Preservation of privacy in sensitive data publishing. / 隱私保護數據發佈 / Yin si bao hu shu ju fa bu

January 2008

Li, Jiexing. / Thesis (M.Phil.)--Chinese University of Hong Kong, 2008. / Includes bibliographical references (leaves [105]-110). / Abstracts in English and Chinese. / Abstract --- p.i / Acknowledgement --- p.iv / Chapter 1 --- Introduction --- p.1 / Chapter 1.1 --- Problem Statement --- p.1 / Chapter 1.2 --- Contributions --- p.3 / Chapter 1.3 --- Thesis Organization --- p.5 / Chapter 2 --- Background Study --- p.7 / Chapter 2.1 --- Generalization Algorithms --- p.7 / Chapter 2.2 --- Privacy Principles --- p.10 / Chapter 2.3 --- Other Related Research --- p.11 / Chapter 3 --- Anti-Corruption Privacy Preserving Publication --- p.13 / Chapter 3.1 --- Motivation --- p.13 / Chapter 3.2 --- Problem Settings --- p.14 / Chapter 3.3 --- Defects of Generalization --- p.18 / Chapter 3.4 --- Perturbed Generalization --- p.23 / Chapter 3.5 --- Modeling Privacy Attacks --- p.26 / Chapter 3.5.1 --- Corruption-Aided Linking Attacks --- p.26 / Chapter 3.5.2 --- Posterior Confidence Derivation --- p.28 / Chapter 3.6 --- Formal Results --- p.30 / Chapter 3.7 --- Experiments --- p.34 / Chapter 3.8 --- Summary --- p.37 / Chapter 4 --- Preservation of Proximity Privacy --- p.39 / Chapter 4.1 --- Motivation --- p.39 / Chapter 4.2 --- Formalization --- p.40 / Chapter 4.2.1 --- Privacy Attacks --- p.41 / Chapter 4.2.2 --- "(ε, m)-Anonymity" --- p.42 / Chapter 4.3 --- Inadequacy of the Existing Methods --- p.44 / Chapter 4.3.1 --- Inadequacy of Generalization Principles --- p.45 / Chapter 4.3.2 --- Inadequacy of Perturbation --- p.49 / Chapter 4.4 --- "Characteristics of (Epsilon, m) Anonymity" --- p.51 / Chapter 4.4.1 --- A Reduction --- p.51 / Chapter 4.4.2 --- Achievable Range of m Given e1and e2 --- p.53 / Chapter 4.4.3 --- Achievable e1 and e2 Given m --- p.57 / Chapter 4.4.4 --- Selecting the Parameters --- p.60 / Chapter 4.5 --- Generalization Algorithm --- p.61 / Chapter 4.5.1 --- Non-Monotonicity and Predictability --- p.61 / Chapter 4.5.2 --- The Algorithm --- p.63 / Chapter 4.6 --- Experiments --- p.65 / Chapter 4.7 --- Summary --- p.70 / Chapter 5 --- Privacy Preserving Publication for Multiple Users --- p.71 / Chapter 5.1 --- Motivation --- p.71 / Chapter 5.2 --- Problem Definition --- p.74 / Chapter 5.2.1 --- K-Anonymity --- p.75 / Chapter 5.2.2 --- An Observation --- p.76 / Chapter 5.3 --- The Butterfly Method --- p.78 / Chapter 5.3.1 --- The Butterfly Structure --- p.78 / Chapter 5.3.2 --- Anonymization Algorithm --- p.83 / Chapter 5.4 --- Extensions --- p.89 / Chapter 5.4.1 --- Handling More Than Two QIDs --- p.89 / Chapter 5.4.2 --- Handling Collusion --- p.91 / Chapter 5.5 --- Experiments --- p.93 / Chapter 5.6 --- Summary --- p.101 / Chapter 6 --- Conclusions and Future Work --- p.102 / Chapter A --- List of Publications --- p.104 / Bibliography --- p.105

Data protection

Computer security

Parent's use of strategies to monitor children's activities online

Maserumule, Ngwanadira Tebogo

January 2017

Thesis (M.Com. (Information Systems))--University of the Witwatersrand, Faculty of Commerce, Law and Management, School of Economic and Business Sciences, 2017 / Although studies have been conducted on the effectiveness of different types of filtering software, limited knowledge is available on parents’ use of strategies to monitor their children’s activities online. Thus, identifying understanding parents’ use of strategies to monitor children’s activities online and the extent in which parents use content filtering software will contribute to the body of knowledge. The purpose of this study is to understand parent’s use of strategies to monitor children’s activities online and the extent in which they use content filtering software in Gauteng Province, South Africa. The study adopted a Social Cognitive Theory to develop a conceptual framework and identify existing theoretical concepts. The conceptual framework adapted Bandura’s (2001) framework to inform data analysis. Data were collected through semi-structured interviews and qualitative, thematic content analysis was used for data analyses. The results of the study indicated that parents do use various strategies to monitor children’s activities online and further apply knowledge, experience, and social support as a rationale for using those strategies. The study further revealed that there is a gap between parents, technology industry and government regarding the use of content filtering software. Thus, the study recommends parents, industry and government work together to protecting children online through various strategies and address the concerns regarding the use of content filtering software. Parents’ need to understand the importance of content filtering software and discuss this with their children to be able to protect them online without restricting access to relevant information. Keywords: Harmful content, blocking, strategies, filtering, online content, software, use, non-use, strategies / GR2018

Computers--Access control

Internet and children

Internet--Security measures

Internet--Censorship

EPA-RIMM-V: Efficient Rootkit Detection for Virtualized Environments

Vibhute, Tejaswini Ajay

12 July 2018

The use of virtualized environments continues to grow for efficient utilization of the available compute resources. Hypervisors virtualize the underlying hardware resources and allow multiple Operating Systems to run simultaneously on the same infrastructure. Since the hypervisor is installed at a higher privilege level than the Operating Systems in the software stack it is vulnerable to rootkits that can modify the environment to gain control, crash the system and even steal sensitive information. Thus, runtime integrity measurement of the hypervisor is essential. The currently proposed solutions achieve the goal by relying either partially or entirely on the features of the hypervisor itself, causing them to lack stealth and leaving themselves vulnerable to attack. We have developed a performance sensitive methodology for identifying rootkits in hypervisors from System Management Mode (SMM) while using the features of SMI Transfer Monitor (STM). STM is a recent technology from Intel and it is a virtual machine manager at the firmware level. Our solution extends a research prototype called EPA-RIMM, developed by Delgado and Karavanic at Portland State University. Our solution extends the state of the art in that it stealthily performs measurements of hypervisor memory and critical data structures using firmware features, keeps performance perturbation to acceptable levels and leverages the security features provided by the STM. We describe our approach and include experimental results using a prototype we have developed for Xen hypervisor on Minnowboard Turbot, an open hardware platform.

Rootkits (Computer software)

Computer Sciences

Automated analysis of industrial scale security protocols

Plasto, Daniel

Unknown Date

Security protocols provide a communication architecture upon which security-sensitive distributed applications are built. Flaws in security protocols can expose applications to exploitation and manipulation. A number of formal analysis techniques have been applied to security protocols, with the ultimate goal of verifying whether or not a protocol fulfils its stated security requirements. These tools are limited in a number of ways. They are not fully automated and require considerable effort and expertise to operate. The specification languages often lack expressiveness. Furthermore the model checkers often cannot handle large industrial scale protocols due to the enormous number of states generated.Current research is addressing many of the limitations of the older tools by using state-of-the-art search optimisation and modelling techniques. This dissertation examines new ways in which industrial protocols can be analysed and presents abstract communication channels; a method for explicitly specifying assumptions made about the medium over which participants communicate.

Computer network protocols

Computer networks;Security measures

Computer Science (0984)

Trust in distributed information systems

Zhao, Weiliang, University of Western Sydney, College of Health and Science, School of Computing and Mathematics

January 2008

Trust management is an important issue in the analysis and design of secure information systems. This is especially the case where centrally managed security is not possible. Trust issues arise not only in business functions, but also in technologies used to support these functions. There are a vast number of services and applications that must accommodate appropriate notions of trust. Trust and trust management have become a hot research area. The motivation of this dissertation is to build up a comprehensive trust management approach that covers the analysis/modelling of trust relationships and the development of trust management systems in a consistent manner. A formal model of trust relationship is proposed with a strict mathematical structure that can not only reflect many of the commonly used notions of trust, but also provide a solid basis for a unified taxonomy framework of trust where a range of useful properties of trust relationships can be expressed and compared. A classification of trust relationships is presented. A set of definitions, propositions, and operations are proposed for the properties about scope and diversity of trust relationships, direction and symmetry of trust relationships, and relations of trust relationships. A general methodology for analysis and modelling of trust relationships in distributed information system is presented. The general methodology includes a range of major concerns in the whole lifecycle of trust relationships, and provides practical guidelines for analysis and modelling of trust relationships in the real world. A unified framework for trust management is proposed. Trust request, trust evaluation, and trust consuming are handled in a comprehensive and consistent manner. A variety of trust mechanisms including reputation, credentials, local data, and environment parameters are covered under the same framework. A trust management architecture is devised for facilitating the development of trust management systems. A trust management system for federated medical services is developed as an implementation example of the proposed trust management architecture. An online booking system is developed to show how a trust management system is employed by applications. A trust management architecture for web services is devised. It can be viewed as an extension of WS-Trust with the ability to integrate the message building blocks supported by web services protocol stack and other trust mechanisms. It provides high level architecture and guidelines for the development and deployment of a trust management layer in web services. Trust management extension of CardSpace identity system is introduced. Major concerns are listed for the analysis and modelling of trust relationships, and development of trust management systems for digital identities. / Doctor of Philosophy (PhD)

trust

computer networks

electronic commerce

security measures

data protection

Data privacy : the non-interactive setting

Narayanan, Arvind, 1981-

16 October 2012

The Internet has enabled the collection, aggregation and analysis of personal data on a massive scale. It has also enabled the sharing of collected data in various ways: wholesale outsourcing of data warehousing, partnering with advertisers for targeted advertising, data publishing for exploratory research, etc. This has led to complex privacy questions related to the leakage of sensitive user data and mass harvesting of information by unscrupulous parties. These questions have information-theoretic, sociological and legal aspects and are often poorly understood. There are two fundamental paradigms for how the data is released: in the interactive setting, the data collector holds the data while third parties interact with the data collector to compute some function on the database. In the non-interactive setting, the database is somehow \sanitized" and then published. In this thesis, we conduct a thorough theoretical and empirical investigation of privacy issues involved in non-interactive data release. Both settings have been well analyzed in the academic literature, but simplicity of the non-interactive paradigm has resulted in its being used almost exclusively in actual data releases. We analyze several common applications including electronic directories, collaborative ltering and recommender systems, and social networks. Our investigation has two main foci. First, we present frameworks for privacy and anonymity in these dierent settings within which one might dene exactly when a privacy breach has occurred. Second, we use these frameworks to experimentally analyze actual large datasets and quantify privacy issues. The picture that has emerged from this research is a bleak one for noninteractivity. While a surprising level of privacy control is possible in a limited number of applications, the general sense is that protecting privacy in the non-interactive setting is not as easy as intuitively assumed in the absence of rigorous privacy denitions. While some applications can be salvaged either by moving to an interactive setting or by other means, in others a rethinking of the tradeos between utility and privacy that are currently taken for granted appears to be necessary. / text

Internet--Security measures

Data protection

Electronic data interchange

Computer security

Secure and privacy-preserving protocols for VANETs

Chim, Tat-wing., 詹達榮.

January 2011

published_or_final_version / Computer Science / Doctoral / Doctor of Philosophy

A study of international security requirement on Hong Kong air cargo industry : development and challenges

Tang, Yu-to, Matthew, 鄧汝滔

January 2012

Currently, most of the research related to aviation sector of Hong Kong would focus on infrastructure perspective such as the building of 3rd runway in HKIA and the cooperation issues among airports in Pearl River Delta (PRD) Region in order to analyze the impact towards competitiveness of Hong Kong as a major international air cargo hub. However, there are not much research on air cargo industry has been done from security perspective but the recent trend of tightening international security requirement has already brought significant impact on the competitiveness of Hong Kong air logistics sector. In fact, the United States enacted the Aviation and Transportation Security Act (ATSA) after the 9/11 incident in 2001 already signaled a new era in air cargo transportation. Significant security measures have been implemented to all facilities shipping cargo to the United States and air cargo sector in Hong Kong would be included. Since most of the international air cargo that enters the United States transits through large hub facilities in Asia such as Hong Kong, there is a strong air cargo network linkage between Hong Kong and the United States. This study aims to understand the major development of international air cargo security requirement and the consequences for Hong Kong air cargo industry. This study also examines challenges of the requirement on Hong Kong air cargo industry from operational and economic perspective. An in-depth interview would be conducted to obtain industrial insights on developing recommendations on fulfilling the requirement in a cost-effective manner. This study would act as a stepping stone for further analysis on providing recommendations to facilitate the security requirement development in Hong Kong air cargo industry. / published_or_final_version / Transport Policy and Planning / Master / Master of Arts in Transport Policy and Planning

Protocol design for scalable and reliable group rekeying

Zhang, Xincheng

28 August 2008

Not available / text

Computer network protocols--Design

Computer networks--Security measures

Automatic validation of secure authentication protocols

Kim, Kyoil, 1964-

11 July 2011

Not available / text

Computer networks--Security measures

Computer network protocols

Computer security