filmov
tv
USENIX Security '18 - Privacy for Tigers
Показать описание
Ross Anderson
Cambridge University
Abstract:
(Joint work with Tanya Berger-Wolf)
As mobile phone masts went up across the world’s jungles, savannas and mountains, so did poaching. Wildlife crime syndicates can not only coordinate better but can mine growing public data sets, often of geotagged images. Privacy matters for tigers, for snow leopards, for elephants and rhinos – and even for tortoises and sharks. Animal data protection laws, where they exist at all, are oblivious to these new threats, and no-one seems to have started to think about information security policy. The issues sprawl across many of the technical and policy areas of classical security and privacy. Our work is targeted at wildlife aggregation sites that enable conservationists, scientists, and citizens to upload large numbers of images and other observations, which are then analysed to discover facts about endangered species. In this talk we first set out the threat model, describing the modern wildlife crime environment. We then present a security policy framework we are evolving for the aggregation site Wildbook and others like it. At least two emerging issues may be of wider interest. The first is context: we have a small number of roles, but a large number of quite complex contexts which determine access decisions. So we describe a new kind of context-aware role-based access control, with the context based on the data rather than the system state; it has some interesting parallels with the more traditional access control models used to manage insider threats in government, corporations and healthcare. The second is situational awareness. We want to use logs not just to investigate crimes after the fact, but to forestall them. But in a sprawling heterogeneous system, how do we engineer incentives for vigilance?
Cambridge University
Abstract:
(Joint work with Tanya Berger-Wolf)
As mobile phone masts went up across the world’s jungles, savannas and mountains, so did poaching. Wildlife crime syndicates can not only coordinate better but can mine growing public data sets, often of geotagged images. Privacy matters for tigers, for snow leopards, for elephants and rhinos – and even for tortoises and sharks. Animal data protection laws, where they exist at all, are oblivious to these new threats, and no-one seems to have started to think about information security policy. The issues sprawl across many of the technical and policy areas of classical security and privacy. Our work is targeted at wildlife aggregation sites that enable conservationists, scientists, and citizens to upload large numbers of images and other observations, which are then analysed to discover facts about endangered species. In this talk we first set out the threat model, describing the modern wildlife crime environment. We then present a security policy framework we are evolving for the aggregation site Wildbook and others like it. At least two emerging issues may be of wider interest. The first is context: we have a small number of roles, but a large number of quite complex contexts which determine access decisions. So we describe a new kind of context-aware role-based access control, with the context based on the data rather than the system state; it has some interesting parallels with the more traditional access control models used to manage insider threats in government, corporations and healthcare. The second is situational awareness. We want to use logs not just to investigate crimes after the fact, but to forestall them. But in a sprawling heterogeneous system, how do we engineer incentives for vigilance?
0:43:30
USENIX Security '18 - Privacy for Tigers
0:49:27
USENIX Security '18 - Solving the Next Billion-People Privacy Problem
0:25:01
USENIX Security '18 - Polisis: Automated Analysis and Presentation of Privacy Policies...
0:25:35
USENIX Security '18 - BurnBox: Self-Revocable Encryption in a World Of Compelled Access
0:21:11
USENIX Security '18 - Fp-Scanner: The Privacy Implications of Browser Fingerprint Inconsistenci...
0:17:10
USENIX Security '18 - Sensitive Information Tracking in Commodity IoT
0:26:23
USENIX Security '18 - A4NT: Author Attribute Anonymity by Adversarial Training...
0:22:59
USENIX Security '18 - Analysis of Privacy Protections in Fitness Tracking Social Networks...
0:26:51
USENIX Security '18 - GAZELLE: A Low Latency Framework for Secure Neural Network Inference
0:25:59
USENIX Security '18 - The Dangers of Key Reuse: Practical Attacks on IPsec IKE
0:23:27
USENIX Security '18 - How Do Tor Users Interact With Onion Services?
0:24:36
USENIX Security '18 - Practical Accountability of Secret Processes
0:21:45
USENIX Security '18 - With Great Training Comes Great Vulnerability...
0:25:02
USENIX Security '18 - Unveiling and Quantifying Facebook Exploitation of Sensitive Personal Dat...
0:22:55
USENIX Security '18 - Towards Predicting Efficient and Anonymous Tor Circuits
0:26:44
USENIX Security '18 - When Does Machine Learning FAIL?...
0:23:02
USENIX Security '18 - The Guard's Dilemma: Efficient Code-Reuse Attacks Against Intel SGX
0:20:10
USENIX Security '18 - Arbitrum: Scalable, private smart contracts
0:21:47
USENIX Security '18 - An Empirical Analysis of Anonymity in Zcash
0:25:47
USENIX Security '18 - The Secure Socket API: TLS as an Operating System Service
0:21:55
USENIX Security '18 - SAD THUG...
0:21:41
USENIX Security '18 - Formal Security Analysis of Neural Networks using Symbolic Intervals
0:51:22
USENIX Security '18-Q: Why Do Keynote Speakers Keep Suggesting That Improving Security Is Possi...
0:22:22
USENIX Security '18 - Guarder: A Tunable Secure Allocator
Комментарии