| 1. |
- Elliot, Viktor, et al.
(författare)
-
CEOs’ understanding of blockchain technology and its adoption in export-oriented companies in West Sweden: a survey
- 2021
-
Ingår i: Journal of Global Operations and Strategic Sourcing. - 2398-5364.
-
Tidskriftsartikel (refereegranskat)abstract
- Purpose – The purpose of this paper is to study current practices in adopting blockchain technology amongst export companies in West Sweden and to capture their CEOs’ knowledge of and attitudes towards blockchains. Design/methodology/approach – Factors enabling or hindering the adoption of blockchains were identified from a comprehensive literature review and a survey of 72 chief executive officers (CEOs) of exportoriented firms in West Sweden, all with turnovers exceeding e2m, regarding their knowledge of and attitudes towards blockchains. Findings – Blockchain technology is not currently perceived to provide benefits that would outweigh the costs of introducing it into West Sweden’s export firms. Nevertheless, the findings suggest that such technology, though currently too immature to meet today’s industrial requirements, could experience more widespread use if certain key factors (i.e. lower cost, traceability, improved security or trustworthiness and new blockchain-enabled business models) are prioritised. Research limitations/implications – Answered by 72 CEOs, the survey achieved a response rate of 6%, meaning that the findings are only exploratory. Even so, they offer new insights into CEOs’ attitudes towards blockchain technology. Practical implications – The CEOs reported comparatively limited knowledge of and experience with implementing blockchains, the lack of which has hampered their large-scale implementation in multi-actor supply chains. Social implications – Negative sentiment amongst CEOs towards blockchain technology may lower onthe-job satisfaction amongst tech personnel aspiring to develop and implement blockchain applications in their firms. Originality/value – Knowledge of and attitudes towards blockchain technology amongst top-level managers, as well as about factors enabling or hindering its adoption, guide managers in crafting strategies for implementing blockchains in their organisations and maximising the benefits therein. Unlike past studies focussing on technological aspects or views of experts and middle-management, the study was designed to capture the views of CEOs.
|
|
| 2. |
- Eshghie, Mojtaba, et al.
(författare)
-
Capturing Smart Contract Design with DCR Graphs
- 2023
-
Ingår i: Software Engineering and Formal Methods. - : Springer Science and Business Media Deutschland GmbH. ; 14323 LNCS, s. 106-125
-
Konferensbidrag (refereegranskat)abstract
- Smart contracts manage blockchain assets and embody business processes. However, mainstream smart contract programming languages such as Solidity lack explicit notions of roles, action dependencies, and time. Instead, these concepts are implemented in program code. This makes it very hard to design and analyze smart contracts. We argue that DCR graphs are a suitable formalization tool for smart contracts because they explicitly and visually capture the mentioned features. We utilize this expressiveness to show that many common high-level design patterns representing the underlying business processes in smart-contract applications can be naturally modeled this way. Applying these patterns shows that DCR graphs facilitate the development and analysis of correct and reliable smart contracts by providing a clear and easy-to-understand specification.
|
|
| 3. |
- Alshareef, Hanaa, 1985, et al.
(författare)
-
A collaborative access control framework for online social networks
- 2020
-
Ingår i: Journal of Logical and Algebraic Methods in Programming. - : Elsevier BV. - 2352-2208 .- 2352-2216. ; 114
-
Tidskriftsartikel (refereegranskat)abstract
- Most Online Social Networks allow users to set their privacy settings concerning posting information, but current implementations do not allow a fine grained enforcement in case the posted item concerns other users. In this paper we propose a new collaborative access control framework that takes into account the relation of multiple users for viewing as well as for sharing items, eventually solving conflicts in the privacy settings of the users involved. Our solution relies on two algorithms, one for viewing and another one for sharing items. We provide an evaluation of these algorithms where we demonstrate how varying some of the parameters directly influences the decision of viewing or sharing an item. Last but not least, we present a proof-of-concept implementation of our approach in an open source social network called Diaspora. (C) 2020 Elsevier Inc. All rights reserved.
|
|
| 4. |
- Alshareef, Hanaa, 1985, et al.
(författare)
-
Precise Analysis of Purpose Limitation in Data Flow Diagrams
- 2022
-
Ingår i: ACM International Conference Proceeding Series. - New York, NY, USA : ACM.
-
Konferensbidrag (refereegranskat)abstract
- Data Flow Diagrams (DFDs) are primarily used for modelling functional properties of a system. In recent work, it was shown that DFDs can be used to also model non-functional properties, such as security and privacy properties, if they are annotated with appropriate security- and privacy-related information. An important privacy principle one may wish to model in this way is purpose limitation. But previous work on privacy-aware DFDs (PA-DFDs) considers purpose limitation only superficially, without explaining how the purpose of DFD activators and flows ought to be specified, checked or inferred. In this paper, we define a rigorous formal framework for (1) annotating DFDs with purpose labels and privacy signatures, (2) checking the consistency of labels and signatures, and (3) inferring labels from signatures. We implement our theoretical framework in a proof-of concept tool consisting of a domain-specific language (DSL) for specifying privacy signatures and algorithms for checking and inferring purpose labels from such signatures. Finally, we evaluate our framework and tool through a case study based on a DFD from the privacy literature.
|
|
| 5. |
- Alshareef, Hanaa, 1985, et al.
(författare)
-
Refining Privacy-Aware Data Flow Diagrams
- 2021
-
Ingår i: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). - Cham : Springer International Publishing. - 1611-3349 .- 0302-9743. ; 13085, s. 121-140
-
Konferensbidrag (refereegranskat)abstract
- Privacy, like security, is a non-functional property, yet most software design tools are focused on functional aspects, using for instance Data Flow Diagrams (DFDs). In previous work, a conceptual model was introduced where DFDs were extended into so-called Privacy-Aware Data Flow Diagrams (PA-DFDs) with the aim of adding specific privacy checks to existing DFDs. An implementation to add such automatic checks has also been developed. In this paper, we define the notion of refinement for both DFDs and PA-DFDs as a special type of structure-preserving map (or graph homomorphism). We also provide three algorithms to find, check and transform refinements, and we show that the standard diagram "transform→refine/refine→transform" commutes. We have implemented our algorithms in a proof-of-concept tool called DFD Refinery , and have applied it to realistic scenarios.
|
|
| 6. |
- Alshareef, Hanaa, 1985, et al.
(författare)
-
Transforming data flow diagrams for privacy compliance
- 2021
-
Ingår i: MODELSWARD 2021 - Proceedings of the 9th International Conference on Model-Driven Engineering and Software Development. - : SCITEPRESS - Science and Technology Publications. ; , s. 207-215
-
Konferensbidrag (refereegranskat)abstract
- Most software design tools, as for instance Data Flow Diagrams (DFDs), are focused on functional aspects and cannot thus model non-functional aspects like privacy. In this paper, we provide an explicit algorithm and a proof-of-concept implementation to transform DFDs into so-called Privacy-Aware Data Flow Diagrams (PA-DFDs). Our tool systematically inserts privacy checks to a DFD, generating a PA-DFD. We apply our approach to two realistic applications from the construction and online retail sectors.
|
|
| 7. |
- Arshad, Hamed, 1987, et al.
(författare)
-
Attribute-based encryption with enforceable obligations
- 2023
-
Ingår i: Journal of Cryptographic Engineering. - Heidelberg : Springer. - 2190-8508 .- 2190-8516. ; 13, s. 343-371
-
Tidskriftsartikel (refereegranskat)abstract
- Attribute-based encryption (ABE) is a cryptographic mechanism that provides fine-grained access control to encrypted data, which can thus be stored in, e.g., public clouds. However, ABE schemes lack the notion of obligations, which is common in attribute-based access control systems such as eXtensible Access Control Markup Language and Usage Control. Obligations are used to define and enforce extra constraints that happen before approving or denying an access request. In this paper, we propose OB-ABE, a system for extending any classical ABE with enforceable obligations. Our system architecture has as core component trusted hardware enclaves, implemented with SGX, used for enforcing obligations. We employ ProVerif to formally model OB-ABE and verify its main property called "enforceable obligations," i.e., if a message is encrypted along with an obligation, then the message can be decrypted only after enforcing the attached obligation. OB-ABE has two more properties: (i) OB-ABE is a "conservative extension" of the underlying ABE scheme, preserving its security properties; (ii) OB-ABE is "backward compatible" in the sense that any ciphertext produced by an ABE scheme can be decrypted by its extended OB-ABE version, and moreover, a ciphertext produced by an OB-ABE scheme can be decrypted by its underlying ABE scheme provided that the ciphertext does not have obligations attached. We also implement in C using Intel SGX a prototype of an OB-ABE extending the well-known ciphertext-policy ABE.
|
|
| 8. |
- Arshad, Hamed, 1987, et al.
(författare)
-
Semantic Attribute-Based Encryption: A framework for combining ABE schemes with semantic technologies
- 2022
-
Ingår i: Information Sciences. - : Elsevier BV. - 0020-0255. ; 616, s. 558-576
-
Tidskriftsartikel (refereegranskat)abstract
- Attribute-Based Encryption (ABE) is a cryptographic solution to protect resources in a fine-grained manner based on a set of public attributes. This is similar to attribute-based access control schemes in the sense that both rely on public attributes and access control policies to grant access to resources. However, ABE schemes do not consider the semantics of attributes provided by users or required by access structures. Such semantics not only improve the functionality by making proper access decisions but also enable cross-domain interoperability by making users from one domain able to access and use resources of other domains. This paper proposes a Semantic ABE (SABE) framework by augmenting a classical Ciphertext-Policy ABE (CP-ABE) scheme with semantic technologies using a generic procedure by which any CP-ABE scheme can be extended to an SABE. The proposed SABE framework is implemented in Java and the source code is publicly available. The experiment results confirm that the performance of the proposed framework is promising.
|
|
| 9. |
- Azzopardi, Shaun, 1992, et al.
(författare)
-
Incorporating Monitors in Reactive Synthesis without Paying the Price
- 2021
-
Ingår i: 19th International Symposium on Automated Technology for Verification and Analysis. - Cham : Springer.
-
Konferensbidrag (refereegranskat)abstract
- Temporal synthesis attempts to construct reactive programs that satisfy a given declarative (LTL) formula. Practitioners have found it challenging to work exclusively with declarative specifications, and have found languages that combine modelling with declarative specifications more useful. Synthesised controllers may also need to work with pre-existing or manually constructed programs. In this paper we explore an approach that combines synthesis of declarative specifications in the presence of an existing behaviour model as a monitor, with the benefit of not having to reason about the state space of the monitor. We suggest a formal language with automata monitors as non-repeating and repeating triggers for LTL formulas. We use symbolic automata with memory as triggers, resulting in a strictly more expressive and succinct language than existing regular expression triggers. We give a compositional synthesis procedure for this language, where reasoning about the monitor state space is minimal. To show the advantages of our approach we apply it to specifications requiring counting and constraints over arbitrarily long sequence of events, where we can also see the power of parametrisation, easily handled in our approach. We provide a tool to construct controllers (in the form of symbolic automata) for our language.
|
|
| 10. |
- Azzopardi, Shaun, 1992, et al.
(författare)
-
On the Specification and Monitoring of Timed Normative Systems
- 2021
-
Ingår i: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). - Cham : Springer International Publishing. - 0302-9743 .- 1611-3349.
-
Konferensbidrag (refereegranskat)abstract
- In this article we explore different issues and design choices that arise when considering how to fully embrace timed aspects in the formalisation of normative systems, e.g., by using deontic modalities, looking primarily through the lens of monitoring. We primarily focus on expressivity and computational aspects, discussing issues such as duration, superposition, conflicts, attempts, discharge, and complexity, while identifying semantic choices which arise and the challenges these pose for full monitoring of legal contracts.
|
|
