often with no prior relationships. The ITMP model is instantiated as a suite of Role- and Relationship-based Identity and Reputation Management (RRIRM) features in iHelp, an e-learning environment in use at the University of Saskatchewan. This thesis presents the results of a two-phase (pilot and larger-scale) user study that illustrates the effectiveness of the RRIRM features and thus the ITMP model in enhancing privacy through identity and trust management in the iHelp Discussion Forum. This research contributes to the understanding of privacy problems along with other competing interests in the online world, as well as to the development of privacy-enhanced communications through understanding context, negotiating identity, and using trust

A framework for identity and privacy management on mobile devices

More and more online services require user identification. This increases time to fill out extensive forms and results in large amounts of login and identification data to remember. At the same time the number of users that need access to those service while roaming is equally increasing. However, unfortunately many users are not aware that there is a high risk of loosing privacy when disclosing information about oneself’s identity in an unregulated way. To counteract this and to help users in managing and maintaining related identity data, so-called Identity Management Systems have been developed. While available solutions are mainly built for fixed environments, dependencies to central storages and processing units make them unsuitable for application into mobile environments. Thus, a more flexible solution is necessary that supports roaming users with privacy-sensitive handling of identification processes in online transactions. On this background, the project goal was an extension of the Identity Management System concept with mobility aspect. A framework for identity and privacy management on mobile devices, consisting of a procedural method, privacy and security protocols and a user tool has been specified to give users full control over their identity data in flexible and privacy-friendly ways. Thereby, the method has been defined to describe the overall process sequence. The supporting protocols then have been specified to provide ways for users and Service Providers to agree on applied data management practices, enable automated disclosures of identity data and guarantee secure and anonymous transmissions. Finally the tool has been defined to present an application to be installed on mobile phones that integrates the method and the protocols into a user-centered system architecture. Based on an engineering paradigm in combination with the first part of a six-step development strategy, this project covers the background research, requirements and specifications and design and development. This means that the final rollout of the proposed framework solution needs to be handed over to programmers in a possible project continuation. Those are then responsible for subsequent coding, testing and deployment. After requirements and specifications had been derived, the framework has been successfully developed. While the user tool is responsible for all procedures on the mobile phone, a particular network infrastructure design allows secure transmissions by maintaining user anonymity. The solution is developed and the deployment prepared to such detail that programmers can directly start coding and testing. As a conclusion, this project revealed several interesting and new aspects in the combined areas of identity, privacy and mobility. The solution fully meets all defined functional and non-functional requirements. As an application on mobile phones, the proposed framework allows privacy-sensitive handling of identity data in online transactions. Together with mechanisms for data management and maintenance before and after disclosure, it increases user flexibility, simplifies online identification and decreases processing time

Enhancing Mindfulness-Based Stress Reduction Through a Mobile Application

The goal of this Major Qualifying Project (MQP) was to improve upon the initial design of a mobile application that would assist college students in the practice of Mindfulness Based Stress Reduction (MBSR). The team assisted in building a foundation for UMass Medical so they can apply for a grant to have this project be fully funded and become a fully functioning mobile application. This MQP was a continuation of a previous MQP’s work that explored some of the initial ideas on how to design the application. The team created functional mockups of the original idea and surveyed college students to get their feedback on the initial design

Digital dying in personal information management towards thanotosensitive information management

Tese de mestrado. Multimédia. Universidade do Porto. Faculdade de Engenharia. 201

Revolutionary Risks: Cyber Technology and Threats in the 2011 Libyan Revolution

(IWS/03 - Irregular Warfare Studies, book 3) The 2011 Libyan revolution was marked by the intensive use of cyber technology. Using decentralized ways of connecting, such as two-way satellite Internet, the Libyan opposition almost completely bypassed the government\u27s sophisticated Internet monitoring equipment and effectively ended the ability of the Gaddafi regime to control Internet access. Still, electronic actors working on behalf of the regime attacked opposition computers by exploiting key human vulnerabilities.https://digital-commons.usnwc.edu/ciwag-case-studies/1012/thumbnail.jp

The Decision to Share Information and Rumors: Examining the Role of Motivation in an Online Discussion Forum

The focus of this study is to examine the motivations of online community members to share information and rumors. We investigated an online community of interest, the members of which voluntarily associate and communicate with people with similar interests. Community members, posters and lurkers alike, were surveyed on the influence of extrinsic and intrinsic motivations, as well as normative influences, on their willingness to share information and rumors with others. The results indicated that posters and lurkers are differently motivated by intrinsic factors to share, and that extrinsic rewards like improved reputation and status-building within the community are motivating factors for rumor mongering. The results are discussed and future directions for this area of research are offered

Modulating application behaviour for closely coupled intrusion detection

Includes bibliographical references.This thesis presents a security measure that is closely coupled to applications. This distinguishes it from conventional security measures which tend to operate at the infrastructure level (network, operating system or virtual machine). Such lower level mechanisms exhibit a number of limitations, amongst others they are poorly suited to the monitoring of applications which operate on encrypted data or the enforcement of security policies involving abstractions introduced by applications. In order to address these problems, the thesis proposes externalising the security related analysis functions performed by applications. These otherwise remain hidden in applications and so are likely to be underdeveloped, inflexible or insular. It is argued that these deficiencies have resulted in an over-reliance on infrastructure security components

Financial Sustainability Strategies of Religious Nonprofit Organizations

The percent of religious nonprofit organizations (RNOs) facing uncertainty in operational capital and resources will rise as government funding diminishes. The RNOs that struggle to maintain a competitive advantage are at high risk of failure. Grounded in the resource-based view theory, the purpose of this qualitative multiple case study was to explore funding strategies leaders of RNOs use to achieve financial sustainability beyond the first 5 years of operation. Participants were 3 leaders of RNOs in Middle Tennessee with successful experience in applying funding strategies that increased revenue year-over-year while serving their constituencies. Data sources included face-to-face interviews and organizational documents. Thematic analysis was used to analyze the data. Three themes emerged: prioritizing core donors as primary parts of business strategy, fostering community within the organization, and collaborating with other RNOs to expand services. The implications for positive social change include the potential for leaders of RNOs to cultivate a stable donor base, increase funding capital, and support the economic and social development of the regional communities

Twice-Exceptional Autism and Home Education: A Phenomenological Analysis

It is common for autistic and particularly twice-exceptional (2e) children to be schooled from home at a higher rate than their neurotypical peers. Much of the current research investigating this phenomenon is conducted from the perspective of the public school system. This point of view is generally critical of the curriculum taught in the home, has largely limited parental voices in the literature, and overlooks possible circumstances in the public school system that might have led families to choose to homeschool. This qualitative analysis conducted open-ended interviews of parents with twice-exceptional autistic children who have home-educated or currently educate their children at home. It explored parents’ reasons for choosing to homeschool, and it gathered insight into their experiences as they transitioned from public schooling to the home environment. The data indicated two theories. The first was that parents tend to choose to homeschool their 2e, autistic children because the public schools are in some way not meeting their needs. The second theory was that transitions to homeschool were positive in some households and challenging in others. Those experiencing positive transitions likely benefitted from self-directed learning, one-on-one time, and fewer distractions of home education. Families who experienced difficulty typically had schedule conflicts (such as working parents), and parent burnout. Implications of this study may inform public schools of the under-served 2e population and encourage better accommodations for the students. This cannot be done, however, unless the students are evaluated, and their autism is recognized