Data Loss Prevention Management and Control: Inside Activity Incident Monitoring, Identification, and Tracking in Healthcare Enterprise Environments

As healthcare data are pushed online, consumers have raised big concerns on the breach of their personal information. Law and regulations have placed businesses and public organizations under obligations to take actions to prevent data breach. Among various threats, insider threats have been identified to be a major threat on data loss. Thus, effective mechanisms to control insider threats on data loss are urgently needed. The objective of this research is to address data loss prevention challenges in healthcare enterprise environment. First, a novel approach is provided to model internal threat, specifically inside activities. With inside activities modeling, data loss paths and threat vectors are formally described and identified. Then, threat vectors and potential data loss paths have been investigated in a healthcare enterprise environment. Threat vectors have been enumerated and data loss statistics data for some threat vectors have been collected. After that, issues on data loss prevention and inside activity incident identification, tracking, and reconstruction are discussed. Finally, evidences of inside activities are modeled as evidence trees to provide guidance for inside activity identification and reconstruction

A Note for the Ideal Order-Preserving Encryption Object and Generalized Order-Preserving Encryption

Order-preserving encryption (OPE) preserves the order of data in their ciphertexts and, hence, allows range search on the encrypted data without needing to decrypt them. Security analysis of OPE schemes is very important because OPE is not a perfect encryption algorithm (the ciphertexts leak the ordering information of the plaintexts). Most of the existing security analysis for the OPE schemes are informal: they are either based on author-defined attacks or experiments. The authors in \cite{Bol09} initiate the cryptographic study of the OPE scheme. They define the security notion POPF-CCA to qualify the security of OPE. In POPF-CCA, the ``ideal OPE object is defined where the encryption function is uniformly randomly selected from all order-preserving functions (generally the ``ideal OPE object is not computationally feasible), and a (constructed) ``real OPE scheme is secure under POPF-CCA if it is computationally indistinguishable from the ideal object. In other words, although the ``ideal OPE object is not computationally feasible, it is used as the security goal, and a (constructed) ``real OPE scheme is secure if it is as secure as the ``ideal OPE object. Such approach conceives the assumption (but not clearly stated and proved) that the ``ideal OPE object is the most secure OPE. But the correctness of the assumption is an easily ignored problem. In this paper, we investigate the security of the OPE in more depth. We first give example to show that the ``ideal OPE object may not always be the most secure OPE. It indicates that we need to use the ``ideal encryption object more cautiously in the security analysis of OPE. Additionally we extend the concept of OPE to generalized OPE (GOPE). Unlike OPE, the ciphertexts of GOPE may not be numbers, but GOPE still enables the comparisons on the encrypted data without needing to decrypt them. We present two GOPEs in polynomial-sized and superpolynomial-sized domains that satisfy stronger notions of security than that of the ideal OPE object, respectively

Security Analysis and Enhancement for Prefix-Preserving Encryption Schemes

Prefix-preserving encryption (PPE) is an important type of encryption scheme, having a wide range of applications, such as IP addresses anonymization, prefix-matching search, and rang search. There are two issues in PPE schemes, security proof and single key requirement. Existing security proofs for PPE only reduce the security of a real PPE scheme to that of the ideal PPE object by showing their computational indistinguishability \cite{Ama07,Xu02}. Such security proof is incomplete since the security of the ideal encryption object is unknown. Also, existing prefix-preserving encryption schemes only consider a single encryption key, which is infeasible for a practical system with multiple users (Implying that all users should have the single encryption key in order to encrypt or decrypt confidential data). In this paper we develop a novel mechanism to analyze the security of the ideal PPE object. We follow the modern cryptographic approach and create a new security notion IND-PCPA. Then, we show that such weakened security notion is necessary and the ideal PPE object is secure under IND-PCPA. We also design a new, security-enhanced PPE protocol to support its use in multi-user systems, where no single entity in the system knows the PPE key. The protocol secret shares and distributes the PPE key to a group of key agents and let them ``distributedly encrypt\u27\u27 critical data. We develop a novel distributed PPE algorithm and the corresponding request and response protocols. Experimental results show that the protocol is feasible in practical systems

Statistical Multiparty Computation Based on Random Walks on Graphs

With respect to a special class of access structures based on connectivity of graphs, we start from a linear secret sharing scheme and turn it into a secret sharing scheme with perfect security and exponentially small error probability by randomizing the reconstruction algorithm through random walks on graphs. It reduces the polynomial work space to logarithmic. Then we build the corresponding statistical multiparty computation protocol by using the secret sharing scheme. The results of this paper also imply the inherent connections and influences among secret sharing, randomized algorithms, and secure multi-party computation

PS-PVD thermal/environmental barrier coatings with novel microstructures

Plasma spray physical vapor deposition (PS-PVD) technology has attracted increasing attention due to it promising potential in processing advanced functional coatings such as thermal/environmental barrier coatings (TBCs) by flexibly tailoring the coating microstructure architecture in a broad range. In this work, yttria stabilized zirconia (YSZ) TBCs with a novel quasi-columnar structure was prepared by co-deposition of vapor phase and nano-clusters using PS-PVD and the associated deposition mechanism was discussed. The thermo-physical and mechanical properties, sintering resistance and thermal shock life of the coating were investigated. The thermal conductivity is in a range of 0.7~1.0 W/mk between 200 °C and 1200 °C and the average life is ~4000 cycles during thermal shock testing in which the coating surface was heated to 1200 °C within 20 s and held at the temperature for 5 min by gas flame. Noted that the quasi-columnar TBC revealed much better resistance to glassy CaO-MgO-Al2O3-SiO2 (CMAS) adsorption than those TBCs produced by air plasma spray (APS) and electron beam physical vapor deposition (EB-PVD) and some attempts were made to understand the related mechanisms. Ytterbium silicate/mullite/Si environmental barrier coatings (EBCs) were sprayed onto SiC ceramic matrix composites (CMC) by PS-PVD. The dense ytterbium silicate coating deposited at 65 kw is mainly composed of ytterbium disilicate resulting from vapor-phase deposition, whereas the layered coating at 40 kw is mainly ytterbium monosilicate from liquid deposition

Exploiting Category Names for Few-Shot Classification with Vision-Language Models

Vision-language foundation models pretrained on large-scale data provide a powerful tool for many visual understanding tasks. Notably, many vision-language models build two encoders (visual and textual) that can map two modalities into the same embedding space. As a result, the learned representations achieve good zero-shot performance on tasks like image classification. However, when there are only a few examples per category, the potential of large vision-language models is often underperformed, mainly due to the gap between a large number of parameters and a relatively small amount of training data. This paper shows that we can significantly improve the performance of few-shot classification by using the category names to initialize the classification head. With the proposed category name initialization method, our model obtains the state-of-the-art performance on a number of few-shot image classification benchmarks (e.g., 87.37% on ImageNet and 96.08% on Stanford Cars, both using five-shot learning)

On-chip generation and collectively coherent control of the superposition of the whole family of Dicke states

Integrated quantum photonics has recently emerged as a powerful platform for generating, manipulating, and detecting entangled photons. Multipartite entangled states lie at the heart of the quantum physics and are the key enabling resources for scalable quantum information processing. Dicke state is an important class of genuinely entangled state, which has been systematically studied in the light-matter interactions, quantum state engineering and quantum metrology. Here, by using a silicon photonic chip, we report the generation and collectively coherent control of the entire family of four-photon Dicke states, i.e. with arbitrary excitations. We generate four entangled photons from two microresonators and coherently control them in a linear-optic quantum circuit, in which the nonlinear and linear processing are achieved in a chip-scale device. The generated photons are in telecom band, which lays the groundwork for large-scale photonic quantum technologies for multiparty networking and metrology.Comment: 19 pages, 4 figures in the main text and 13 figures in the Supplemental Materia