1,721,017 research outputs found
Design principles and patterns for computer systems that are simultaneously secure and usable
Full text linkThesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2005.This electronic version was submitted by the student author. The certified thesis is available in the Institute Archives and Special Collections.Includes bibliographical references (p. 429-464) and index.It is widely believed that security and usability are two antagonistic goals in system design. This thesis argues that there are many instances in which security and usability can be synergistically improved by revising the way that specific functionality is implemented in many of today's operating systems and applications. Specific design principles and patterns are presented that can accomplish this goal. Patterns are presented that minimize the release of confidential information through remnant and remanent data left on hard drives, in web browsers, and in documents. These patterns are based on a study involving the purchase of 236 hard drives on the secondary market, interviews conducted with organizations whose drives had been acquired, and through a detailed examination of modern web browsers and reports of information leakage in documents. Patterns are presented that enable secure messaging through the adoption of new key management techniques. These patterns are supported through an analysis of S/MIME handling in modern email clients, a survey of 469 Amazon.com merchants, and a user study of 43 individuals. Patterns are presented for promoting secure operation and for reducing the danger of covert monitoring. These patterns are supported by the literature review and an analysis of current systems.(cont.) In every case considered, it is shown that the perceived antagonism of security and usability can be scaled back or eliminated by revising the underlying designs on which modern systems are conceived. In many cases these designs can be implemented without significant user interface changes. The patterns described in this thesis can be directly applied by today's software developers and used for educating the next generation of programmers so that longstanding usability problems in computer security can at last be addressed. It is very likely that additional patterns can be identified in other related areas.by Simson L. Garfinkel.Ph.D
Wikipedia and the meaning of truth: Why the online encyclopedia's epistemology should worry those who care about traditional notions of accuracy
No full textWith little notice from the outside world, the community-written encyclopedia Wikipedia has redefined the commonly accepted use of the word "truth."
Unlike the laws of mathematics or science, wikitruth isn\u27t based on principles such as consistency or observa?bility. It\u27s not even based on common sense or firsthand experience. Wikipedia has evolved a radically different set of epistemological standards--standards that aren\u27t especially surprising given that the site is rooted in a Web-based community, but that should concern those of us who are interested in traditional notions of truth and accuracy. On Wikipedia, objective truth isn\u27t all that important, actually. What makes a fact or statement fit for inclusion is that it appeared in some other publication--ideally, one that is in English and is available free online. "The threshold for inclusion in Wikipedia is verifiability, not truth," states Wikipedia\u27s official policy on the subject
Privacy and Security Concerns When Social Scientists Work with Administrative and Operational Data
No full text Social science research is transitioning from working with “designated data,” collected through experiments and surveys, to working with “organic data,” including administrative data not collected for research purposes, and other data such as those collected from online social networks and large-scale sensor networks. The shift to organic data requires significant innovations in research methodologies. This article reviews the complexities and diversity of organic data and the special efforts that must be undertaken to make those data findable and usable by researchers. In some cases, advanced formal privacy techniques such as differential privacy and secure multiparty computation are needed to work with organic data in a manner that is ethically and logistically permissible, and effort is also required to make studies involving organic data transparent and replicable. These considerations make clear that moving forward, social scientists and information and communications technology (ICT) professionals must work closely to develop appropriate technical controls and ethical frameworks that minimize the risks of research to participants and to society at large. </jats:p
Providing Cryptographic Security and Evidentiary Chain-of-Custody with the Advanced Forensic Format, Library, and Tools
No full textThis article presents improvements in the Advanced Forensics Format Library version 3 that provide for digital signatures and other cryptographic protections for digital evidence, allowing an investigator to establish a reliable chain-of-custody for electronic evidence from the crime scene to the court room. No other system for handling and storing electronic evidence currently provides such capabilities. This article discusses implementation details, user level commands, and the AFFLIB programmer’s API.</jats:p
IEEE Security & Privacy : Vol. 12, No. 1, January/February 2014
No full text1. Guest Editors\u27 Introduction: protecting you / M. Angela Sasse, Charles C. Plamer
2. More is Not the Answer / Cormac Herley
3. Leaking Sensitive Information in Complex Document Files - and How to Prevent It / Simson L. Garfinkel
4. Going Spear Phishing: exploring embeddedtraining and awareness / Deanna D. Caputo, et al.
5. Helping You Protect You / M. Angela Sasse, et al.
6. Redefining Security Criteria for Networking Devices with Case Studies / Yin-Dar Lin, Chia-Yin Lee, Hao-Chuan Tsai
7. Bandwidth Distributed Denial of Service: attacks and defenses / Moti Geva, Amir Herzberg, Yehoshua Ge
Going Beyond Counting First Authors in Author Co-citation Analysis
Full text linkThe present study examines one of the fundamental aspects of author co-citation analysis (ACA) - the way co-citation
counts are defined. Co-citation counting provides the data on which all subsequent statistical analyses and mappings
are based, and we compare ACA results based on two different types of co-citation counting - the traditional type that
only counts the first one among a cited work's authors on the one hand and a non-traditional type that takes into
account the first 5 authors of a cited work on the other hand. Results indicate that the picture produced through this non-traditional author co-citation counting contains more coherent author groups and is therefore considerably clearer. However, this picture represents fewer specialties in the research field being studied than that produced through the traditional first-author co-citation counting when the same number of top-ranked authors is selected and analyzed. Reasons for these effects are discussed
Variations on the Author
Full text link“Variations on the Author” discusses two of Eduardo Coutinho’s recent films (Um Dia na Vida, from 2010, and Últimas Conversas, posthumously released in 2015) and their contribution to the general question of documentary authorship. The director’s filmography is characterized by a consistent yet self-effacing form of authorial self-inscription: Coutinho often features as an interviewer that rather than express opinions propels discourses; an interviewer that is good at listening. This mode of self-inscription characterizes him as an author who is not expressive but who is nonetheless markedly present on the screen. In Um Dia na Vida, however, Coutinho is completely absent form the image, while Últimas Conversas, on the contrary, includes a confessional prologue that moves the director from the margins to the center of his films. This article examines the ways in which these works stand out in the filmography of a director who offers new insights into the notion of cinematic authorship
- …
