Research

Nov 8th, 2020
The Emergence of a New Profession: Data Protection Officers in Israeli
  • computers
  • computers

Cyber systems collect, process and store personal data, hence raising the crucial issues of informational privacy. Law, social norms, market norms and technological developments impose obligations on organizations that must carefully manage the processing of personal data. The importance of cyber-related data protection can be captured in terms of human rights, particularly privacy and human dignity, as well as social values, but it is also strongly tied to other concerns with cyberspace, such as threats to individual and collective security. The complexity of legal and extra-legal requirements and the technological proficiency that is required to address privacy issues, induced a growing cadre of privacy experts on a global scale, designated as Data Protection Officers (“DPO”), or Chief Privacy Officers (“CPO”). These professionals take part in a complex corporate environment, and can be viewed as transmitters of ideas from the broad regulatory environment to the daily and strategic operations of organizations.

The proposed research seeks to examine the emergence of this new cyber profession in Israel, a small, developed economy that is active in the global market. While the substantive law on data protection is important for understanding the context of the legal regime that informs what organizations must do, the study’s emphasis is on the process installed by the laws and the agents who are appointed to oversee it. Hence, beyond the study of privacy law, the study utilizes organizational and neo-institutional theory.

The study seeks to describe the rise of the profession, the organizations that use it and people occupying the positions within them and in consulting positions outside organizations; the legal, economic and social forces shaping the scope of the new profession; the tasks assigned or contracted by organizations to the new professionals; and the challenges facing experts who must instigate a privacy culture and norms within organizations. These questions will be addressed by mapping the participants in the new profession, followed by a series of semi-structured interviews with Israeli professionals, regulators and other players in the emerging field, such as lawyers and accountants.

Research

Nov 8th, 2020
Leakage-free Cryptography: Eliminating Side Channel Leakage Using Compiler
  • computers
  • computers

Dr Yuval Yarom, University of Adelaide
​Yuval Yarom is a Senior Lecturer at the School of Computer Science, University of Adelaide, and is a Researcher in Data61, CSIRO. His main research interests are computer security and cryptography, with a current focus on microarchitectural attacks and their mitigation. He received his PhD from the University of Adelaide and an M.Sc. and a B.Sc. from the Hebrew University of Jerusalem. He is a DECRA Fellow and is the recipient of the 2020 CORE Chris Wallace Award for Outstanding research.

Prof. Wagner, Markus; University of Vienna

 

Dr. Chitchanok Cheungsatiansup, University of Adelaide
​Chitchanok Chuengsatiansup is a Lecturer at the School of Computer Science, University of Adelaide. She has worked on analyzing and improving the performance of public-key cryptographic schemes. Her major areas of interest include optimizing cryptographic algorithms and efficient cryptographic software implementations, with the focus on elliptic- and hyperelliptic-curve cryptography, pairing-based cryptography and lattice-based cryptography.

 

Minhui Xue, University of Adelaide
​Minhui (Jason) Xue is a Lecturer of School of Computer Science at the University of Adelaide. He is also an Honorary Lecturer with Macquarie University. His research interests are machine learning security and privacy, system and software security, and Internet measurement. He is the recipient of the ACM SIGSOFT distinguished paper award and IEEE best paper award, and his work has been featured in the mainstream press, such as The New York Times.

Research

Nov 8th, 2020
Differential Privacy and Secure Computation
  • computers
  • computers

Prof. Kobbi Nissim, Georgwtown University

Dov Gordon, George Mason University

Dr. Uri Stemmer, Ben Gurion University

 

As the volume and diversity of collected and processed data continues to increase, the number of instances of misuse continues to grow alongside. Citizens, corporations and governments are all becoming increasingly concerned and aware of the need for new systems and tools for preserving privacy, but none are willing to do so at a too-high toll on utility. Modern cryptography has introduced important frameworks for navigating the privacy and utility tradeoff, most notably is  secure computation that allows a group of parties to compute on data while revealing nothing but the prescribed outcome. Secure computation, however, does not provide a mechanism for ensuring that the result of that computation protects individuals’ privacy; it protects the process, but not the outcome. For this, we have differential privacy,  a formal framework for limiting the exposure of individual data when it is incorporated into an analysis. 

We aim to explore the ways in which secure computation and differential privacy can be composed synergistically to provide utility beyond what either framework alone can provide. In particular, to deepen our understanding of what is feasible, both asymptotically and concretely, for certain key applications of interest. 

Research

Jun 24th, 2020
Cyber-Nudging: Incentive Systems and Choice Architectures for Organizational
  • management
  • management

Human errors and malpractices, such as downloading malware, falling for phishing attacks, and choosing weak passwords, are at the root of many cybersecurity failures. These failures are incredibly harmful, not just to the person who fell for the attack, but to all the organization’s information systems and networks. Recent approaches have shown the potential of incentivizing and nudging users in cyber security. Unlike hard enforcement, softer forms of persuasion can be more effective in environments in which users need to be both productive and safe, allowing the user to optimize a specific decision according to the particular circumstances. However, finding the best way to incentivize users is challenging, due to the rarity of cyber-attacks for a single person. Furthermore, organizations have intricate work, legal, and social relations, making the most widespread types of nudging hard to implement.

In this project, we aim to investigate in nudging mechanisms, that aim to gently push users to safer and more responsible cyber behavior. We plan to design, develop, and evaluate non-monetary incentive systems and nudging mechanisms that have the potential to work in real-world organizations. We will test our designs in experimental conditions, evaluating whether they positively affect the safety behavior of the users while not harming their productivity. We will develop and test a new kind of incentive mechanism, which we call interaction incentives. This type of incentives relies on our ability to make computing experiences more or less usable, based on the behavior of the user. We will combine these incentives with different types of explanations and gamified environments to find out how can we point to safer behavior, without limiting users.

Tel Aviv University makes every effort to respect copyright. If you own copyright to the content contained
here and / or the use of such content is in your opinion infringing, Contact us as soon as possible >>