RIXA - Explaining Artificial Intelligence in Natural Language

Natural language is the instinctive form of communication humans use among each other. Recently large language models have drastically improved and made natural language interfaces viable for all kinds of applications. We argue that the use of natural language is a great tool to make explainable artificial intelligence (XAI) accessible to end users. We present our concept and work in progress implementation of a new kind of XAI dashboard that uses a natural language chat. We specify 5 design goals for the dashboard and show the current state of our implementation. The natural language chat is the main form of interaction for our new dashboard. Through it the user should be able to control all important aspects of our dashboard. We also define success metrics we want to use to evaluate our work. Most importantly we want to conduct user studies because we deem them to be the best method of evaluation for end-user-centered application

Distributed usage control enforcement through trusted platform modules and SGX enclaves

In the light of mobile and ubiquitous computing, sharing sensitive information across different computer systems has become an increasingly prominent practice. This development entails a demand of access control measures that can protect data even after it has been transferred to a remote computer system. In order to address this problem, sophisticated usage control models have been developed. These models include a client side reference monitor (CRM) that continuously enforces protection policies on foreign data. However, it is still unclear how such a CRM can be properly protected in a hostile environment. The user of the data on the client system can influence the client's state and has physical access to the system. Hence technical measures are required to protect the CRM on a system, which is legitimately used by potential attackers. Existing solutions utilize Trusted Platform Modules (TPMs) to solve this problem by establishing an attestable trust anchor on the client. However, the resulting protocols have several drawbacks that make them infeasible for practical use. This work proposes a reference monitor implementation that establishes trust by using TPMs along with Intel SGX enclaves. First we show how SGX enclaves can realize a subset of the existing usage control requirements. Then we add a TPM to establish and protect a powerful enforcement component on the client. Ultimately this allows us to technically enforce usage control policies on an untrusted remote system

Generic semantics specification and processing for inter-system information flow tracking

Data usually takes different shapes and appears as files, windows, processes’ memory, network connections, etc. Information flow tracking technology keeps an eye on these different representations of a data item. Integrated with a usage control (UC) infrastructure, this allows us to enforce UC requirements on each representation of a protected data item. To enable UC enforcement in distributed settings, we need to be able to track information flows across system boundaries. In this paper, we introduce a state-based information flow model for tracking explicit flows between systems equipped with UC technology. We demonstrate the applicability of our approach by means of an instantiation in the field of video surveillance, where systems are increasingly accessed via insecure mobile applications. Based on usage control and inter-system information flow tracking, we show how video data transmitted from a video surveillance server to mobile clients can be protected against illegitimate duplication and redistribution after receipt