A Distributed Trust Framework for Privacy-Preserving Machine Learning

When training a machine learning model, it is standard procedure for the researcher to have full knowledge of both the data and model. However, this engenders a lack of trust between data owners and data scientists. Data owners are justifiably reluctant to relinquish control of private information to third parties. Privacy-preserving techniques distribute computation in order to ensure that data remains in the control of the owner while learning takes place. However, architectures distributed amongst multiple agents introduce an entirely new set of security and trust complications. These include data poisoning and model theft. This paper outlines a distributed infrastructure which is used to facilitate peer-to-peer trust between distributed agents; collaboratively performing a privacy-preserving workflow. Our outlined prototype sets industry gatekeepers and governance bodies as credential issuers. Before participating in the distributed learning workflow, malicious actors must first negotiate valid credentials. We detail a proof of concept using Hyperledger Aries, Decentralised Identifiers (DIDs) and Verifiable Credentials (VCs) to establish a distributed trust architecture during a privacy-preserving machine learning experiment. Specifically, we utilise secure and authenticated DID communication channels in order to facilitate a federated learning workflow related to mental health care data.Comment: To be published in the proceedings of the 17th International Conference on Trust, Privacy and Security in Digital Business - TrustBus202

Trust Evaluation of a System for an Activity

International audienceWhen users need to perform a digital activity, they evaluate available systems according to their functionality, ease of use, QoS, and/or economical as- pects. Recently, trust has become another key factor for such evaluation. Two main issues arise in the trust management research community. First, how to de- fine the trust in an entity, knowing that this can be a person, a digital or a physical resource. Second, how to evaluate such value of trust in a system as a whole for a particular activity. Defining and evaluating trust in systems is an open problem because there is no consensus on the used approach. In this work we propose an approach applicable to any kind of system. The distinctive feature of our pro- posal is that, besides taking into account the trust in the different entities the user depends on to perform an activity, it takes into consideration the architecture of the system to determine its trust level. Our goal is to enable users to have a per- sonal comparison between different systems for the same application needs and to choose the one satisfying their expectations. This paper introduces our approach, which is based on probability theory, and presents ongoing results

La privacidad en el diseño y el diseño de la privacidad, también desde el derecho penal

[ES] El desarrollo de tecnologías protectoras de la privacidad como camino para garantizar la posibilidad de anonimato es un tópico cada vez más presente en las legislaciones internacionales. Lo que en la actualidad se discute, y aquí se plantea, es la necesidad de intervención penal para promover, preventiva y anticipadamente, actuaciones que obliguen a dichas tecnologías.[EU] Anonimatua bermatzeko bidean pribatutasuna babestuko duten teknologiak garatzeko aukera gero eta maizago ageri da nazioarteko legedietan. Gaur egun eztabaidatzen dena zera da, beharrezkoa ote den zigorrak ezartzea modu prebentiboan eta aurretiaz sustatzeko teknologia horiek nahitaezko bilakatuko dituzten ekintzak. eztabaidagai hori aztertzen da hemen.[FR] Le développement des technologies de protection de la vie privée comme un moyen de garantir la possibilité de l’anonymat est un sujet de plus en plus présent dans les lois internationales. Ce qui est actuellement en discussion et qui se pose ici, est la nécessité d’intervention pénale pour promouvoir, d’avance et de façon préventive, des actions qui obligent ces technologies.[EN] The development of privacy-enhancing technologies as the path to anonymity is a topic increasingly present in international laws. What is currently discussed, and here arises, is the need of criminal laws to provome, in advance and with preventive intervention, actions that compel such technologies

A pattern-driven framework for monitoring security and dependability

In this paper we describe a framework that supports the dynamic configuration, adaptation and monitoring of systems that need to guarantee specific security and dependability (S&D) properties whilst operating in distributed settings. The framework is based on patterns providing abstract specifications of implementation solutions that can be used by systems in order to achieve specific S&D properties. The focus herein will be on the monitoring aspects of the framework which allow it to adapt to violations of the S&D requirements and changes to the current context

Supporting Users of Open Online Courses with Recommendations: an Algorithmic Study

Almost all studies on course recommenders in online platforms target closed online platforms that belong to a University or other provider. Recently, a demand has developed that targets open platforms. Such platforms lack rich user profiles with content metadata. Instead they log user interactions. We report on how user interactions and activities tracked in open online learning platforms may generate recommendations. We use data from the OpenU open online learning platform in use by the Open University of the Netherlands to investigate the application of several state-of-the-art recommender algorithms, including a graph-based recommender approach. It appears that user-based and memory-based methods perform better than model-based and factorization methods. Particularly, the graph-based recommender system outperforms the classical approaches on prediction accuracy of recommendations in terms of recall.FP7 EU LAC

Persistent issues in encryption software: A heuristic and cognitive walkthrough

The support information accompanying security software can be difficult to understand by end-users, who have little knowledge in cyber security. One mechanism for ensuring the integrity and confidentiality of information is encryption software. Unfortunately, software usability issues can hinder an end-user’s capability to properly utilise the security features effectively. To date there has been little research in investigating the usability of encryption software and proposing solutions for improving them. This research paper analysed the usability of encryption software targeting end-users. The research identified several issues that could impede the ability of a novice end-user to adequately utilise the encryption software. A set of proposed recommendations are suggested to improve encryption software which could be empirically verified through further research

Development and Evaluation of an Anti-Phishing Shooting Game

Phishing attacks continue to pose a great threat to citizens and companies. This paper introduces a newly developed anti-phishing shooting game and describes the design and results of an evaluation study. The conclusion of the study is that the game can be an engaging measure to raise awareness among Internet users regarding phishing messages and to support users in recognizing such messages