Trusted data path protecting shared data in virtualized distributed systems

Kong, Jiantao

20 January 2010

When sharing data across multiple sites, service applications should not be trusted automatically. Services that are suspected of faulty, erroneous, or malicious behaviors, or that run on systems that may be compromised, should not be able to gain access to protected data or entrusted with the same data access rights as others. This thesis proposes a context flow model that controls the information flow in a distributed system. Each service application along with its surrounding context in a distributed system is treated as a controllable principal. This thesis defines a trust-based access control model that controls the information exchange between these principals. An online monitoring framework is used to evaluate the trustworthiness of the service applications and the underlining systems. An external communication interception runtime framework enforces trust-based access control transparently for the entire system.

Trusted data path

Context flow control

Trust-based access control

Attribute based access control

Security and privacy

Data protection

Access control

Essays on consumer decision-making in interactive and information rich environments

Wen, Na

28 June 2010

This dissertation consists of two central parts. Part one of the dissertation examines the impact of interactive restructuring on decision processes and outcomes. Five experimental studies show that consumers examine less information and engage in more compensatory decision processes when interactive restructuring tools are available. Consumers also increase their use of restructuring tools in cognitively challenging choice environments. The availability of a sorting tool improves objective and subjective decision quality when attributes are positively correlated, or when the number of alternatives in a choice set is large, but not when attributes are negatively correlated or choice sets are small. Greater use of interactive restructuring tools has deleterious effects on decision quality when attributes are negatively correlated. Under time pressure the availability of an interactive restructuring tool improves decision quality, even when attributes are negatively correlated, since time pressure limits tool overuse. Finally, the effects of multiple interactive restructuring tools on decision making vary by the types of tools that marketers make available to consumers. Part two of the dissertation explores the effects of visual design on consumer preferences and choice. Experiment 1 demonstrates preference reversals when visual separators are between product alternatives versus between product attributes. Experiment 2 shows that when product attributes are negatively correlated, visually separating alternatives improves decision quality but visually separating attributes hurts decision quality. Visual separators do not affect decision quality when attributes are positively correlated. Experiment 3 extends experiment 2 to show that visual separators enhance decision-making efficiency and can limit the extent to which consumers adapt to contextual changes in choice environments. Finally, experiment 4 shows that, under time pressure, both visual separators between attributes as well as visual separators between alternatives improve decision quality when attributes are negatively correlated.

By-attribute

Consumer decision-making

Interactive restructuring

Tools

Visual separators

Preference reversals

By-alternative

Decision making

Consumers

Auditory distractions in open office settings: a multi attribute utility approach to workspace decision making

Juneja, Parminder K.

22 April 2010

In open office settings, auditory distractions coming from surrounding work environment are shown to be a considerable source of indirect costs to an organization, such as performance costs, behavioral costs, and healthcare costs, to name a few. These costs are substantial to affect the net productivity of an organization, where productivity is equal to revenue minus the costs. This research argues that the costs of auditory distractions should be estimated when evaluating the value of a workspace for an organization. However, since organizational decisions are generally guided by cost-benefit analysis and a precise dollar figure cannot be attached to the stated indirect costs because these are subjective in nature; therefore, these are generally ignored. Costs that are critical to sustainability and development of a business and the fact that cost-benefit approach is no longer appropriate for these decisions, a more robust decision-based approach to workspace selection is proposed. Decision-based approach is seen as an organized approach to select between workspace options under uncertainty and risk wherein the selected workspace is maximized in terms of some expected utility. Here utility is defined as the measurement of strength or intensity of a person's preferences. Decision-based approach include consideration of a multitude of environmental decision variables, objective or subjective, in a single equation and processing of the same in a limited amount of time with rationality and consistency. A multi-attribute workspace choice utility decision model is developed with the intent to facilitate systematic understanding and analysis of workspace alternatives for an organization. This research shows how the decision-making approach to workspace selection simplifies the problem by providing a structure that is easily comprehensible, and allows simultaneous processing of both, qualitative and quantitative conflicting objectives, through a single decision-making model. In doing so, this research firmly establishes the importance of workspace's adaptability to auditory distractions for office workers, particularly knowledge workers, who are constantly undertaking a range of complex tasks. The study holistically and systematically addresses the fundamental issue prevalent in state-of-the-art North American open plan office settings of substantiality of two extremely contrasting requirements, concentration and collaboration, in the same workspace and work environment at a given time.

Multi attribute utility modeling

Auditory distractions

Knowledge-based organizations

Open office settings

Work environment

Delphi method

Decision making

Attribute-based encryption : robust and efficient constructions

Rouselakis, Ioannis

26 September 2013

Attribute-based encryption is a promising cryptographic primitive that allows users to encrypt data according to specific policies on the credentials of the recipients. For example, a user might want to store data in a public server such that only subscribers with credentials of specific forms are allowed to access them. Encrypting the data once for each party is not only impractical but also raises important privacy issues. Therefore, it would be beneficial to be able to encrypt only once for all desired parties. This is achievable by attribute-based encryption schemes, which come into several types and are applicable to a wide range of settings. Several attribute-based encryption schemes have been proposed and studied with a wide range of characteristics. For example, initial constructions proved to be significantly more challenging than constructing traditional public-key encryption systems and they imposed restrictions on the expressiveness of the Boolean formulas used during encryption. For several proposed schemes the total number of attributes was fixed during setup, while others allowed any string to be used as attribute ("large universe" constructions), but with considerable weaker security guarantees. Furthermore, these first constructions, although polynomial time, were impractical for wide deployment. This thesis is motivated by two main goals for ABE schemes: robustness and efficiency. For robustness, we propose a novel construction that achieves strong security guarantees and at the same time augments the capabilities of previous schemes. More specifically, we adapt existing techniques to achieve leakage-resilient ABE schemes with augmented robustness features making no compromises on security. For the second direction, our goal is to create practical schemes with as many features as possible, such as "large universe" and multi-authority settings. We showcase these claims with working implementations, benchmarks, and comparisons to previous constructions. Finally, these constructions lead us to new directions that we propose and intend to investigate further. / text

Cryptography

Public-key encryption

Attribute-based encryption

Large universe

Leakage-resilience

Multi-authority

Ciphertext-policy

Key-policy

Analyzing the Economic Benefit of Woodland Caribou Conservation in Alberta

Harper, Dana L

Unknown Date

No description available.

Species at Risk

Woodland Caribou

Stated Preference

Contingent Valuation

Attribute Based Choice

Conditional Logit

Random Parameters Logit

Cost Benefit Analysis

Förbered för invasion från Öst? : En kvalitativ studie om huruvida Sverige kan och bör satsa mer på att attrahera fler kinesiska turister

Widén, Mia-Linn, Johansson, Cecilia

January 2013

Kina är idag en av världens ledande ekonomier och placerar sig på andra plats gällande landets BNP. Under de senaste åren har tillväxten av Kinas turistnäring ökat i en snabb takt. En av de bidragande faktorerna bakom detta är att regler och gränser har luckrats upp och ger kineserna möjlighet att besöka allt fler destinationer världen över. Från år 2000 till 2012 har Kinas utrikesturism ökat från 10 miljoner resor till 83 miljoner. Med sin stadiga årliga befolkningstillväxt beräknar UNWTO, United Nations World Tourism Organization, att 100 miljoner kineser kommer att resa redan innan år 2015. Frågan är om, och hur Sverige ska satsa på att attrahera det ökade antalet resande kineser. / China is currently one of the world's leading economies and is ranked in second place in terms of GDP. In recent years, the growth of China's outbound tourism has increased rapidly. Contributing factors behind the increase are the new rules and regulations regarding outbound tourism, which gives the Chinese people the opportunity to visit more destinations worldwide. From the year of 2000 to 2012, China's outbound tourism has increased from 10 million travels to 83 million. With China’s steady annual population growth UNWTO, the United Nations World Tourism Organization, estimates that 100 million Chinese will be traveling before the year of 2015. The question is whether, and how, Sweden should attract the growing numbers of Chinese travelers

China

tourism

incoming tourism

Sweden

travel pattern

attribute

marketing

Kina

turism

inkommande turism

Sverige

resmönster

attribut

marknadsföring

Abstract interpretation of domain-specific embedded languages

Backhouse, Kevin Stuart

January 2002

A domain-specific embedded language (DSEL) is a domain-specific programming language with no concrete syntax of its own. Defined as a set of combinators encapsulated in a module, it borrows the syntax and tools (such as type-checkers and compilers) of its host language; hence it is economical to design, introduce, and maintain. Unfortunately, this economy is counterbalanced by a lack of room for growth. DSELs cannot match sophisticated domain-specific languages that offer tools for domainspecific error-checking and optimisation. These tools are usually based on syntactic analyses, so they do not work on DSELs. Abstract interpretation is a technique ideally suited to the analysis of DSELs, due to its semantic, rather than syntactic, approach. It is based upon the observation that analysing a program is equivalent to evaluating it over an abstract semantic domain. The mathematical properties of the abstract domain are such that evaluation reduces to solving a mutually recursive set of equations. This dissertation shows how abstract interpretation can be applied to a DSEL by replacing it with an abstract implementation of the same interface; evaluating a program with the abstract implementation yields an analysis result, rather than an executable. The abstract interpretation of DSELs provides a foundation upon which to build sophisticated error-checking and optimisation tools. This is illustrated with three examples: an alphabet analyser for CSP, an ambiguity test for parser combinators, and a definedness test for attribute grammars. Of these, the ambiguity test for parser combinators is probably the most important example, due to the prominence of parser combinators and their rather conspicuous lack of support for the well-known LL(k) test. In this dissertation, DSELs and their signatures are encoded using the polymorphic lambda calculus. This allows the correctness of the abstract interpretation of DSELs to be proved using the parametricity theorem: safety is derived for free from the polymorphic type of a program. Crucially, parametricity also solves a problem commonly encountered by other analysis methods: it ensures the correctness of the approach in the presence of higher-order functions.

005.13

System Complexity Reduction via Feature Selection

January 2011

abstract: This dissertation transforms a set of system complexity reduction problems to feature selection problems. Three systems are considered: classification based on association rules, network structure learning, and time series classification. Furthermore, two variable importance measures are proposed to reduce the feature selection bias in tree models. Associative classifiers can achieve high accuracy, but the combination of many rules is difficult to interpret. Rule condition subset selection (RCSS) methods for associative classification are considered. RCSS aims to prune the rule conditions into a subset via feature selection. The subset then can be summarized into rule-based classifiers. Experiments show that classifiers after RCSS can substantially improve the classification interpretability without loss of accuracy. An ensemble feature selection method is proposed to learn Markov blankets for either discrete or continuous networks (without linear, Gaussian assumptions). The method is compared to a Bayesian local structure learning algorithm and to alternative feature selection methods in the causal structure learning problem. Feature selection is also used to enhance the interpretability of time series classification. Existing time series classification algorithms (such as nearest-neighbor with dynamic time warping measures) are accurate but difficult to interpret. This research leverages the time-ordering of the data to extract features, and generates an effective and efficient classifier referred to as a time series forest (TSF). The computational complexity of TSF is only linear in the length of time series, and interpretable features can be extracted. These features can be further reduced, and summarized for even better interpretability. Lastly, two variable importance measures are proposed to reduce the feature selection bias in tree-based ensemble models. It is well known that bias can occur when predictor attributes have different numbers of values. Two methods are proposed to solve the bias problem. One uses an out-of-bag sampling method called OOBForest, and the other, based on the new concept of a partial permutation test, is called a pForest. Experimental results show the existing methods are not always reliable for multi-valued predictors, while the proposed methods have advantages. / Dissertation/Thesis / Ph.D. Industrial Engineering 2011

Industrial Engineering

Artificial Intelligence

Information Technology

associative classification

attribute importance

feature selection

random forest

time series classification

A framework to manage uncertainties in cloud manufacturing environment

Yadekar, Yaser

January 2016

This research project aims to develop a framework to manage uncertainty in cloud manufacturing for small and medium enterprises (SMEs). The framework includes a cloud manufacturing taxonomy; guidance to deal with uncertainty in cloud manufacturing, by providing a process to identify uncertainties; a detailed step-by-step approach to managing the uncertainties; a list of uncertainties; and response strategies to security and privacy uncertainties in cloud manufacturing. Additionally, an online assessment tool has been developed to implement the uncertainty management framework into a real life context. To fulfil the aim and objectives of the research, a comprehensive literature review was performed in order to understand the research aspects. Next, an uncertainty management technique was applied to identify, assess, and control uncertainties in cloud manufacturing. Two well-known approaches were used in the evaluation of the uncertainties in this research: Simple Multi-Attribute Rating Technique (SMART) to prioritise uncertainties; and a fuzzy rule-based system to quantify security and privacy uncertainties. Finally, the framework was embedded into an online assessment tool and validated through expert opinion and case studies. Results from this research are useful for both academia and industry in understanding aspects of cloud manufacturing. The main contribution is a framework that offers new insights for decisions makers on how to deal with uncertainty at adoption and implementation stages of cloud manufacturing. The research also introduced a novel cloud manufacturing taxonomy, a list of uncertainty factors, an assessment process to prioritise uncertainties and quantify security and privacy related uncertainties, and a knowledge base for providing recommendations and solutions.

670.42

Uma abordagem escalável para controle de acesso muitos para muitos em redes centradas de informação

Silva, Rafael Hansen da

January 2016

Um dos principais desafios em Redes Centradas em Informação (ICN) é como prover controle de acesso à publicação e recuperação de conteúdos. Apesar das potencialidades, as soluções existentes, geralmente, consideram um único usuário agindo como publicador. Ao lidar com múltiplos publicadores, elas podem levar a uma explosão combinatória de chaves criptográficas. As soluções projetadas visando a múltiplos publicadores, por sua vez, dependem de arquiteturas de redes específicas e/ou de mudanças nessas para operar. Nesta dissertação é proposta uma solução, apoiada em criptografia baseada em atributos, para controle de acesso a conteúdos. Nessa solução, o modelo de segurança é voltado a grupos de compartilhamento seguro, nos quais todos os usuários membros podem publicar e consumir conteúdos. Diferente de trabalhos anteriores, a solução proposta mantém o número de chaves proporcional ao de membros nos grupos e pode ser empregada em qualquer arquitetura ICN de forma gradual. A proposta é avaliada quanto ao custo de operação, à quantidade de chaves necessárias e à eficiência na disseminação de conteúdos. Em comparação às soluções existentes, ela oferece maior flexibilidade no controle de acesso, sem aumentar a complexidade do gerenciamento de chaves e sem causar sobrecustos significativos à rede. / One of the main challenges in Information-Centric Networking (ICN) is providing access control to content publication and retrieval. In spite of the potentialities, existing solutions often consider a single user acting as publisher. When dealing with multiple publishers, they may lead to a combinatorial explosion of cryptographic keys. Those solutions that focus on multiple publishers, on the other hand, rely on specific network architectures and/or changes to operate. In this dissertation, it is proposed a solution, supported by attribute-based encryption, for content access control. In this solution, the security model is focused on secure content distribution groups, in which any member user can publish to and retrieve from. Unlike previous work, the proposed solution keeps the number of cryptographic keys proportional to the number of group members, and may even be adopted gradually in any ICN architecture. The proposed solution is evaluated with respect to the overhead it imposes, number of required keys, and efficiency in the content dissemination. In contrast to existing solutions, it offers higher access control flexibility, without increasing key management process complexity and without causing significant network overhead.

Redes : Computadores

Gerencia : Redes : Computadores

Information-centric networking

Access control

Many-to-many publication and retrival

Attribute-based encryption