Global ETD Search

41	Comparative data protection and security : a critical evaluation of legal standards London, Ray William 09 1900 (has links) This study1 addresses the key information technology issues of the age and its unintended consequences. The issues include social control by businesses, governments, and information age Star Chambers. The study focuses on a comparative analysis of data protection, data security, and information privacy (DPSIP) laws, regulations, and practices in five countries. The countries include Australia, Canada, South Africa, the United Kingdom, and the United States. The study addresses relevant international legal standards and justifications. This multidisciplinary analysis includes a systems thinking approach from a legal, business, governmental, policy, political theory, psychosocial, and psychological perspective. The study implements a comparative law and sociolegal research strategy. Historic, linguistic, and statistical strategies are applied. The study concludes with a next step proposal, based on the research, for the international community, the five countries in the study, and specifically, South Africa as it has yet to enact a sound DPSIP approach. / LL. D. Australia data protection Canada data protection Data protection Data security Information privacy Information privacy laws Information technology International data Protection legal standards Social control Sciolegal information privacy, South Africa data protection United Kingdom United States information protection 342.858068 Data protection -- Law and legislation Computer security -- Government policy
42	Un langage de composition des techniques de sécurité pour préserver la vie privée dans le nuage / A Compositional Language of Security Techniques for Information Privacy in the Cloud Cherrueau, Ronan-Alexandre 18 November 2016 (has links) Un service du nuage peut employer des techniques de sécurités pour assurer la sécurité de l’information. Ces techniques protègent une donnée personnelle en la rendant inintelligible pour toutes personnes autres que l’utilisateur du service. En contrepartie, certaines fonctionnalités ne peuvent plus être implémentées. Par exemple, la technique du chiffrement symétrique rend les données inintelligibles, mais empêche le calcul sur ces données.Cette thèse avance qu’un service du nuage doit composer les techniques pour assurer la sécurité de l’information sans perdre de fonctionnalités. Elle se base sur l’étude de la composition de trois techniques qui sont le chiffrement, la fragmentation verticale et les calculs côté client. Cette étude montre que la composition sécurise sans perdre de fonctionnalités, mais complexifie l’écriture du service. La thèse propose alors un nouveau langage pour l’écriture de services du nuage qui assurent la sécurité des données personnelles par compositions des techniques de sécurité.Ce langage est muni de lois algébriques pour dériver,systématiquement, un service local sans protection vers son équivalent sécurisé du nuage. Le langage est implémenté en Idris et profite de son système de type expressif pour vérifier la composition correcte des techniques de cryptographie. Dans le même temps, un encodage traduit le langage en ProVerif, un vérificateur de modèle pour l’analyse automatique des propriétés de sécurité sur les protocoles cryptographiques. Cette traduction vérifie alors la sécurité des données personnelles dans le service. / A cloud service can use security techniques to ensure information privacy. These techniques protect privacy by converting the client’s personal data into unintelligible text. But they can also cause the loss of some functionalities of the service. For instance, a symmetric-key cipher protects privacy by converting readable personal data into unreadable one. However, this causes the loss of computational functionalities on this data.This thesis claims that a cloud service has to compose security techniques to ensure information privacy without the loss of functionalities. This claim is based on the study of the composition of three techniques: symmetric cipher, vertical data fragmentation and client-side computation. This study shows that the composition makes the service privacy preserving, but makes its formulation overwhelming. In response, the thesis offers a new language for the writing of cloud services that enforces information privacy using the composition of security techniques. This language comes with a set of algebraic laws to systematically transform a local service without protection into its cloud equivalent protected by composition. An Idris implementation harnesses the Idris expressive type system to ensure the correct composition of security techniques. Furthermore, an encoding translates the language intoProVerif, a model checker for automated reasoning about the security properties found in cryptographic protocols. This translation checks that the service preserves the privacy of its client. Vie privée Confidentialité Informatique en nuage Fragmentation Chiffrement Calculs côté client Langage Lois algébriques Privacy Information privacy Cloud computing Fragmentation Encryption Client-side computation Language Algebraic laws
43	An agent-based approach for distributed resource allocations Nongaillard, Antoine 04 December 2009 (has links) (PDF) Resource allocation problems have been widely studied according to various scenarios in literature. In such problems, a set of resources must be allocated to a set of agents, according to their own preferences. Self-organization issues in telecommunication, scheduling problems or supply chain management problems can be modeled using resource allocation problems. Such problems are usually solved by means of centralized techniques, where an omniscient entity determines how to optimally allocate resources. However, these solving methods are not well-adapted for applications where privacy is required. Moreover, several assumptions made are not always plausible, which may prevent their use in practice, especially in the context of agent societies. For instance, dynamic applications require adaptive solving processes, which can handle the evolution of initial data. Such techniques never consider restricted communication possibilities whereas many applications are based on them. For instance, in peer-to-peer networks, a peer can only communicate with a small subset of the systems. In this thesis, we focus on distributed methods to solve resource allocation problems. Initial allocation evolves step by step thanks to local agent negotiations. We seek to provide agent behaviors leading negotiation processes to socially optimal allocations. In this work, resulting resource allocations can be viewed as emergent phenomena. We also identify parameters favoring the negotiation efficiency. We provide the negotiation settings to use when four different social welfare notions are considered. The original method proposed in this thesis is adaptive, anytime and can handle any restriction on agent communication possibilities. Distributed problem solving individual based reasoning social networks social welfare information privacy
44	Constitutional protection of personal genetic information¡ÐGenetic database to build and use Huang, Yu-Ching 18 August 2010 (has links) none Genetic database Gene Taiwan biobank Gene information Human dignity Information privacy
45	The Privacy Paradox: Factors influencing information disclosure in the use of the Internet of Things (IoT) in South Africa Davids, Natheer 21 January 2021 (has links) The Internet of Things (IoT) has been acknowledged as one of the most innovative forms of technology since the computer, because of the influence it can have on multiple sectors of physical and virtual environments. The growth of IoT is expected to continue, by 2020 the number of connected devices is estimated to reach 50 billion. Recent developments in IoT provide an unprecedented opportunity for personalised services and other benefits. To exploit these potential benefits as best as possible, individuals are willing to provide their personal information despite potential privacy breaches. Therefore, this paper examines factors that influence the willingness to disclose personal information in the use of IoT in South Africa (SA) with the use of the privacy calculus as the theoretical underpinnings of this research. The privacy calculus accentuates that a risk-benefit trade off occurs when an individual decides to disclose their personal information, however, it is assumed that there are more factors than perceived risks and perceived benefits that influence information disclosure. After analysing previous literature, this study identified the following factors; information sensitivity, privacy concerns, social influence, perceived benefits, (perceived) privacy risks and privacy knowledge as possible key tenants in relation to willingness to disclose personal information. This research took on an objective ontological view, with the underlying epistemological stance being positivistic. The research incorporated a deductive approach, employing the use of a conceptual model which was constructed from a combination of studies orientated around privacy, the privacy calculus and the privacy paradox. Data for this research was collected using the quantitative research approach, through the use of an anonymous online questionnaire, where the targeted population was narrowed down to the general public residing within SA that make use of IoT devices and/or services. Data was collected using Qualtrics and analysed using SmartPLS 3. SmartPLS 3 was used to test for correlations between the factors which influence information disclosure in the use of IoT by utilising the complete bootstrapping method. A key finding was that the privacy paradox is apparent within SA, where individuals pursue enjoyment and predominantly use IoT for leisure purposes, while individuals are more likely to adopt self-withdrawal tendencies when faced with heightened privacy concerns or potential risks. Internet of Things (IoT) information privacy information disclosure privacy calculus perceived benefits perceived risks privacy paradox information sensitivity social influence self-withdrawal.
46	Advancing information privacy concerns evaluation in personal data intensive services Rohunen, A. (Anna) 04 December 2019 (has links) Abstract When personal data are collected and utilised to produce personal data intensive services, users of these services are exposed to the possibility of privacy losses. Users’ information privacy concerns may lead to non-adoption of new services and technologies, affecting the quality and the completeness of the collected data. These issues make it challenging to fully reap the benefits brought by the services. The evaluation of information privacy concerns makes it possible to address these concerns in the design and the development of personal data intensive services. This research investigated how privacy concerns evaluations should be developed to make them valid in the evolving data collection contexts. The research was conducted in two phases: employing a mixed-method research design and using a literature review methodology. In Phase 1, two empirical studies were conducted, following a mixed-method exploratory sequential design. In both studies, the data subjects’ privacy behaviour and privacy concerns that were associated with mobility data collection were first explored qualitatively, and quantitative instruments were then developed based on the qualitative results to generalise the findings. Phase 2 was planned to provide an extensive view on privacy behaviour and some possibilities to develop privacy concerns evaluation in new data collection contexts. Phase 2 consisted of two review studies: a systematic literature review of privacy behaviour models and a review of the EU data privacy legislation changes. The results show that in evolving data collection contexts, privacy behaviour and concerns have characteristics that differ from earlier ones. Privacy concerns have aspects specific to these contexts, and their multifaceted nature appears emphasised. Because privacy concerns are related to other privacy behaviour antecedents, it may be reasonable to incorporate some of these antecedents into evaluations. The existing privacy concerns evaluation instruments serve as valid starting points for evaluations in evolving personal data collection contexts. However, these instruments need to be revised and adapted to the new contexts. The development of privacy concerns evaluation may be challenging due to the incoherence of the existing privacy behaviour research. More overarching research is called for to facilitate the application of the existing knowledge. / Tiivistelmä Kun henkilötietoja kerätään ja hyödynnetään dataintensiivisten palveluiden tuottamiseen, palveluiden käyttäjien tietosuoja saattaa heikentyä. Käyttäjien tietosuojahuolet voivat hidastaa uusien palveluiden ja teknologioiden käyttöönottoa sekä vaikuttaa kerättävän tiedon laatuun ja kattavuuteen. Tämä hankaloittaa palveluiden täysimittaista hyödyntämistä. Tietosuojahuolten arviointi mahdollistaa niiden huomioimisen henkilötietoperusteisten palveluiden suunnittelussa ja kehittämisessä. Tässä tutkimuksessa selvitettiin, kuinka tietosuojahuolten arviointia tulisi kehittää muuttuvissa tiedonkeruuympäristöissä. Kaksivaiheisessa tutkimuksessa toteutettiin aluksi empiirinen monimenetelmällinen tutkimus ja tämän jälkeen systemaattinen kirjallisuustutkimus. Ensimmäisessä vaiheessa tehtiin kaksi empiiristä tutkimusta monimenetelmällisen tutkimuksen tutkivan peräkkäisen asetelman mukaisesti. Näissä tutkimuksissa selvitettiin ensin laadullisin menetelmin tietosuojakäyttäytymistä ja tietosuojahuolia liikkumisen dataa kerättäessä. Laadullisten tulosten pohjalta kehitettiin kvantitatiiviset instrumentit tulosten yleistettävyyden tutkimiseksi. Tutkimuksen toisessa vaiheessa toteutettiin kaksi katsaustyyppistä tutkimusta, jotta saataisiin kattava käsitys tietosuojakäyttäytymisestä sekä mahdollisuuksista kehittää tietosuojahuolten arviointia uusissa tiedonkeruuympäristöissä. Nämä tutkimukset olivat systemaattinen kirjallisuuskatsaus tietosuojakäyttäytymisen malleista sekä katsaus EU:n tietosuojalainsäädännön muutoksista. Tutkimuksen tulokset osoittavat, että kehittyvissä tiedonkeruuympäristöissä tietosuojakäyttäytyminen ja tietosuojahuolet poikkeavat aikaisemmista ympäristöistä. Näissä ympäristöissä esiintyy niille ominaisia tietosuojahuolia ja huolten monitahoisuus korostuu. Koska tietosuojahuolet ovat kytköksissä muihin tietosuojakäyttäytymistä ennustaviin muuttujiin, arviointeihin voi olla aiheellista sisällyttää myös näitä muuttujia. Olemassa olevia tietosuojahuolten arviointi-instrumentteja on perusteltua käyttää arvioinnin lähtökohtana myös kehittyvissä tiedonkeruuympäristöissä, mutta niitä on mukautettava uusiin ympäristöihin soveltuviksi. Arvioinnin kehittäminen voi olla haasteellista, sillä aikaisempi tietosuojatutkimus on epäyhtenäistä. Jotta sitä voidaan soveltaa asianmukaisesti arviointien kehittämisessä, tutkimusta on vietävä kokonaisvaltaisempaan suuntaan. information privacy mixed-method research personal data personal data intensive services privacy behaviour privacy concerns privacy concerns evaluation dataintensiiviset palvelut henkilötiedot monimenetelmällinen tutkimus tietosuoja tietosuojahuolet tietosuojahuolten arviointi tietosuojakäyttäytyminen
47	GENERAL-PURPOSE STATISTICAL INFERENCE WITH DIFFERENTIAL PRIVACY GUARANTEES Zhanyu Wang (13893375) 06 December 2023 (has links) <p dir="ltr">Differential privacy (DP) uses a probabilistic framework to measure the level of privacy protection of a mechanism that releases data analysis results to the public. Although DP is widely used by both government and industry, there is still a lack of research on statistical inference under DP guarantees. On the one hand, existing DP mechanisms mainly aim to extract dataset-level information instead of population-level information. On the other hand, DP mechanisms introduce calibrated noises into the released statistics, which often results in sampling distributions more complex and intractable than the non-private ones. This dissertation aims to provide general-purpose methods for statistical inference, such as confidence intervals (CIs) and hypothesis tests (HTs), that satisfy the DP guarantees. </p><p dir="ltr">In the first part of the dissertation, we examine a DP bootstrap procedure that releases multiple private bootstrap estimates to construct DP CIs. We present new DP guarantees for this procedure and propose to use deconvolution with DP bootstrap estimates to derive CIs for inference tasks such as population mean, logistic regression, and quantile regression. Our method achieves the nominal coverage level in both simulations and real-world experiments and offers the first approach to private inference for quantile regression.</p><p dir="ltr">In the second part of the dissertation, we propose to use the simulation-based ``repro sample'' approach to produce CIs and HTs based on DP statistics. Our methodology has finite-sample guarantees and can be applied to a wide variety of private inference problems. It appropriately accounts for biases introduced by DP mechanisms (such as by clamping) and improves over other state-of-the-art inference methods in terms of the coverage and type I error of the private inference. </p><p dir="ltr">In the third part of the dissertation, we design a debiased parametric bootstrap framework for DP statistical inference. We propose the adaptive indirect estimator, a novel simulation-based estimator that is consistent and corrects the clamping bias in the DP mechanisms. We also prove that our estimator has the optimal asymptotic variance among all well-behaved consistent estimators, and the parametric bootstrap results based on our estimator are consistent. Simulation studies show that our framework produces valid DP CIs and HTs in finite sample settings, and it is more efficient than other state-of-the-art methods.</p> Data and information privacy Applied statistics Statistical theory differential privacy confidence intervals hypothesis tests simulation-based inference asymptotic statistics Gaussian differential privacy resampling distribution-free inference indirect inference
48	<strong>Deep Learning-Based Anomaly Detection in TLS Encrypted Traffic</strong> Kehinde Ayano (16650471) 03 August 2023 (has links) <p> The growing trend of encrypted network traffic is changing the cybersecurity threat scene. Most critical infrastructures and organizations enhance service delivery by embracing digital platforms and applications that use encryption to ensure that data and Information are moved across networks in an encrypted form to improve security. While this protects data confidentiality, hackers are also taking advantage of encrypted network traffic to hide malicious software known as malware that will easily bypass the conventional detection mechanisms on the system because the traffic is not transparent for the monitoring mechanism on the system to analyze. Cybercriminals leverage encryption using cryptographic protocols such as SSL/TLS to launch malicious attacks. This hidden threat exists because of the SSL encryption of benign traffic. Hence, there is a need for visibility in encrypted traffic. This research was conducted to detect malware in encrypted network traffic without decryption. The existing solution involves bulk decryption, analysis, and re-encryption. However, this method is prone to privacy issues, is not cost-efficient, and is time-consuming, creating huge overhead on the network. In addition, limited research exists on detecting malware in encrypted traffic without decryption. There is a need to strike a balance between security and privacy by building an intelligent framework that can detect malicious activity in encrypted network traffic without decrypting the traffic prior to inspection. With the payload still encrypted, the study focuses on extracting metadata from flow features to train the machine-learning model. It further deployed this set of features as input to an autoencoder, leveraging the construction error of the autoencoder for anomaly detection. </p> Data and information privacy Data security and protection System and network security Cybersecurity Privacy Encrypted Traffic Network Security Machine Learning Deep Learning
49	ANTECEDENTS AND OUTCOMES OF PERCEIVED CREEPINESS IN ONLINE PERSONALIZED COMMUNICATIONS Stevens, Arlonda M. 01 June 2016 (has links) No description available. Marketing Information Science Management Mass Media Creepy Creepy Marketing Personalized Communication Transparency Control Creepy Quadrant Online Information Privacy Concerns Online Behavioral Advertising Data Privacy Trust Customer Satisfaction
50	Language-Based Techniques for Policy-Agnostic Oblivious Computation Qianchuan Ye (18431691) 28 April 2024 (has links) <p dir="ltr">Protecting personal information is growing increasingly important to the general public, to the point that major tech companies now advertise the privacy features of their products. Despite this, it remains challenging to implement applications that do not leak private information either directly or indirectly, through timing behavior, memory access patterns, or control flow side channels. Existing security and cryptographic techniques such as secure multiparty computation (MPC) provide solutions to privacy-preserving computation, but they can be difficult to use for non-experts and even experts.</p><p dir="ltr">This dissertation develops the design, theory and implementation of various language-based techniques that help programmers write privacy-critical applications under a strong threat model. The proposed languages support private structured data, such as trees, that may hide their structural information and complex policies that go beyond whether a particular field of a record is private. More crucially, the approaches described in this dissertation decouple privacy and programmatic concerns, allowing programmers to implement privacy-preserving applications modularly, i.e., to independently develop application logic and independently update and audit privacy policies. Secure-by-construction applications are derived automatically by combining a standard program with a separately specified security policy.</p><p><br></p> Data and information privacy Data security and protection Programming languages Dependent types Algebraic data types Oblivious computation Multiparty computation Privacy policies Information flow control Functional languages

Search results