| 1. |
- Berthold, Stefan, 1982-
(författare)
-
Towards Inter-temporal Privacy Metrics
- 2011
-
Licentiatavhandling (övrigt vetenskapligt/konstnärligt)abstract
- Informational privacy of individuals has significantly gained importance after information technology has become widely deployed. Data, once digitalised, can be copied and distributed at negligible costs. This has dramatic consequences for individuals that leave traces in form of personal data whenever they interact with information technology. The right of individuals for informational privacy, in particular to control the flow and use of their personal data, is easily undermined by those controlling the information technology. The objective of this thesis is the measurement of informational privacy with a particular focus on scenarios where an individual discloses personal data to a second party, the data controller, which uses this data for re-identifying the individual within a set of others, the population. Several instances of this scenario are discussed in the appended papers, most notably one which adds a time dimension to the scenario for modelling the effects of the time passed between data disclosure and usage. This extended scenario leads to a new framework for inter-temporal privacy metrics. The common dilemma of all privacy metrics is their dependence on the information available to the data controller. The same information may or may not be available to the individual and, as a consequence, the individual may be misguided in his decisions due to his limited access to the data controller’s information when using privacy metrics. The goal of this thesis is thus not only the specification of new privacy metrics, but also the contribution of ideas for mitigating this dilemma. However a solution will rather be a combination of technological, economical and legal means than a purely technical solution.
|
|
| 2. |
- Forsbacka, Kristina
(författare)
-
Climate Finance and the Point of Green Bonds
- 2021
-
Licentiatavhandling (övrigt vetenskapligt/konstnärligt)abstract
- The emergence of green bonds in 2008 has been perceived as an important means to move towards green and sustainable investments, and the green and sustainable bond markets have also grown exponentially. The purpose of my thesis is to analyse the green bond instrument and the role that it plays at climate finance. Notably, the role of the green bond and climate finance has changed over time. The Paris Agreement from 2015 was the first climate agreement to address the finance sector, and the sustainable finance markets are now moving forward at a swift pace, with new and innovative products developing and rewarding green and sustainable investments. The essence of the research is threefold. Firstly, an analysis based on an empirical study and analysis of the terms and conditions of the contracts between issuers and investors regulating green bonds on the Nordic market. Secondly, an analysis of the new innovative bond instruments – transition bonds and sustainability-linked bonds – following the green bond that have emerged starting in 2019. Thirdly, the green bond instrument is analysed in its historical context, describing the role of carbon pricing and comparing the green bond instrument to experience from early project-based climate finance, the Clean Development Mechanism (CDM). To conclude, an analysis is provided of the green bond instrument and the role that it plays at the transformation to a climate-resilient and sustainable society. The perspective in the analysis and the discussion is normative and forward looking (“de lege ferenda”), based on experience – “lessons learned” – from the development of early climate finance and the development that the green and sustainable bond market has undergone. The ultimate purpose is to analyse the role the of the green bond at climate finance. My analysis addresses the interplay between coercive and voluntary regulation of the green bond instrument. The theory and findings of the thesis are that flexibility should be provided to market participants to allow for the development of new innovative instruments, based on the tools and infrastructure developed at climate finance and green and sustainable bonds. Legal regulation should focus on information and disclosure of climate-related and sustainability risks, and providing clarification and codification of definitions and standards for this purpose. The tools and infrastructure created for green bonds, and further developed for other emerging innovative bonds, could be used to provide transparency at sustainability at all finance. As climate-related and sustainability risks are disclosed and addressed properly is provided and fiduciary duties are developed, the financial market can move from rewarding “green”, to penalising “brown” investments. When “green” is the new normal there will be no need for a specific green bond instrument. The point of green bonds is being part of this journey – not the solution.
|
|
| 3. |
- Lundin, Reine, 1974-
(författare)
-
Guesswork and Entropy as Security Measures for Selective Encryption
- 2012
-
Doktorsavhandling (övrigt vetenskapligt/konstnärligt)abstract
- More and more effort is being spent on security improvements in today's computer environments, with the aim to achieve an appropriate level of security. However, for small computing devices it might be necessary to reduce the computational cost imposed by security in order to gain reasonable performance and/or energy consumption. To accomplish this selective encryption can be used, which provides confidentiality by only encrypting chosen parts of the information. Previous work on selective encryption has chiefly focused on how to reduce the computational cost while still making the information perceptually secure, but not on how computationally secure the selectively encrypted information is. Despite the efforts made and due to the harsh nature of computer security, good quantitative assessment methods for computer security are still lacking. Inventing new ways of measuring security are therefore needed in order to better understand, assess, and improve the security of computer environments. Two proposed probabilistic quantitative security measures are entropy and guesswork. Entropy gives the average number of guesses in an optimal binary search attack, and guesswork gives the average number of guesses in an optimal linear search attack. In information theory, a considerable amount of research has been carried out on entropy and on entropy-based metrics. However, the same does not hold for guesswork.In this thesis, we evaluate the performance improvement when using the proposed generic selective encryption scheme. We also examine the confidentiality strength of selectively encrypted information by using and adopting entropy and guesswork. Moreover, since guesswork has been less theoretical investigated compared to entropy, we extend guesswork in several ways and investigate some of its behaviors.
|
|
| 4. |
- Adestam, Johan, 1982-
(författare)
-
Den dokumentvillkorade garantin
- 2014
-
Doktorsavhandling (övrigt vetenskapligt/konstnärligt)abstract
- Den dokumentvillkorade garantin, som i praktiken vanligen betecknas som självständig, känneteck-nas av att villkoren i utfästelsen väsentligen endast innefattar villkor som refererar till att vissa angivna dokument presenteras för garanten. Dokumentvillkorade garantier förekommer vanligtvis i avtalsstrukturer som involverar ett flertal olika avtal och parter. De typer av avtal som omfattas av sådana avtalsstrukturer ger upphov till speciella rättsliga frågor. Avhandlingen belyser ett antal sådana frågor ur ett svenskt perspektiv, genom att beskriva rättsnormers utformning och tillämpning på olika typer av fall. Särskild vikt läggs vid att upprätthålla ett språkbruk som möjliggör att detta sker på ett motsägelsefritt och rättvisande sätt.En fråga av grundläggande betydelse är hur garantier kan klassificeras på ett sätt som bidrar till att besvara nyss nämnda typ av frågor. En sådan klassifikation, baserad på garantiers innehåll, klargör vad som skiljer den dokumentvillkorade garantin från andra typer av garantier. När det gäller den rättsliga relationen mellan parterna till ett avtal i vilket det föreskrivs att den ena parten, gäldenären, ska låta ombesörja att det ställs ut en garanti till motparten, berörs i synnerhet frågan under vilka omständigheter motparten är fri att begära fullgörelse av garantin och frågan under vilka omständigheter det uppkommer en återkravsrätt för gäldenären gentemot motparten (beneficienten). I fråga om den rättsliga relationen mellan garanten och beneficienten behandlas särskilt frågorna hur man genom tolkning avgör om en garanti är dokumentvillkorad eller inte, hur dokumentvillkoren i en dokumentvillkorad garanti ska tolkas och i vilken mån det finns speciella rättsnormer tillämpliga på dokumentvillkorade garantier. Ytterligare en fråga rör tillämpningen av den tvingande regeln om rättsmissbruk, enligt vilken beneficienten saknar rätt till fullgörelse av garanten om det föreligger rättsmissbruk. Såvitt avser den rättsliga relationen mellan uppdragsgivare och uppdragstagare i uppdrag som relaterar till utfärdandet av en dokumentvillkorad garanti berörs i synnerhet frågan under vilka omständigheter en uppdragstagare har regressrätt gentemot sin uppdragsgivare. En fråga av allmän betydelse är vad som i olika avseenden krävs för att intresset av att uppdragstagare till sådana uppdrag inte ska ha incitament att undersöka svårbedömda omständigheter ska tillgodoses.
|
|
| 5. |
- Afzal, Zeeshan, 1991-
(författare)
-
Life of a Security Middlebox : Challenges with Emerging Protocols and Technologies
- 2020
-
Doktorsavhandling (övrigt vetenskapligt/konstnärligt)abstract
- The Internet of today has intermediary devices known as middleboxes that perform more functions than the normal packet forwarding function of a router. Security middleboxes are a subset of these middleboxes and face an increasingly difficult task to perform their functions correctly. These middleboxes make many assumptions about the traffic that may not hold true any longer with the advent of new protocols such as MPTCP and technologies like end-to-end encryption.The work in this thesis focuses on security middleboxes and the challenges they face. We develop methods and solutions to help these security middleboxes continue to function correctly. In particular, we investigate the case of using MPTCP over traditional security infrastructure as well as the case of end-to-end encryption. We study how practical it is to evade a security middlebox by fragmenting and sending traffic across multiple paths using MPTCP. We then go on to propose possible solutions to detect such attacks and implement them. The potential MPTCP scenario where security middleboxes only have access to part of the traffic is also investigated and addressed. Moreover, the thesis contributes a machine learning based approach to help security middleboxes detect malware in encrypted traffic without decryption.
|
|
| 6. |
- Dahlberg, Rasmus
(författare)
-
On Certificate Transparency Verification and Unlinkability of Websites Visited by Tor Users
- 2023
-
Doktorsavhandling (övrigt vetenskapligt/konstnärligt)abstract
- Certificate Transparency is an ecosystem of logs, monitors, and auditors that hold certificate authorities accountable while issuing certificates. We show how the amount of trust that TLS clients and domain owners need to place in Certificate Transparency can be reduced, both in the context of existing gradual deployments and the largely unexplored area of Tor. Our contributions include improved third-party monitoring, a gossip protocol plugging into Certificate Transparency over DNS, an incrementally deployable gossip-audit model tailored for Tor Browser, and using certificates with onion addresses. The methods used range from proof sketches to Internet measurements and prototype evaluations. An essential part of our evaluation in Tor is to assess how the protocols used during website visits—such as requesting an inclusion proof from a Certificate Transparency log—affect unlinkability between senders and receivers. We find that most false positives in website fingerprinting attacks can be eliminated for all but the most frequently visited sites. This is because the destination anonymity set can be reduced due to how Internet protocols work: communication is observable and often involves third-party interactions. Some of the used protocols can further be subject to side-channel analysis. For example, we show that remote (timeless) timing attacks against Tor’s DNS cache reliably reveal the timing of past exit traffic. The severity and practicality of our extension to website fingerprinting pose threats to the anonymity provided by Tor. We conclude that access to a so-called website oracle should be an assumed attacker capability when evaluating website fingerprinting defenses.
|
|
| 7. |
- Elgebrant, Emil, 1969-
(författare)
-
Ägande & värde av utsläppsrätter och andra liknande handelsobjekt : en sakrättslig, redovisningsrättslig och skatterättslig studie
- 2012
-
Doktorsavhandling (övrigt vetenskapligt/konstnärligt)abstract
- The objective of the dissertation is to examine national legal issues arising with the enactment of emissions allowances, electricity certificates and other similar trading objects. Several of the issues identified in this dissertation have their origins in the same problems that arose with the enactment of the legislation regarding promissory notes in the 1910’s and the legislation concerning the digitalization/dematerialization of financial instruments in the 1980’s. Simply stated, the fundamental problem is what has the legislator created? The dissertation’s interdisciplinary character has facilitated an approximation of issues that have arisen, which would not have been possible through studies solely of individual legal areas. This method has proven itself to be particularly relevant as new legal figures are introduced in an existing legal system. A starting point for any study of the trading object is that it is an independent legal object, separate from any authorization to emit, etc. This means that the trading object does not consist of any right to act in a certain manner (emit, etc.). A legal classification of the trading object has shown itself to be difficult to achieve within all of the studied legal areas. The private law conceptual apparatus and its categorizations of property have been debated in this dissertation from different perspectives. How the economic value of the trading object is treated in a legal context has shown itself to be dependent upon which legal context is intended, and how the trading object is classified in this context. The trading object’s private law character and its ability to be owned has certain significance for the accounting, income, and VAT law classifications of the trading object. The legal classification of the trading objects raises, to a great extent, a general and fundamental classification problem
|
|
| 8. |
- Korling, Fredric, 1976-
(författare)
-
Rådgivningsansvar – särskilt avseende finansiell rådgivning och investeringsrådgivning
- 2010
-
Doktorsavhandling (övrigt vetenskapligt/konstnärligt)abstract
- The liability incurred with respect to advisory services, particularly with respect to financial and investment advice, is the subject of this thesis. A number of factors that have influenced developments within the societal and regulatory environments in which advisory services are provided, primarily with respect to financial advice, are examined. The legal regulation of financial markets is extensive as is also self-regulation. Despite the extensive legislation, no universal definition of advisory services has been established. The thesis examines how advisory services relate to information, marketing and sales, as well as how they are defined in penal, public and private law. Professional liability, as well a contractual and tort liability, are also explored with respect to advisory services.The regulations in the financial market have the purpose of strengthening investor protection. Information obligations are often used in order to ensure that investors become sufficiently aware as to the products and services that the investor purchases and accompanying risks. Many investors, however, have difficulties processing financial information. In addition, investors act irrationally.The criticism of the regulations today is that they, in too great an extent, are based on that investors act rationally, when there is very much research that indicates the contrary. Another criticism is that the legislation on financial advice lack clarity in several aspects and that this deficiency is not cured by the preparatory works, for example on the important question on the boundary between advisory services and selling. The legislation would considerably benefit from definitions of advisory services being put into concrete form, in order to therewith facilitate understanding for both investors and advisers as well as supervisory governmental agencies. The situation today is unsatisfactory, not in the least with respect to the requirements of foreseeability and legal certainty.
|
|
| 9. |
- Voronkov, Artem, 1990-
(författare)
-
Usability of Firewall Configuration : Making the Life of System Administrators Easier
- 2020
-
Doktorsavhandling (övrigt vetenskapligt/konstnärligt)abstract
- Firewalls are an important component of network security that serve to protect networks by regulating incoming and outgoing traffic. However, setting up firewalls correctly is a challenging task, which becomes more difficult with the growth of the network's size. Firewall configuration files consist of rule sets that might be hard to understand even for professionals who deal with them regularly. The main reason for this is that most firewall rule sets have a certain structure: the higher the position of a rule in the rule set, the higher priority it has. Challenging problems arise when a new rule is added to the set and a proper position for it needs to be found or the existing rules are removed due to a security policy change. This brings us to the usability problem associated with the configuration of firewalls.The overall aim of this thesis is to help system administrators better manage firewalls. We explore three different aspects of firewall configuration: 1) the syntax of rules, 2) the organization of rules in a rule set, and 3) the way rule sets are presented to a user. Using this acquired knowledge, we offer system administrators more usable firewall solutions and approaches to the configuration process that can help facilitate their daily work.
|
|
| 10. |
- Voronkov, Artem, 1990-
(författare)
-
Usable Firewall Rule Sets
- 2017
-
Licentiatavhandling (övrigt vetenskapligt/konstnärligt)abstract
- Correct functioning is the most important requirement for any system. Nowadays there are a lot of threats to computer systems that undermine confidence in them and, as a result, force a user to abandon their use. Hence, a system cannot be trusted if there is no proper security provided. Firewalls are an essential component of network security and there is an obvious need for their use.The level of security provided by a firewall depends on how well it is configured. Thus, to ensure the proper level of network security, it is necessary to have properly configured firewalls. However, setting up the firewall correctly is a very challenging task. These configuration files might be hard to understand even for system administrators. This is due to the fact that these configuration files have a certain structure: the higher the position of a rule in the rule set, the higher priority it has. Challenging problems arise when a new rule is being added to the set, and a proper position, where to place it, needs to be found. Misconfiguration might sooner or later be made and that will lead to an inappropriate system's security. This brings us to the usability problem associated with the configuration of firewalls.The overall aim of this thesis is to identify existing firewall usability gaps and to mitigate them. To achieve the first part of the objective, we conducted a series of interviews with system administrators. In the interviews, system administrators were asked about the problems they face when dealing with firewalls. After having ascertained that the usability problems exist, we turned to literature to get an understanding on the state-of-the-art of the field and therefore conducted a systematic literature review. This review presents a classification of available solutions and identifies open challenges in this area. To achieve the second part of the objective, we started working on one identified challenge. A set of usability metrics was proposed and mathematically formalized. A strong correlation between our metrics and how system administrators describe usability was identified.
|
|
