Confidentiality of information

The relationship between organization structure, the supporting information systems and the confidentiality issue, defines the end user's responsibility for information control. In a data sharing environment end users must agree upon their mutual responsibility for shared data. The database administrator is the natural authority to control the execution of that agreement. Any departure from strictly preventive control weakens data sharing control.On-line end user access control by means of security tables may be compromised by the current privileged state machine architecture. Resulting control weaknesses should be compensated by procedural and organizational means.     

Oblivious Transfers and Privacy Amplification

Oblivious transfer (OT) is an important primitive in cryptography. In chosen one-out-of-two string OT, a sender offers two strings, one of which the other party, called the receiver, can choose to read, not learning any information about the other string. The sender on the other hand does not obtain any information about the receivers choice. We consider the problem of reducing this primitive to OT for single bits. Previous attempts to doing this were based on self-intersecting codes. We present a new technique for the same task, based on so-called privacy amplification. It is shown that our method has two important advantages over the previous approaches. First, it is more efficient in terms of the number of required realizations of bit OT, and second, the technique even allows for reducing string OT to (apparently) much weaker primitives. An example of such a primitive is universal OT, where the receiver can adaptively choose what type of information he wants to obtain about the two bits sent by the sender subject to the only constraint that some, possibly very small, uncertainty must remain about the pair of bits.     

A service provisioning system for distributed personalization with private data protection

Personalized services can provide significant user benefits since they adapt their behavior to better support the user. Personalized services use a variety of data related to the user to decide their behavior. Thus personalized service needs a provisioning system that can collect the data that impacts service behavior and allows selection of the most appropriate service. However, in the coming ubiquitous environment, some data necessary for determining service behavior might be unavailable due to two possible reasons. One is that the data does not exit. The other is that the data exists but cannot be accessed. For example, users do not want to disclose their personal information, and service providers do not also want to expose data related to their knowhow in services. This paper describes a new service provisioning system for distributed personalization with private data protection. Specifically, the system selects applicable services by assessing how well each candidate service behaves when some data is missing. It then executes those selected services while hiding the users’ and providers’ private data in a distributed manner. We first summarize the requirements for a personalized service system, and introduce our fundamental policies for the system. The two main components of our system are then described in detail. One component is a service assessment mechanism that can judge if a service can work without data that can be used for adaptation. The second component is a service execution mechanism that can utilize private data while still ensuring privacy. This component divides service logic and executes divided logic where necessary data is available. The paper finally describes our prototype implementation and its performance evaluation results.     

Unrealistic optimism in internet events

This study assessed the tendency for individuals to be unrealistically optimistic about internet related activities. Ninety-seven participants estimated their chances of experiencing 31 positive and negative internet events compared to the average student at their school. The data indicated that students believed positive internet events were more likely to happen to them and negative events were less likely to happen to them compared to the average student. Heavy internet users reported more optimistic responses than did light users. Perceptions of event characteristics (controllability, desirability, and personal experience) were also significantly correlated with optimistic bias.     

秘密同态模式的研究

基于密文的数据库可以有效实现数据库安全.文献[1,2]提出一种索引机制,但安全性和任务分配存在问题.文献[3,4]提出用一种秘密同态的技术解决此问题.但如何实际实现未提及.提出了基于秘密同态的实现模型,同时对秘密同态的数学基础进行了研究,并证明了在实数范围内以目前运算的基础是不可行的,必须在拓扑空间或环上定义一种新的运算.     

Early Warning Signs of it Project Failure: The Dominant Dozen

The postmortem examination of failed IT projects reveals that long before the failure there were significant symptoms or “early warning signs.” This article describes the top 12 people- related and project-related IT project risks, based on “early warning sign” data collected from a panel of 19 experts and a survey of 55 IT project managers.     

Friend or not to friend: Coworker Facebook friend requests as an application of communication privacy management theory

Given that Facebook.com is a social networking tool used by a diverse audience, this study employs Communication Privacy Management (CPM) theory as a framework to investigate how working professionals respond to co-worker Facebook friend requests. Overall, 312 individuals with full-time jobs and Facebook accounts completed an online survey. Results confirmed that most working professionals accepted co-worker Facebook friend requests. However, request decisions varied in conjunction with organizational privacy orientation, current Facebook privacy management practices, and co-worker communication satisfaction. Results confirm that working professionals’ Facebook linkage choices with other co-workers are best understood when embedded within a framework which provides a more complete understanding of the functioning of their privacy rules. Future research examining working professionals’ social media privacy management practices when individual privacy norms contradict organizational privacy norms is discussed.     

Office layout affecting privacy,interaction, and acoustic quality in LEED-certified buildings

The study investigated differences in worker satisfaction and perceived job performance regarding privacy, interaction, and acoustic quality issues in personal workspaces between five office types in LEED-certified buildings. It finds that people in high cubicles showed significantly lower satisfaction and job performance in relation to visual privacy and interaction with co-workers than both enclosed private and enclosed shared office types. They also showed significantly lower satisfaction with noise level and sound privacy and lower job performance perceived by acoustic quality than enclosed private, enclosed shared, and bullpen types. The bullpen type, open-plan office without partitions, presented significantly higher satisfaction with noise level and higher performance perceived by acoustic quality than both high and low cubicles. Considering the bullpen type also showed higher satisfaction with sound privacy than the high cubicle type, high partitions don't seem to contribute to creating workspaces where people can have a secure conversation. The bullpen type didn't show any difference from the enclosed shared type in all privacy, interaction, and acoustic quality questions, indicating it may be a good option for a small office space instead of the enclosed shared type.