How Good Is a Security Policy against Real Breaches? A HIPAA Case Study

Kafalı, Özgür; Jones, Jasmine; Petruso, Megan; Williams, Laurie; Singh, Munindar P.

doi:10.1109/icse.2017.55

Cited by 26 publications

(16 citation statements)

References 27 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Apart from the e-commerce domain, our distributed monitoring and diagnosis process can be adopted in safety-critical domains such as intrusion detection (Geib & Goldman, 2001) and other crime detection (Jarvis et al, 2005) by integrating it with additional AI-based methods. Commitments and additional normative representations can be combined with ontologies and semantic reasoning to provide additional expert capabilities to agents (Kafalı et al, 2017b;Xu et al, 2011).…”

Section: Discussionmentioning

confidence: 99%

“…• We have demonstrated the working of COMODO on one case study from e-commerce, which constitutes a threat to external validity. Other works on normative models explore emergency healthcare (Kafalı et al, , 2017a, and security and privacy (Barth et al, 2006;Kafalı et al, 2017b). Exploring norm delegations in such settings would provide valuable insight to our distributed diagnosis procedure.…”

Section: Limitationsmentioning

confidence: 99%

“…Such explanations would enable human users to understand what has transcribed during a transaction and help introspection about the exception situation. Intelligent agents equipped with such expert capabilities have potential implications on several important domains regarding all phases of distributed exception handling (Kafalı et al, 2017b;Soeanu et al, 2016;Sun et al, 2012;Vasconcelos et al, 2009;Xu et al, 2011), e.g., planning, monitoring, conflict resolution, semantic reasoning, and diagnosis. While we have applied the diagnosis procedure on an e-commerce case study, its generic nature enables deployment in application areas including emergency healthcare, Internet of Things and smart environments, and security and privacy in the context of sociotechnical systems.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Comodo : Collaborative monitoring of commitment delegations

Kafalı

Torroni

2018

Expert Systems with Applications

View full text Add to dashboard Cite

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Limitationsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Comodo : Collaborative monitoring of commitment delegations

Kafalı

Torroni

2018

Expert Systems with Applications

View full text Add to dashboard Cite

show abstract

“…We adopt norms [3,18,24,42,48] to formalize regulations and breaches (as violations of norms). Norms (here, deontic norms including commitments, authorizations, and prohibitions) provide a compact, yet expressive formalization.…”

Section: Textboxmentioning

confidence: 99%

Çorba: crowdsourcing to obtain requirements from regulations and breaches

et al. 2019

Self Cite

View full text Add to dashboard Cite

show abstract

“…This is even more critical in systems where the security or privacy of an individual depends on what others do, like in social media, where any of your friends can post information about you , which is completely out of your control. Recent studies (Kafalı et al 2017b) demonstrate the impact of human error in breaches, and formally analyze how well existing regulations account for such breaches via AI techniques such as semantic similarity and domain ontologies. Automating the extraction of information from valuable artifacts such as breach reports would help such analysis, since breach reports not only capture examples that the software and its users should avoid, but also describe actions to prevent, detect, and recover from future breaches.…”

mentioning

confidence: 99%

Guest Editors’ Introduction

Kafalı

Criado

Řehák

et al. 2018

ACM Trans. Internet Technol.

View full text Add to dashboard Cite

Cybersecurity underpins the lives of ordinary people-their safety, work, health, and entertainment. Yet despite its importance, cybersecurity is often approached in a reactive manner-taking corrective actions to "patch" vulnerabilities after they are detected or exploited. In the absence of fundamental improvements in formal processes and methods, the same or similar problems can recur. In contrast, a scientific vision for security and privacy should be proactive. The focus of this TOIT special section is to provide a forum to discuss and advance security and privacy by means of Artificial Intelligence (AI) approaches. Approaches that are intelligent and self-adaptive are crucial to deal with the complexities of effectively protecting sensitive assets in all security-critical domains. This is where research from the AI community can make a difference in security and privacy. Specifically, AI can help address a long-standing problem, namely, that security and privacy are attempted to be inserted as an afterthought, which is rarely adequate. We identify the following key areas in AI, and review advancements in such areas that would help solve fundamental hard problems regarding security (CyBOK 2017) and privacy (Such 2017). Normative models: Secure and privacy-aware governance of sociotechnical systems can only be achieved by bridging the divide between technical solutions to security and privacy such as access control systems and the human and social factors associated with the users of such systems. Development of unified computational models for the social and the technical tiers of sociotechnical systems as well as their verification are therefore of utmost importance.

show abstract

How Good Is a Security Policy against Real Breaches? A HIPAA Case Study

Abstract: The version in the Kent Academic Repository may differ from the final published version. Users are advised to check http://kar.kent.ac.uk for the status of the paper. Users should always cite the published version of record.

Cited by 26 publications

References 27 publications

Comodo : Collaborative monitoring of commitment delegations

Comodo : Collaborative monitoring of commitment delegations

Çorba: crowdsourcing to obtain requirements from regulations and breaches

Guest Editors’ Introduction

Contact Info

Product

Resources

About