A Data Protection Architecture for Derived Data Control in Partially Disconnected Networks

Every organisation needs to exchange and disseminate data constantly amongst its employees, members, customers and partners. Disseminated data is often sensitive or confidential and access to it should be restricted to authorised recipients. Several enterprise rights management (ERM) systems and data protection solutions have been proposed by both academia and industry to enable usage control on disseminated data, i.e. to allow data originators to retain control over whom accesses their information, under which circumstances, and how it is used. This is often obtained by means of cryptographic techniques and thus by disseminating encrypted data that only trustworthy recipients can decrypt. Most of these solutions assume data recipients are connected to the network and able to contact remote policy evaluation authorities that can evaluate usage control policies and issue decryption keys. This assumption oversimplifies the problem by neglecting situations where connectivity is not available, as often happens in crisis management scenarios. In such situations, recipients may not be able to access the information they have received. Also, while using data, recipients and their applications can create new derived information, either by aggregating data from several sources or transforming the original data’s content or format. Existing solutions mostly neglect this problem and do not allow originators to retain control over this derived data despite the fact that it may be more sensitive or valuable than the data originally disseminated. In this thesis we propose an ERM architecture that caters for both derived data control and usage control in partially disconnected networks. We propose the use of a novel policy lattice model based on information flow and mandatory access control. Sets of policies controlling the usage of data can be specified and ordered in a lattice according to the level of protection they provide. At the same time, their association with specific data objects is mandated by rules (content verification procedures) defined in a data sharing agreement (DSA) stipulated amongst the organisations sharing information. When data is transformed, the new policies associated with it are automatically determined depending on the transformation used and the policies currently associated with the input data. The solution we propose takes into account transformations that can both increase or reduce the sensitivity of information, thus giving originators a flexible means to control their data and its derivations. When data must be disseminated in disconnected environments, the movement of users and the ad hoc connections they establish can be exploited to distribute information. To allow users to decrypt disseminated data without contacting remote evaluation authorities, we integrate our architecture with a mechanism for authority devolution, so that users moving in the disconnected area can be granted the right to evaluate policies and issue decryption keys. This allows recipients to contact any nearby user that is also a policy evaluation authority to obtain decryption keys. The mechanism has been shown to be efficient so that timely access to data is possible despite the lack of connectivity. Prototypes of the proposed solutions that protect XML documents have been developed. A realistic crisis management scenario has been used to show both the flexibility of the presented approach for derived data control and the efficiency of the authority devolution solution when handling data dissemination in simulated partially disconnected networks. While existing systems do not offer any means to control derived data and only offer partial solutions to the problem of lack of connectivity (e.g. by caching decryption keys), we have defined a set of solutions that help data originators faced with the shortcomings of current proposals to control their data in innovative, problem-oriented ways

Evaluation of Trust in the Internet Of Things: Models, Mechanisms And Applications

In the blooming era of the Internet of Things (IoT), trust has become a vital factor for provisioning reliable smart services without human intervention by reducing risk in autonomous decision making. However, the merging of physical objects, cyber components and humans in the IoT infrastructure has introduced new concerns for the evaluation of trust. Consequently, a large number of trust-related challenges have been unsolved yet due to the ambiguity of the concept of trust and the variety of divergent trust models and management mechanisms in different IoT scenarios. In this PhD thesis, my ultimate goal is to propose an efficient and practical trust evaluation mechanisms for any two entities in the IoT. To achieve this goal, the first important objective is to augment the generic trust concept and provide a conceptual model of trust in order to come up with a comprehensive understanding of trust, influencing factors and possible Trust Indicators (TI) in the context of IoT. Following the catalyst, as the second objective, a trust model called REK comprised of the triad Reputation, Experience and Knowledge TIs is proposed which covers multi-dimensional aspects of trust by incorporating heterogeneous information from direct observation, personal experiences to global opinions. The mathematical models and evaluation mechanisms for the three TIs in the REK trust model are proposed. Knowledge TI is as “direct trust” rendering a trustor’s understanding of a trustee in respective scenarios that can be obtained based on limited available information about characteristics of the trustee, environment and the trustor’s perspective using a variety of techniques. Experience and Reputation TIs are originated from social features and extracted based on previous interactions among entities in IoT. The mathematical models and calculation mechanisms for the Experience and Reputation TIs also proposed leveraging sociological behaviours of humans in the real-world; and being inspired by the Google PageRank in the web-ranking area, respectively. The REK Trust Model is also applied in variety of IoT scenarios such as Mobile Crowd-Sensing (MCS), Car Sharing service, Data Sharing and Exchange platform in Smart Cities and in Vehicular Networks; and for empowering Blockchain-based systems. The feasibility and effectiveness of the REK model and associated evaluation mechanisms are proved not only by the theoretical analysis but also by real-world applications deployed in our ongoing TII and Wise-IoT projects

Continuous trust management frameworks : concept, design and characteristics

PhD ThesisA Trust Management Framework is a collection of technical components and governing rules and contracts to establish secure, confidential, and Trustworthy transactions among the Trust Stakeholders whether they are Users, Service Providers, or Legal Authorities. Despite the presence of many Trust Frameworks projects, they still fail at presenting a mature Framework that can be Trusted by all its Stakeholders. Particularly speaking, most of the current research focus on the Security aspects that may satisfy some Stakeholders but ignore other vital Trust Properties like Privacy, Legal Authority Enforcement, Practicality, and Customizability. This thesis is all about understanding and utilising the state of the art technologies of Trust Management to come up with a Trust Management Framework that could be Trusted by all its Stakeholders by providing a Continuous Data Control where the exchanged data would be handled in a Trustworthy manner before and after the data release from one party to another. For that we call it: Continuous Trust Management Framework. In this thesis, we present a literature survey where we illustrate the general picture of the current research main categorise as well as the main Trust Stakeholders, Trust Challenges, and Trust Requirements. We picked few samples representing each of the main categorise in the literature of Trust Management Frameworks for detailed comparison to understand the strengths and weaknesses of those categorise. Showing that the current Trust Management Frameworks are focusing on fulfilling most of the Trust Attributes needed by the Trust Stakeholders except for the Continuous Data Control Attribute, we argued for the vitality of our proposed generic design of the Continuous Trust Management Framework. To demonstrate our Design practicality, we present a prototype implementing its basic Stakeholders like the Users, Service Providers, Identity Provider, and Auditor on top of the OpenID Connect protocol. The sample use-case of our prototype is to protect the Users’ email addresses. That is, Users would ask for their emails not to be iii shared with third parties but some Providers would act maliciously and share these emails with third parties who would, in turn, send spam emails to the victim Users. While the prototype Auditor would be able to protect and track data before their release to the Service Providers, it would not be able to enforce the data access policy after release. We later generalise our sample use-case to cover various Mass Active Attacks on Users’ Credentials like, for example, using stolen credit cards or illegally impersonating third-party identity. To protect the Users’ Credentials after release, we introduce a set of theories and building blocks to aid our Continuous Trust Framework’s Auditor that would act as the Trust Enforcement point. These theories rely primarily on analysing the data logs recorded by our prototype prior to releasing the data. To test our theories, we present a Simulation Model of the Auditor to optimise its parameters. During some of our Simulation Stages, we assumed the availability of a Data Governance Unit, DGU, that would provide hardware roots of Trust. This DGU is to be installed in the Service Providers’ server-side to govern how they handle the Users’ data. The final simulation results include a set of different Defensive Strategies’ Flavours that could be utilized by the Auditor depending on the environment where it operates. This thesis concludes with the fact that utilising Hard Trust Measures such as DGU without effective Defensive Strategies may not provide the ultimate Trust solution. That is especially true at the bootstrapping phase where Service Providers would be reluctant to adopt a restrictive technology like our proposed DGU. Nevertheless, even in the absence of the DGU technology now, deploying the developed Defensive Strategies’ Flavours that do not rely on DGU would still provide significant improvements in terms of enforcing Trust even after data release compared to the currently widely deployed Strategy: doing nothing!Public Authority for Applied Education and Training in Kuwait, PAAET

Blockchain and Internet of Things in smart cities and drug supply management: Open issues, opportunities, and future directions

Blockchain-based drug supply management (DSM) requires powerful security and privacy procedures for high-level authentication, interoperability, and medical record sharing. Researchers have shown a surprising interest in Internet of Things (IoT)-based smart cities in recent years. By providing a variety of intelligent applications, such as intelligent transportation, industry 4.0, and smart financing, smart cities (SC) can improve the quality of life for their residents. Blockchain technology (BCT) can allow SC to offer a higher standard of security by keeping track of transactions in an immutable, secure, decentralized, and transparent distributed ledger. The goal of this study is to systematically explore the current state of research surrounding cutting-edge technologies, particularly the deployment of BCT and the IoT in DSM and SC. In this study, the defined keywords “blockchain”, “IoT”, drug supply management”, “healthcare”, and “smart cities” as well as their variations were used to conduct a systematic search of all relevant research articles that were collected from several databases such as Science Direct, JStor, Taylor & Francis, Sage, Emerald insight, IEEE, INFORMS, MDPI, ACM, Web of Science, and Google Scholar. The final collection of papers on the use of BCT and IoT in DSM and SC is organized into three categories. The first category contains articles about the development and design of DSM and SC applications that incorporate BCT and IoT, such as new architecture, system designs, frameworks, models, and algorithms. Studies that investigated the use of BCT and IoT in the DSM and SC make up the second category of research. The third category is comprised of review articles regarding the incorporation of BCT and IoT into DSM and SC-based applications. Furthermore, this paper identifies various motives for using BCT and IoT in DSM and SC, as well as open problems and makes recommendations. The current study contributes to the existing body of knowledge by offering a complete review of potential alternatives and finding areas where further research is needed. As a consequence of this, researchers are presented with intriguing potential to further create decentralized DSM and SC apps as a result of a comprehensive discussion of the relevance of BCT and its implementation.© 2023 The Author(s). Published by Elsevier B.V. This is an open access article under the CC BY license (http://creativecommons.org/licenses/by/4.0/).fi=vertaisarvioitu|en=peerReviewed

A Qualitative Investigation into the Academic Advisors’ Perceptions of Best Advisement Practices

This study aimed to better understand academic advising by examining the perspectives of academic advisors at a Georgia Research 1 institution located in a large city. Initially, the purpose of this case study was to learn more about how academic advisors view effective strategies for boosting their students\u27 performance. Nine academic advisors from a multi-campus institution in the southeastern United States were interviewed for this qualitative study. The participants were asked to complete 30 to 60-minute interviews with the researcher. By evaluating the personal responses used throughout the study, the researcher could identify frequent themes during data collection and analysis. The themes found through the data collection process were interpersonal relationships, progression to graduation, and challenges. The themes related to effective advising strategies were interpersonal relationships and progression to graduation and the themes for barriers were the challenges: department cohesiveness, lack of advisor training, staff retention, and additional advisors. The findings of this research could be used by educational institutions to enhance their academic advising services

Political Culture, Policy Liberalism, and the Strength of Journalist\u27s Privilege in the States

This study examined the relationships between the strength of states\u27 journalist\u27s privileges and state characteristics. The state characteristics included political culture and policy liberalism. The study created an index to identify and score several important components of journalist\u27s privilege in each state. The various components included the legal source of the privilege, when journalists could use the privilege, what types of information the privilege protected, and who could invoke the privilege. The study then used statistical tests to test the relationships between state characteristics and privilege strength. The results indicated that policy liberalism was a significant predictor of a state\u27s journalist\u27s privilege strength. Political culture was not related to privilege strength. In a larger context, the study\u27s results added evidence to a larger trend that policy liberalism influences state media law. The results also found that several states limited journalist\u27s privilege to traditional journalists. Only a small number of states have extended the privilege to non-traditional journalists, such as Internet journalists and book authors

Modelling information behaviour : linking information seeking and communication

Over many years much academic research has been carried out in the field of library and information science (US) into the information-seeking behaviour of individuals, and many models and theories of such behaviour have been put forward. Similarly, over an even longer period, there has been much research in the field of communication stud ies, particularly mass communications, and a large number of models of communication behaviour have been described. The research described in this thesis sets out to build on this work, learning from both fields, in order to develop a more comprehensive representation of information behaviour. Existing models were analysed to identify important elements of information behaviour and from these the new Information Seeking and Communication Model (ISCM) was formulated. This is the first time that a model of information behaviour has been constructed in this way from a range of different models from both LIS and communication studies. The ISCM is more comprehensive in scope than previous models. Those developed in library and information science are usually concerned with the information user and information seeking, while those from communication studies typically focus on the communicator and the effectiveness of the communication process. The ISCM takes into account both information users and information providers, their separate contexts, the activities of information seeking, information use and communication, and factors that affect them. The ISCM has been designed as a generic framework capable of application in different environments. Its validity has been tested in health care, where it has been shown to apply to the information behaviour of physicians as information users and to that of pharmaceutical companies and the National Institute for Health and Care Excellence (NICE) as information providers. Its practical value has been demonstrated in evidence-based medicine (EBM), where it offers in sights into the reasons why clinical practice does not necessarily follow EBM guidelines. It has also been found to be of use in identifying areas in which users (physicians) and providers (pharmaceutical companies and NICE) can improve their information behaviour in order to achieve their goals. This thesis contributes to knowledge by building on previous research and models to develop a more comprehensive model which provides practical insights into information behaviour and which has the potential for wide application.EThOS - Electronic Theses Online ServiceGBUnited Kingdo

A Framework to Enhance Privacy-Awareness in Mobile Web Systems

In the last decade, the use of online social network sites has dramatically increased and these sites have succeeded in attracting a large number of users. The social network site has become a daily tool people use to find out about the latest news and to share details of their personal information. Many people use Internet mobile devices to browse these sites. The widespread use of some technologies unnecessarily puts the privacy of users at risk, even when these users remain anonymous. This study examines the risks to privacy surrounding the misuse of users' personal information, such as maintaining trustworthy sites, as well as privacy issues associated with sharing personal information with others. This study also develops a framework to enhance privacy awareness in mobile Web systems. A privacy framework is proposed that incorporates suitability in the design and flexibility in the use to suit different types of Web mobile devices, and provides simple ways of adjusting and creating different privacy policies. This framework allows the user to create different levels of privacy settings and to better manage the exchange of personal information with other sites. The proposed conceptual model for this study is derived from a review of the literature and the current privacy models. It shows how online users are able to create different privacy policies and set different policies to access the data. It also explains how the centrality of personal information details in one server will limit the distribution of personal information over the Internet and will provide users with more authority to control the sharing of their information with other websites. The design of the proposed framework is derived from developing other privacy models and adding new ideas that enhance the security level of protecting the privacy of users' information. The study consists of five main tasks that include two different qualitative methodologies, programming two applications and testing the framework

From Pirates to Partners: Protecting Intellectual Property in China in the Twenty-First Century

During the late 1980s and early 1990s, the United States repeatedly threatened China with a series of economic sanctions, trade wars, non-renewal of most-favored-nation status, and opposition to entry into the World Trade Organization. Such threats eventually led to compromises by the Chinese government and the signing of intellectual property agreements in 1992, 1995, and 1996. Despite these agreements, intellectual property piracy remains rampant in China. Although China initially had serious concerns about the United States\u27s threats of trade sanctions, the constant use of such threats by the U.S. government has led China to change its reaction and approach. By 1996, it had become obvious that the existing American foreign intellectual property policy was ineffective, misguided, and self-deluding. The United States not only lost its credibility, but its constant use of trade threats helped China improve its ability to resist American demands. Such threats and bullying also created hostility among the Chinese people, making the government more reluctant to adopt Western intellectual property law reforms. Thus, scholars, policymakers, and commentators have called for a critical assessment and reformulation of the existing ineffective policy. While many commentators have criticized the wrong-headed U.S.-China intellectual property policy, so far no scholarship has utilized the constructive strategic partnership model pronounced in the Joint Statement issued after the 1997 U.S.-China Summit. This Article argues that this partnership model not only presents a new model upon which the two countries are to build their diplomatic relations, but also provides a conceptual framework under which a new bilateral intellectual property policy is to be developed. This Article traces the breakdown of the American intellectual property policy toward China and examines the constructive strategic partnership model. To help policymakers formulate a new policy, this Article develops a twelve-step action plan that aims to cultivate a more stable and harmonious relationship of the two countries, to foster better mutual understanding between each other, and to promote a self-sustainable intellectual property regime in China