Mobile agent security

Alfalayleh, Mousa

January 2009

Research Doctorate - Doctor of Philosophy (PhD) / Mobile agents are programs that travel autonomously through a computer network in order to perform some computation or gather information on behalf of a human user or an application. In the last several years numerous applications of mobile agents have emerged, including e-commerce. However, mobile agent paradigm introduces a number of security threats both to the agents themselves and to the servers that they visit. This thesis gives an overview of the main security issues related to the mobile agent paradigm. The first part of the thesis focuses on security of mobile agent itself. In this part, we propose a new coupling technique based on trust as a social control to work together with existing traditional security mechanisms. It relies on the “reputation” of the hosts in the itinerary and ensures that the agent succeeds in accomplishing its task with a high probability. Due to the fact that the coupling technique requires an agent’s itinerary to be known in advance, we introduce two new concepts: a “Scout mobile agent”, whose primary purpose is to determine the itinerary required for accomplishing a given task, and a “Routed mobile agent”, which operates with an itinerary known in advance. This enables the Routed agent to incorporate various security mechanisms, including our new coupling technique. Our Routed agent technique is also applicable independently of the Scout agent, whenever the itinerary and the trust values of the platforms in the itinerary are known. We also proposed a Petrol Station as an entity that would provide a service to other entities, in the form of certifying mobile agents and equipping them with safe itinerary based on trust score and applying the Routed agent. In the second part of the thesis, we shed some light on the security of mobile agent platforms as it is considered more critical than the security of agents. In particular, we consider a scenario where a platform hosts a database containing confidential individual information and allows mobile agentstoquery the data base. This mobile agent maybe behave maliciously which is similar to an intruder in the Statistical Disclosure Control(SDC), where measuring disclosure risk is still considered as a difficult and only partly solved problem[111]. We introduce a scenario that is not adequately covered by any of the previous discloser risk measures. Shannon’s entropy can be considered a satisfactory measure for the disclosure risk that is related to the exact compromise. However, in the case of approximate compromise, we argue that Shannon’s entropy does not express precisely the intruder’s knowledge about a particular confidential value. We introduce a novel disclosure risk measure that is based on Shannon’s entropy but covers both exact and approximate compromise. The main advantage of our measure over previously proposed measures that it gives careful consideration to the attribute values in addition to the probabilities with which the values occur. We use a dynamic programming algorithm to calculate the disclosure risk for various levels of approximate compromise. Importantly, our proposed measure is independent of the applied SDC technique. Finally, we show how this measure can be used to evaluate the security mechanisms for protecting privacy in statistical databases and data mining. We conduct extensive experiments and apply our proposed security measure to three different data sets protected by three different SDC techniques, namely Sampling, Query Restriction, and Noise Addition.

security

mobile agent

disclosure risk

trust

Mobile agent security

Alfalayleh, Mousa

January 2009

Research Doctorate - Doctor of Philosophy (PhD) / Mobile agents are programs that travel autonomously through a computer network in order to perform some computation or gather information on behalf of a human user or an application. In the last several years numerous applications of mobile agents have emerged, including e-commerce. However, mobile agent paradigm introduces a number of security threats both to the agents themselves and to the servers that they visit. This thesis gives an overview of the main security issues related to the mobile agent paradigm. The first part of the thesis focuses on security of mobile agent itself. In this part, we propose a new coupling technique based on trust as a social control to work together with existing traditional security mechanisms. It relies on the “reputation” of the hosts in the itinerary and ensures that the agent succeeds in accomplishing its task with a high probability. Due to the fact that the coupling technique requires an agent’s itinerary to be known in advance, we introduce two new concepts: a “Scout mobile agent”, whose primary purpose is to determine the itinerary required for accomplishing a given task, and a “Routed mobile agent”, which operates with an itinerary known in advance. This enables the Routed agent to incorporate various security mechanisms, including our new coupling technique. Our Routed agent technique is also applicable independently of the Scout agent, whenever the itinerary and the trust values of the platforms in the itinerary are known. We also proposed a Petrol Station as an entity that would provide a service to other entities, in the form of certifying mobile agents and equipping them with safe itinerary based on trust score and applying the Routed agent. In the second part of the thesis, we shed some light on the security of mobile agent platforms as it is considered more critical than the security of agents. In particular, we consider a scenario where a platform hosts a database containing confidential individual information and allows mobile agentstoquery the data base. This mobile agent maybe behave maliciously which is similar to an intruder in the Statistical Disclosure Control(SDC), where measuring disclosure risk is still considered as a difficult and only partly solved problem[111]. We introduce a scenario that is not adequately covered by any of the previous discloser risk measures. Shannon’s entropy can be considered a satisfactory measure for the disclosure risk that is related to the exact compromise. However, in the case of approximate compromise, we argue that Shannon’s entropy does not express precisely the intruder’s knowledge about a particular confidential value. We introduce a novel disclosure risk measure that is based on Shannon’s entropy but covers both exact and approximate compromise. The main advantage of our measure over previously proposed measures that it gives careful consideration to the attribute values in addition to the probabilities with which the values occur. We use a dynamic programming algorithm to calculate the disclosure risk for various levels of approximate compromise. Importantly, our proposed measure is independent of the applied SDC technique. Finally, we show how this measure can be used to evaluate the security mechanisms for protecting privacy in statistical databases and data mining. We conduct extensive experiments and apply our proposed security measure to three different data sets protected by three different SDC techniques, namely Sampling, Query Restriction, and Noise Addition.

security

mobile agent

disclosure risk

trust

Statistical disclosure control for frequency tables

Antal, Laszlo

January 2016

Disclosure risk assessment of statistical data, such as frequency tables, is a prerequisite for data dissemination. This thesis investigates the problem of disclosure risk assessment of frequency tables from the perspective of a statistical institute. In the research reported here, disclosure risk is measured by a mathematical function designed for the data according to a disclosure risk scenario. Such functions are called disclosure risk measures. A disclosure risk measure is defined for frequency tables based on the entire population using information theory. If the disclosure risk of a population based frequency table is high, a statistical institute will apply a statistical disclosure control (SDC) method possibly perturbing the table. It is known that the application of any SDC method lowers the disclosure risk. However, measuring the disclosure risk of the perturbed frequency table is a difficult problem. The disclosure risk measure proposed in the first paper of the thesis is also extended to assess the disclosure risk of perturbed frequency tables. SDC methods can be applied to either the microdata from which the frequency table is generated or directly to the frequency table. The two classes of methods are called pre- and post-tabular methods accordingly. It is shown that the two classes are closely related and that the proposed disclosure risk measure can account for both methods. In the second paper, the disclosure risk measure is extended to assess the disclosure risk of sample based frequency tables. Probabilistic models are used to estimate the population frequencies from sample frequencies which can then be used in the proposed disclosure risk measures. In the final paper of the thesis, we investigate an application of building a flexible table generator where disclosure risk and data utility measures must be calculated on-the-fly. We show that the proposed disclosure risk measure and a related information loss measure are adaptable to these settings. An example implementation of the disclosure risk and data utility assessment using the proposed disclosure risk measure is given.

519.5

Concealment, communication and stigma: The perspectives of HIV-positive immigrant Black African men and their partners living in the United Kingdom

Owuor, J.O.A., Locke, Abigail, Heyman, B., Clifton, A.

06 July 2015

Yes / This study explored the perspectives of Black men, originally from East Africa, living in the United Kingdom and their partners on what it means to live with diagnosed HIV. This article reports on concealment of HIVpositive status as a strategy adopted by the affected participants to manage the flow of information about their HIV-positive status. Analysis of the data, collected using in-depth interviews involving 23 participants, found widespread selective concealment of HIV-positive status. However, a few respondents had ‘come out’ publicly about their condition. HIV prevention initiatives should recognise concealment as a vital strategy in managing communication about one’s HIV-positive status.

Topics and Applications in Synthetic Data

Loong, Bronwyn

07 September 2012

Releasing synthetic data in place of observed values is a method of statistical disclosure control for the public dissemination of survey data collected by national statistical agencies. The overall goal is to limit the risk of disclosure of survey respondents' identities or sensitive attributes, but simultaneously retain enough detail in the synthetic data to preserve the inferential conclusions drawn on the target population, in potential future legitimate statistical analyses. This thesis presents three new research contributions in the analysis and application of synthetic data. Firstly, to understand differences in types of input between the imputer, typically an agency, and the analyst, we present a definition of congeniality in the context of multiple imputation for synthetic data. Our definition is motivated by common examples of uncongeniality, specifically ignorance of the original survey design in analysis of fully synthetic data, and situations when the imputation model and analysis procedure condition upon different sets of records. We conclude that our definition provides a framework to assist the imputer to identify the source of a discrepancy between observed and synthetic data analytic results. Motivated by our definition, we derive an alternative approach to synthetic data inference, to recover the observed data set sampling distribution of sufficient statistics given the synthetic data. Secondly, we address the problem of negative method-of-moments variance estimates given fully synthetic data, which may be produced with the current inferential methods. We apply the adjustment for density maximization (ADM) method to variance estimation, and demonstrate using ADM as an alternative approach to produce positive variance estimates. Thirdly, we present a new application of synthetic data techniques to confidentialize survey data from a large-scale healthcare study. To date, application of synthetic data techniques to healthcare survey data is rare. We discuss identification of variables for synthesis, specification of imputation models, and working measures of disclosure risk assessment. Following comparison of observed and synthetic data analytic results based on published studies, we conclude that use of synthetic data for our healthcare survey is best suited for exploratory data analytic purposes. / Statistics

data confidentiality

data utility

disclosure risk

multiple imputation

synthetic

uncongeniality

statistics

Healthy relationships : an HIV intervention for positives.

Stutzman, Kelsey Alexandra. Caughy, Margaret O'Brien. Vaeth, Patrice

January 2008

Thesis (M.P.H.)--University of Texas Health Science Center at Houston, School of Public Health, 2008. / Source: Masters Abstracts International, Volume: 46-05, page: 2672. Adviser: Margaret Caughy. Includes bibliographical references.