Machine-Readable Privacy Certificates for Services

Privacy-aware processing of personal data on the web of services requires managing a number of issues arising both from the technical and the legal domain. Several approaches have been proposed to matching privacy requirements (on the clients side) and privacy guarantees (on the service provider side). Still, the assurance of effective data protection (when possible) relies on substantial human effort and exposes organizations to significant (non-)compliance risks. In this paper we put forward the idea that a privacy certification scheme producing and managing machine-readable artifacts in the form of privacy certificates can play an important role towards the solution of this problem. Digital privacy certificates represent the reasons why a privacy property holds for a service and describe the privacy measures supporting it. Also, privacy certificates can be used to automatically select services whose certificates match the client policies (privacy requirements). Our proposal relies on an evolution of the conceptual model developed in the Assert4Soa project and on a certificate format specifically tailored to represent privacy properties. To validate our approach, we present a worked-out instance showing how privacy property Retention-based unlinkability can be certified for a banking financial service.Comment: 20 pages, 6 figure

EINSPECT: Evolution-Guided Analysis and Detection of Malicious Web Pages

Most existing work to thwart malicious web pages capture maliciousness via discriminative artifacts, learn a model, and detect by leveraging static and/or dynamic analysis. Unfortunately, there is a two-sided evolution of the artifacts of web pages. On one hand, cybercriminals constantly revamp attack payloads in malicious web pages. On the other hand, benign web pages evolve to improve content rendering and interaction with users. Consequently, the onceprecise detection techniques suffer from limitations to cope with the evolution, resulting in malicious web pages that escape detection. In this paper, we present EINSPECT, an evolution-aware and learning-based approach to address evolution of web page artifacts to more precisely analyze and detect malicious web pages. EINSPECT continuously tunes its detection models to automatically decide the best interplay of features and learning algorithms to embrace the evolution of web page artifacts into the analysis and detection. We have implemented and evaluated our approach and the results show that EINSPECT is able to improve the effectiveness of analysis and detection ofmalicious web pages while aligning the detection models with the continuous evolution of web page artifacts

A Design theory approach to building strategic network-based customer service systems

Customer service is a key component of a firm’s value proposition and a fundamental driver of differentiation and competitive advantage in nearly every industry. Moreover, the relentless coevolution of service opportunities with novel and more powerful information technologies has made this area exciting for academic researchers who can contribute to shaping the design and management of future customer service systems. We engage in interdisciplinary research—across information systems, marketing, and computer science—in order to contribute to the service design and service management literature. Grounded in the design-science perspective, our study leverages marketing theory on the service-dominant logic and recent findings pertaining to the evolution of customer service systems. Our theorizing culminates with the articulation of four design principles. These design principles underlie the emerging class of customer service systems that, we believe, will enable firms to better compete in an environment characterized by an increase in customer centricity and in customers’ ability to selfserve and dynamically assemble the components of solutions that fit their needs. In this environment, customers retain control over their transactional data, as well as the timing and mode of their interactions with firms, as they increasingly gravitate toward integrated complete customer solutions rather than single products or services. Guided by these design principles, we iterated through, and evaluated, two instantiations of the class of systems we propose, before outlining implications and directions for further cross-disciplinary scholarly research

Runtime Verification of Component-Based Embedded Software

To deal with increasing size and complexity, component-based software development has been employed in embedded systems. Due to several faults, components can make wrong assumptions about the working mode of the system and the working modes of the other components. To detect mode inconsistencies at runtime, we propose a "lightweight" error detection mechanism, which can be integrated with component-based embedded systems. We define links among three levels of abstractions: the runtime behavior of components, the working mode specifications of components and the specification of the working modes of the system. This allows us to detect the user observable runtime errors. The effectiveness of the approach is demonstrated by implementing a software monitor integrated into a TV system