Equivalence-based Security for Querying Encrypted Databases: Theory and Application to Privacy Policy Audits

Motivated by the problem of simultaneously preserving confidentiality and usability of data outsourced to third-party clouds, we present two different database encryption schemes that largely hide data but reveal enough information to support a wide-range of relational queries. We provide a security definition for database encryption that captures confidentiality based on a notion of equivalence of databases from the adversary's perspective. As a specific application, we adapt an existing algorithm for finding violations of privacy policies to run on logs encrypted under our schemes and observe low to moderate overheads.Comment: CCS 2015 paper technical report, in progres

Labour Market and Social Policy in Italy: Challenges and Changes. Bertelsmann Policy Brief #2016/02

vEight years after the outbreak of the financial crisis, Italy has still to cope with and overcome a plethora of economic and social challenges. On top of this, it faces an unfavourable demographic structure and severe disparities between its northern and southern regions. Some promising reforms have recently been enacted, specifically targeting poverty and social exclusion. However, much more remains to be done on the way towards greater economic stability and widely shared prosperity

Efficient Large-scale Trace Checking Using MapReduce

The problem of checking a logged event trace against a temporal logic specification arises in many practical cases. Unfortunately, known algorithms for an expressive logic like MTL (Metric Temporal Logic) do not scale with respect to two crucial dimensions: the length of the trace and the size of the time interval for which logged events must be buffered to check satisfaction of the specification. The former issue can be addressed by distributed and parallel trace checking algorithms that can take advantage of modern cloud computing and programming frameworks like MapReduce. Still, the latter issue remains open with current state-of-the-art approaches. In this paper we address this memory scalability issue by proposing a new semantics for MTL, called lazy semantics. This semantics can evaluate temporal formulae and boolean combinations of temporal-only formulae at any arbitrary time instant. We prove that lazy semantics is more expressive than standard point-based semantics and that it can be used as a basis for a correct parametric decomposition of any MTL formula into an equivalent one with smaller, bounded time intervals. We use lazy semantics to extend our previous distributed trace checking algorithm for MTL. We evaluate the proposed algorithm in terms of memory scalability and time/memory tradeoffs.Comment: 13 pages, 8 figure

On-Line Monitoring for Temporal Logic Robustness

In this paper, we provide a Dynamic Programming algorithm for on-line monitoring of the state robustness of Metric Temporal Logic specifications with past time operators. We compute the robustness of MTL with unbounded past and bounded future temporal operators MTL over sampled traces of Cyber-Physical Systems. We implemented our tool in Matlab as a Simulink block that can be used in any Simulink model. We experimentally demonstrate that the overhead of the MTL robustness monitoring is acceptable for certain classes of practical specifications

Monitoring Partially Synchronous Distributed Systems using SMT Solvers

In this paper, we discuss the feasibility of monitoring partially synchronous distributed systems to detect latent bugs, i.e., errors caused by concurrency and race conditions among concurrent processes. We present a monitoring framework where we model both system constraints and latent bugs as Satisfiability Modulo Theories (SMT) formulas, and we detect the presence of latent bugs using an SMT solver. We demonstrate the feasibility of our framework using both synthetic applications where latent bugs occur at any time with random probability and an application involving exclusive access to a shared resource with a subtle timing bug. We illustrate how the time required for verification is affected by parameters such as communication frequency, latency, and clock skew. Our results show that our framework can be used for real-life applications, and because our framework uses SMT solvers, the range of appropriate applications will increase as these solvers become more efficient over time.Comment: Technical Report corresponding to the paper accepted at Runtime Verification (RV) 201

Evolving Discourses on Water Resource Management and Climate Change in the Equatorial Nile Basin

Transboundary water resources management in the Equatorial Nile Basin (EQNB) is a politically contested issue. There is a growing body of literature examining water-related discourses which identifies the ability of powerful actors and institutions to influence policy. Concern about the effects of future climate change has featured strongly in research on the Nile River for several decades. It is therefore timely to consider whether and how these concerns are reflected in regional policy documents and policy discourse. This study analyzes discourse framings of water resources management and climate change in policy documents (27, published between 2001 and 2013) and as elicited in interviews (38) with water managers in the EQNB. Three main discursive framings are identified which are present in the discourses on both subjects: a problem-oriented environmental risk frame and two solution-oriented frames, on governance and infrastructure development. Climate change discourse only emerges as a common topic around 2007. The framings found in the water resources management discourse and the climate change discourse are almost identical, suggesting that discursive framings were adopted from the former for use in the latter. We infer that the climate change discourse may have offered a less politically sensitive route to circumvent political sensitivities around water allocation and distribution between riparian countries in the EQNB. However, the climate change discourse does not offer a lasting solution to the more fundamental political dispute over water allocation. Moreover, in cases where the climate change discourse is subsumed within a water resources management discourse, there are dangers that it will not fully address the needs of effective adaptation

Authenticated key agreement mediated by a proxy re-encryptor for the Internet of Things

International audienceThe Internet of Things (IoT) is composed of a wide range of heterogeneous network devices that communicate with their users and the surrounding devices. The secure communications between these devices are still essential even with little or no previous knowledge about each other and regardless of their resource capabilities. This particular context requires appropriate security mechanisms which should be wellsuited for the heterogeneous nature of IoT devices, without pre-sharing a secret key for each secure connection. In this work, we first propose a novel symmetric cipher proxy re-encryption scheme. Such a primitive allows a user to delegate her decryption rights to another with the help of a semi-trusted proxy, but without giving this latter any information on the transmitted messages and the user's secret keys. We then propose AKAPR, an Authenticated Key Agreement mediated by a Proxy Re-encryptor for IoT. The mechanism permits any two highly resource-constrained devices to establish a secure communication with no prior trust relationship. AKAPR is built upon our proposed proxy re-encryption scheme. It has been proved by ProVerif to provide mutual authentication for participants while preserving the secrecy of the generated session key. In addition, the scheme benefits from the lightness of our proxy re-encryption algorithm as it requires no expensive cryptographic operations such as pairing or modular exponentiatio

Monitoring Time Intervals

Run-time checking of timed properties requires to monitor events occurring within a specified time interval. In a distributed setting, working with intervals is complicated due to uncertainties about network delays and clock synchronization. Determining that an interval can be closed - i.e., that all events occurring within the interval have been observed - cannot be done without a delay. In this paper, we consider how an appropriate delay can be determined based on parameters of a monitoring setup, such as network delay, clock skew and clock rate. We then propose a generic scheme for monitoring time intervals, parameterized by the detection delay, and discuss the use of this monitoring scheme to check different timed specifications, including real-time temporal logics and rate calculations

Taxonomic and functional patterns of macrobenthic communities on a high Arctic shelf: A case study from the East Siberian Sea

The Siberian Arctic is one of the regions, where the ongoing climate change is the most evident. There is limited knowledge available on the distribution of macrobenthic communities in the Siberian Arctic, their stability and functional structure. We used data from two latitudinal transects from the East Siberian Sea shelf to describe the distribution of macrobenthic communities as well as to identify the main environmental drivers responsible for the observed patterns. Almost all the studied area was under the direct influence of river runoff. Macrobenthic communities were dominated by the bivalve Portlandia arctica and were generally characterised by low species and functional diversity. We suggest that the observed pattern is a direct consequence of considerable river runoff combined with low primary productivity. The overall pattern of macrobenthic distribution corresponds well with the data obtained in the previous decades, suggesting long-term stability of these communities.publishedVersio