Tootfinder

Public Trust In AI Is Sinking Across the Board - Slashdot https://tech.slashdot.org/story/24/03/06/2116226/public-trust-in-ai-is-sinking-across-the-board

Public Trust In AI Is Sinking Across the Board - Slashdot
Trust in AI technology and the companies that develop it is dropping, in both the U.S. and around the world, according to new data from Edelman shared first with Axios. Axios reports: Globally, trust in AI companies has dropped to 53%, down from 61% five years ago. In the U.S., trust has dropped 15...

Public Trust In AI Is Sinking Across the Board - Slashdot https://tech.slashdot.org/story/24/03/06/2116226/public-trust-in-ai-is-sinking-across-the-board

Public Trust In AI Is Sinking Across the Board - Slashdot
Trust in AI technology and the companies that develop it is dropping, in both the U.S. and around the world, according to new data from Edelman shared first with Axios. Axios reports: Globally, trust in AI companies has dropped to 53%, down from 61% five years ago. In the U.S., trust has dropped 15...

CAKE: Sharing Slices of Confidential Data on Blockchain
Edoardo Marangone, Michele Spina, Claudio Di Ciccio, Ingo Weber
https://arxiv.org/abs/2405.04152 ht…

CAKE: Sharing Slices of Confidential Data on Blockchain
Cooperative information systems typically involve various entities in a collaborative process within a distributed environment. Blockchain technology offers a mechanism for automating such processes, even when only partial trust exists among participants. The data stored on the blockchain is replicated across all nodes in the network, ensuring accessibility to all participants. While this aspect facilitates traceability, integrity, and persistence, it poses challenges for adopting public blockc…

Verifiable by Design: Aligning Language Models to Quote from Pre-Training Data
Jingyu Zhang, Marc Marone, Tianjian Li, Benjamin Van Durme, Daniel Khashabi
https://arxiv.org/abs/2404.03862

Verifiable by Design: Aligning Language Models to Quote from Pre-Training Data
For humans to trust the fluent generations of large language models (LLMs), they must be able to verify their correctness against trusted, external sources. Recent efforts aim to increase verifiability through citations of retrieved documents or post-hoc provenance. However, such citations are prone to mistakes that further complicate their verifiability. To address these limitations, we tackle the verifiability goal with a different philosophy: we trivialize the verification process by develop…

At this point, to keep any semblance of privacy, you basically have the choice between Apple (easier and smoother but you need to trust them) or open-source solutions (rough around the edges, requires time & technical knowledge).
But even if you do, if you communicate with other people THEY will be likely harvested for the data you share with them and they share with you.
So there’s little escape.

For he makes the bars of your gates strong. He blesses your children within you. Psalm 147.13 NET.
Blessed are the people who trust in the Lord.
#Bible #BibleVerses #Psalms

FEDQ-Trust: Efficient Data-Driven Trust Prediction for Mobile Edge-Based IoT Systems
Jiahui Bai, Hai Dong, Athman Bouguettaya
https://arxiv.org/abs/2404.18356

FEDQ-Trust: Efficient Data-Driven Trust Prediction for Mobile Edge-Based IoT Systems
We introduce FEDQ-Trust, an innovative data-driven trust prediction approach designed for mobile edge-based Internet of Things (IoT) environments. The decentralized nature of mobile edge environments introduces challenges due to variations in data distribution, impacting the accuracy and training efficiency of existing distributed data-driven trust prediction models. FEDQ-Trust effectively tackles the statistical heterogeneity challenges by integrating Federated Expectation-Maximization with De…

Do You Trust Your Model? Emerging Malware Threats in the Deep Learning Ecosystem
Dorjan Hitaj, Giulio Pagnotta, Fabio De Gaspari, Sediola Ruko, Briland Hitaj, Luigi V. Mancini, Fernando Perez-Cruz
https://arxiv.org/abs/2403.03593

Do You Trust Your Model? Emerging Malware Threats in the Deep Learning Ecosystem
Training high-quality deep learning models is a challenging task due to computational and technical requirements. A growing number of individuals, institutions, and companies increasingly rely on pre-trained, third-party models made available in public repositories. These models are often used directly or integrated in product pipelines with no particular precautions, since they are effectively just data in tensor form and considered safe. In this paper, we raise awareness of a new machine lear…

MGA: When it comes to trust into citizen science, majority of policy makers had inherent trust into CS-generated data. Have confidence in their own community members. #ecsa2024

This https://arxiv.org/abs/2211.13715 has been replaced.
link: https://scholar.google.com/scholar?q=a

Trust Your $\nabla$: Gradient-based Intervention Targeting for Causal Discovery
Inferring causal structure from data is a challenging task of fundamental importance in science. Observational data are often insufficient to identify a system's causal structure uniquely. While conducting interventions (i.e., experiments) can improve the identifiability, such samples are usually challenging and expensive to obtain. Hence, experimental design approaches for causal discovery aim to minimize the number of interventions by estimating the most informative intervention target. In th…

“You’re storing the user data in a place that syncs with iCloud! Apple is an evil megacorp and they can’t be trusted!”
It’s an iOS app, genius.
Trust doesn’t work like “I trust *evil* Apple to definitely not spy on my inputs, but I TOTALLY don’t trust them with the data that those inputs create.”
You concede to trusting them enough, or you don’t.
If you don’t, that’s fine (just don’t use them), but your threat model is dumb if you only trust them for the worst part.…

This https://arxiv.org/abs/2403.01932 has been replaced.
link: https://scholar.google.com/scholar?q=a

Tree Counting by Bridging 3D Point Clouds with Imagery
Accurate and consistent methods for counting trees based on remote sensing data are needed to support sustainable forest management, assess climate change mitigation strategies, and build trust in tree carbon credits. Two-dimensional remote sensing imagery primarily shows overstory canopy, and it does not facilitate easy differentiation of individual trees in areas with a dense canopy and does not allow for easy separation of trees when the canopy is dense. We leverage the fusion of three-dimen…

Holy shit, WordPress.com/Automattic is really trying to destroy all the goodwill it has built over years.
Selling user posts to "AI" companies is such a breach of trust and an insult. It negates any respect for user contribution that is the basis for a good and sustainable relationship.
https://mastod…

🙀 Data Analysis Doesn't Have to Be Scary! 📊
Are you one of those people who breaks out in a cold sweat at the mere mention of Pivot Tables? I get it! They can seem super intimidating at first. But trust me, they're powerful tools that can transform the way you work with data.
That's why I made this new video tutorial all about breaking down Pivot Tables and making them approachable. In it, I'll guide you step-by-step through creating your own interactive Sales D…

A Universe of Sound - processing NASA data into sonifications to explore participant response: #sonified NASA data of three astronomical objects presented as aural visualizations, then surveyed blind or low-vision and sighted individuals to elicit feedback on the experience of these pieces as it relates to enjoyment, education, and trust of the scientific data."

This https://arxiv.org/abs/2211.13715 has been replaced.
link: https://scholar.google.com/scholar?q=a

Trust Your $\nabla$: Gradient-based Intervention Targeting for Causal Discovery
Inferring causal structure from data is a challenging task of fundamental importance in science. Observational data are often insufficient to identify a system's causal structure uniquely. While conducting interventions (i.e., experiments) can improve the identifiability, such samples are usually challenging and expensive to obtain. Hence, experimental design approaches for causal discovery aim to minimize the number of interventions by estimating the most informative intervention target. In th…

This is how different sleep tracking is with Apple and Garmin watches: https://alpo.gitlab.io/jots/posts/2024/04/sleep-tracking-why-data-from-apple-and-garmin-watches-is-so-different/
If you are in the sam…

Guided By AI: Navigating Trust, Bias, and Data Exploration in AI-Guided Visual Analytics
Sunwoo Ha, Shayan Monadjemi, Alvitta Ottley
https://arxiv.org/abs/2404.14521

Guided By AI: Navigating Trust, Bias, and Data Exploration in AI-Guided Visual Analytics
The increasing integration of artificial intelligence (AI) in visual analytics (VA) tools raises vital questions about the behavior of users, their trust, and the potential of induced biases when provided with guidance during data exploration. We present an experiment where participants engaged in a visual data exploration task while receiving intelligent suggestions supplemented with four different transparency levels. We also modulated the difficulty of the task (easy or hard) to simulate a m…

Collaborative Active Learning in Conditional Trust Environment
Zan-Kai Chong, Hiroyuki Ohsaki, Bryan Ng
https://arxiv.org/abs/2403.18436 https://

Collaborative Active Learning in Conditional Trust Environment
In this paper, we investigate collaborative active learning, a paradigm in which multiple collaborators explore a new domain by leveraging their combined machine learning capabilities without disclosing their existing data and models. Instead, the collaborators share prediction results from the new domain and newly acquired labels. This collaboration offers several advantages: (a) it addresses privacy and security concerns by eliminating the need for direct model and data disclosure; (b) it ena…

“Customer trust is a priority for (our PR office) and we are actively evaluating our privacy processes and (how we don’t get caught doing this again in the future).” - General Motors*
*And, soon, every other automaker when similarly confronted.
https://www.nytimes.com/2024/03/22/…

General Motors Quits Sharing Driving Behavior With Data Brokers
G.M. had provided information about braking, acceleration and speed to LexisNexis Risk Solution and Verisk, firms that generated driver risk profiles for insurers.

“Trust in AI technology and the companies that develop it is dropping, in both the U.S. and around the world, according to new data from Edelman [...] Globally, trust in AI companies has dropped to 53%, down from 61% five years ago. In the U.S., trust has dropped 15 percentage points (from 50% to 35%) over the same period.”
https:…

Exclusive: Public trust in AI is sinking across the board
The drop is global, but people in developing countries view the technology more favorably.

This https://arxiv.org/abs/2401.16643 has been replaced.
initial toot: https://mastoxiv.page/@arXiv_csIT_…

Game of Coding: Beyond Trusted Majorities
Coding theory revolves around the incorporation of redundancy into transmitted symbols, computation tasks, and stored data to guard against adversarial manipulation. However, error correction in coding theory is contingent upon a strict trust assumption. In the context of computation and storage, it is required that honest nodes outnumber adversarial ones by a certain margin. However, in several emerging real-world cases, particularly, in decentralized blockchain-oriented applications, such ass…

Oh this has to feature in a @… thread, surely :)
Meta needs competitive data
Meta mods VPN to sniff traffic
Wow.
https://mastodon.social/@dangillmor/11

Before you head out for the weekend, check out today's Metacurity for the top infosec developments you should know, including
--North Korea's Lazarus Group returns to Tornado Cash
--US Attorney to seize $2.3m for pig butchering victims,
--Hackers stole data on 43m from French unemployment agency,
--FTC fines two fraudulent tech support firms,
--Attackers stole $2m from a single crypto investor,
--FCC approves Cyber Trust Mark labels,
--Florida man sues GM and LexisNexis for collecting car data,
--Zscaler buys Avalor for $350m,
--much more
https://www.metacurity.com/p/north-koreas-lazarus-group-returns-tornado-cash

Large Language Models and User Trust: Focus on Healthcare
Avishek Choudhury, Zaria Chaudhry
https://arxiv.org/abs/2403.14691 https://…

Large Language Models and User Trust: Focus on Healthcare
This paper explores the evolving relationship between clinician trust in LLMs, the transformation of data sources from predominantly human-generated to AI-generated content, and the subsequent impact on the precision of LLMs and clinician competence. One of the primary concerns identified is the potential feedback loop that arises as LLMs become more reliant on their outputs for learning, which may lead to a degradation in output quality and a reduction in clinician skills due to decreased enga…

SmartQC: An Extensible DLT-Based Framework for Trusted Data Workflows in Smart Manufacturing
Alan McGibney, Tharindu Ranathunga, Roman Pospisil
https://arxiv.org/abs/2402.17868

SmartQC: An Extensible DLT-Based Framework for Trusted Data Workflows in Smart Manufacturing
Recent developments in Distributed Ledger Technology (DLT), including Blockchain offer new opportunities in the manufacturing domain, by providing mechanisms to automate trust services (digital identity, trusted interactions, and auditable transactions) and when combined with other advanced digital technologies (e.g. machine learning) can provide a secure backbone for trusted data flows between independent entities. This paper presents an DLT-based architectural pattern and technology solution …

Pipeline Provenance for Analysis, Evaluation, Trust or Reproducibility
Michael A. C. Johnson, Hans-Rainer Kl\"ockner, Albina Muzafarova, Kristen Lackeos, David J. Champion, Marta Dembska, Sirko Schindler, Marcus Paradies
https://arxiv.org/abs/2404.14378

Pipeline Provenance for Analysis, Evaluation, Trust or Reproducibility
Data volumes and rates of research infrastructures will continue to increase in the upcoming years and impact how we interact with their final data products. Little of the processed data can be directly investigated and most of it will be automatically processed with as little user interaction as possible. Capturing all necessary information of such processing ensures reproducibility of the final results and generates trust in the entire process. We present PRAETOR, a software suite that enable…

This https://arxiv.org/abs/2211.13715 has been replaced.
link: https://scholar.google.com/scholar?q=a

Trust Your $\nabla$: Gradient-based Intervention Targeting for Causal Discovery
Inferring causal structure from data is a challenging task of fundamental importance in science. Observational data are often insufficient to identify a system's causal structure uniquely. While conducting interventions (i.e., experiments) can improve the identifiability, such samples are usually challenging and expensive to obtain. Hence, experimental design approaches for causal discovery aim to minimize the number of interventions by estimating the most informative intervention target. In th…

User Characteristics in Explainable AI: The Rabbit Hole of Personalization?
Robert Nimmo, Marios Constantinides, Ke Zhou, Daniele Quercia, Simone Stumpf
https://arxiv.org/abs/2403.00137

User Characteristics in Explainable AI: The Rabbit Hole of Personalization?
As Artificial Intelligence (AI) becomes ubiquitous, the need for Explainable AI (XAI) has become critical for transparency and trust among users. A significant challenge in XAI is catering to diverse users, such as data scientists, domain experts, and end-users. Recent research has started to investigate how users' characteristics impact interactions with and user experience of explanations, with a view to personalizing XAI. However, are we heading down a rabbit hole by focusing on unimportant …

This https://arxiv.org/abs/2212.06540 has been replaced.
link: https://scholar.google.com/scholar?q=a

Automatic ESG Assessment of Companies by Mining and Evaluating Media Coverage Data: NLP Approach and Tool
Context: Sustainable corporate behavior is increasingly valued by society and impacts corporate reputation and customer trust. Hence, companies regularly publish sustainability reports to shed light on their impact on environmental, social, and governance (ESG) factors. Problem: Sustainability reports are written by companies themselves and are therefore considered a company-controlled source. Contrary, studies reveal that non-corporate channels (e.g., media coverage) represent the main driver …

"Microsoft’s “security culture [is] inadequate and requires an overhaul, particularly in light of the company’s centrality in the technology ecosystem and the level of trust customers place in the company to protect their data and operations.”"
Microsoft is 'ground zero' for state-sponsored hackers, exec says

Microsoft is 'ground zero' for foreign state-sponsored hackers, executive says
“It’s very difficult to defend against,” a top Microsoft executive for security said of state-sponsored hackers

"The worst part of it... is the lack of understanding about what privacy means, while telling their users they are super serious about it. Add to that the CEO’s 'trust me, bro' attitude, their deals with the shady and homophobic crypto company Brave, and many other things, and the conclusion is that, no, your data is not safe at Kagi at all, and with their primary business being 'AI' and not search, you know exactly what that means. Do not use Kagi."

Waiting in the doctor's office.
What better to do with the time than reading through @… 's "third-party trust model
for direct personal data
transfers" report?
https://…

«[#CitizenScience] Project leaders who described misalignment between their own goals and what they perceived to be their organization’s goals more frequently reported challenges related to balancing scientists’ and volunteers’ interests, convincing colleagues to trust data, and being part-time employees» https://www.tandfonline.com/doi/full/10.1080/08941920.2024.2329914

Interpretable Prediction and Feature Selection for Survival Analysis
Mike Van Ness, Madeleine Udell
https://arxiv.org/abs/2404.14689 https://

Interpretable Prediction and Feature Selection for Survival Analysis
Survival analysis is widely used as a technique to model time-to-event data when some data is censored, particularly in healthcare for predicting future patient risk. In such settings, survival models must be both accurate and interpretable so that users (such as doctors) can trust the model and understand model predictions. While most literature focuses on discrimination, interpretability is equally as important. A successful interpretable model should be able to describe how changing each fea…

Pipeline Provenance for Analysis, Evaluation, Trust or Reproducibility
Michael A. C. Johnson, Hans-Rainer Kl\"ockner, Albina Muzafarova, Kristen Lackeos, David J. Champion, Marta Dembska, Sirko Schindler, Marcus Paradies
https://arxiv.org/abs/2404.14378

Pipeline Provenance for Analysis, Evaluation, Trust or Reproducibility
Data volumes and rates of research infrastructures will continue to increase in the upcoming years and impact how we interact with their final data products. Little of the processed data can be directly investigated and most of it will be automatically processed with as little user interaction as possible. Capturing all necessary information of such processing ensures reproducibility of the final results and generates trust in the entire process. We present PRAETOR, a software suite that enable…

This https://arxiv.org/abs/2401.02306 has been replaced.
initial toot: https://mastoxiv.page/@arXiv_ees…

Secure Control of Connected and Automated Vehicles Using Trust-Aware Robust Event-Triggered Control Barrier Functions
We address the security of a network of Connected and Automated Vehicles (CAVs) cooperating to safely navigate through a conflict area (e.g., traffic intersections, merging roadways, roundabouts). Previous studies have shown that such a network can be targeted by adversarial attacks causing traffic jams or safety violations ending in collisions. We focus on attacks targeting the V2X communication network used to share vehicle data and consider as well uncertainties due to noise in sensor measur…

This https://arxiv.org/abs/2402.07614 has been replaced.
initial toot: https://mastoxiv.page/@arXiv_mat…

Riemannian trust-region methods for strict saddle functions with complexity guarantees
The difficulty of minimizing a nonconvex function is in part explained by the presence of saddle points. This slows down optimization algorithms and impacts worst-case complexity guarantees. However, many nonconvex problems of interest possess a favorable structure for optimization, in the sense that saddle points can be escaped efficiently by appropriate algorithms. This strict saddle property has been extensively used in data science to derive good properties for first-order algorithms, such …

Situations like this are a prime example of why we have to end the death penalty. As long as you have fallible human beings imposing an irreversible sentence on people, you're going to have errors and abuse.
#justicereform #deathpenalty

Colorado finds DNA scientist cut corners, raising questions in hundreds of criminal cases
A former Colorado Bureau of Investigation DNA scientist intentionally cut corners and didn’t follow standard testing protocols, raising questions about hundreds of cases in which she processed evidence, the agency said Friday, calling it “an unprecedented breach of trust.”

Enhancing Trust and Privacy in Distributed Networks: A Comprehensive Survey on Blockchain-based Federated Learning
Ji Liu, Chunlu Chen, Yu Li, Lin Sun, Yulun Song, Jingbo Zhou, Bo Jing, Dejing Dou
https://arxiv.org/abs/2403.19178

Enhancing Trust and Privacy in Distributed Networks: A Comprehensive Survey on Blockchain-based Federated Learning
While centralized servers pose a risk of being a single point of failure, decentralized approaches like blockchain offer a compelling solution by implementing a consensus mechanism among multiple entities. Merging distributed computing with cryptographic techniques, decentralized technologies introduce a novel computing paradigm. Blockchain ensures secure, transparent, and tamper-proof data management by validating and recording transactions via consensus across network nodes. Federated Learnin…

My current take on the #xz situation, not having read the actual source backdoor commits yet (thanks a lot #Github for hiding the evidence at this point...) besides reading what others have written about it (cf. #rustlang for such central library dependencies would maybe (really big maybe) have made it a bit harder to push a backdoor like this because - if and only if the safety features are used idiomatically in an open source project - reasonably looking code is (a bit?) more limited in the sneaky behavior it could include. We should still very much use those languages over C/C for infrastructure code because the much larger class of unintentional bugs is significantly mitigated, but I believe (without data to back it up) that even such "bugdoor" type changes will be harder to execute. However, given the sophistication in this case, it may not have helped at all. The attacker(s) have shown to be clever enough.
6. Sandboxing library code may have helped - as the attacker(s) explicitly disabled e.g. landlock, that might already have had some impact. We should create better tooling to make it much easier to link to infrastructure libraries in a sandboxed way (although that will have performance implications in many cases).
7. Automatic reproducible builds verification would have mitigated this particular vector of backdoor distribution, and the Debian team seems to be using the reproducibility advances of the last decade to verify/rebuild the build servers. We should build library and infrastructure code in a fully reproducible manner *and* automatically verify it, e.g. with added transparency logs for both source and binary artefacts. In general, it does however not prevent this kind of supply chain attack that directly targets source code at the "leaf" projects in Git commits.
8. Verifying the real-life identity of contributors to open source projects is hard and a difficult trade-off. Something similar to the #Debian #OpenPGP #web-of-trust would potentially have mitigated this style of attack somewhat, but with a different trade-off. We might have to think much harder about trust in individual accounts, and for some projects requiring a link to a real-world country-issued ID document may be the right balance (for others it wouldn't work). That is neither an easy nor a quick path, though. Also note that sophisticated nation state attackers will probably not have a problem procuring "good" fake IDs. It might still raise the bar, though.
9. What happened here seems clearly criminal - at least under my IANAL naive understanding of EU criminal law. There was clear intent to cause harm, and that makes the specific method less important. The legal system should also be able to help in mitigating supply chain attacks; not in preventing them, but in making them more costly if attackers can be tracked down (this is difficult in itself, see point 8) and face risk of punishment after the fact.
H/T @… @… @… @… @…

Would You Trust an AI Doctor? Building Reliable Medical Predictions with Kernel Dropout Uncertainty
Ubaid Azam, Imran Razzak, Shelly Vishwakarma, Hakim Hacid, Dell Zhang, Shoaib Jameel
https://arxiv.org/abs/2404.10483

Would You Trust an AI Doctor? Building Reliable Medical Predictions with Kernel Dropout Uncertainty
The growing capabilities of AI raise questions about their trustworthiness in healthcare, particularly due to opaque decision-making and limited data availability. This paper proposes a novel approach to address these challenges, introducing a Bayesian Monte Carlo Dropout model with kernel modelling. Our model is designed to enhance reliability on small medical datasets, a crucial barrier to the wider adoption of AI in healthcare. This model leverages existing language models for improved effec…

Enabling Zero Trust Security in IoMT Edge Network
Maha Ali Allouzi, Javed Khan
https://arxiv.org/abs/2402.10389 https://arxiv.org/pdf…

Enabling Zero Trust Security in IoMT Edge Network
Internet of Medical Things (IoMT) deals with a patient-data-rich segment, which makes security and privacy a severe concern for patients. Therefore, access control is a significant aspect of ensuring trust in the IoMT. However, deploying existing authentication and authorization solutions to the Internet of Medical Things (IoMT) is not straightforward because of highly dynamic and possibly unprotected environments and untrusted supply chain for the IoT devices. In this article, we propose Soter…

Riemannian trust-region methods for strict saddle functions with complexity guarantees
Florentin Goyens, Cl\'ement Royer
https://arxiv.org/abs/2402.07614

Riemannian trust-region methods for strict saddle functions with complexity guarantees
The difficulty of minimizing a nonconvex function is in part explained by the presence of saddle points. This slows down optimization algorithms and impacts worst-case complexity guarantees. However, many nonconvex problems of interest possess a favorable structure for optimization, in the sense that saddle points can be escaped efficiently by appropriate algorithms. This strict saddle property has been extensively used in data science to derive good properties for first-order algorithms, such …

This https://arxiv.org/abs/2401.16643 has been replaced.
initial toot: https://mastoxiv.page/@arXiv_csIT_…

Game of Coding: Beyond Trusted Majorities
Coding theory revolves around the incorporation of redundancy into transmitted symbols, computation tasks, and stored data to guard against adversarial manipulation. However, error correction in coding theory is contingent upon a strict trust assumption. In the context of computation and storage, it is required that honest nodes outnumber adversarial ones by a certain margin. However, in several emerging real-world cases, particularly, in decentralized blockchain-oriented applications, such ass…

A Survey of Explainable Knowledge Tracing
Yanhong Bai, Jiabao Zhao, Tingjiang Wei, Qing Cai, Liang He
https://arxiv.org/abs/2403.07279 https://

A Survey of Explainable Knowledge Tracing
With the long term accumulation of high quality educational data, artificial intelligence has shown excellent performance in knowledge tracing. However, due to the lack of interpretability and transparency of some algorithms, this approach will result in reduced stakeholder trust and a decreased acceptance of intelligent decisions. Therefore, algorithms need to achieve high accuracy, and users need to understand the internal operating mechanism and provide reliable explanations for decisions. T…

Enabling Zero Trust Security in IoMT Edge Network
Maha Ali Allouzi, Javed Khan
https://arxiv.org/abs/2402.10389 https://arxiv.org/pdf…

Enabling Zero Trust Security in IoMT Edge Network
Internet of Medical Things (IoMT) deals with a patient-data-rich segment, which makes security and privacy a severe concern for patients. Therefore, access control is a significant aspect of ensuring trust in the IoMT. However, deploying existing authentication and authorization solutions to the Internet of Medical Things (IoMT) is not straightforward because of highly dynamic and possibly unprotected environments and untrusted supply chain for the IoT devices. In this article, we propose Soter…

My current take on the #xz situation, not having read the actual source backdoor commits yet (thanks a lot #Github for hiding the evidence at this point...) besides reading what others have written about it (cf. #rustlang for such central library dependencies would maybe (really big maybe) have made it a bit harder to push a backdoor like this because - if and only if the safety features are used idiomatically in an open source project - reasonably looking code is (a bit?) more limited in the sneaky behavior it could include. We should still very much use those languages over C/C for infrastructure code because the much larger class of unintentional bugs is significantly mitigated, but I believe (without data to back it up) that even such "bugdoor" type changes will be harder to execute. However, given the sophistication in this case, it may not have helped at all. The attacker(s) have shown to be clever enough.
6. Sandboxing library code may have helped - as the attacker(s) explicitly disabled e.g. landlock, that might already have had some impact. We should create better tooling to make it much easier to link to infrastructure libraries in a sandboxed way (although that will have performance implications in many cases).
7. Automatic reproducible builds verification would have mitigated this particular vector of backdoor distribution, and the Debian team seems to be using the reproducibility advances of the last decade to verify/rebuild the build servers. We should build library and infrastructure code in a fully reproducible manner *and* automatically verify it, e.g. with added transparency logs for both source and binary artefacts. In general, it does however not prevent this kind of supply chain attack that directly targets source code at the "leaf" projects in Git commits.
8. Verifying the real-life identity of contributors to open source projects is hard and a difficult trade-off. Something similar to the #Debian #OpenPGP #web-of-trust would potentially have mitigated this style of attack somewhat, but with a different trade-off. We might have to think much harder about trust in individual accounts, and for some projects requiring a link to a real-world country-issued ID document may be the right balance (for others it wouldn't work). That is neither an easy nor a quick path, though. Also note that sophisticated nation state attackers will probably not have a problem procuring "good" fake IDs. It might still raise the bar, though.
9. What happened here seems clearly criminal - at least under my IANAL naive understanding of EU criminal law. There was clear intent to cause harm, and that makes the specific method less important. The legal system should also be able to help in mitigating supply chain attacks; not in preventing them, but in making them more costly if attackers can be tracked down (this is difficult in itself, see point 8) and face risk of punishment after the fact.
H/T @… @… @… @… @…

Integrating Blockchain technology within an Information Ecosystem
Francesco Salzano, Lodovica Marchesi, Remo Pareschi, Roberto Tonelli
https://arxiv.org/abs/2402.13191

Integrating Blockchain technology within an Information Ecosystem
Context: Blockchain-based Information Ecosystems (BBIEs) are a type of information ecosystem in which blockchain technology is used to provide a trust mechanism among parties and to manage shared business logic, breaking the traditional scheme of Information Ecosystems dominated by a leading company and leveraging the decentralization of data management, information flow, and business logic. Objective: In this paper, we propose architecture and technical aspects concerning the creation of a BBI…

This https://arxiv.org/abs/2312.08156 has been replaced.
initial toot: https://mastoxiv.page/@arXiv_csCR_…

Okapi: Efficiently Safeguarding Speculative Data Accesses in Sandboxed Environments
This paper introduces Okapi, a new hardware/software cross-layer architecture designed to mitigate Transient Execution Side Channel (TES) attacks in modern computing systems. Okapi enforces sandboxing for speculative execution, providing a hardware basis that can replace expensive speculation barriers in software. At its core, Okapi allows for speculative data accesses to a memory page only after the page has been accessed non-speculatively at least once by the current trust domain. The granu…

A Survey of Explainable Knowledge Tracing
Yanhong Bai, Jiabao Zhao, Tingjiang Wei, Qing Cai, Liang He
https://arxiv.org/abs/2403.07279 https://

A Survey of Explainable Knowledge Tracing
With the long term accumulation of high quality educational data, artificial intelligence has shown excellent performance in knowledge tracing. However, due to the lack of interpretability and transparency of some algorithms, this approach will result in reduced stakeholder trust and a decreased acceptance of intelligent decisions. Therefore, algorithms need to achieve high accuracy, and users need to understand the internal operating mechanism and provide reliable explanations for decisions. T…

SoK: Trusting Self-Sovereign Identity
Evan Krul, Hye-young Paik, Sushmita Ruj, Salil S. Kanhere
https://arxiv.org/abs/2404.06729 https://

SoK: Trusting Self-Sovereign Identity
Digital identity is evolving from centralized systems to a decentralized approach known as Self-Sovereign Identity (SSI). SSI empowers individuals to control their digital identities, eliminating reliance on third-party data custodians and reducing the risk of data breaches. However, the concept of trust in SSI remains complex and fragmented. This paper systematically analyzes trust in SSI in light of its components and threats posed by various actors in the system. As a result, we derive three…

This https://arxiv.org/abs/2305.08642 has been replaced.
initial toot: https://mastoxiv.page/@arXiv_sta…

Topological Interpretability for Deep-Learning
With the growing adoption of AI-based systems across everyday life, the need to understand their decision-making mechanisms is correspondingly increasing. The level at which we can trust the statistical inferences made from AI-based decision systems is an increasing concern, especially in high-risk systems such as criminal justice or medical diagnosis, where incorrect inferences may have tragic consequences. Despite their successes in providing solutions to problems involving real-world data, d…

This https://arxiv.org/abs/2212.03218 has been replaced.
link: https://scholar.google.com/scholar?q=a

Transforming EU Governance: The Digital Integration through EBSI and GLASS
Traditionally, government systems managed citizen identities through disconnected data systems, using simple identifiers and paper-based processes, limiting digital trust and requiring citizens to request identity verification documents. The digital era offers a shift towards unique digital identifiers for each citizen, enabling a 'citizen wallet' for easier access to personal documents like academic records and licences, with enhanced security through digital signatures. The European Commissio…

This https://arxiv.org/abs/2305.08642 has been replaced.
initial toot: https://mastoxiv.page/@arXiv_sta…

Topological Interpretability for Deep-Learning
With the growing adoption of AI-based systems across everyday life, the need to understand their decision-making mechanisms is correspondingly increasing. The level at which we can trust the statistical inferences made from AI-based decision systems is an increasing concern, especially in high-risk systems such as criminal justice or medical diagnosis, where incorrect inferences may have tragic consequences. Despite their successes in providing solutions to problems involving real-world data, d…

This https://arxiv.org/abs/2402.08322 has been replaced.
initial toot: https://mastoxiv.page/@arXiv_csCR_…

zk-IoT: Securing the Internet of Things with Zero-Knowledge Proofs on Blockchain Platforms
This paper introduces the zk-IoT framework, a novel approach to enhancing the security of Internet of Things (IoT) ecosystems through the use of Zero-Knowledge Proofs (ZKPs) on blockchain platforms. Our framework ensures the integrity of firmware execution and data processing in potentially compromised IoT devices. By leveraging the concept of ZKP, we establish a trust layer that facilitates secure, autonomous communication between IoT devices in environments where devices may not inherently tr…

zk-IoT: Securing the Internet of Things with Zero-Knowledge Proofs on Blockchain Platforms
Gholamreza Ramezan, Ehsan Meamari
https://arxiv.org/abs/2402.08322

zk-IoT: Securing the Internet of Things with Zero-Knowledge Proofs on Blockchain Platforms
This paper introduces the zk-IoT framework, a novel approach to enhancing the security of Internet of Things (IoT) ecosystems through the use of Zero-Knowledge Proofs (ZKPs) on blockchain platforms. Our framework ensures the integrity of firmware execution and data processing in potentially compromised IoT devices. By leveraging the concept of ZKP, we establish a trust layer that facilitates secure, autonomous communication between IoT devices in environments where devices may not inherently tr…

This https://arxiv.org/abs/2309.05769 has been replaced.
initial toot: https://mastoxiv.page/@arXiv_csCR_…

Tortoise: An Authenticated Encryption Scheme
Given the open nature of the Internet, there is a need for authentication schemes to address inherent trust issues. We present Tortoise, an experimental nonce-based authenticated encryption scheme modeled on the Synthetic Counter-in-Tweak. This paper demonstrates a generalizable plug-and-play framework for converting block cipher into Authenticated Encryption with Associated Data. As part of this work, we utilized an XOR procedure for constructing a generic tweakable cipher. Finally, we support…