A framework for an adaptive early warning and response system for insider privacy breaches

Almajed, Yasser M.

January 2015

Organisations such as governments and healthcare bodies are increasingly responsible for managing large amounts of personal information, and the increasing complexity of modern information systems is causing growing concerns about the protection of these assets from insider threats. Insider threats are very difficult to handle, because the insiders have direct access to information and are trusted by their organisations. The nature of insider privacy breaches varies with the organisation’s acceptable usage policy and the attributes of an insider. However, the level of risk that insiders pose depends on insider breach scenarios including their access patterns and contextual information, such as timing of access. Protection from insider threats is a newly emerging research area, and thus, only few approaches are available that systemise the continuous monitoring of dynamic insider usage characteristics and adaptation depending on the level of risk. The aim of this research is to develop a formal framework for an adaptive early warning and response system for insider privacy breaches within dynamic software systems. This framework will allow the specification of multiple policies at different risk levels, depending on event patterns, timing constraints, and the enforcement of adaptive response actions, to interrupt insider activity. Our framework is based on Usage Control (UCON), a comprehensive model that controls previous, ongoing, and subsequent resource usage. We extend UCON to include interrupt policy decisions, in which multiple policy decisions can be expressed at different risk levels. In particular, interrupt policy decisions can be dynamically adapted upon the occurrence of an event or over time. We propose a computational model that represents the concurrent behaviour of an adaptive early warning and response system in the form of statechart. In addition, we propose a Privacy Breach Specification Language (PBSL) based on this computational model, in which event patterns, timing constraints, and the triggered early warning level are expressed in the form of policy rules. The main features of PBSL are its expressiveness, simplicity, practicality, and formal semantics. The formal semantics of the PBSL, together with a model of the mechanisms enforcing the policies, is given in an operational style. Enforcement mechanisms, which are defined by the outcomes of the policy rules, influence the system state by mutually interacting between the policy rules and the system behaviour. We demonstrate the use of this PBSL with a case study from the e-government domain that includes some real-world insider breach scenarios. The formal framework utilises a tool that supports the animation of the enforcement and policy models. This tool also supports the model checking used to formally verify the safety and progress properties of the system over the policy and the enforcement specifications.

658.4

Functional distributional semantics : learning linguistically informed representations from a precisely annotated corpus

Emerson, Guy Edward Toh

January 2018

The aim of distributional semantics is to design computational techniques that can automatically learn the meanings of words from a body of text. The twin challenges are: how do we represent meaning, and how do we learn these representations? The current state of the art is to represent meanings as vectors - but vectors do not correspond to any traditional notion of meaning. In particular, there is no way to talk about 'truth', a crucial concept in logic and formal semantics. In this thesis, I develop a framework for distributional semantics which answers this challenge. The meaning of a word is not represented as a vector, but as a 'function', mapping entities (objects in the world) to probabilities of truth (the probability that the word is true of the entity). Such a function can be interpreted both in the machine learning sense of a classifier, and in the formal semantic sense of a truth-conditional function. This simultaneously allows both the use of machine learning techniques to exploit large datasets, and also the use of formal semantic techniques to manipulate the learnt representations. I define a probabilistic graphical model, which incorporates a probabilistic generalisation of model theory (allowing a strong connection with formal semantics), and which generates semantic dependency graphs (allowing it to be trained on a corpus). This graphical model provides a natural way to model logical inference, semantic composition, and context-dependent meanings, where Bayesian inference plays a crucial role. I demonstrate the feasibility of this approach by training a model on WikiWoods, a parsed version of the English Wikipedia, and evaluating it on three tasks. The results indicate that the model can learn information not captured by vector space models.

Systèmes à base de traces modélisées : modèles et langages pour l'exploitation des traces d'interactions / Modelled trace-based systems : models and languages for exploiting interactions traces

Settouti, Lotfi

14 January 2011

Ce travail de thèse s'inscrit dans le cadre du projet < personnalisation des environnements informatiques pour l'apprentissage humain (EIAH) > financé par la Région Rhône-Alpes. La personnalisation des EIAH est essentiellement dépendante de la capacité à produire des traces pertinentes et exploitables des activités des apprenants interagissant avec un EIAH. Dans ce domaine, l'exploitation des traces relève explicitement plusieurs problématiques allant de sa représentation de manière normalisée et intelligible à son traitement et interprétation en temps différé ou en temps réel au moment même de l'apprentissage. La multiplication des pratiques et des usages des traces requiert des outils génériques pour soutenir leurs exploitations. L'objectif de cette thèse est de définir les fondements théoriques de tels outils génériques permettant l'exploitation des traces d'interaction. Ceci nous a amené à définir la notion de Systèmes à Base de Trace modélisées : une classe de systèmes à base de connaissances facilitant le raisonnement et l'exploitation des traces modélisées. L'approche théorique proposée pour construire de tels systèmes s'articule autour de deux contributions : (1) La définition d'un cadre conceptuel définissant les concepts, l'architecture et les services mobilisés par les SBT. (2) La définition d'un cadre formel pour les systèmes à base de traces modélisées. Plus précisément, la proposition d'un langage pour l'interrogation et la transformation de trace modélisées à base de règles permettant des évaluations ponctuelles et continues. La sémantique formelle de ce langage est définie sous forme d'une théorie des modèles et d'une théorie de point fixe, deux formalismes habituellement utilisés pour décrire la sémantique formelle des langages de représentation de connaissances / This thesis is funded by the Rhône-Alpes Region as a part of the project < Personalisation of Technology-Enhanced Learning (TEL) Systems >. Personalising TEL Systems is, above all, dependent on the capacity to produce relevant and exploitable traces of individual or collaborative learning activities. In this field, exploiting interaction traces addresses several problems ranging from its representation in a normalised and intelligible manner to its processing and interpretation in continuous way during the ongoing TEL activities. The proliferation of trace-based exploitations raises the need of generic tools to support their representation and exploitation. The main objective of this thesis is to define the theoretical foundations of such generic tools. To do that, we define the notion of Trace-Based System (TBS) as a kind of Knowledge-based system whose main source of knowledge is a set of trace of user-system interactions. This thesis investigates practical and theoretical issues related to TBS, covering the spectrum from concepts, services and architecture involved by such TBS (conceptual framework) to language design over declarative semantics (formal framework). The central topic of our framework is the development of a high-level trace transformation language supporting deductive rules as an abstraction and reasoning mechanism for traces. The declarative semantics for such language is defined by a (Tarski-style) model theory with accompanying fixpoint theory

Trace d’interactions

Personnalisation des EIAH

Langages d’interrogation de données

Sémantique déclarative

Sémantique formelle

Ingénierie des connaissances

Interaction traces

Knowledge representation languages

Data query languages

Semantics declarative

Semantics formal

Engineering of the knowledge

001.2