Applied Cryptographic Access Control for Untrusted Cloud Storage / Contrôle d'accès cryptographique appliqué pour le stockage cloud méfiant

Contiu, Stefan

13 November 2019

Les clouds publics permettent de stocker et de partager des données à faible coût et haute disponibilité. Néanmoins, les avantages, les fournisseurs de cloud sont contournés de manière récurrente par des utilisateurs malveillants exposant des contenus utilisateurs sensibles. Face au manque de garanties de sécurité, les utilisateurs peuvent imposer une sécurité de bout-en-bout en chiffrant les données avant de les stocker à distance.Les mécanismes de contrôle d’accès filtrent les utilisateurs autorisés à produire ou à utiliser les données distantes. Au fur et à mesure que les données sont chiffrées, le contrôle d’accès est effectué de manière cryptographique, indépendamment du stockage en nuage. La gestion des clés cryptographiques régule l’accès des utilisateurs, tandis que des techniques de rechiffrement sont utilisées pour les mises à jour de clés. Une gestion des clés permet souvent d’arbitrer entre le temps de calcul et l’empreinte de stockage, tandis que les techniques de rechiffrement arbitrent entre les garanties de sécurité et la rapidité. Dans le cas de très volumineuses et dynamiques charges de travail spécifiques sur le cloud, un contrôle d’accès cryptographique même performant est généralement inefficace.Cette thèse propose une intégration minimale des environnements d’exécution de confiance (TEE) pour obtenir un contrôle d’accès efficace. En utilisant TEE, nous modifions les hypothèses des schémas de distribution de clés traditionnels, en dérivant deux schémas, un confidentiel et un anonyme, permettant à la fois d’obtenir une latence informatique supportable en même temps qu’une faible empreinte de stockage. La réactivité pour les utilisateurs finaux peut être encore optimisée par le recours à des techniques de partitionnement et d’indexation. De plus, nous proposons une méthode légère de rechiffrement des données en ne traitant que des parties des données dans TEE directement chez le fournisseur. Nous réalisons une mise en œuvre et une évaluation complètes en utilisant Intel Software Guard Extensions (SGX) comme TEE. Les résultats de l’analyse comparative montrent que nos systèmes de gestion de clés et de rechiffrement accroissent l’état de la technique de plusieurs ordres de grandeur. / Public clouds enable storing and sharing data with efficient cost and high availability. Nevertheless the benefits, cloud providers are recurrently breached by malicious users exposing sensitive user content. To mitigate the lack of security guarantees, users can impose end-to-end security by encrypting the data before remotely storing it.Access control mechanisms specify the users who are allowed to produce or consume the re-mote data. As data is encrypted, access control is performed cryptogrpahically, concealed from the cloud storage. Cryptographic key management is used for regulating user access while re-encryption techniques are used for key updates. State-of-the-art key management often trades computational time for storage footprint, while re-encryption techniques exchange great security guarantees for speed. In the context of very large and highly dynamic cloud specific workloads,state-of-the-art cryptographic access control is generally inefficient.This thesis proposes a minimal integration of Trusted Execution Environments (TEE) to achieve efficient access control. Leveraging TEE, we perform a change in assumptions of traditional key distribution schemes, deriving a confidential and an anonymous scheme, both achieving efficient computational latency and low storage footprint. End-users servicing time is further optimized by partitioning and indexing techniques. In addition, we propose a lightweight data re-encryption method by processing only portions of the data in TEE directly at the provider side. We carry out a comprehensive implementation and evaluation using Intel Software Guard Extensions (SGX) as TEE. Benchmarking results highlight that our key management and re-encryption schemes can be few orders of magnitude better than state-of-the-art.

Sécurité

Intimité

Cloud

Espace de stockage

Contrôle d'accès

Confidentialité

Anonymat

Security

Privacy

Cloud

Storage

Access control

Confidentiality

Anonymity

THIRD-PARTY FUNDING IN INVESTOR-STATE ARBITRATION

FORGHE, VICTOR NNAMDI

January 2022

Third-Party funding refers to a financing arrangement in which a non-party entityprovides financial resources to a disputing party in return for some benefits whichis usually dependent on the outcome of the dispute before the court or tribunal.These benefits could be for pecuniary profits or for the achievement of somepolicy objectives.Whilst this funding model has been commended for promoting access to justice, ithas also been criticized for the possibility of it leading to the filing ofunmeritorious claims, its inherent conflict with the common law tort of champertyand maintenance, the disclosure of privileged information and its impact on theimplied or express duty of confidentiality owed by the parties in arbitration.This research seeks to examine the effect of the disclosure of privilegedinformation by the party seeking funding to the potential funder before or duringArbitration with a view to determining whether the said disclosure constitutes awaiver of litigation privileges or can the third-party funder be deemed to share acommon interest with the funded party? This research will be viewed from thelens of the domestic law operational in England and Wales and Nigeria in acomparative analytical fashion with a view to determining what lessons could belearnt by the developing jurisdiction.This study also makes a brief review of extant legal regime on Third-Partyfunding in both jurisdictions on the adequacy of the provisions on disclosure witha view to providing some safeguards towards promoting the third-party fundingpractice, balance competing interests amongst the parties, promote investorconfidence as well as enhance the growth of foreign direct investment in spite ofthe various existing criticisms against the third-party litigation financing model.

Third-Party Funding

Disclosure

Litigation Privilege

Confidentiality

Regulation

ISDS

Investment Treaty Arbitration.

Law (excluding Law and Society)

Electronic Multi-agency Collaboration. A Model for Sharing Children¿s Personal Information Among Organisations.

Louws, Margie

January 2010

The sharing of personal information among health and social service organisations is a complex issue and problematic process in present-day England. Organisations which provide services to children face enormous challenges on many fronts. Internal ways of working, evolving best practice, data protection applications, government mandates and new government agencies, rapid changes in technology, and increasing costs are but a few of the challenges with which organisations must contend in order to provide services to children while keeping in step with change. This thesis is an exploration into the process of sharing personal information in the context of public sector reforms. Because there is an increasing emphasis of multi-agency collaboration, this thesis examines the information sharing processes both within and among organisations, particularly those providing services to children. From the broad principles which comprise a socio-technical approach of information sharing, distinct critical factors for successful information sharing and best practices are identified. These critical success factors are then used to evaluate the emerging national database, ContactPoint, highlighting particular areas of concern. In addition, data protection and related issues in the information sharing process are addressed. It is argued that one of the main factors which would support effective information sharing is to add a timeline to the life of a dataset containing personal information, after which the shared information would dissolve. Therefore, this thesis introduces Dynamic Multi-Agency Collaboration (DMAC), a theoretical model of effective information sharing using a limited-life dataset. The limited life of the DMAC dataset gives more control to information providers, encouraging effective information sharing within the parameters of the Data Protection Act 1998.

Confidentiality

Information sharing

Multi-agency working

Social services

Vulnerable children

Personal information

Limited-life datasets

Data protection

The Relative Contribution of Health-Care Points of Service to Overall Patient Satisfaction at a University Health Center

Parikh, Jay M

01 January 2023

Throughout the process of receiving healthcare, a patient is affected by several factors and processes. To just name a few, how long a patient must wait at the clinic, how friendly the front desk is, how the nurse treats the patient, how effective the physician is with his or her communication, what the cost of a patient's healthcare is, and how clean the clinic is all affect the patient's experience. When clinics excel in these factors, it promotes a favorable relationship between the patient and the clinic. Patients trust the healthcare provider and desire to continue attending that clinic when they need to. Unfortunately, not every clinic can succeed in all these factors. The purpose of this study was to investigate the relative importance of these factors in a patient satisfaction survey at a university health center.

Physician Communication

Patient Wait Time

Patient Cost

Front Desk Friendliness

Clinic Cleanliness

Patient Confidentiality

Health and Medical Administration

Quality Improvement

Energy-efficient privacy homomorphic encryption scheme for multi-sensor data in WSNs

Verma, Suraj, Pillai, Prashant, Hu, Yim Fun

04 May 2015

Yes / The recent advancements in wireless sensor hardware ensures sensing multiple sensor data such as temperature, pressure, humidity, etc. using a single hardware unit, thus defining it as multi-sensor data communication in wireless sensor networks (WSNs). The in-processing technique of data aggregation is crucial in energy-efficient WSNs; however, with the requirement of end-to-end data confidentiality it may prove to be a challenge. End-to-end data confidentiality along with data aggregation is possible with the implementation of a special type of encryption scheme called privacy homomorphic (PH) encryption schemes. This paper proposes an optimized PH encryption scheme for WSN integrated networks handling multi-sensor data. The proposed scheme ensures light-weight payloads, significant energy and bandwidth consumption along with lower latencies. The performance analysis of the proposed scheme is presented in this paper with respect to the existing scheme. The working principle of the multi-sensor data framework is also presented in this paper along with the appropriate packet structures and process. It can be concluded that the scheme proves to decrease the payload size by 56.86% and spend an average energy of 8-18 mJ at the aggregator node for sensor nodes varying from 10-50 thereby ensuring scalability of the WSN unlike the existing scheme.

Wireless sensor networks

Homomorphic encryption scheme

Data aggregation

Energy-efficient WSNs

End-to-end data confidentiality

Contiki-OS

Le secret des affaires / Confidentiality in business law

Garinot, Jean-Marie

17 November 2011

En dépit de son importance pratique, le secret des affaires n’est guère pris en compte par le droit français. Bien que mentionné par quelques textes épars, il ne peut être qualifié de notion juridique. Face aux lacunes de notre législation, les tribunaux sont contraints d’appliquer le droit commun pour protéger les informations économiques sensibles : or, l’article 1382 du Code civil, comme les textes réprimant le vol et le recel, ne sont pas adaptés. Pourtant, comme en témoignent certains systèmes juridiques étrangers, la protection du secret est nécessaire ; il convient donc d’en rechercher les fondements. Bien que justifiée, la sauvegarde des renseignements confidentiels doit toutefois être conciliée avec les autres intérêts en présence, tels que les droits particuliers à l’information, les principes directeurs du procès, la transparence financière ou encore la liberté du travail. Le but de cette étude est donc de cerner la notion de secret des affaires, puis de proposer des modalités de protection, en respectant les intérêts des tiers. / Despite its practical relevance, business secrecy remains barely recognized under French law. Even if various texts refer to that concept, it cannot be considered as a legal concept under French law. In order to face the defects of our law, courts are bound to apply ordinary law to guarantee the protection of sensitive business information. However, applying article 1382 of the French civil code (torts) as well as referring to the concepts of robbery or handling (criminal law) are inappropriate solutions. Nevertheless, some foreign legal systems have demonstrated that protecting business secrecy was necessary. Therefore, our study will seek the grounds of that need for protection. Protecting confidential data, although justified, must be compatible with other key principles: individual rights to information, civil trial practice standards, financial transparency or freedom of work. Thus, the purpose of that study is to delimitate the concept of business secrecy before suggesting new measures to protect it while preserving third parties beneficiaries.

Secret des affaires

Confidentialité économique

Clause de confidentialité

Prinicipe du contradictoire

Bien

Propriété intellectuelle

Arbitrage

Techniques contractuelles

Transparence financière

Concurrence déloyale

Droit comparé

Publicité des débats

Business secrecy

Commercial secrecy

Trade secrets

Confidentiality of business data

Confidentiality clause

Confidentiality agreement

Principle of adversarial proceedings

Good

Intellectual property

Arbitration

International arbitration

Contractual issues

Financial transparency

Unfair competition

Comparative law

Public hearings

346

The use of HIV testing in the workplace as the basis for possible unfair discrimination / Lerato Hycenth Thejane

Thejane, Lerato Hycenth

January 2015

Human immunodeficiency virus and acquired immune deficiency syndrome (hereafter HIV/AIDS) in South Africa are epidemic virus and disease respectively, item 1.1 of the EEA Code of Good Practice on Key Aspects of HIV/AIDS and Employment, 2000 states that HIV/AIDS are serious public health problems, which have socio-economic, employment and human rights implications on the society, employees inclusive. The Constitution of the Republic of South Africa, 1996, Employment Equity Act 55 of 1998, Labour Relations Act 66 of 1995 and Promotion of Equality and Prevention of Unfair discrimination 4 of 2000, international and regional instruments and standards provide protection to HIV positive employees in the workplace. Notwithstanding this plethora of legislation, employees are still faced with the problems of being stigmatised, unfairly discriminated against and ultimately dismissed from work for being HIV positive. Employees are subjected to HIV testing and the information about their HIV statuses is still being disclosed without their informed consent and their right to privacy and confidentiality may be violated. These possible violations of employees’ rights may affect the economy of the country. When employees are dismissed, the amount of production and profits for the employers decrease and as a result the government loses tax revenue, the unemployment and poverty rates increase. Hence it is imperative to investigate the problems of stigmatisation, unfair discrimination and dismissals in order to see to what extent are employees’ rights protected. There will be a comparative study in Canada which is experiencing the same problems as South Africa in order to find out how Canada can provide solution to South African problems. / LLM (Labour Law), North-West University, Potchefstroom Campus, 2015

South Africa

HIV/AIDS

Canada

Stigmatisation

Unfair discrimination

Dismissals

HIV positive employees

HIV testing

Privacy

Confidentiality

Economy of South Africa

The use of HIV testing in the workplace as the basis for possible unfair discrimination / Lerato Hycenth Thejane

Thejane, Lerato Hycenth

January 2015

Human immunodeficiency virus and acquired immune deficiency syndrome (hereafter HIV/AIDS) in South Africa are epidemic virus and disease respectively, item 1.1 of the EEA Code of Good Practice on Key Aspects of HIV/AIDS and Employment, 2000 states that HIV/AIDS are serious public health problems, which have socio-economic, employment and human rights implications on the society, employees inclusive. The Constitution of the Republic of South Africa, 1996, Employment Equity Act 55 of 1998, Labour Relations Act 66 of 1995 and Promotion of Equality and Prevention of Unfair discrimination 4 of 2000, international and regional instruments and standards provide protection to HIV positive employees in the workplace. Notwithstanding this plethora of legislation, employees are still faced with the problems of being stigmatised, unfairly discriminated against and ultimately dismissed from work for being HIV positive. Employees are subjected to HIV testing and the information about their HIV statuses is still being disclosed without their informed consent and their right to privacy and confidentiality may be violated. These possible violations of employees’ rights may affect the economy of the country. When employees are dismissed, the amount of production and profits for the employers decrease and as a result the government loses tax revenue, the unemployment and poverty rates increase. Hence it is imperative to investigate the problems of stigmatisation, unfair discrimination and dismissals in order to see to what extent are employees’ rights protected. There will be a comparative study in Canada which is experiencing the same problems as South Africa in order to find out how Canada can provide solution to South African problems. / LLM (Labour Law), North-West University, Potchefstroom Campus, 2015

South Africa

HIV/AIDS

Canada

Stigmatisation

Unfair discrimination

Dismissals

HIV positive employees

HIV testing

Privacy

Confidentiality

Economy of South Africa

Informationsklassificering : ett styrdokument för klassificering av informationssystem

Larsson, Nicklas, Hallén, Kim

January 2010

<p>Hantering av information blir allt viktigare i dagens informationssamhälle då information är en av de värdefullaste tillgångarna för verksamheter. Syftet med uppsatsen har varit att skapa ett styrdokument för IT-administratörer som hjälper dem vid klassificering av informationssystem. Styrdokumentet har som uppgift att kontrollera att informationssystem lever upp till verksamheternas krav som finns på konfidentialitet, integritet, tillgänglighet och spårbarhet. Styrdokumentets vetenskapliga värde har verifierats genom att utvalda IT-administratörer undersökt och utvärderat styrdokumentet. Resultatet visar att styrdokumentet kan användas som ett hjälpmedel. Det är lättförståeligt, lämpar sig för mindre tekniska personer och kan även i vissa fall effektivisera klassificeringsprocessen. Slutsatsen är att behovet av denna typ av styrdokument för klassificering av informationssystem behövs inom verksamheter.</p> / <p>Information management is increasingly important in today’s information society as information is one of the most valuable assets for businesses. The purpose of this paper was to create a steering document for IT administrators and to help them when classifying information systems. The steering document is responsible for verifying that information systems meet businesses requirements of confidentiality, integrity, availability, and traceability. The scientific value of the steering document has been verified by selected IT administrators, who have investigated and evaluated it. The results show that the steering document may be used as a guideline for information system classification. It is easily understandable, suitable for less technical people, and may in some cases make the classification process even more efficient. The conclusion is that this type of steering document for information system classification is needed within businesses.</p>

Availability

CIA-triad

confidentiality

information

information classification

information management

information security

integrity

CIA-triangeln

information

informationshantering

informationsklassificering

informationssäkerhet

integritet

konfidentialitet

tillgänglighet

Computer science

Datavetenskap

Whistleblower protection programs compromise the reported taxpayer's privacy

Andonie, Luisa

25 April 2017

The United States Whistleblower Program’s inadequate protections have placed the privacy and confidentiality rights of United States taxpayers in a vulnerable state. By using the United States Whistleblower Program as an example, this paper seeks to illustrate the risk of eroding the confidentiality and privacy rights of the taxpayer, which is a risk that other national and international governments should likewise attempt to mitigate in their own whistleblower protection programs.

Vereinigte Staaten von Amerika

Steuerzahler

Persönlichkeitsrecht

Vertraulichkeit

Compliance

United States of America

taxpayer

privacy right

confidentiality right

compliance

privilege issues

ddc:343