178 research outputs found
GEM: a Distributed Goal Evaluation Algorithm for Trust Management
Trust management is an approach to access control in distributed systems
where access decisions are based on policy statements issued by multiple
principals and stored in a distributed manner. In trust management, the policy
statements of a principal can refer to other principals' statements; thus, the
process of evaluating an access request (i.e., a goal) consists of finding a
"chain" of policy statements that allows the access to the requested resource.
Most existing goal evaluation algorithms for trust management either rely on a
centralized evaluation strategy, which consists of collecting all the relevant
policy statements in a single location (and therefore they do not guarantee the
confidentiality of intensional policies), or do not detect the termination of
the computation (i.e., when all the answers of a goal are computed). In this
paper we present GEM, a distributed goal evaluation algorithm for trust
management systems that relies on function-free logic programming for the
specification of policy statements. GEM detects termination in a completely
distributed way without disclosing intensional policies, thereby preserving
their confidentiality. We demonstrate that the algorithm terminates and is
sound and complete with respect to the standard semantics for logic programs.Comment: To appear in Theory and Practice of Logic Programming (TPLP
Towards Data Protection Compliance
Privacy and data protection are fundamental issues nowadays for every organization. This paper calls for the development of methods, techniques and infrastructure to allow the deployment of privacy-aware IT systems, in which humans are integral part of the organizational processes and accountable for their possible misconduct. In particular, we discuss the challenges to be addressed in order to improve organizations privacy practices, as well as the approach to ensure compliance with legal requirements and increasing efficiency
Flow-based reputation: more than just ranking
The last years have seen a growing interest in collaborative systems like
electronic marketplaces and P2P file sharing systems where people are intended
to interact with other people. Those systems, however, are subject to security
and operational risks because of their open and distributed nature. Reputation
systems provide a mechanism to reduce such risks by building trust
relationships among entities and identifying malicious entities. A popular
reputation model is the so called flow-based model. Most existing reputation
systems based on such a model provide only a ranking, without absolute
reputation values; this makes it difficult to determine whether entities are
actually trustworthy or untrustworthy. In addition, those systems ignore a
significant part of the available information; as a consequence, reputation
values may not be accurate. In this paper, we present a flow-based reputation
metric that gives absolute values instead of merely a ranking. Our metric makes
use of all the available information. We study, both analytically and
numerically, the properties of the proposed metric and the effect of attacks on
reputation values
Data Minimisation in Communication Protocols: A Formal Analysis Framework and Application to Identity Management
With the growing amount of personal information exchanged over the Internet,
privacy is becoming more and more a concern for users. One of the key
principles in protecting privacy is data minimisation. This principle requires
that only the minimum amount of information necessary to accomplish a certain
goal is collected and processed. "Privacy-enhancing" communication protocols
have been proposed to guarantee data minimisation in a wide range of
applications. However, currently there is no satisfactory way to assess and
compare the privacy they offer in a precise way: existing analyses are either
too informal and high-level, or specific for one particular system. In this
work, we propose a general formal framework to analyse and compare
communication protocols with respect to privacy by data minimisation. Privacy
requirements are formalised independent of a particular protocol in terms of
the knowledge of (coalitions of) actors in a three-layer model of personal
information. These requirements are then verified automatically for particular
protocols by computing this knowledge from a description of their
communication. We validate our framework in an identity management (IdM) case
study. As IdM systems are used more and more to satisfy the increasing need for
reliable on-line identification and authentication, privacy is becoming an
increasingly critical issue. We use our framework to analyse and compare four
identity management systems. Finally, we discuss the completeness and
(re)usability of the proposed framework
Flow-based reputation with uncertainty: Evidence-Based Subjective Logic
The concept of reputation is widely used as a measure of trustworthiness
based on ratings from members in a community. The adoption of reputation
systems, however, relies on their ability to capture the actual trustworthiness
of a target. Several reputation models for aggregating trust information have
been proposed in the literature. The choice of model has an impact on the
reliability of the aggregated trust information as well as on the procedure
used to compute reputations. Two prominent models are flow-based reputation
(e.g., EigenTrust, PageRank) and Subjective Logic based reputation. Flow-based
models provide an automated method to aggregate trust information, but they are
not able to express the level of uncertainty in the information. In contrast,
Subjective Logic extends probabilistic models with an explicit notion of
uncertainty, but the calculation of reputation depends on the structure of the
trust network and often requires information to be discarded. These are severe
drawbacks.
In this work, we observe that the `opinion discounting' operation in
Subjective Logic has a number of basic problems. We resolve these problems by
providing a new discounting operator that describes the flow of evidence from
one party to another. The adoption of our discounting rule results in a
consistent Subjective Logic algebra that is entirely based on the handling of
evidence. We show that the new algebra enables the construction of an automated
reputation assessment procedure for arbitrary trust networks, where the
calculation no longer depends on the structure of the network, and does not
need to throw away any information. Thus, we obtain the best of both worlds:
flow-based reputation and consistent handling of uncertainties
Association Rule Mining Meets Regression Analysis: An Automated Approach to Unveil Systematic Biases in Decision-Making Processes
Decisional processes are at the basis of most businesses in several application domains. However, they are often not fully transparent and can be affected by human or algorithmic biases that may lead to systematically incorrect or unfair outcomes. In this work, we propose an approach for unveiling biases in decisional processes, which leverages association rule mining for systematic hypothesis generation and regression analysis for model selection and recommendation extraction. In particular, we use rule mining to elicit candidate hypotheses of bias from the observational data of the process. From these hypotheses, we build regression models to determine the impact of variables on the process outcome. We show how the coefficient of the (selected) model can be used to extract recommendation, upon which the decision maker can operate. We evaluated our approach using both synthetic and real-life datasets in the context of discrimination discovery. The results show that our approach provides more reliable evidence compared to the one obtained using rule mining alone, and how the obtained recommendations can be used to guide analysts in the investigation of biases affecting the decisional process at hand.</p
A flexible architecture for privacy-aware trust management
In service-oriented systems a constellation of services cooperate, sharing potentially sensitive information and responsibilities. Cooperation is only possible if the different participants trust each other. As trust may depend on many different factors, in a flexible framework for Trust Management (TM) trust must be computed by combining different types of information. In this paper we describe the TAS3 TM framework which integrates independent TM systems into a single trust decision point. The TM framework supports intricate combinations whilst still remaining easily extensible. It also provides a unified trust evaluation interface to the (authorization framework of the) services. We demonstrate the flexibility of the approach by integrating three distinct TM paradigms: reputation-based TM, credential-based TM, and Key Performance Indicator TM. Finally, we discuss privacy concerns in TM systems and the directions to be taken for the definition of a privacy-friendly TM architecture.\u
Isolation of Methicillin-Resistant Coagulase-Negative Staphylococcus (MRCoNS) from a fecal-contaminated stream in the Shenandoah Valley of Virginia
Staphylococcus is comprised of 41 known species, of which 18 can colonize humans. Despite the prevalence of infectious Staphylococcus within hospital settings and agriculture, there are few reports of Staphylococcus in natural bodies of water. A recent study by the US Food and Drug Administration found substantial contamination of poultry and other meats with Staphylococcus. We hypothesized that intensive farming of poultry adjacent to streams would result in contaminated runoff, resulting in at least transient occurrence of Staphylococcus spp. in stream waters and sediments. In this study, we sought to determine whether Staphylococcus occurs and persists within Muddy Creek, a stream located in Hinton, Virginia that originates at the Appalachian Mountains of Virginia and runs through various agricultural fields and adjacent to a poultry processing plant in the central Shenandoah Valley. Five different Staphylococcus spp. were detected in water and sediment from Muddy Creek. Mannitol Salt Agar (MSA) was used to isolate eleven Staphylococcus from both water and sediment. These isolates were Gram-positive, catalase-positive, and oxidase-negative cocci that were capable of fermenting mannitol. In addition, a method for screening putative staphylococci species from stream water and sediment was developed. Ten out of the eleven tested isolates were oxacillin resistant (now used to identify phenotypic methicillin-resistance) using a Kirby Bauer disc diffusion test. Furthermore, the isolates were susceptible to trimethoprim/sulfamethoxazole, tetracycline, and gentamicin while two of the isolates were resistant to erythromycin. Additionally, the BOX-PCR repetitive sequence fingerprinting method verified the presence of nine different strains among the isolates. Sequencing of the 16S rRNA gene identified five of the isolates as Staphylococcus equorum. The Biolog identification protocol further identified the remaining isolates as Staphylococcus xylosus, Staphylococcus lentus, Staphylococcus succinus, and Staphylococcus sciuri. Finally, polymerase chain reaction amplification (PCR) confirmed that ten of the eleven isolates harbored the mecA gene known to confer methicillin-resistance. Overall, the occurrence of coagulase-negative staphylococci (MRCoNS) in stream water and sediment represents a potential environmental and human health concern
- …