Content Abuse and Privacy Concerns in Online Social Networks

Kayes, Md Imrul

16 November 2015

Online Social Networks (OSNs) have seen an exponential growth over the last decade, with Facebook having more than 1.49 billion monthly active users and Twitter having 135,000 new users signing up every day as of 2015. Users are sharing 70 million photos per day on the Instagram photo-sharing network. Yahoo Answers question-answering community has more than 1 billion posted answers. The meteoric rise in popularity has made OSNs important social platforms for computer-mediated communications and embedded themselves into society’s daily life, with direct consequences to the offline world and activities. OSNs are built on a foundation of trust, where users connect to other users with common interests or overlapping personal trajectories. They leverage real-world social relationships and/or common preferences, and enable users to communicate online by providing them with a variety of interaction mechanisms. This dissertation studies abuse and privacy in online social networks. More specifically, we look at two issues: (1) the content abusers in the community question answering (CQA) social network and, (2) the privacy risks that comes from the default permissive privacy settings of the OSNs. Abusive users have negative consequences for the community and its users, as they decrease the community’s cohesion, performance, and participation. We investigate the reporting of 10 million editorially curated abuse reports from 1.5 million users in Yahoo Answers, one of the oldest, largest, and most popular CQA platforms. We characterize the contribution and position of the content abusers in Yahoo Answers social networks. Based on our empirical observations, we build machine learning models to predict such users. Users not only face the risk of exposing themselves to abusive users or content, but also face leakage risks of their personal information due to weak and permissive default privacy policies. We study the relationship between users’ privacy concerns and their engagement in Yahoo Answers social networks. We find privacy-concerned users have higher qualitative and quantitative contributions, show higher retention, report more abuses, have higher perception on answer quality and have larger social circles. Next, we look at users’ privacy concerns, abusive behavior, and engagement through the lenses of national cultures and discover cross-cultural variations in CQA social networks. However, our study in Yahoo Answers reveals that the majority of users (about 87%) do not change the default privacy policies. Moreover, we find a similar story in a different type of social network (blogging): 92% bloggers’ do not change their default privacy settings. These results on default privacy are consistent with general-purpose social networks (such as Facebook) and warn about the importance of user-protecting default privacy settings. We model and implement default privacy as contextual integrity in OSNs. We present a privacy framework, Aegis, and provide a reference implementation. Aegis models expected privacy as contextual integrity using semantic web tools and focuses on defining default privacy policies. Finally, this dissertation presents a comprehensive overview of the privacy and security attacks in the online social networks projecting them in two directions: attacks that exploit users’ personal information and declared social relationships for unintended purposes; and attacks that are aimed at the OSN service provider itself, by threatening its core business.

Community Question Answering

Crowdsourcing

User Behavior

Cross-cultural Variations

Contextual Integrity

Computer Sciences

Real-Time Software Vulnerabilities in Cloud Computing : Challenges and Mitigation Techniques

Okonoboh, Matthias Aifuobhokhan, Tekkali, Sudhakar

January 2011

Context: Cloud computing is rapidly emerging in the area of distributed computing. In the meantime, many organizations also attributed the technology to be associated with several business risks which are yet to be resolved. These challenges include lack of adequate security, privacy and legal issues, resource allocation, control over data, system integrity, risk assessment, software vulnerabilities and so on which all have compromising effect in cloud environment. Organizations based their worried on how to develop adequate mitigation strategies for effective control measures and to balancing common expectation between cloud providers and cloud users. However, many researches tend to focus on cloud computing adoption and implementation and with less attention to vulnerabilities and attacks in cloud computing. This paper gives an overview of common challenges and mitigation techniques or practices, describes general security issues and identifies future requirements for security research in cloud computing, given the current trend and industrial practices. Objectives: We identified common challenges and linked them with some compromising attributes in cloud as well as mitigation techniques and their impacts in cloud practices applicable in cloud computing. We also identified frameworks we consider relevant for identifying threats due to vulnerabilities based on information from the reviewed literatures and findings. Methods: We conducted a systematic literature review (SLR) specifically to identify empirical studies focus on challenges and mitigation techniques and to identify mitigation practices in addressing software vulnerabilities and attacks in cloud computing. Studies were selected based on the inclusion/exclusion criteria we defined in the SLR process. We search through four databases which include IEEE Xplore, ACM Digital Library, SpringerLinks and SciencDirect. We limited our search to papers published from 2001 to 2010. In additional, we then used the collected data and knowledge from finding after the SLR, to design a questionnaire which was used to conduct industrial survey which also identifies cloud computing challenges and mitigation practices persistent in industry settings. Results: Based on the SLR a total of 27 challenges and 20 mitigation techniques were identified. We further identified 7 frameworks we considered relevant for mitigating the prevalence real-time software vulnerabilities and attacks in the cloud. The identified challenges and mitigation practices were linked to compromised cloud attributes and the way mitigations practices affects cloud computing, respectively. Furthermore, 5 and 3 additional challenges and suggested mitigation practices were identified in the survey. Conclusion: This study has identified common challenges and mitigation techniques, as well as frameworks practices relevant for mitigating real-time software vulnerabilities and attacks in cloud computing. We cannot make claim on exhaustive identification of challenges and mitigation practices associated with cloud computing. We acknowledge the fact that our findings might not be sufficient to generalize the effect of the different service models which include SaaS, IaaS and PaaS, and also true for the different deployment models such as private, public, community and hybrid. However, this study we assist both cloud provider and cloud customers on the security, privacy, integrity and other related issues and useful in the part of identifying further research area that can help in enhancing security, privacy, resource allocation and maintain integrity in the cloud environment. / Kungsmarksvagen 67 SE-371 44 Karlskrona Sweden Tel: 0737159290

Cloud Computing

Software Vulnerability

System Integrity

Distributed Systems

Computer Sciences

Datavetenskap (datalogi)

Software Engineering

Programvaruteknik

Information Security in Home Healthcare

Åhlfeldt, Rose-Mharie

January 2001

Healthcare is very information-intensive. Hence, it has become necessary to use the support of computers in order to efficiently improve such an information-intensive organisation. This thesis points out deficiencies in the area of information security in home healthcare regarding personal integrity and secrecy. Home healthcare is, in Sweden, performed by the municipalities. The work is based on the recommendations and common advice for processing of personal data compiled by the Data Inspection Board. Two municipalities in the Västra Götaland Region have been investigated. One of the municipalities has a manual system and the other has a computerized system for personal data management. The work includes a field study where persons from both municipalities have been observed. It also includes interviews based on the comprehensive questions from the Data Inspection Board and questions arisen from the observations. The work shows that a very clear need of training among personnel involved in home healthcare. It also shows the need for elaborate security measures including levels on access profiles. A weak point concerning security is also the heavy use of facsimile transmission for information distribution.

Information security

home healthcare

healthcare informatics

personal integrity

secrecy

Information Systems

System Integrity for Smartphones : A security evaluation of iOS and BlackBerry OS

Hansson, Fredrik

January 2011

Smartphones are one of the most popular technology gadgets on the market today. The number of devices in the world is growing incredibly fast and they have today taken an important place in many person's everyday life. They are small, powerful, always connected to the Internet and they are usually containing a lot of personal information such as contact lists, pictures and stored passwords. They are sometimes even used as login tokens for Internet bank services and web sites. Smartphones are, undoubtedly, incredible devices! But are smartphones secure and is stored information safe? Can and should these devices be trusted to keep sensitive information and personal secrets? Every single day newspapers and researcher warns about new smartphone malwares and other security breaches regarding smartphones. So, are smartphones safe to use or are they a spy's best friend in order to surveil a person? Can a user do anything to make the device more secure and safe enough to use it in a secure manner? All these questions are exactly what this paper is about! This paper is addressing two popular smartphone platforms, iOS and BlackBerry OS, in order to evaluate how secure these systems are, what risks that occur when using them and how to harden the platform security to make these platforms as secure and safe to use as possible. Another aim of this paper is to discuss and give suggestions on how a separate and dedicated hardware token can be used to improve the platform security even further. In order to evaluate the security level of these platforms, a risk and threat analysis has been made as well as some practical testing to actually test what can be done. The test part consists mostly of a proof-of-concept spyware application implemented for iOS and an IMSI-catcher used to eavesdrop on calls by using a rogue GSM base transceiver station. The implemented spyware was able to access and transfer sensitive data from the device to a server without notifying the user about it. The rogue base station attack was even scarier since with only a few days work and equipment for less than $1500 can smartphones be tricked to connect to a rogue base station and all outgoing calls can be intercepted and recorded. The risk analysis resulted in not less than 19 identified risks with mixed severity of the impact. Some configurations and usage recommendation is given in order to prevent or mitigate these risks to make the usage of these platforms safer. The aim of suggesting how a hardware token can be used to strengthening these platforms have been a bit of failure since no really working suggestion has been possible to give. It is a result of that these systems are tightly closed for modification by third parties, and such modifications are needed in order to implement a working hardware token. However, a few partial suggestions for how such a token can work are given. The result of this work indicates that neither iOS nor BlackBerry OS is entirely secure and both need to be configured and used in a correct way to be safe for the user. The benefits of a hardware token should be huge for these systems but the implementations that are possible to do is not enough and it might not be of interest to implement a hardware token for these systems at the moment. Some of the identified risks require the attacker to have physical access to the device and this can only be prevented if the user is careful and acts wisely. So, if you want to use high technology gadgets such as smartphones, be sure to be a smart user!

Smartphone

Integrity

iOS

BlackBerry OS

Risk analysis

Computer Sciences

Datavetenskap (datalogi)

Gränsen mellan publikt och privat på Twitter : En studie om svenska twitteranvändares syn på delning av privat information på Twitter / The line between public and private on Twitter : A study of Swedish twitter users' views on the sharing of private information on Twitter

Ekman, Gabriella, Karlsson, Victor

January 2011

In this report we make an attempt to analyze where Swedish Twitter users believe the line is drawn between the private and public. Our goal is to find out what the factors are that determine what they decide to write on Twitter and what not. A survey was sent out and spread amongst Swedish Twitter users during one week to provide us with the data to answer our question formulation. The results do not draw an exact line between the private and the public but it nevertheless provides us with an idea of what users think is inappropriate to write about on Twitter. Through the study we found out that our respondents believe that it is inappropriate to write private information about others than them self. They also believe that racist and offensive comments are inappropiate. Our study also gives us some indication that Swedish Twitter users are rather open concerning sharing of private information about themselves.

Twitter

microblogging

security

integrity

social media

Twitter

microbloggning

säkerhet

integritet

sociala medier.

Media and Communication Technology

Medieteknik

Contributions expérimentales et numériques pour la compréhension de l’intégrité des surfaces induite par un outil combiné usinage – galetage / Numerical and experimental contributions for a fundamental understanding of the surface integrity induced by a combined turning burnishing process

Rami, Anis

02 October 2017

Le procédé de tournage galetage (CoTuB) est un traitement d'usinage innovant réalisant les procédés de tournage et de galetage à billes simultanément et sur la même machine-outil. L'objectif du procédé combiné est d'améliorer l'intégrité de surface et en même temps d'augmenter la productivité par rapport aux traitements conventionnels de surface et les procédés d'usinage. En adoptant un plan d’expérience, il a été démontré qu'une amélioration considérable de l’intégrité de surface pourrait être obtenue en utilisant le nouveau procédé combiné et en sélectionnant les paramètres appropriés. Pour effectuer une étude paramétrique, un ensemble d'expériences basées sur un plan d’expérience de type Taguchi complété par une analyse de la variance (ANOVA) a été réalisée. Le but de cette étude expérimentale est d'identifier les paramètres optimaux du tournage / galetage lors du traitement de l'acier 42 Cr Mo 4 permettant de donner une intégrité de surface optimale.Pour une meilleure compréhension des phénomènes impliqués lors du procédé combiné d'usinage / galetage, des approches et méthodologies numériques ont été développées afin de reproduire le procédé combiné. Une nouvelle approche numérique, appelée «Approche Mixte», est développée et utilisée afin de simplifier la simulation du procédé combiné. Cette approche combine des données expérimentales et numériques afin de déterminer la forme et de quantifier les chargements thermiques et mécaniques exercés par l'outil de coupe sur la surface usinée sur chaque zone de cisaillement. Cette nouvelle méthode a permis d'effectuer une simulation 3D du procédé de tournage-galetage combiné et permet de simuler plusieurs passages des outils autour de la surface usinée. La simulation permet de prédire les contraintes résiduelles induites par le procédé combiné et la comparaison révèle un bon accord entre les résultats numériques et expérimentaux. / The Combined Turning-Burnishing (CoTuB) process is an innovative machining treatment that performs turning and ball-burnishing processes simultaneously and on the same machine tool. The aim of performing the combined process is to enhance surface integrity and increase productivity at the same time when compare to conventional surface treatment and machining processes. Based on adopting design of experiments, it has been depicted that a considerable improvement in surface quality could be obtained meaning the new combined process by using the suitable process parameters. In order to carry out a parametric study, a set of experiments based on Taguchi method completed with a statistical analysis of variance (ANOVA) were performed. The aim of this experimental investigation is to identify the optimal turning/burnishing parameters when treating AISI 4140 steel. This helps to get an optimal surface integrity. For a better understanding of the phenomena involved during combined machining / burnishing processes, numerical approaches and methodologies for reproducing the combined turning-burnishing process have been performed. A new approach, called the "Mixed Approach", is developed and used in order to simplify the simulation of the combined process. This approach combines experimental and numerical data in order to determine shape and to quantify thermal and mechanical loadings exerted by the cutting tool on the machined surface on each shear zone. This new method allowed to perform a 3D simulation of combined turning-burnishing and allows to model several tool passages on the machined surface. The simulation allows to predict residual stresses induced by the combined process and the comparison reveals good agreements between numerical and experimental results.

Tournage

Galetage

Intégrité de surface

Expérimentation

Simulation 3D

Turning

Burnishing

Surface integrity

Experimentation

3D simulation

English language teachers' perceptions of academic integrity and classroom behaviour of culturally diverse adult English Language Learners (ELLs) in Canada : a critical perspective

Nawaz, Shazia

January 2017

The study is based in critical issues in the field of English Language Teaching (ELT) as second or additional language and informed by Critical Pedagogy (CP), the study uses thematic discourse analysis through critical analysis techniques. The main focus of this research is to explore the extent of intercultural understanding and perceptions of the English Language Teachers (ELTs) towards students in their culturally heterogeneous ELT classrooms about certain academic behaviours, namely plagiarism (Academic Integrity) and learners’ classroom participation and relationship of these academic tasks to the cultural orientation of English Language Learners (ELLs) in ELT classrooms in the Canadian context. Participating ELTs teach adult students of color and ethnic diversity in different English language teaching situations and come both from across Canada, at the macro level (Stage 1-survey questionnaire), and from Nova Scotia, at the micro level (Stage 2-focus group discussions). The thesis also demonstrates factors that may contribute to Canadian ELTs’ perceptions about the issue of understanding non-white and racially non-main stream ELLs. The thesis aims at bringing attention to the need for a collaboratively developed Professional Development (PD) training component focused on intercultural understanding from a critical perspective, for the ELTs in the Canadian context. It is expected that the findings will gain some traction among the ELT community, especially in the Canadian context and will contribute to highlighting the importance of understanding of cultural differences and inclusion of this understating in the continuous professional development of English language teachers.

A Formal Approach to Combining Prospective and Retrospective Security

Amir-Mohammadian, Sepehr

01 January 2017

The major goal of this dissertation is to enhance software security by provably correct enforcement of in-depth policies. In-depth security policies allude to heterogeneous specification of security strategies that are required to be followed before and after sensitive operations. Prospective security is the enforcement of security, or detection of security violations before the execution of sensitive operations, e.g., in authorization, authentication and information flow. Retrospective security refers to security checks after the execution of sensitive operations, which is accomplished through accountability and deterrence. Retrospective security frameworks are built upon auditing in order to provide sufficient evidence to hold users accountable for their actions and potentially support other remediation actions. Correctness and efficiency of audit logs play significant roles in reaching the accountability goals that are required by retrospective, and consequently, in-depth security policies. This dissertation addresses correct audit logging in a formal framework. Leveraging retrospective controls beside the existing prospective measures enhances security in numerous applications. This dissertation focuses on two major application spaces for in-depth enforcement. The first is to enhance prospective security through surveillance and accountability. For example, authorization mechanisms could be improved by guaranteed retrospective checks in environments where there is a high cost of access denial, e.g., healthcare systems. The second application space is the amelioration of potentially flawed prospective measures through retrospective checks. For instance, erroneous implementations of input sanitization methods expose vulnerabilities in taint analysis tools that enforce direct flow of data integrity policies. In this regard, we propose an in-depth enforcement framework to mitigate such problems. We also propose a general semantic notion of explicit flow of information integrity in a high-level language with sanitization. This dissertation studies the ways by which prospective and retrospective security could be enforced uniformly in a provably correct manner to handle security challenges in legacy systems. Provable correctness of our results relies on the formal Programming Languages-based approach that we have taken in order to provide software security assurance. Moreover, this dissertation includes the implementation of such in-depth enforcement mechanisms for a medical records web application.

Break the glass policies

Cybersecurity

Integrity

Prospective security

Retrospective security

Taint analysis

Computer Sciences

Integration of an in vitro blood brain barrier model with organic electrochemical transistors / Intégration d’un model in vitro de barrière hémato-encéphalique avec des transistors organiques électrochimiques.

Bongo, Manuelle

29 September 2014

Dans les systèmes biologiques, les barrières tissulaires permettent le transport sélectif de molécules du sang au tissu approprié. Un exemple de barrière tissulaire est la barrière hémato-encéphalique (BHE). La BHE protège le cerveau du sang et maintient l'homéostasie du microenvironnement du cerveau, ce qui est essentiel à l'activité et à la fonction neuronale. La caractérisation de cette BHE est importante, car un dysfonctionnement de cette barrière est souvent révélateur de toxicité ou de maladie. Bien que le nombre d'articles publiés dans le domaine du développement et de la caractérisation de la BHE ait été multiplié ces dernières années, la validité des modèles utilisés est encore un sujet de débat. L'avènement de l'électronique organique a créé une occasion unique pour coupler les mondes de l'électronique et de la biologie, à l'aide de dispositifs tels que le transistor électrochimique organique (OECT). OECT constitue un outil très sensible et économique pour diagnostiquer l’intégrité d’une barrière tissulaire. Dans cette étude, nous avons tout d’abord développé trois différents modèles de BHE. Nous avons optimisé l’adhésion des cellules endothéliales cérébrales sur la matière active du transistor. Nous avons ainsi pu établir l'intégration des OECTs avec des cellules immortalisées humaines micro vasculaires cérébrales endothéliales (h CMEC/D3) en tant que modèle in vitro de BHE. Nous avons démontré que la fonction de tissu de la BHE peut être détectée en utilisant cette nouvelle technique. En outre, par cette technique, une perturbation de la barrière (par exemple, provoquée par un composé toxique) pourra être détectée électriquement au moyen d'une mesure de courant. / In biological systems many tissue types have evolved a barrier function to selectively allow the transport of matter from the lumen to the tissue beneath; one example is the Blood Brain Barrier (BBB). The BBB protects the brain from the blood and maintains homeostasis of the brain microenvironment, which is crucial for neuronal activity and function. Characterization of the BBB is very important as its disruption or malfunction is often indicative of toxicity/disease. Though the number of published papers in the field of in vitro BBB has multiplied in recent years, the validity of the models used is still a subject of debate.The advent of organic electronics has created a unique opportunity to interface the worlds of electronics and biology, using devices such as the Organic ElectroChemical Transistor (OECT), which provide a very sensitive way to detect minute ionic currents in an electrolyte as the transistor amplifies the gate current.In this study, we test three different type of BBB in order to develop a stable BBB model. We optimize the adhesion of brain endothelial cell on OECT conducting polymer. We show the integration of OECTs with immortalized human cerebral microvascular endothelial cells as a model of human blood brain barrier, and demonstrate that the barrier tissue function can be detected. Moreover, by this technique, a disruption in the barrier (e.g. caused by a toxic compound) is assessed electrically through a measurement of the drain current. Results show the successful development and validation of an in vitro BBB model. Dynamic monitoring of the barrier properties of the BBB barrier tissue was possible using the OECT.

Barrière hémato-encéphalique

Intégrité

OECT

Blood Brain Barrier

Integrity

OECT

Brain endothelial cell

An assessment of the ecological integrity of Reed Pans on the Mpumalanga Highveld

De Klerk, Arno Reed

16 May 2011

M.Sc. / Mpumalanga, “the place where the sun rises”, sets the scene for one of the rarest wetland types in South Africa. They are formed on one of the last remnants of the ancient African land surface, contain peat and together with a variety of other pan types make up the Mpumalanga Lakes District. Of these approximately 320 pans, only ±2.3% are reed pans. These endorheic wetlands are unique from other pan types and peatlands in South Africa and support an abundant biodiversity. They perform vital functions such as water storage, filtering out impurities and carbon fixation, which prevents an excess release of CO2 into the atmosphere. There is very little known about these endorheic wetlands and thus they are constantly being threatened by various activities such as agriculture, livestock and mining. The objectives of this study were to determine the spatial and temporal variation of macroinvertebrate community structures of reed pans and the environmental factors, such as water quality, responsible for the maintenance of these structures; to determine the best method for sampling aquatic invertebrates in reed pans; as well as to determine the relationship between aquatic invertebrates and the water, sediment and habitat quality of a reed pan. Together with this the amphibian diversity as well as the occurrence of other biotic components was determined. Four reed pans were assessed during four different seasons over a one year period to account for the different hydrological extremes. Sub-surface water samples were analyzed for their suspended solid content, nutrient levels, metals and chlorophyll-a concentrations as well as in situ water quality parameters. Sediment samples were analyzed for metal concentrations, organic carbon and water content, as well as sediment size distribution. Invertebrates were collected using the following sampling techniques: aquatic light trap, terrestrial light trap, emergent trap, sweep net, plankton net, as well as benthic sampling using an Eckman grab.

Pans (Geomorphology)

Ecological integrity

Lake ecology

Aquatic invertebrates

Water quality biological assessment

Mpumalanga (South Africa)