Succinct Specifications of Portable Document Access Policies

When customers need to each be given portable access rights to a subset of documents from a large universe of n available documents, it is often the case that the space available for representing each customer’s access rights is limited to much less than n, say it is no more than m bits. This is the case when, e.g., limited-capacity inexpensive cards are used to store the access rights to huge multimedia document databases. How does one represent subsets of a huge set of n elements, when only m bits are available and m is much smaller than n? We use an approach reminiscent of Bloom filters, by assigning to each document a subset of the m bits: If that document is in a customer’s subset then we set the corresponding bits to 1 on the customer’s card. This guarantees that each customer gets the documents he paid for, but it also gives him access to documents he did not pay for (“false positives”). We want to do so in a manner that minimizes the expected total false positives under various deterministic and probabilistic models: In the former model we assume k customers whose respective subsets are known a priori, whereas in the latter we assume (more realistically) that each document has a probability of being included in a customer’s subset. We cannot use randomly assigned bits for each document (in the way Bloom filters do), rather we need to consider the a priori knowledge (deterministic or probabilistic) we are given in each model in order to better assign a subset of the m available bits to each of the n documents. We analyze and give efficient schemes for this problem

Incentives and Perceptions of Information Security Risks

Technologies and procedures for effectively securing cyberspace exist, but are largely underdeployed. One reason for this is that organizational - reward systems lack the proper incentives for decision-maker allocation of resources. We identify characteristics of differing stakeholder perceptions of security and privacy risks and integrate them in a decision making framework. We significantly revise the Fischhoff and Slovic model of risk perceptions --- introducing ordinal scales to the identified characteristics of risk perceptions, and incorporating the dynamics of perception by including the important and neglected time element. Over twelve months, we reviewed and verified the model with thirty five senior information security executives from industrial and governmental organizations. We present a methodology for identification of perverse incentives---situations where the interests of a manager or employee are not aligned with those of the organization; and how the policies and reward system may be modified to correct the mis-alignment