Upload
truongdung
View
214
Download
0
Embed Size (px)
Citation preview
Joint International Doctoral (Ph.D.) Degree in Law, Science and Technology
[PCOG] YEARLY TEAM MEETING 2017
Muhammad Umer Wasim
Main Supervisor: Pascal Bouvry, University of Luxembourg (Luxembourg)
Co- supervisor : Tadas Limba, Mykolas Romeris University (Lithuania)
Design and Implementation of Legal Protection for Trade Secrets
in Cloud Brokerage Architectures relying on Blockchains
Joint International Doctoral (Ph.D.) Degree in Law, Science and Technology
Research Problem Can be any thing that company hides:
Formula, customer list, business model,
practice, process, contracts, design,
instrument, pattern, commercial method, or
compilation of information etc.
NOT TRUE when data is public PeopleBrowsr, Inc. v. Twitter, Inc
TRUE when data is not public Tiffany (NJ), Inc. v. eBay, Inc.
Problem: In Cloud context, proving misappropriation or allegation (refer to
burden of proof) could be very complex (JetBlue Airways Corp. Privacy Litigation)
Solution: To provide legal protection as preemptive measure rather waiting for
litigation to unfold (to reduce burden of proof)
Joint International Doctoral (Ph.D.) Degree in Law, Science and Technology
Research Question
• e-Privacy Information Center (EPIC) v. Department of Homeland Security (DHS): DHS installed body scanners at airports in USA. EPIC: This body scan is a
violation of privacy, as it is like watching a person without cloths
• TSA (a component of DHS) proclaimed that its whole body imaging technology incorporates a privacy algorithm that eliminates much
of the detail shown in the images of the individual while still being effective
from security standpoint
• Privacy algorithm is an example of legal protection implemented as
preemptive measure and reduced burden of proof in court of law
How an online Broker can provide legal protection to a
trade secret in the Cloud and could effectively reduce
burden of proof in the court of law?
In the Cloud, preemptive measure are implemented by online Broker
Joint International Doctoral (Ph.D.) Degree in Law, Science and Technology
Literature Review & Research Gap
Law (Legal Protection for Trade Secret in Cloud) and ICT (Online Broker)
Literature Review (Law): In the domain of “Case Law”, precedents set by previous
court rulings were identified
How online Broker can assess Structure Significance of Criteria?
For Cloud based misappropriation claim, plaintiff must establish three things in court of law
Presence: it’s a proof of
data in the Cloud to be a
trade secret
Confidentiality: it’s a proof for
reasonable efforts made by the
owner to protect trade secret in
the Cloud
Misappropriation: it’s a
proof for misappropriation of
a trade secret by using BDA
Confidentiality that in the court of law is partially related to selection of relevant criteria (e.g.
encryption or access management) for protection of trade secret in the Cloud (statistically,
relevance of criteria as per goal is its structural significance)
Joint International Doctoral (Ph.D.) Degree in Law, Science and Technology
Literature Review & Research Gap
Literature Review (ICT): Systematic review
• Analytic Hierarchy Process (AHP) and Technique for Order of Preference
by Similarity to Ideal Solution (TOPSIS) are the most prevalent techniques
used by online Brokers in the Cloud
• Both of these techniques assume structural significance for criteria (owning
to subjective judgments of the decision maker)
On-line Broker
16 models 6 models
Data Mining
2010 2013 201720132017
[25]AHP[26]AHP
[27]DEMATEL, ANP, VIKOR
[28, 29]Fuzzy
PROMETHEE[30]
[31]AHP, TOPSIS
[32]TOPSIS, ANP
[33]TOPSIS VIKOR
[34. 35]AHP AHP[36]TOPSIS [37]
[38]TOPSIS
[39]Fuzzy
AHP, TOPSIS[31]
[20, 22]
[21]
[23]
[24]
Multi-criteria Decision Analysis
[17]
Joint International Doctoral (Ph.D.) Degree in Law, Science and Technology
Proposed Method
• This research is first in line to propose model for online Brokers to assess
structural significance of criteria objectively and in doing so, it uses notion of
“factor loading” that belongs to broader concept of factor analysis from the
field of unsupervised machine learning
• Evaluation (two-stage procedure): stage one,
– Stage 1; a proof of concept example was presented to demonstrate how
to assess structural significance
– Stage 2: a comparative analysis is performed between proposed model
with the existing model
• Real time Quality of Service (QoS) based dataset for seven different Cloud
storage i.e. Carbonite, Dropbox, iBackup, JustCloud, SOS Online Backup,
SugarSync, and Zip Cloud, was used and results depict that the proposed
model yield more reliable results as compared to its counterparts in the field
Encryption
Audits
Firewall
Security
Joint International Doctoral (Ph.D.) Degree in Law, Science and Technology
Proof of Cpt. & Comparative Asst.
Statistically, relevance of criteria as per
goal is its structural significance
Joint International Doctoral (Ph.D.) Degree in Law, Science and Technology
Proof of Cpt. & Comparative Asst.
Joint International Doctoral (Ph.D.) Degree in Law, Science and Technology
How an online Broker can provide legal protection to a trade secret in the
Cloud and could effectively reduce burden of proof in the court of law?
Law (Legal Protection for Trade Secret in Cloud) and ICT (Online Broker)
Assess Structure Significance of Criteria
For Cloud based misappropriation claim, plaintiff must establish three things in court of law
Presence: it’s a proof of
data in the Cloud to be a
trade secret
Confidentiality: it’s a proof for
reasonable efforts made by the
owner to protect trade secret in
the Cloud
Misappropriation: it’s a
proof for misappropriation of
a trade secret by using BDA
Confidentiality that in the court of law is partially related to selection of relevant criteria (e.g.
encryption or access management) for protection of trade secret in the Cloud (statistically,
relevance of criteria as per goal is its structural significance)
Encryption
Audits
Firewall
Security
Joint International Doctoral (Ph.D.) Degree in Law, Science and Technology
RESEARCH QUESTION
Automate Role of the Court Over Blockchains Using Smart Contracts
Joint International Doctoral (Ph.D.) Degree in Law, Science and Technology
RESEARCH OBJECTIVE Current research projects that are using smart contracts as underlying
technology ADEPT by IBM Slock.it Trans Active Grid and Filament;
have overlooked the need to instantiate role of judiciary over a
blockchain (→ initial level of multi-disciplinary research when it comes
to provisioning legal protection over a blockchain )
Aim of this part of research is to develop a model that can be implemented over the blockchain to automatically issue court injunction for the breach, which has a potential to create substantial damage and has high probability to occur in the future
Joint International Doctoral (Ph.D.) Degree in Law, Science and Technology
Proposed Solution Unsupervised Machine Learning Algorithm
Probability based Factor Model (PFM)
Smart Contract for QoS
Condition
If latency of a cloud service goes beyond
a pre-defined threshold or throughput
falls below pre-defined threshold, the
client machine sends a maintenance
request.
Transaction
For sending the maintenance request, a
transaction is sent to the
request_service_function of the
Service_Smart_Contract between the
client machine and the service provider
machine.
PFM based Smart Contract for QoS
Condition (or Breach)
If latency of a cloud service goes beyond a pre-defined threshold or
throughput falls below pre-defined threshold, PFM at the client
machine applies following logical operations to send a injunction
request.
is a high significance of the breach
is a high probability of the breach
is a court injunction
Transaction
For sending the injunction request, a transaction is sent to the
request_service_function of the Breach_Service_Smart_Contract
between the client machine, the service provider, and the court of law.
INJ
INJINJ
→ To assess significance of breach, PFM uses notion of communality
(belongs to broader concept of factor analysis from the discipline of Data
Science)
→ To assess probability of breach, PFM uses notion of stochastic
modeling
Joint International Doctoral (Ph.D.) Degree in Law, Science and Technology
EVALUATION AND RESULTS
• High performance computing (HPC) cluster at University of
Luxembourg (HPC @ Uni.lu) and docker were used to emulate
contractual environment of three service providers: Redis,
MongoDB, and Memcached Servers
– workload comprising of different number of operations ranging
from 0 to 10,000, number of records ranging from 0 to 10,000,
and number of threads ranging from 0 to 100
• Yahoo Cloud Service Benchmark (YCSB) was deployed at the
customer machine, to continuously monitor QoS of service providers
in terms of throughput (operations per second), read latency (time to
read data from database), and update latency (time to update data
in database)
Joint International Doctoral (Ph.D.) Degree in Law, Science and Technology
YCSB (version 0.12.0) Monitoring
of Redis, MongoDB, and
Memcached
Joint International Doctoral (Ph.D.) Degree in Law, Science and Technology
EVALUATION AND RESULTS
• The breach of contract was emulated by increasing the workload to
influence throughput, read latency, and update latency of service
providers
– Python (for scripting) and R/R Studio (for data visualization)
were used to identify the breach and consequently, PFM was
activated to issue a court injunction. The data analysis tools that
assisted PFM were: Arena Input analyzer, STATA, IBM
Statistical Analysis Software Package (SPSS), and Microsoft
Excel
Joint International Doctoral (Ph.D.) Degree in Law, Science and Technology
QoS of service providers in terms of
throughput (operations per second),
read latency (time to read data from
database), and update latency (time to
update data in database)
Joint International Doctoral (Ph.D.) Degree in Law, Science and Technology
CONCLUSION AND FUTURE
RESEARCH • Results showed that the court injunction(s) was issued only for
Redis and MongoDB Servers
– Technically, this difference could be attributed to the fact that
Memcached is simply used for caching and therefore, it is less
prone to breach of contract. Whereas, Redis and MongoDB as
databases and message brokers are performing more complex
operations and are more likely to cause a breach
• Results of MongoDB server show the limitation of PFM when
stochastic model fails the T-Test
• In the next stage of the research, the goal is to test PFM in real time
blockchain environment
Joint International Doctoral (Ph.D.) Degree in Law, Science and Technology
Research Output & Mobility
• Mathematical Model and Software Prototype
• Why Innovative?
– Pioneer implemetation on providing legal protection to trade
secrets in centralized and decentralized cloud architecture +
confidentiality by design + Law as a Service (blockchain)
• Who Benefit?
– Enterprises that see trade secret misappropriation as limiting
factor for acquisition of Cloud services or IoT (or Cyber Physical
Systems)
• Third Year finished at University of Luxembourg (Luxembourg)
Joint International Doctoral (Ph.D.) Degree in Law, Science and Technology
How an online Broker can embed legal protection as
preemptive measure to reduce burden of proof in a
court of law?
What happens when the outcome of a smart contract
deviates from the outcome that the law demands?
Chapter 2
Legal Protection by an
online Broker
Chapter 3
Legal Protection by a
Smart Contract
Paper 1 (as first author): Confidentiality by Design: A
Case of Implementing Legal Protection by Online
Broker for Trade Secrets in the Cloud
Paper 2 (as first author): Self-Regulated Multi-criteria
Decision Analysis: An Autonomous Brokerage-Based
Approach for Service Provider Ranking in the Cloud
Paper 3 (as first author): Law as a Service (LaaS):
Enabling Legal Protection over a Blockchain Network
Paper 4 (as second author): PRESENCE: Toward a
Novel Approach for Performance Evaluation of SaaS
Web Services
Primary Research Question
Secondary Research Question
Chapter 4
Limitation and Future
Directions
9th IEEE International Conference
on Cloud Computing Technology
and Science (CloudCom 2017)
14th International Conference on
Smart Cities: Improving Quality of
Life using ICT & IoT (HONET-ICT
17)
In process of submission (as 2nd
author)
IEEE Transactions on Service
Computing (Under Review)
Joint International Doctoral (Ph.D.) Degree in Law, Science and Technology
Many thanks for the attention
http://www.last-jd.eu/