Privacy and Freedom.

The Health Insurance Portability and Accountability Act, also known as HIPAA, was first delivered to congress in 1996 and consisted of just two Titles. It was designed to protect health insurance coverage for workers and their families while between jobs. It establishes standards for electronic health care transactions and addresses the issues of privacy and security when dealing with Protected Health Information (PHI). HIPAA is applicable only in the United States of America.

The Health Insurance Portability and Accountability Act.

Over the past decade, goal models have been used in Computer Science in order to represent software requirements, business objectives and design qualities. Such models extend traditional AI planning techniques for representing goals by allowing for partially defined and possibly inconsistent goals. This paper presents a formal framework for reasoning with such goal models. In particular, the paper proposes a qualitative and a numerical axiomatization for goal modeling primitives and introduces label propagation algorithms that are shown to be sound and complete with respect to their respective axiomatizations. In addition, the paper reports on preliminary experimental results on the propagation algorithms applied to a goal model for a US car manufacturer.

Reasoning with goal models

In a few years, the world will be populated by billions of connected devices that will be placed in our homes, cities, vehicles, and industries. Devices with limited resources will interact with the surrounding environment and users. Many of these devices will be based on machine learning models to decode meaning and behavior behind sensors’ data, to implement accurate predictions and make decisions. The bottleneck will be the high level of connected things that could congest the network. Hence, the need to incorporate intelligence on end devices using machine learning algorithms. Deploying machine learning on such edge devices improves the network congestion by allowing computations to be performed close to the data sources. The aim of this work is to provide a review of the main techniques that guarantee the execution of machine learning models on hardware with low performances in the Internet of Things paradigm, paving the way to the Internet of Conscious Things. In this work, a detailed review on models, architecture, and requirements on solutions that implement edge machine learning on Internet of Things devices is presented, with the main goal to define the state of the art and envisioning development requirements. Furthermore, an example of edge machine learning implementation on a microcontroller will be provided, commonly regarded as the machine learning “Hello World”.

https://www.mdpi.com/1424-8220/20/9/2533/pdf

Edge Machine Learning for AI-Enabled IoT Devices: A Review

When George Orwell looked ahead at mid-century to predict the rise of totalitarian regimes, he saw the complete abrogation of personal privacy as their crowning achievement. Nothing about our personal lives could be kept from centralized governments in the year 1984 as it followed us with the new technology of television. Citizens would be forced to watch government-mandated programs, and government agents would watch them back through personal video cameras. Every move of every person could be tracked and recorded. The image was terrifying. How trivial the capacity of television to intrude on our lives has now become in comparison to that of a personal computer connected to the Internet. How inconsequentia l a video image of our daily activities soon may seem in comparison to a genetic pro le that de nes our very being. Vast amounts of personal information are fed into networks of computers to be processed, analyzed, and sent around the country and around the world, often to be combined with other data stored on other computers. Much of this information we readily enter ourselves from the comfort of our homes when we make purchases, seek medical advice, or check  nancial records over the Internet. The result is a detailed picture of us that can be kept as a permanent record by entities of which we are not even aware. America was founded on a tradition of rebellion against government power and of resistance to government control over our lives. Historically, nothing has threatened the spirit of America more than unchecked centralized government authority in a world like that of Orwell’s 1984. When the spirit

The limits of privacy

Privacy has been frequently identified as a main concern for systems that deal with personal information. However, much of existing work on privacy requirements deals with them as a special case of security requirements, thereby overlooking key aspects of privacy. In this paper, we address this problem by proposing an ontology for privacy requirements. The ontology is mined from the literature through a systematic literature review whose main purpose is to identify key concepts/relationships for capturing privacy requirements. In addition, identified concepts/relations are further analyzed to identify redundancies and semantic overlaps.

Towards an Ontology for Privacy Requirements via a Systematic Literature Review

[Context and motivation] Information Quality (IQ) is a key success factor for the efficient performance of any system, and it becomes a vital issue for critical systems, where low-quality information may lead to disasters. [Question/problem] Despite this, most of the Requirements Engineering frameworks focus on “what” and “where” information is required, but not on the intention behind its use, which is essential to define the required level of quality that information should meets. [Principal ideas/results] In this paper, we propose a novel conceptual framework for modeling and reasoning about IQ at requirements level. [Contribution] The proposed framework is based on the secure Tropos methodology and extends it with the required concepts for modeling and analyzing IQ requirements since the early phases of software development. A running example concerning a U.S stock market crash (the May 6, 2010 Flash Crash) is used throughout the paper.

Modeling and Reasoning About Information Quality Requirements

Machine learning (ML) components are increasingly adopted in many automated systems. Their ability to learn and work with novel input/incomplete knowledge and their generalization capabilities make them highly desirable solutions for complex problems. This has motivated the inclusion of ML techniques/components in products for many industrial domains including automotive systems. Such systems are safety-critical systems since their failure may cause death or injury to humans. Therefore, their safety must be ensured before they are used in their operational environment. However, existing safety standards and Verification and Validation (V&V) techniques do not properly address the special characteristics of ML-based components such as non-determinism, non-transparency, instability. This position paper presents the authors' view on the safety of automotive systems incorporating ML-based components, and it is intended to motivate and sketch a research agenda for extending a safety standard, namely ISO 26262, to address challenges posed by incorporating ML-based components in automotive systems.

/pdf/on-the-safety-of-automotive-systems-incorporating-machine-4yj6m2p1pk.pdf

On the Safety of Automotive Systems Incorporating Machine Learning Based Components: A Position Paper

Information practices and systems that make use of personal and health-related information are governed by European laws and regulations to prevent unauthorized use and disclosure. Failure to comply with these laws and regulations results in huge monetary sanctions, which both private companies and public administrations want to avoid. How to comply with these laws, requires understanding the privacy requirements imposed on information systems. A holistic approach to privacy requirements specification calls for understanding not only the requirements derived from law, but also citizens' needs with respect to privacy. In this paper, we report on our experience in conducting privacy requirements engineering as part of a H2020 European Project, namely VisiOn (Visual Privacy Management in User Centric Open Requirements) for the development of a privacy platform to improve the interaction between Public Administrations (PA) and citizens, while guarding the privacy of the latter. Specifically, we present the process for eliciting, classifying, prioritizing, and validating privacy requirements for the two types of users, namely PA and citizen. The process is applied to different cases spanning from healthcare to other e-governmental initiatives, with the active involvement of the corresponding PAs. We report on findings and lessons learned from this experience.

/pdf/privacy-requirements-findings-and-lessons-learned-in-1c9jgu4ph8.pdf

Privacy Requirements: Findings and Lessons Learned in Developing a Privacy Platform

Artificial Intelligence (AI)-based classifiers rely on Machine Learning (ML) algorithms to provide functionalities that system architects are often willing to integrate into critical Cyber-Physical Systems (CPSs). However, such algorithms may misclassify observations, with potential detrimental effects on the system itself or on the health of people and of the environment. In addition, CPSs may be subject to threats that were not previously known, motivating the need for building Intrusion Detectors (IDs) that can effectively deal with zero-day attacks. Different studies were directed to compare misclassifications of various algorithms to identify the most suitable one for a given system. Unfortunately, even the most suitable algorithm may still show an unsatisfactory number of misclassifications when system requirements are strict. A possible solution may rely on the adoption of meta-learners, which build ensembles of base-learners to reduce misclassifications and that are widely used for supervised learning. Meta-learners have the potential to reduce misclassifications with respect to non-meta learners: however, misleading base-learners may let the meta-learner leaning towards misclassifications and therefore their behavior needs to be carefully assessed through empirical evaluation. To such extent, in this paper we investigate, expand, empirically evaluate, and discuss meta-learning approaches that rely on ensembles of unsupervised algorithms to detect (zero-day) intrusions in CPSs. Our experimental comparison is conducted by means of public datasets belonging to network intrusion detection and biometric authentication systems, which are common IDSs for CPSs. Overall, we selected 21 datasets, 15 unsupervised algorithms and 9 different meta-learning approaches. Results allow discussing the applicability and suitability of meta-learning for unsupervised anomaly detection, comparing metric scores achieved by base algorithms and meta-learners. Analyses and discussion end up showing how the adoption of meta-learners significantly reduces misclassifications when detecting (zero-day) intrusions in CPSs.

https://dl.acm.org/doi/pdf/10.1145/3467470

Mohamad Gharib

Papers

Towards an Ontology for Privacy Requirements via a Systematic Literature Review

Modeling and Reasoning About Information Quality Requirements

On the Safety of Automotive Systems Incorporating Machine Learning Based Components: A Position Paper

Privacy Requirements: Findings and Lessons Learned in Developing a Privacy Platform

Meta-Learning to Improve Unsupervised Intrusion Detection in Cyber-Physical Systems