• Refine Query
  • Source
  • Publication year
  • to
  • Language
  • 8
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • Tagged with
  • 14
  • 14
  • 6
  • 5
  • 4
  • 4
  • 4
  • 3
  • 3
  • 3
  • 3
  • 3
  • 2
  • 2
  • 2
  • About
  • The Global ETD Search service is a free service for researchers to find electronic theses and dissertations. This service is provided by the Networked Digital Library of Theses and Dissertations.
    Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.
1

Sensitive Data Migration to the Cloud

Ema, Ismat January 2017 (has links)
No description available.
2

Anonymization of Sensitive Data through Cryptography

Holm, Isac, Dahl, Johan January 2023 (has links)
In today's interconnected digital landscape, the protection of sensitive information is of great importance. As a result, the field of cryptography plays a vital role in ensuring individuals' anonymity and data integrity. In this context, this thesis presents a comprehensive analysis of symmetric encryption algorithms, specifically focusing on the Advanced Encryption Standard (AES) and Camellia. By investigating the performance aspects of these algorithms, including encryption time, decryption time, and ciphertext size, the goal is to provide valuable insights for selecting suitable cryptographic solutions. The findings indicate that while there is a difference in performance between the algorithms, the disparity is not substantial in practical terms. Both AES and Camellia, as well as their larger key-size alternatives, demonstrated comparable performance, with AES128 showing marginally faster encryption time. The study's implementation also involves encrypting a data set with sensitive information on students. It encrypts the school classes with separate keys and assigns roles to users, enabling access control based on user roles. The implemented solution successfully addressed the problem of role-based access control and encryption of unique identifiers, as verified through the verification and validation method. The implications of this study extend to industries and society, where cryptography plays a vital role in protecting individuals' anonymity and data integrity. The results presented in this paper can serve as a valuable reference for selecting suitable cryptographic algorithms for various systems and applications, particularly for anonymization of usernames or short, unique identifiers. However, it is important to note that the experiment primarily focused on small data sets, and further investigations may yield different results for larger data sets.
3

Detecting access to sensitive data in software extensions through static analysis / Att upptäcka åtkomst till känslig information i mjukvarutillägg genom statisk analys

Hedlin, Johan, Kahlström, Joakim January 2019 (has links)
Static analysis is a technique to automatically audit code without having to execute or manually read through it. It is highly effective and can scan large amounts of code or text very quickly. This thesis uses static analysis to find potential threats within a software's extension modules. These extensions are developed by third parties and should not be allowed to access information belonging to other extensions. However, due to the structure of the software there is no easy way to restrict this and still keep the software's functionality intact. The use of a static analysis tool could detect such threats by analyzing the code of an extension before it is published online, and therefore keep all current functionality intact. As the software is based on a lesser known language and there is a specific threat by way of information disclosure, a new static analysis tool has to be developed. To achieve this, a combination of language specific functionality and features available in C++ are combined to create an extendable tool which has the capability to detect cross-extension data access.
4

Mecanismo em nuvem de monitoramento a dados sensíveis

Souza, Rafael Tomé de 26 May 2014 (has links)
Made available in DSpace on 2016-06-02T19:06:16Z (GMT). No. of bitstreams: 1 6267.pdf: 44806178 bytes, checksum: 21b3f47ab5e871c1735a3ef64b107233 (MD5) Previous issue date: 2014-05-26 / Financiadora de Estudos e Projetos / The privacy guarantee of a person s data is understood as the capacity of this person to manage, store, change, restrict or disclose for groups of individual of his choice. The data shared can be sensitive, revealing private content that deserves protection in sharing, for example financial personal information. In many computing services a lot of sensitive data does not have any mechanism that guarantees the owner s privacy. This work shows a mechanism that guarantees the privacy of the person who has the data accessed, the data owner, and the privacy of the person who accesses the data. It was developed a cloud monitoring mechanism for data whose access needs to be monitored with intrusion detection scenario available for the data owner. The propose feasibility was evaluated by response time test of a monitored page access, server overload and the server resource consumption through the prism of an application using the mechanism. Such mechanism has been a viable solution due to its minimal impact in computational resources and a solution that assists in sensitive data access monitoring. / A garantia de privacidade de um dado de uma pessoa é entendida como a capacidade desta pessoa gerenciar, armazenar, alterar, restringir ou divulgar para um grupo de indivíduos de sua escolha. O dado compartilhado pode ser sensível revelando algo de teor privado que merece uma proteção no seu compartilhamento, por exemplo a informação financeira pessoal. Nos diversos serviços de computação há muitos dados sensíveis sem qualquer mecanismo que garanta a privacidade de seus proprietários. Este trabalho apresenta um mecanismo que garante a privacidade da pessoa que tem os dados acessados, o proprietário do dado, e da pessoa que acessa o dado. Foi desenvolvido um mecanismo em nuvem de monitoramento a dados que precisam ter o acesso monitorado com cenários de detecção de intrusão disponível para o proprietário do dado. A viabilidade da proposta foi avaliada por testes de tempo de resposta do acesso à página monitorada, sobrecarga do servidor e consumo de recursos do servidor sob o prisma de uma aplicação usando o mecanismo. Tal mecanismo apresenta ser uma solução viável por ter um impacto mínimo nos recursos computacionais e uma solução que auxilia no monitoramento de acesso a dados sensíveis.
5

Préservation de la confidentialité des données externalisées dans le traitement des requêtes top-k / Privacy preserving top-k query processing over outsourced data

Mahboubi, Sakina 21 November 2018 (has links)
L’externalisation de données d’entreprise ou individuelles chez un fournisseur de cloud, par exemple avec l’approche Database-as-a-Service, est pratique et rentable. Mais elle introduit un problème majeur: comment préserver la confidentialité des données externalisées, tout en prenant en charge les requêtes expressives des utilisateurs. Une solution simple consiste à crypter les données avant leur externalisation. Ensuite, pour répondre à une requête, le client utilisateur peut récupérer les données cryptées du cloud, les décrypter et évaluer la requête sur des données en texte clair (non cryptées). Cette solution n’est pas pratique, car elle ne tire pas parti de la puissance de calcul fournie par le cloud pour évaluer les requêtes.Dans cette thèse, nous considérons un type important de requêtes, les requêtes top-k, et le problème du traitement des requêtes top-k sur des données cryptées dans le cloud, tout en préservant la vie privée. Une requête top-k permet à l’utilisateur de spécifier un nombre k de tuples les plus pertinents pour répondre à la requête. Le degré de pertinence des tuples par rapport à la requête est déterminé par une fonction de notation.Nous proposons d’abord un système complet, appelé BuckTop, qui est capable d’évaluer efficacement les requêtes top-k sur des données cryptées, sans avoir à les décrypter dans le cloud. BuckTop inclut un algorithme de traitement des requêtes top-k qui fonctionne sur les données cryptées, stockées dans un nœud du cloud, et retourne un ensemble qui contient les données cryptées correspondant aux résultats top-k. Il est aidé par un algorithme de filtrage efficace qui est exécuté dans le cloud sur les données chiffrées et supprime la plupart des faux positifs inclus dans l’ensemble renvoyé. Lorsque les données externalisées sont volumineuses, elles sont généralement partitionnées sur plusieurs nœuds dans un système distribué. Pour ce cas, nous proposons deux nouveaux systèmes, appelés SDB-TOPK et SD-TOPK, qui permettent d’évaluer les requêtes top-k sur des données distribuées cryptées sans avoir à les décrypter sur les nœuds où elles sont stockées. De plus, SDB-TOPK et SD-TOPK ont un puissant algorithme de filtrage qui filtre les faux positifs autant que possible dans les nœuds et renvoie un petit ensemble de données cryptées qui seront décryptées du côté utilisateur. Nous analysons la sécurité de notre système et proposons des stratégies efficaces pour la mettre en œuvre.Nous avons validé nos solutions par l’implémentation de BuckTop, SDB-TOPK et SD-TOPK, et les avons comparé à des approches de base par rapport à des données synthétiques et réelles. Les résultats montrent un excellent temps de réponse par rapport aux approches de base. Ils montrent également l’efficacité de notre algorithme de filtrage qui élimine presque tous les faux positifs. De plus, nos systèmes permettent d’obtenir une réduction significative des coûts de communication entre les nœuds du système distribué lors du calcul du résultat de la requête. / Outsourcing corporate or individual data at a cloud provider, e.g. using Database-as-a-Service, is practical and cost-effective. But it introduces a major problem: how to preserve the privacy of the outsourced data, while supporting powerful user queries. A simple solution is to encrypt the data before it is outsourced. Then, to answer a query, the user client can retrieve the encrypted data from the cloud, decrypt it, and evaluate the query over plaintext (non encrypted) data. This solution is not practical, as it does not take advantage of the computing power provided by the cloud for evaluating queries.In this thesis, we consider an important kind of queries, top-k queries,and address the problem of privacy-preserving top-k query processing over encrypted data in the cloud.A top-k query allows the user to specify a number k, and the system returns the k tuples which are most relevant to the query. The relevance degree of tuples to the query is determined by a scoring function.We first propose a complete system, called BuckTop, that is able to efficiently evaluate top-k queries over encrypted data, without having to decrypt it in the cloud. BuckTop includes a top-k query processing algorithm that works on the encrypted data, stored at one cloud node,and returns a set that is proved to contain the encrypted data corresponding to the top-k results. It also comes with an efficient filtering algorithm that is executed in the cloud on encypted data and removes most of the false positives included in the set returned.When the outsourced data is big, it is typically partitioned over multiple nodes in a distributed system. For this case, we propose two new systems, called SDB-TOPK and SD-TOPK, that can evaluate top-k queries over encrypted distributed data without having to decrypt at the nodes where they are stored. In addition, SDB-TOPK and SD-TOPK have a powerful filtering algorithm that filters the false positives as much as possible in the nodes, and returns a small set of encrypted data that will be decrypted in the user side. We analyze the security of our system, and propose efficient strategies to enforce it.We validated our solutions through implementation of BuckTop , SDB-TOPK and SD-TOPK, and compared them to baseline approaches over synthetic and real databases. The results show excellent response time compared to baseline approaches. They also show the efficiency of our filtering algorithm that eliminates almost all false positives. Furthermore, our systems yieldsignificant reduction in communication cost between the distributed system nodes when computing the query result.
6

Aplikace zákona č. 101/2000 Sb. o ochraně osobních údajů v praxi / Application of the law No.101/2000 Sb. about protection of name and description in practice

MAŘÍKOVÁ, Magdalena January 2008 (has links)
The issue of protecting personal and sensitive datum belongs to one of the topics promoted in media in present. In diploma work I am dealing with protection name and description in health service in connection with the law No.101/2000 Sb. about protection name and description and further law and ethical questions which also concerns medical documentation and obligatory reticence for medical staff. The aim of experimental parts was to find out the informedness, attitudes and views of sample of Czech population about the protection name and description in health service in connection with the law No.101/2000 Sb. Partial the aim was to discover whether there are differences in this problem among laic and vocational public and younger and older generation of our population. I used a quantitative method of research to process experimental parts. To collect useful dates I used a method of questionnaire. This research was done from January to May 2008 and 225 informants from a laic and a vocational public took part in this research. Three defined hypothesis were checked. I think this dissertation could lead to wider discussion about other aspects of protection name and description in health service and help to improved services to informed laic and vocational public not only about the law No. 101/2000 Sb. but also about protection name and description and other questions related to medical documentation as basic sources of personal and sensitive datum of patients.
7

La estrategia del dato en una situación de crisis. Análisis de las comparecencias del presidente Pedro Sánchez y la percepción de los usuarios de la red social Twitter durante la crisis de la COVID-19.

Pérez Gómez, Antonio 02 September 2024 (has links)
[ES] El liderazgo en tiempos de crisis requiere una comunicación coherente y de confianza, donde la transmisión de la verdad es fundamental. Las redes sociales han revolucionado la comunicación política al permitir a los actores políticos llegar a los ciudadanos de manera instantánea y multidireccional. Sin embargo, su uso plantea desafíos éticos y prácticos, especialmente en la gestión de crisis y con la difusión de fake news. Durante la pandemia de COVID-19, las ruedas de prensa han sido una herramienta clave para informar a la población sobre la situación y responder preguntas de los medios de comunicación y la ciudadanía en general. En este contexto, Twitter se convirtió en una plataforma importante de comunicación y a través del análisis de los comentarios en esta red social podemos obtener información valiosa sobre la percepción que tiene la ciudadanía de cómo se está gestionando la crisis. En este trabajo de investigación analizaremos el lenguaje utilizado por el presidente Pedro Sánchez en las ruedas de prensa que realizó para informar a la ciudadanía con el objetivo de comprobar si existía una estrategia previa de comunicación y, analizando los comentarios a sus publicaciones en Twitter, comprobaremos cómo fueron percibidos esos mensajes y hasta qué punto eso influyó en la propia estrategia de comunicación. / [CA] El lideratge en temps de crisi requereix una comunicació coherent i de confiança, on la transmissió de la veritat és fonamental. Les xarxes socials han revolucionat la comunicació política, ja que permeten que els actors polítics arriben a la ciutadania de manera instantània i multidireccional. Tot i això, el seu ús planteja reptes ètics i pràctics, especialment en la gestió de crisis i amb la difusió de fake news. Durant la pandèmia de COVID-19, les rodes de premsa van ser una eina clau per a informar la població sobre la situació i respondre preguntes dels mitjans de comunicació i la ciutadania en general. En aquest context, Twitter es va convertir en una plataforma important de comunicació i, analitzant els comentaris en aquesta xarxa social, podem obtindre informació valuosa sobre la percepció que tenia la ciutadania de com es va gestionar la crisi. En aquest treball de recerca analitzarem el llenguatge utilitzat pel president Pedro Sánchez en les rodes de premsa que va dur a terme per informar la ciutadania, amb l'objectiu de comprovar si hi havia una estratègia prèvia de comunicació, i, analitzant els comentaris a les seues publicacions en Twitter, comprovarem com es van percebre aquests missatges i fins a quin punt això va influir en la mateixa estratègia de comunicació. / [EN] Leadership in times of crisis requires coherent and reliable communication, where the transmission of truth is essential. Social media has revolutionized political communication by allowing political actors to reach citizens instantly and in a multidirectional way. However, its use raises ethical and practical challenges, especially in crisis management and with the spread of fake news. During the COVID-19 pandemic, press conferences have been a key tool for informing the public about the situation and answering questions from the media and the public at large. In this context, Twitter has become an important communication platform and, through the analysis of the comments on this social network, we can obtain valuable information about the public's perception of how the crisis is being managed. In this research work, we will analyze the language used by President Pedro Sánchez in the press conferences he held to inform the public, in order to check whether there was a prior communication strategy and, by analyzing the comments on his posts on Twitter, we will analyze how these messages were perceived and to what extent they influenced the communication strategy itself. / Pérez Gómez, A. (2024). La estrategia del dato en una situación de crisis. Análisis de las comparecencias del presidente Pedro Sánchez y la percepción de los usuarios de la red social Twitter durante la crisis de la COVID-19 [Tesis doctoral]. Universitat Politècnica de València. https://doi.org/10.4995/Thesis/10251/207551
8

Security in cloud computing / La sécurité dans le Cloud

Lounis, Ahmed 03 July 2014 (has links)
Le Cloud Computing, ou informatique en nuages, est un environnement de stockage et d’exécution flexible et dynamique qui offre à ses utilisateurs des ressources informatiques à la demande via internet. Le Cloud Computing se développe de manière exponentielle car il offre de nombreux avantages rendus possibles grâce aux évolutions majeures des Data Centers et de la virtualisation. Cependant, la sécurité est un frein majeur à l’adoption du Cloud car les données et les traitements seront externalisés hors de site de confiance de client. Cette thèse contribue à résoudre les défis et les issues de la sécurité des données dans le Cloud pour les applications critiques. En particulier, nous nous intéressons à l’utilisation de stockage pour les applications médicales telles que les dossiers de santé électroniques et les réseaux de capteurs pour la santé. D’abord, nous étudions les avantages et les défis de l’utilisation du Cloud pour les applications médicales. Ensuite, nous présentons l’état de l’art sur la sécurité dans le Cloud et les travaux existants dans ce domaine. Puis nous proposons une architecture sécurisée basée sur le Cloud pour la supervision des patients. Dans cette solution, nous avons développé un contrôle d’accès à granularité fine pour résoudre les défis de la sécurité des données dans le Cloud. Enfin, nous proposons une solution de gestion des accès en urgence. / Cloud computing has recently emerged as a new paradigm where resources of the computing infrastructures are provided as services over the Internet. However, this paradigm also brings many new challenges for data security and access control when business or organizations data is outsourced in the cloud, they are not within the same trusted domain as their traditional infrastructures. This thesis contributes to overcome the data security challenges and issues due to using the cloud for critical applications. Specially, we consider using cloud storage services for medical applications such as Electronic Health Record (EHR) systems and medical Wireless Sensor Networks. First, we discuss the benefits and challenges of using cloud services for healthcare applications. Then, we study security risks of the cloud, and give an overview on existing works. After that, we propose a secure and scalable cloud-based architecture for medical applications. In our solution, we develop a fine-grained access control in order to tackle the challenge of sensitive data security, complex and dynamic access policies. Finally, we propose a secure architecture for emergency management to meet the challenge of emergency access.
9

Cloud Computing and Sensitive Data : A Case of Beneficial Co-Existence or Mutual Exclusiveness?

Vaskovich, Daria January 2015 (has links)
I dag anses molntjänster vara ett omtalat ämne som har ändrat hur IT-tjänster levereras och som skapat nya affärsmodeller. Några av molntjänsternas mest frekvent nämnda fördelar är flexibilitet och skalbarhet. Molntjänster är i dagsläget extensivt använda av privatpersoner genom tjänster så som Google Drive och Dropbox. Å andra sidan kan en viss försiktighet gentemot molntjänster uppmärksammas hos de organisationer som innehar känslig data. Denna försiktighet kan anses leda till en långsammare tillämpningshastighet för dessa organisationer. Detta examensarbete har som syfte att undersöka sambandet mellan molntjänster och känslig data för att kunna erbjuda stöd och kunskapsbas för organisationer som överväger en övergång till molntjänster. Känslig data är definierat som information som omfattas av den svenska Personuppgiftslagen. Tidigare studier visar att organisationer värdesätter en hög säkerhetsgrad vid en övergång till molntjänster och ofta föredrar att leverantören kan erbjuda ett antal säkerhetsmekanismer. En molntjänsts lagliga överensstämmelse är en annan faktor som uppmärksammas. Datainsamlingen skedde genom en enkät, som var riktad till 101 av de svenska organisationerna i syfte att kartlägga användningen av molntjänster samt att identifiera möjliga bromsande faktorer. Dessutom genomfördes tre (3) intervjuer med experter och forskare inom IT-lag och/eller molnlösningar. En analys och diskussion, baserad på resultaten, har genomförts, vilket ledde till slutsatserna att en molnlösning av hybrid karaktär är bäst lämpad för den försiktiga organisationen, de olika villkoren i serviceavtalet bör grundligt diskuteras innan en överenskommelse mellan parter uppnås samt att i syfte att undvika att lösningen blir oförenlig med lagen bör främst en leverantör som är väl etablerad i Sverige väljas. Slutligen, bör varje organisation utvärdera om molntjänster kan tillgodose organisationens säkerhetsbehov, då det i stor mån berör ett risktagande. / Cloud computing is today a hot topic, which has changed how IT is delivered and created new business models to pursue. The main listed benefits of Cloud computing are, among others, flexibility and scalability. It is widely adopted by individuals in services, such as Google Drive and Dropbox. However, there exist a certain degree of precaution towards Cloud computing at organizations, which possess sensitive data, which may decelerate the adoption. Hence, this master thesis aims to investigate the topic of Cloud computing in a combination with sensitive data in order to support organizations in their decision making with a base of knowledge when a transition into the Cloud is considered. Sensitive data is defined as information protected by the Swedish Personal Data Act. Previous studies show that organizations value high degree of security when making a transition into Cloud computing, and request several measures to be implemented by the Cloud computing service provider. Legislative conformation of a Cloud computing service is another important aspect. The data gathering activities consisted of a survey, directed towards 101 Swedish organizations in order to map their usage of Cloud computing services and to identify aspects, which may decelerate the adoption. Moreover, interviews with three (3) experts within the fields of law and Cloud computing were conducted. The results were analyzed and discussed, which led to conclusions that hybrid Cloud is a well chosen alternative for a precautious organization, the SLA between the organizations should be thoroughly negotiated and that primarily providers well established on the Swedish market should be chosen in order to minimize the risk of legally non-consisting solution. Finally, each organization should decide whether the security provided by the Cloud computing provider is sufficient for organization’s purposes.
10

Preventing Health Data from Leaking in a Machine Learning System : Implementing code analysis with LLM and model privacy evaluation testing / Förhindra att Hälsodata Läcker ut i ett Maskininlärnings System : Implementering av kod analys med stor språk-modell och modell integritets testning

Janryd, Balder, Johansson, Tim January 2024 (has links)
Sensitive data leaking from a system can have tremendous negative consequences, such as discrimination, social stigma, and fraudulent economic consequences for those whose data has been leaked. Therefore, it’s of utmost importance that sensitive data is not leaked from a system. This thesis investigated different methods to prevent sensitive patient data from leaking in a machine learning system. Various methods have been investigated and evaluated based on previous research; the methods used in this thesis are a large language model (LLM) for code analysis and a membership inference attack on models to test their privacy level. The LLM code analysis results show that the Llama 3 (an LLM) model had an accuracy of 90% in identifying malicious code that attempts to steal sensitive patient data. The model analysis can evaluate and determine membership inference of sensitive patient data used for training in machine learning models, which is essential for determining data leakage a machine learning model can pose in machine learning systems. Further studies in increasing the deterministic and formatting of the LLM‘s responses must be investigated to ensure the robustness of the security system that utilizes LLMs before it can be deployed in a production environment. Further studies of the model analysis can apply a wider variety of evaluations, such as increased size of machine learning model types and increased range of attack testing types of machine learning models, which can be implemented into machine learning systems. / Känsliga data som läcker från ett system kan ha enorma negativa konsekvenser, såsom diskriminering, social stigmatisering och negativa ekonomiska konsekvenser för dem vars data har läckt ut. Därför är det av yttersta vikt att känsliga data inte läcker från ett system. Denna avhandling undersökte olika metoder för att förhindra att känsliga patientdata läcker ut ur ett maskininlärningssystem. Olika metoder har undersökts och utvärderats baserat på tidigare forskning; metoderna som användes i denna avhandling är en stor språkmodell (LLM) för kodanalys och en medlemskapsinfiltrationsattack på maskininlärnings (ML) modeller för att testa modellernas integritetsnivå. Kodanalysresultaten från LLM visar att modellen Llama 3 hade en noggrannhet på 90% i att identifiera skadlig kod som försöker stjäla känsliga patientdata. Modellanalysen kan utvärdera och bestämma medlemskap av känsliga patientdata som används för träning i maskininlärningsmodeller, vilket är avgörande för att bestämma den dataläckage som en maskininlärningsmodell kan exponera. Ytterligare studier för att öka determinismen och formateringen av LLM:s svar måste undersökas för att säkerställa robustheten i säkerhetssystemet som använder LLM:er innan det kan driftsättas i en produktionsmiljö. Vidare studier av modellanalysen kan tillämpa ytterligare bredd av utvärderingar, såsom ökad storlek på maskininlärningsmodelltyper och ökat utbud av attacktesttyper av maskininlärningsmodeller som kan implementeras i maskininlärningssystem.

Page generated in 0.0615 seconds