Related papers: Law-Aware Access Control and its Information Model
Management of information is an important aspect of every application. This includes, for example, protecting user data against breaches (like the one reported in the news about 50 million Facebook profiles being harvested for Cambridge…
The open data movement is leading to the massive publishing of court records online, increasing transparency and accessibility of justice, and to the design of legal technologies building on the wealth of legal data available. However, the…
Language-based information flow methods offer a principled way to enforce strong security properties, but enforcing noninterference is too inflexible for realistic applications. Security-typed languages have therefore introduced…
E-business, information serving, and ubiquitous computing will create heavy request traffic from strangers or even incognitos. Such requests must be managed automatically. Two ways of doing this are well known: giving every incognito…
Automation systems are increasingly being used in dynamic and various operating conditions. With higher flexibility demands, they need to promptly respond to surrounding dynamic changes by adapting their operation. Context information…
Privacy policies define the terms under which personal data may be collected and processed by data controllers. The General Data Protection Regulation (GDPR) imposes requirements on these policies that are often difficult to implement.…
In a recent approach, we proposed to model an access control mechanism as a Markov Decision Process, thus claiming that in order to make an access control decision, one can use well-defined mechanisms from decision theory. We present in…
Interoperability remains the key problem in multi-discipline collaboration based on building information modeling (BIM). Although various methods have been proposed to solve the technical issues of interoperability, such as data sharing and…
The specification and enforcement of network-wide policies in a single administrative domain is common in today's networks and considered as already resolved. However, this is not the case for multi-administrative domains, e.g. among…
Ensuring that information flowing through a network is secure from manipulation and eavesdropping by unauthorized parties is an important task for network administrators. Many cyber attacks rely on a lack of network-level information flow…
Authoring access control policies is challenging and prone to misconfigurations. Access control policies must be conflict-free. Hence, administrators should identify discrepancies between policy specifications and their intended function to…
Large language models are increasingly used as natural-language interfaces to enterprise software, but their direct use as system operators remains unsafe. Model errors can propagate into unauthorized actions, malformed requests,…
In general, deep learning models use to make informed decisions immensely. Developed models are mainly based on centralized servers, which face several issues, including transparency, traceability, reliability, security, and privacy. In…
Since prior work has identified that cultural differences influence user design preferences and interaction methods, as well as emphasizing the need to reflect on the appropriateness of popular HCI principles, we believe that it is equally…
We study the design of media streaming applications in the presence of multiple heterogeneous wireless access methods with different throughputs and costs. Our objective is to analytically characterize the trade-off between the usage cost…
Mission critical software is often required to comply with multiple regulations, standards or policies. Recent paradigms, such as cloud computing, also require software to operate in heterogeneous, highly distributed, and changing…
Dependence on information, including for some of the world's largest organisations such as governments and multi-national corporations, has grown rapidly in recent years. However, reports of information security breaches and their…
Least privilege is a core security principle: grant each request only the minimum access needed to achieve its goal. Deployed language models almost never follow it, instead being exposed through a single API endpoint that serves all users…
Financial, social, and political factors often prevent the interests of the owners of ML systems and services and their users from being perfectly aligned. ML systems often produce biased information that can influence users to make…
I study how to regulate firms' access to consumer data when a regulator faces non-Bayesian uncertainty about how firms will exploit the consumer's information to segment the market and set prices. I fully characterize all worst-case optimal…