Securely deleting invalid data from secondary storage is critical to protect users’ data privacy against unauthorized accesses. However, secure deletion is very costly for solid state drives (SSDs), which unlike hard disks do not support in-place update. When applied to SSDs, both erasure-based and cryptography-based secure deletion methods inevitably incur large amount of valid data migrations and/or block erasures, which not only introduce extra latency and energy consumption, but also harm SSD lifetime.
This paper proposes ErasuCrypto, a light-weight secure deletion framework with low block erasure and data migration overhead. ErasuCrypto integrates both erasurebased and encryption-based data deletion methods and flexibly selects the more cost-effective one to securely delete invalid data. We formulate a deletion cost minimization problem and give a greedy heuristic as the starting point. We further show that the problem can be reduced to a maximum-edge biclique finding problem, which can be effectively solved with existing heuristics. Experiments on real-world benchmarks show that ErasuCrypto can reduce the secure deletion cost of erasurebased scheme by 71% and the cost of cryptographybased scheme by 37%, while guaranteeing 100% security by deleting all the invalid data.
Qiaozhi Wang, Hao Xue, Fengjun Li, Dongwon Lee and Bo Luo
With the growing popularity of online social networks, a large amount of private or sensitive information has been posted online. In particular, studies show that users sometimes reveal too much information or unintentionally release regretful messages, especially when they are careless, emotional, or unaware of privacy risks. As such, there exist great needs to be able to identify potentially-sensitive online contents, so that users could be alerted with such findings. In this paper, we propose a context-aware, text-based quantitative model for private information assessment, namely PrivScore, which is expected to serve as the foundation of a privacy leakage alerting mechanism. We first solicit diverse opinions on the sensitiveness of private information from crowdsourcing workers, and examine the responses to discover a perceptual model behind the consensuses and disagreements. We then develop a computational scheme using deep neural networks to compute a context-free PrivScore (i.e., the “consensus” privacy score among average users). Finally, we integrate tweet histories, topic preferences and social contexts to generate a personalized context-aware PrivScore. This privacy scoring mechanism could be employed to identify potentially-private messages and alert users to think again before posting them to OSNs.
Tor-powered Decentralized DNS for Tor Onion Services
Jesse Victors, Ming Li and Xinwen Fu
Tor onion services, also known as hidden services, are anonymous servers of unknown location and ownership that can be accessed through any Torenabled client. They have gained popularity over the years, but since their introduction in 2002 still suffer from major usability challenges primarily due to their cryptographically-generated non-memorable addresses.
In response to this difficulty, in this work we introduce the Onion Name System (OnioNS), a privacy-enhanced decentralized name resolution service. OnioNS allows Tor users to reference an onion service by a meaningful globally-unique verifiable domain name chosen by the onion service administrator.We construct OnioNS as an optional backwards-compatible plugin for Tor, simplify our design and threat model by embedding OnioNS within the Tor network, and provide mechanisms for authenticated denial-of-existence with minimal networking costs. We introduce a lottery-like system to reduce the threat of land rushes and domain squatting. Finally, we provide a security analysis, integrate our software with the Tor Browser, and conduct performance tests of our prototype.
Methods for privacy-preserving data publishing and analysis trade off privacy risks for individuals against the quality of output data. In this article, we present a data publishing algorithm that satisfies the differential privacy model. The transformations performed are truthful, which means that the algorithm does not perturb input data or generate synthetic output data. Instead, records are randomly drawn from the input dataset and the uniqueness of their features is reduced. This also offers an intuitive notion of privacy protection. Moreover, the approach is generic, as it can be parameterized with different objective functions to optimize its output towards different applications. We show this by integrating six well-known data quality models. We present an extensive analytical and experimental evaluation and a comparison with prior work. The results show that our algorithm is the first practical implementation of the described approach and that it can be used with reasonable privacy parameters resulting in high degrees of protection. Moreover, when parameterizing the generic method with an objective function quantifying the suitability of data for building statistical classifiers, we measured prediction accuracies that compare very well with results obtained using state-of-the-art differentially private classification algorithms.
Christoph Bösch, Benjamin Erb, Frank Kargl, Henning Kopp and Stefan Pfattheicher
 N. B. Ellison, C. Steinfield, and C. Lampe, “The benefits of facebook "friends:" social capital and college students’ use of online social network sites,” Journal of Computer- Mediated Communication, vol. 12, no. 4, pp. 1143-1168, 2007.
 R. H. Fazio, “Multiple processes by which attitudes guide behavior: The MODE model as an integrative framework,” Advances in Experimental Social Psychology, vol. 23, pp. 75-109, 1990.
 L. Festinger, A theory of cognitive dissonance. Stanford university press, 1962
Ahmed Salem, Pascal Berrang, Mathias Humbert and Michael Backes
 Mohamed Hamed, Christian Spaniol, Alexander Zapp, and Volkhard Helms. Integrative network-based approach identifies key genetic elements in breast invasive carcinoma. BMC Genomics , 16(5), 2015.
 Nora K. Speicher and Nico Pfeifer. Towards multiple kernel principal component analysis for integrative analysis of tumor samples. ArXiv e-prints , January 2017.
 Nora K. Speicher and Nico Pfeifer. Integrating different data types by regularized unsupervised multiple kernel learning with application to cancer subtype discovery
Gilad Asharov, Shai Halevi, Yehuda Lindell and Tal Rabin
, Procedings , pages 28–48, 2011.
[iDA16] iDASH - integrating Data for Analysis, Anonimization, and SHaring, 2016. Webpage at https://idash.ucsd.edu/genomics , 2016 competition at http://www.humangenomeprivacy.org/2016/ .
[Int18] International Genome Sample Resource. IGSR and the 1000 genomes project. http://www.internationalgenome.org/ , Accessed Mar-2018.
[JKS08] Somesh Jha, Louis Kruger, and Vitaly Shmatikov. Towards practical privacy for genomic computation. In 2008 IEEE Symposium on Security and Privacy (S&P 2008), 18-21 May 2008, Oakland
Hung Dang, Tien Tuan Anh Dinh, Ee-Chien Chang and Beng Chin Ooi
algorithms. arXiv preprint arXiv:1209.0756 .
 Halevy, Alon, Rajaraman, Anand, and Ordille, Joann 2006. Data Integration: The Teenage Years . In: VLDB .
 Katz, Jonathan, and Lindell, Yehuda 2014. Introduction to modern cryptography . CRC Press.
 Klonowski, Marek, and Kutyłowski, Mirosław 2005. Provable anonymity for networks of mixes . In: Information Hiding .
 Knuth, Donald Ervin 1998. The art of computer programming: sorting and searching , Vol. 3. Pearson Education.
 Lakshman, Avinash, and Malik, Prashant 2010
Lachlan J. Gunn, Ricardo Vieitez Parra and N. Asokan
ePrint Archive, Report 2017/578, 2017, http://eprint.iacr.org/2017/578 .
 B. Schneier, Applied Cryptography . Wiley, 1996.
 email@example.com, “Personal communication,” May 2018.
 A. Serhrouchni and I. Hajjeh, “Intégration de la signature numérique au protocole SSL/TLS,” Annales Des Télécommunications , vol. 61, no. 5–6, pp. 522–541, 2006.
 Y. Swami, “SGX remote attestation is not sufficient,” Cryptology ePrint Archive, Report 2017/736, 2017, http://eprint.iacr.org/2017/736 .
 Twitter. (2018) About direct messages