User-centric secure cross-site interaction framework for online social networking services

Social networking service is one of major technological phenomena on Web 2.0. Hun- dreds of millions of users are posting message, photos, and videos on their profiles and interacting with other users, but the sharing and interaction are limited within the same social networking site. Although users can share some content on a social networking site with people outside of the social networking sites using a public references to their content, appropriate access control mechanisms are not supported. In this dissertation, we outline a cross-site interaction framework and identity mapping approaches that enable social net- work users to share their content across social networking sites. We propose a cross-site interaction framework x-mngr, allowing users to interact with others on other social net- working sites, with a cross-site access control policy. We also propose identity-mapping approaches that map user’s identities across social networking sites. The partial mapping approach based on a supervised learning mechanism which provides user’s identity map- ping based on a training set composed of a small subset of the profile mappings. We provide mechanisms to enable users to fuse identity-mapping decisions that are provided by their friends or others on the social network. Furthermore, we propose a Game With A Purpose (GWAP) approach that provides identity-mappings using a social network game. The proposed framework and game are implemented on real social networking sites such as Facebook and MySpace. The experiments are performed to evaluate the feasibility of our approaches. A user study is also performed and the result is included as part of our evaluation efforts for the proposed framework

A SEMANTIC BASED POLICY MANAGEMENT FRAMEWORK FOR CLOUD COMPUTING ENVIRONMENTS

Cloud computing paradigm has gained tremendous momentum and generated intensive interest. Although security issues are delaying its fast adoption, cloud computing is an unstoppable force and we need to provide security mechanisms to ensure its secure adoption. In this dissertation, we mainly focus on issues related to policy management and access control in the cloud. Currently, users have to use diverse access control mechanisms to protect their data when stored on the cloud service providers (CSPs). Access control policies may be specified in different policy languages and heterogeneity of access policies pose significant problems.An ideal policy management system should be able to work with all data regardless of where they are stored. Semantic Web technologies when used for policy management, can help address the crucial issues of interoperability of heterogeneous CSPs. In this dissertation, we propose a semantic based policy management framework for cloud computing environments which consists of two main components, namely policy management and specification component and policy evolution component. In the policy management and specification component, we first introduce policy management as a service (PMaaS), a cloud based policy management framework that give cloud users a unified control point for specifying authorization policies, regardless of where the data is stored. Then, we present semantic based policy management framework which enables users to specify access control policies using semantic web technologies and helps address heterogeneity issues of cloud computing environments. We also model temporal constraints and restrictions in GTRBAC using OWL and show how ontologies can be used to specify temporal constraints. We present a proof of concept implementation of the proposed framework and provide some performance evaluation. In the policy evolution component, we propose to use role mining techniques to deal with policy evolution issues and present StateMiner, a heuristic algorithm to find an RBAC state as close as possible to both the deployed RBAC state and the optimal state. We also implement the proposed algorithm and perform some experiments to demonstrate its effectiveness

DESIGN AND EXPLORATION OF NEW MODELS FOR SECURITY AND PRIVACY-SENSITIVE COLLABORATION SYSTEMS

Collaboration has been an area of interest in many domains including education, research, healthcare supply chain, Internet of things, and music etc. It enhances problem solving through expertise sharing, ideas sharing, learning and resource sharing, and improved decision making. To address the limitations in the existing literature, this dissertation presents a design science artifact and a conceptual model for collaborative environment. The first artifact is a blockchain based collaborative information exchange system that utilizes blockchain technology and semi-automated ontology mappings to enable secure and interoperable health information exchange among different health care institutions. The conceptual model proposed in this dissertation explores the factors that influences professionals continued use of video- conferencing applications. The conceptual model investigates the role the perceived risks and benefits play in influencing professionals’ attitude towards VC apps and consequently its active and automatic use

Bootstrapping security policies for wearable Apps using attributed structural graphs

We address the problem of bootstrapping security and privacy policies for newly-deployed apps in wireless body area networks (WBAN) composed of smartphones, sensors and other wearable devices. We introduce a framework to model such a WBAN as an undirected graph whose vertices correspond to devices, apps and app resources, while edges model structural relationships among them. This graph is then augmented with attributes capturing the features of each entity together with user-defined tags. We then adapt available graph-based similarity metrics to find the closest app to a new one to be deployed, with the aim of reusing, and possibly adapting, its security policy. We illustrate our approach through a detailed smartphone ecosystem case study. Our results suggest that the scheme can provide users with a reasonably good policy that is consistent with the user’s security preferences implicitly captured by policies already in place.MINECO grant TIN2013-46469-R (SPINY: Security and Privacy in the Internet of You)

Ditto: Towards Decentralised Similarity Search for Web3 Services

The Web has become an integral part of life, and over the past decade, it has become increasingly centralised, leading to a number of challenges such as censorship and control, particularly in search engines. Recently, the paradigm of the decentralised Web (DWeb), or Web3, has emerged, which aims to provide decentralised alternatives to current systems with decentralised control, transparency, and openness. In this paper we introduce Ditto, a decentralised search mechanism for DWeb content, based on similarity search. Ditto uses locality sensitive hashing (LSH) to extract similarity signatures and records from content, which are stored on a decentralised index on top of a distributed hash table (DHT). Ditto uniquely supports numerous underlying content networks and types, and supports various use-cases, including keyword-search. Our evaluation shows that our system is feasible and that our search quality, delay, and overhead are comparable to those currently accepted by users of DWeb and search systems

Cloud technology options towards Free Flow of Data

This whitepaper collects the technology solutions that the projects in the Data Protection, Security and Privacy Cluster propose to address the challenges raised by the working areas of the Free Flow of Data initiative. The document describes the technologies, methodologies, models, and tools researched and developed by the clustered projects mapped to the ten areas of work of the Free Flow of Data initiative. The aim is to facilitate the identification of the state-of-the-art of technology options towards solving the data security and privacy challenges posed by the Free Flow of Data initiative in Europe. The document gives reference to the Cluster, the individual projects and the technologies produced by them

Machine Learning and Big Data Methodologies for Network Traffic Monitoring

Over the past 20 years, the Internet saw an exponential grown of traffic, users, services and applications. Currently, it is estimated that the Internet is used everyday by more than 3.6 billions users, who generate 20 TB of traffic per second. Such a huge amount of data challenge network managers and analysts to understand how the network is performing, how users are accessing resources, how to properly control and manage the infrastructure, and how to detect possible threats. Along with mathematical, statistical, and set theory methodologies machine learning and big data approaches have emerged to build systems that aim at automatically extracting information from the raw data that the network monitoring infrastructures offer. In this thesis I will address different network monitoring solutions, evaluating several methodologies and scenarios. I will show how following a common workflow, it is possible to exploit mathematical, statistical, set theory, and machine learning methodologies to extract meaningful information from the raw data. Particular attention will be given to machine learning and big data methodologies such as DBSCAN, and the Apache Spark big data framework. The results show that despite being able to take advantage of mathematical, statistical, and set theory tools to characterize a problem, machine learning methodologies are very useful to discover hidden information about the raw data. Using DBSCAN clustering algorithm, I will show how to use YouLighter, an unsupervised methodology to group caches serving YouTube traffic into edge-nodes, and latter by using the notion of Pattern Dissimilarity, how to identify changes in their usage over time. By using YouLighter over 10-month long races, I will pinpoint sudden changes in the YouTube edge-nodes usage, changes that also impair the end users’ Quality of Experience. I will also apply DBSCAN in the deployment of SeLINA, a self-tuning tool implemented in the Apache Spark big data framework to autonomously extract knowledge from network traffic measurements. By using SeLINA, I will show how to automatically detect the changes of the YouTube CDN previously highlighted by YouLighter. Along with these machine learning studies, I will show how to use mathematical and set theory methodologies to investigate the browsing habits of Internauts. By using a two weeks dataset, I will show how over this period, the Internauts continue discovering new websites. Moreover, I will show that by using only DNS information to build a profile, it is hard to build a reliable profiler. Instead, by exploiting mathematical and statistical tools, I will show how to characterize Anycast-enabled CDNs (A-CDNs). I will show that A-CDNs are widely used either for stateless and stateful services. That A-CDNs are quite popular, as, more than 50% of web users contact an A-CDN every day. And that, stateful services, can benefit of A-CDNs, since their paths are very stable over time, as demonstrated by the presence of only a few anomalies in their Round Trip Time. Finally, I will conclude by showing how I used BGPStream an open-source software framework for the analysis of both historical and real-time Border Gateway Protocol (BGP) measurement data. By using BGPStream in real-time mode I will show how I detected a Multiple Origin AS (MOAS) event, and how I studies the black-holing community propagation, showing the effect of this community in the network. Then, by using BGPStream in historical mode, and the Apache Spark big data framework over 16 years of data, I will show different results such as the continuous growth of IPv4 prefixes, and the growth of MOAS events over time. All these studies have the aim of showing how monitoring is a fundamental task in different scenarios. In particular, highlighting the importance of machine learning and of big data methodologies

Actions speak louder than words: Semi-supervised learning for browser fingerprinting detection

As online tracking continues to grow, existing anti-tracking and fingerprinting detection techniques that require significant manual input must be augmented. Heuristic approaches to fingerprinting detection are precise but must be carefully curated. Supervised machine learning techniques proposed for detecting tracking require manually generated label-sets. Seeking to overcome these challenges, we present a semi-supervised machine learning approach for detecting fingerprinting scripts. Our approach is based on the core insight that fingerprinting scripts have similar patterns of API access when generating their fingerprints, even though their access patterns may not match exactly. Using this insight, we group scripts by their JavaScript (JS) execution traces and apply a semi-supervised approach to detect new fingerprinting scripts. We detail our methodology and demonstrate its ability to identify the majority of scripts ($\geqslant$94.9%) identified by existing heuristic techniques. We also show that the approach expands beyond detecting known scripts by surfacing candidate scripts that are likely to include fingerprinting. Through an analysis of these candidate scripts we discovered fingerprinting scripts that were missed by heuristics and for which there are no heuristics. In particular, we identified over one hundred device-class fingerprinting scripts present on hundreds of domains. To the best of our knowledge, this is the first time device-class fingerprinting has been measured in the wild. These successes illustrate the power of a sparse vector representation and semi-supervised learning to complement and extend existing tracking detection techniques

Virtual assistants in customer interface

This thesis covers use of virtual assistants from a user organization’s perspective, exploring challenges and opportunities related to introducing virtual assistants to an organization’s customer interface. Research related to virtual assistants is spread over many distinct fields of research spanning several decades. However, widespread use of virtual assistants in organizations customer interface is a relatively new and constantly evolving phenomenon. Scientific research is lacking when it comes to current use of virtual assistants and user organization’s considerations related to it. A qualitative, semi-systematic literature review method is used to analyse progression of research related to virtual assistants, aiming to identify major trends. Several fields of research that cover virtual assistants from different perspectives are explored, focusing primarily on Human-Computer Interaction and Natural Language Processing. Additionally, a case study of a Finnish insurance company’s use of virtual assistants supports the literature review and helps understand the user organization’s perspective. This thesis describes how key technologies have progressed, gives insight on current issues that affect organizations and points out opportunities related to virtual assistants in the future. Interviews related to the case study give a limited understanding as to what challenges are currently at the forefront when it comes to using this new technology in the insurance industry. The case study and literature review clearly point out that use of virtual assistants is hindered my various practical challenges. Some practical challenges related to making a virtual assistant useful for an organization seem to be industry-specific, for example issues related to giving advice about insurance products. Other challenges are more general, for example unreliability of customer feedback. Different customer segments have different attitudes towards interacting with virtual assistants, from positive to negative, making the technology a clearly polarizing issue. However, customers in general seem to be becoming more accepting towards the technology in the long term. More research is needed to understand future potential of virtual assistants in customer interactions and customer relationship management.Tämä tutkielma tutkii virtuaaliassistenttien käyttöä käyttäjäorganisaation perspektiivistä, antaen käsityksen mitä haasteita ja mahdollisuuksia liittyy virtuaaliassistenttien käyttöönottoon organisaation asiakasrajapinnassa. Virtuaaliassistentteihin liittyvä tutkimus jakautuu monien eri tutkimusalojen alaisuuteen ja useiden vuosikymmenien ajalle. Laajamittainen virtuaaliassistenttien käyttö asiakasrajapinnassa on kuitenkin verrattain uusi ja jatkuvasti kehittyvä ilmiö. Tieteellinen tutkimus joka liittyy virtuaaliassistenttien nykyiseen käyttöön ja käyttäjäorganisaation huomioon otetaviin asioihin on puutteellista. Tämä tutkielma käyttää kvalitatiivista, puolisystemaattista kirjallisuusanalyysimetodia tutkiakseen virtuaaliassistentteihin liittyviä kehityskulkuja, tarkoituksena tunnistaa merkittäviä trendejä. Tutkimus kattaa useita tutkimusaloja jotka käsittelevät virtuaaliassistentteja eri näkökulmista, keskittyen pääasiassa Human-Computer Interaction- sekä Natural Language Processing -tutkimusaloihin. Lisäksi tutkielmassa on tapaustutkimus suomalaisen vakuutusyhtiön virtuaaliassistenttien käytöstä, joka tukee kirjallisuusanalyysiä ja auttaa ymmärtämään käyttäjäorganisaation perspektiiviä. Tutkielma kuvailee kuinka keskeiset teknologiat ovat kehittyneet, auttaa ymmärtämään tämänhetkisiä ongelmia jotka koskettavat organisaatioita sekä esittelee virtuaaliassistentteihin liittyviä mahdollisuuksia tulevaisuudessa. Tapaustutkimukseen liittyvät haastattelut antavat rajoitetun kuvan kyseisen uuden teknologian käyttöön liittyvistä haasteista vakuutusalalla. Tapaustutkimus ja kirjallisuusanalyysi osoittavat että virtuaaliassistenttien käyttöönottoon liittyy erilaisia käytännön haasteita. Jotkut haasteet vaikuttavat olevan toimialakohtaisia, liittyen esimerkiksi vakuutustuotteita koskeviin neuvoihin. Toiset haasteet taas ovat yleisempiä, liittyen esimerkiksi asiakaspalautteen epäluotettavuuteen. Eri asiakassegmenteillä on erilaisia asenteita virtuaaliassistentteja kohtaan, vaihdellen positiivisesta negatiiviseen, joten kyseinen teknologia on selvästi polarisoiva aihe. Pitkällä aikavälillä asiakkaiden asenteet teknologiaa kohtaan vaikuttavat kuitenkin muuttuvan hyväksyvämpään suuntaan. Lisää tutkimusta tarvitaan jotta voidaan ymmärtää virtuaaliassistenttien tulevaisuuden potentiaalia asiakaskohtaamisissa ja asiakkuudenhallinnassa