366 research outputs found

    The Five Internet Rights

    Get PDF
    Since the dawn of the commercial internet, content moderation has operated under an implicit social contract that website operators could accept or reject users and content as they saw fit, but users in turn could self-publish their views on their own websites if no one else would have them. However, as online service providers and activists have become ever more innovative and aggressive in their efforts to deplatform controversial speakers, content moderation has progressively moved down into the core infrastructure of the internet, targeting critical resources, such as networks, domain names, and IP addresses, on which all websites depend. These innovations point to a world in which it may soon be possible for private gatekeepers to exclude unpopular users, groups, or viewpoints from the internet altogether, a phenomenon I call viewpoint foreclosure. For more than three decades, internet scholars have searched, in vain, for a unifying theory of interventionism—a set of principles to guide when the law should intervene in the private moderation of lawful online content and what that intervention should look like. These efforts have failed precisely because they have focused on the wrong gatekeepers, scrutinizing the actions of social media companies, search engines, and other third-party websites—entities that directly publish, block, or link to user-generated content—while ignoring the core resources and providers that make internet speech possible in the first place. This Article is the first to articulate a workable theory of interventionism by focusing on the far more fundamental question of whether users should have any right to express themselves on the now fully privatized internet. By articulating a new theory premised on viewpoint access—the right to express one’s views on the internet itself (rather than on any individual website)—I argue that the law need take account of only five basic non-discrimination rights to protect online expression from private interference—namely, the rights of connectivity, addressability, nameability, routability, and accessibility. Looking to property theory, internet architecture, and economic concepts around market entry barriers, it becomes clear that as long as these five fundamental internet rights are respected, users are never truly prevented from competing in the online marketplace of ideas, no matter the actions of any would-be deplatformer

    A Low-Energy Security Solution for IoT-Based Smart Farms

    Get PDF
    This work proposes a novel configuration of the Transport Layer Security protocol (TLS), suitable for low energy Internet of Things (IoT), applications. The motivation behind the redesign of TLS is energy consumption minimisation and sustainable farming, as exemplified by an application domain of aquaponic smart farms. The work therefore considers decentralisation of a formerly centralised security model, with a focus on reducing energy consumption for battery powered devices. The research presents a four-part investigation into the security solution, composed of a risk assessment, energy analysis of authentication and data exchange functions, and finally the design and verification of a novel consensus authorisation mechanism. The first investigation considered traditional risk-driven threat assessment, but to include energy reduction, working towards device longevity within a content-oriented framework. Since the aquaponics environments include limited but specific data exchanges, a content-oriented approach produced valuable insights into security and privacy requirements that would later be tested by implementing a variety of mechanisms available on the ESP32. The second and third investigations featured the energy analysis of authentication and data exchange functions respectively, where the results of the risk assessment were implemented to compare the re-configurations of TLS mechanisms and domain content. Results concluded that selective confidentiality and persistent secure sessions between paired devices enabled considerable improvements for energy consumptions, and were a good reflection of the possibilities suggested by the risk assessment. The fourth and final investigation proposed a granular authorisation design to increase the safety of access control that would otherwise be binary in TLS. The motivation was for damage mitigation from inside attacks or network faults. The approach involved an automated, hierarchy-based, decentralised network topology to reduce data duplication whilst still providing robustness beyond the vulnerability of central governance. Formal verification using model-checking indicated a safe design model, using four automated back-ends. The research concludes that lower energy IoT solutions for the smart farm application domain are possible

    CYBEREDUCATION-BY-DESIGN™: DEVELOPING A FRAMEWORK FOR CYBERSECURITY EDUCATION AT SECONDARY EDUCATION INSTITUTIONS IN ARIZONA

    Get PDF
    Most survey results agree that there is a current and ongoing shortage of skilled cybersecurity workers that places our privacy, infrastructure, and nation at risk. Estimates for the global Cybersecurity Workforce Gap range from 2.72 million (ISC2, 2021) to 3.5 million (Cyber Academy, 2021) for 2021 and the United States estimates range from 465,000 (Brooks, 2021) to over 769,000 (Cyber Seek, 2022) open jobs as of November 2022. The most optimistic estimates still demonstrate a critical issue. As cybersecurity threats continue to grow in sophistication, scope, and scale, the ability to secure the United States from these threats lies in the ability to develop cybersecurity professionals with the knowledge, skills, and abilities (KSAs) to accomplish the tasks associated with their cyber roles. The ability to supply qualified cybersecurity professionals is outpaced by the growing demand as previously outlined. This study proposes that conducting a case study of existing cybersecurity programs at secondary education institutions can identify the critical elements of these programs. These elements can be codified into program profiles and further refined into a comprehensive cybersecurity education framework for secondary education institutions. This framework can be used by school districts throughout Arizona to develop cybersecurity programs and ultimately develop qualified and competent cybersecurity professionals to overcome the cybersecurity workforce gap

    Modeling of Advanced Threat Actors: Characterization, Categorization and Detection

    Full text link
    Tesis por compendio[ES] La información y los sistemas que la tratan son un activo a proteger para personas, organizaciones e incluso países enteros. Nuestra dependencia en las tecnologías de la información es cada día mayor, por lo que su seguridad es clave para nuestro bienestar. Los beneficios que estas tecnologías nos proporcionan son incuestionables, pero su uso también introduce riesgos que ligados a nuestra creciente dependencia de las mismas es necesario mitigar. Los actores hostiles avanzados se categorizan principalmente en grupos criminales que buscan un beneficio económico y en países cuyo objetivo es obtener superioridad en ámbitos estratégicos como el comercial o el militar. Estos actores explotan las tecnologías, y en particular el ciberespacio, para lograr sus objetivos. La presente tesis doctoral realiza aportaciones significativas a la caracterización de los actores hostiles avanzados y a la detección de sus actividades. El análisis de sus características es básico no sólo para conocer a estos actores y sus operaciones, sino para facilitar el despliegue de contramedidas que incrementen nuestra seguridad. La detección de dichas operaciones es el primer paso necesario para neutralizarlas, y por tanto para minimizar su impacto. En el ámbito de la caracterización, este trabajo profundiza en el análisis de las tácticas y técnicas de los actores. Dicho análisis siempre es necesario para una correcta detección de las actividades hostiles en el ciberespacio, pero en el caso de los actores avanzados, desde grupos criminales hasta estados, es obligatorio: sus actividades son sigilosas, ya que el éxito de las mismas se basa, en la mayor parte de casos, en no ser detectados por la víctima. En el ámbito de la detección, este trabajo identifica y justifica los requisitos clave para poder establecer una capacidad adecuada frente a los actores hostiles avanzados. Adicionalmente, proporciona las tácticas que deben ser implementadas en los Centros de Operaciones de Seguridad para optimizar sus capacidades de detección y respuesta. Debemos destacar que estas tácticas, estructuradas en forma de kill-chain, permiten no sólo dicha optimización, sino también una aproximación homogénea y estructurada común para todos los centros defensivos. En mi opinión, una de las bases de mi trabajo debe ser la aplicabilidad de los resultados. Por este motivo, el análisis de tácticas y técnicas de los actores de la amenaza está alineado con el principal marco de trabajo público para dicho análisis, MITRE ATT&CK. Los resultados y propuestas de esta investigación pueden ser directamente incluidos en dicho marco, mejorando así la caracterización de los actores hostiles y de sus actividades en el ciberespacio. Adicionalmente, las propuestas para mejorar la detección de dichas actividades son de aplicación directa tanto en los Centros de Operaciones de Seguridad actuales como en las tecnologías de detección más comunes en la industria. De esta forma, este trabajo mejora de forma significativa las capacidades de análisis y detección actuales, y por tanto mejora a su vez la neutralización de operaciones hostiles. Estas capacidades incrementan la seguridad global de todo tipo de organizaciones y, en definitiva, de nuestra sociedad.[CA] La informació i els sistemas que la tracten són un actiu a protegir per a persones, organitzacions i fins i tot països sencers. La nostra dependència en les tecnologies de la informació es cada dia major, i per aixó la nostra seguretat és clau per al nostre benestar. Els beneficis que aquestes tecnologies ens proporcionen són inqüestionables, però el seu ús també introdueix riscos que, lligats a la nostra creixent dependència de les mateixes és necessari mitigar. Els actors hostils avançats es categoritzen principalment en grups criminals que busquen un benefici econòmic i en països el objectiu dels quals és obtindre superioritat en àmbits estratègics, com ara el comercial o el militar. Aquests actors exploten les tecnologies, i en particular el ciberespai, per a aconseguir els seus objectius. La present tesi doctoral realitza aportacions significatives a la caracterització dels actors hostils avançats i a la detecció de les seves activitats. L'anàlisi de les seves característiques és bàsic no solament per a conéixer a aquests actors i les seves operacions, sinó per a facilitar el desplegament de contramesures que incrementen la nostra seguretat. La detección de aquestes operacions és el primer pas necessari per a netralitzar-les, i per tant, per a minimitzar el seu impacte. En l'àmbit de la caracterització, aquest treball aprofundeix en l'anàlisi de lestàctiques i tècniques dels actors. Aquesta anàlisi sempre és necessària per a una correcta detecció de les activitats hostils en el ciberespai, però en el cas dels actors avançats, des de grups criminals fins a estats, és obligatòria: les seves activitats són sigiloses, ja que l'éxit de les mateixes es basa, en la major part de casos, en no ser detectats per la víctima. En l'àmbit de la detecció, aquest treball identifica i justifica els requisits clau per a poder establir una capacitat adequada front als actors hostils avançats. Adicionalment, proporciona les tàctiques que han de ser implementades en els Centres d'Operacions de Seguretat per a optimitzar les seves capacitats de detecció i resposta. Hem de destacar que aquestes tàctiques, estructurades en forma de kill-chain, permiteixen no només aquesta optimització, sinò tambié una aproximació homogènia i estructurada comú per a tots els centres defensius. En la meva opinio, una de les bases del meu treball ha de ser l'aplicabilitat dels resultats. Per això, l'anàlisi de táctiques i tècniques dels actors de l'amenaça està alineada amb el principal marc públic de treball per a aquesta anàlisi, MITRE ATT&CK. Els resultats i propostes d'aquesta investigació poden ser directament inclosos en aquest marc, millorant així la caracterització dels actors hostils i les seves activitats en el ciberespai. Addicionalment, les propostes per a millorar la detecció d'aquestes activitats són d'aplicació directa tant als Centres d'Operacions de Seguretat actuals com en les tecnologies de detecció més comuns de la industria. D'aquesta forma, aquest treball millora de forma significativa les capacitats d'anàlisi i detecció actuals, i per tant millora alhora la neutralització d'operacions hostils. Aquestes capacitats incrementen la seguretat global de tot tipus d'organitzacions i, en definitiva, de la nostra societat.[EN] Information and its related technologies are a critical asset to protect for people, organizations and even whole countries. Our dependency on information technologies increases every day, so their security is a key issue for our wellness. The benefits that information technologies provide are questionless, but their usage also presents risks that, linked to our growing dependency on technologies, we must mitigate. Advanced threat actors are mainly categorized in criminal gangs, with an economic goal, and countries, whose goal is to gain superiority in strategic affairs such as commercial or military ones. These actors exploit technologies, particularly cyberspace, to achieve their goals. This PhD Thesis significantly contributes to advanced threat actors' categorization and to the detection of their hostile activities. The analysis of their features is a must not only to know better these actors and their operations, but also to ease the deployment of countermeasures that increase our security. The detection of these operations is a mandatory first step to neutralize them, so to minimize their impact. Regarding characterization, this work delves into the analysis of advanced threat actors' tactics and techniques. This analysis is always required for an accurate detection of hostile activities in cyberspace, but in the particular case of advances threat actors, from criminal gangs to nation-states, it is mandatory: their activities are stealthy, as their success in most cases relies on not being detected by the target. Regarding detection, this work identifies and justifies the key requirements to establish an accurate response capability to face advanced threat actors. In addition, this work defines the tactics to be deployed in Security Operations Centers to optimize their detection and response capabilities. It is important to highlight that these tactics, with a kill-chain arrangement, allow not only this optimization, but particularly a homogeneous and structured approach, common to all defensive centers. In my opinion, one of the main bases of my work must be the applicability of its results. For this reason, the analysis of threat actors' tactics and techniques is aligned with the main public framework for this analysis, MITRE ATT&CK. The results and proposals from this research can be directly included in this framework, improving the threat actors' characterization, as well as their cyberspace activities' one. In addition, the proposals to improve these activities' detection are directly applicable both in current Security Operations Centers and in common industry technologies. In this way, I consider that this work significantly improves current analysis and detection capabilities, and at the same time it improves hostile operations' neutralization. These capabilities increase global security for all kind of organizations and, definitely, for our whole society.Villalón Huerta, A. (2023). Modeling of Advanced Threat Actors: Characterization, Categorization and Detection [Tesis doctoral]. Universitat Politècnica de València. https://doi.org/10.4995/Thesis/10251/193855Compendi

    Z-Numbers-Based Approach to Hotel Service Quality Assessment

    Get PDF
    In this study, we are analyzing the possibility of using Z-numbers for measuring the service quality and decision-making for quality improvement in the hotel industry. Techniques used for these purposes are based on consumer evalu- ations - expectations and perceptions. As a rule, these evaluations are expressed in crisp numbers (Likert scale) or fuzzy estimates. However, descriptions of the respondent opinions based on crisp or fuzzy numbers formalism not in all cases are relevant. The existing methods do not take into account the degree of con- fidence of respondents in their assessments. A fuzzy approach better describes the uncertainties associated with human perceptions and expectations. Linguis- tic values are more acceptable than crisp numbers. To consider the subjective natures of both service quality estimates and confidence degree in them, the two- component Z-numbers Z = (A, B) were used. Z-numbers express more adequately the opinion of consumers. The proposed and computationally efficient approach (Z-SERVQUAL, Z-IPA) allows to determine the quality of services and iden- tify the factors that required improvement and the areas for further development. The suggested method was applied to evaluate the service quality in small and medium-sized hotels in Turkey and Azerbaijan, illustrated by the example

    Women in Artificial intelligence (AI)

    Get PDF
    This Special Issue, entitled "Women in Artificial Intelligence" includes 17 papers from leading women scientists. The papers cover a broad scope of research areas within Artificial Intelligence, including machine learning, perception, reasoning or planning, among others. The papers have applications to relevant fields, such as human health, finance, or education. It is worth noting that the Issue includes three papers that deal with different aspects of gender bias in Artificial Intelligence. All the papers have a woman as the first author. We can proudly say that these women are from countries worldwide, such as France, Czech Republic, United Kingdom, Australia, Bangladesh, Yemen, Romania, India, Cuba, Bangladesh and Spain. In conclusion, apart from its intrinsic scientific value as a Special Issue, combining interesting research works, this Special Issue intends to increase the invisibility of women in AI, showing where they are, what they do, and how they contribute to developments in Artificial Intelligence from their different places, positions, research branches and application fields. We planned to issue this book on the on Ada Lovelace Day (11/10/2022), a date internationally dedicated to the first computer programmer, a woman who had to fight the gender difficulties of her times, in the XIX century. We also thank the publisher for making this possible, thus allowing for this book to become a part of the international activities dedicated to celebrating the value of women in ICT all over the world. With this book, we want to pay homage to all the women that contributed over the years to the field of AI

    Collaborative Artificial Intelligence Development for Social Robots

    Get PDF
    The main aim of this doctoral thesis was to investigate on how to involve a community for collaborative artificial intelligence (AI) development of a social robot. The work was initiated by the author’s personal interest in developing the Sony AIBO robots that have been unavailable on the retail markets, however, user communities with special interests in these robots remained on the internet. At first, to attract people’s attention, the author developed three specific features for the robot. These consisted of teaching the robot 1) sound event recognition in order to react to environmental audio stimuli, 2) a method to detect the underlying surface under the robot, and 3) of how to recognize its own body states. As this AI development proved to be very challenging, the author decided to start a community project for artificial intelligence development. Community involvement has a long history in open-source software projects and some robotics companies tried to benefit from their userbase in product development. An active online community of Sony AIBO owners was approached to investigate factors to engage its members in the creative processes. For this purpose, 78 Sony AIBO owners were recruited online to fill a questionnaire and their data were analyzed with respect to age, gender, culture, length of ownership, user contribution, and model preference. The results revealed the motives to own these robots for many years and how these heavy users perceived their social robots after a long period in the robot acceptance phase. For example, female participants tended to have more emotional relation to their robots than male who had more technically oriented long-term engagement motivation. The user expectations were also explored by analyzing the answers to this questionnaire to discover the key needs of this user group. The results revealed that the most-wanted skills were the interaction with humans and the autonomous operation. The integration with the AI agents and Internet services was important, but the long-term memory and learning capabilities were not so relevant for the participants. The diverse preferences for robot skills led to creating a prioritized recommendation list to complement the design guidelines for social robots in the literature. In sum, the findings of this thesis showed that developing AI features for an outdated robot is possible but takes a lot of time and shared community efforts. To involve a specific community, one needs first to build up trust by working with and for the community. Also, the trust for the long-term endurance of the development project was found as a precondition for the community commitment. The discoveries of this thesis can be applied to similar types of collaborative AI developments in the future. There are significant contributions in this dissertation to robotics. First, the long-term robot usage was not studied on a years-long scale before and the most extended human-robot interactions analyzed test subjects for only a few months. A questionnaire investigated the robot owners with 1-10+ years-long ownership in this work and their attitude towards robot acceptance. The survey results helped to understand the viable strategies to engage users for a long time. Second, innovative ways were explored to involve online communities in robotics development. The past approaches introduced the community ideas and opinions into product design and innovation iterations. The community in this dissertation tested the developed AI engine, provided inputs for further development directions, created content for the actual AI and gave their feedback about product quality. These contributions advance the social robotics field

    Sonic Interactions in Virtual Environments

    Get PDF
    This open access book tackles the design of 3D spatial interactions in an audio-centered and audio-first perspective, providing the fundamental notions related to the creation and evaluation of immersive sonic experiences. The key elements that enhance the sensation of place in a virtual environment (VE) are: Immersive audio: the computational aspects of the acoustical-space properties of Virutal Reality (VR) technologies Sonic interaction: the human-computer interplay through auditory feedback in VE VR systems: naturally support multimodal integration, impacting different application domains Sonic Interactions in Virtual Environments will feature state-of-the-art research on real-time auralization, sonic interaction design in VR, quality of the experience in multimodal scenarios, and applications. Contributors and editors include interdisciplinary experts from the fields of computer science, engineering, acoustics, psychology, design, humanities, and beyond. Their mission is to shape an emerging new field of study at the intersection of sonic interaction design and immersive media, embracing an archipelago of existing research spread in different audio communities and to increase among the VR communities, researchers, and practitioners, the awareness of the importance of sonic elements when designing immersive environments
    corecore