There is, I think, something ethereal about i —the square root of minus one. I remember first hearing about it at school. It seemed an odd beast at that time—an intruder hovering on the edge of reality.

Usually familiarity dulls this sense of the bizarre, but in the case of i it was the reverse: over the years the sense of its surreal nature intensified. It seemed that it was impossible to write mathematics that described the real world in …

I and i

Probability Distributions.- Linear Models for Regression.- Linear Models for Classification.- Neural Networks.- Kernel Methods.- Sparse Kernel Machines.- Graphical Models.- Mixture Models and EM.- Approximate Inference.- Sampling Methods.- Continuous Latent Variables.- Sequential Data.- Combining Models.

Pattern Recognition and Machine Learning

Data Mining - Concepts and Techniques.

In several distributed systems a user should only be able to access data if a user posses a certain set of credentials or attributes. Currently, the only method for enforcing such policies is to employ a trusted server to store the data and mediate access control. However, if any server storing the data is compromised, then the confidentiality of the data will be compromised. In this paper we present a system for realizing complex access control on encrypted data that we call ciphertext-policy attribute-based encryption. By using our techniques encrypted data can be kept confidential even if the storage server is untrusted; moreover, our methods are secure against collusion attacks. Previous attribute-based encryption systems used attributes to describe the encrypted data and built policies into user's keys; while in our system attributes are used to describe a user's credentials, and a party encrypting data determines a policy for who can decrypt. Thus, our methods are conceptually closer to traditional access control methods such as role-based access control (RBAC). In addition, we provide an implementation of our system and give performance measurements.

/pdf/ciphertext-policy-attribute-based-encryption-q09jxdyx4n.pdf

Ciphertext-Policy Attribute-Based Encryption

In 1974 an article appeared in Science magazine with the dry-sounding title “Judgment Under Uncertainty: Heuristics and Biases” by a pair of psychologists who were not well known outside their discipline of decision theory. In it Amos Tversky and Daniel Kahneman introduced the world to Prospect Theory, which mapped out how humans actually behave when faced with decisions about gains and losses, in contrast to how economists assumed that people behave. Prospect Theory turned Economics on its head by demonstrating through a series of ingenious experiments that people are much more concerned with losses than they are with gains, and that framing a choice from one perspective or the other will result in decisions that are exactly the opposite of each other, even if the outcomes are monetarily the same. Prospect Theory led cognitive psychology in a new direction that began to uncover other human biases in thinking that are probably not learned but are part of our brain’s wiring.

Thinking fast and slow.

Objective:Evaluate the effectiveness of training embedded within security warnings to identify phishing webpages.Background:More than 20 million malware and phishing warnings are shown to users of ...

Embedding Training Within Warnings Improves Skills of Identifying Phishing Webpages.

Local Differential Privacy (LDP) protects user privacy from the data collector. LDP protocols have been increasingly deployed in the industry. A basic building block is frequency oracle (FO) protocols, which estimate frequencies of values. While several FO protocols have been proposed, their resulting estimations, however, do not satisfy the natural consistency requirement that estimations are non-negative and sum up to 1. In this paper, we study how to add post-processing steps to FO protocols to make them consistent while achieving high accuracy for a wide range of tasks, including frequencies of individual values, frequencies of the most frequent values, and frequencies of subsets of values. We consider 10 different methods, some of them explicitly proposed before in the literature, and others introduced in this paper. We establish theoretical relationships between some of them and conducted extensive experimental evaluations. Among them, we propose to use Norm-Hyb, which keeps estimations above a certain threshold unchanged, and then converts negative estimations to 0 while adding a value (typically negative) to all other estimations to ensure a sum of 1.

Consistent and accurate frequency oracles under local differential privacy

Discretionary Access Control (DAC) is the primary access control mechanism in today’s major operating systems. It is, however, vulnerable to Trojan Horse attacks and attacks exploiting buggy software. We propose to combine the discretionary policy in DAC with the dynamic information flow techniques in MAC, therefore achieving the best of both worlds, that is, the DAC’s easy-to-use discretionary policy specification and MAC’s defense against threats caused by Trojan Horses and buggy programs. We propose the Information Flow Enhanced Discretionary Access Control (IFEDAC) model that implements this design philosophy. We describe our design of IFEDAC, and discuss its relationship with the Usable Mandatory Integrity Protection (UMIP) model proposed earlier by us. In addition, we analyze their security property and their relationships with other protection systems. We also describe our implementations of IFEDAC in Linux and the evaluation results and deployment experiences of the systems.

Combining Discretionary Policy with Mandatory Information Flow in Operating Systems

In this paper we consider the problem of differentially private data publishing. In particular, we consider the scenario in which a trusted curator gathers sensitive information from a large number of respondents, creates a relational dataset where each tuple corresponds to one entity, such as an individual, a household, or an organization, and then publishes a privacy-preserving (i.e., sanitized or anonymized) version of the dataset. This has been referred to as the "non-interactive" mode of private data analysis, as opposed to the "interactive" mode, where the data curator provides an interface through which users may pose queries about the data, and get (possibly noisy) answers.

Recursive partitioning and summarization: a practical framework for differentially private data publishing

Both Java RMI and Jini use a proxy-based architecture. In this architecture, a client interacts with a service through a proxy, which is code downloaded from a directory and installed on the client's machine. An attacker who controls the communication channels or the directory may compromise the confidentiality and integrity of the client and of the service. We present a security architecture that protects both clients and services in distributed proxy-based computing. In this architecture, the service registers a signed authentication proxy with the directory. The client, after downloading a signed authentication proxy from the directory, verifies the signature on the proxy, authenticates itself to the service through the proxy, and receives a dedicated session proxy for the service over a secure channel. We also describe a Java-based toolkit that implements the security architecture. This toolkit enables developers to add security to Java RMI-based applications with minimal implementation effort.

/pdf/securing-java-rmi-based-distributed-applications-2jizljyp7v.pdf

Ninghui Li

Papers

Embedding Training Within Warnings Improves Skills of Identifying Phishing Webpages.

Consistent and accurate frequency oracles under local differential privacy

Combining Discretionary Policy with Mandatory Information Flow in Operating Systems

Recursive partitioning and summarization: a practical framework for differentially private data publishing

Securing Java RMI-based distributed applications