More Like this

1. Shadow IT in higher education: Survey and case study for cybersecurity

   Orr, Selma Gomez; Bonyadi, Cyrus Jian; Golaszewski, Enis; Sherman, Alan T.; Peterson, Peter; Forno, Richard; Johns, Sydney; Rodriguez, Jimmy (January 2022, Cryptologia (in press))

   We explore shadow information technology (IT) at institutions of higher education through a two-tiered approach involving a detailed case study and comprehensive survey of IT professionals. In its many forms, shadow IT is the software or hardware present in a computer system or network that lies outside the typical review process of the responsible IT unit. We carry out a case study of an internally built legacy grants management system at the University of Maryland, Baltimore County that exemplifies the vulnerabilities, including cross-site scripting and SQL injection, typical of such unauthorized and ad-hoc software. We also conduct a survey of IT professionals at universities, colleges, and community colleges that reveals new and actionable information regarding the prevalence, usage patterns, types, benefits, and risks of shadow IT at their respective institutions. Further, we propose a security-based profile of shadow IT, involving a subset of elements from existing shadow IT taxonomies, which categorizes shadow IT from a security perspective. Based on this profile, survey respondents identified the predominant form of shadow IT at their institutions, revealing close similarities to findings from our case study. Through this work, we are the first to identify possible susceptibility factors associated with the occurrence of shadow IT related security incidents within academic institutions. Correlations of significance include the presence of certain graduate schools, the level of decentralization of the IT department, the types of shadow IT present, the percentage of security violations related to shadow IT, and the institution's overall attitude toward shadow IT. The combined elements of our case study, profile, and survey provide the first multifaceted view of shadow IT security at academic institutions, highlighting tension between its risks and benefits, and suggesting strategies for managing it successfully. 

   more » « less
2. A New Notion of Individually Fair Clustering: alpha-Equitable k-Center

   Chakrabarti, D; Dickerson, J. P.; Esmaeili, S. A.; Srinivasan, A.; Tsepenekas, L. (March 2022, Proc. International Conference on Artifical Intelligence and Statistics (AISTATS))

   Clustering is a fundamental problem in unsupervised machine learning, and due to its numerous societal implications fair variants of it have recently received significant attention. In this work we introduce a novel definition of individual fairness for clustering problems. Specifically, in our model, each point j has a set of other points S(j) that it perceives as similar to itself, and it feels that it is being fairly treated if the quality of service it receives in the solution is α-close (in a multiplicative sense, for some given α ≥ 1) to that of the points in S(j). We begin our study by answering questions regarding the combinatorial structure of the problem, namely for what values of α the problem is well-defined, and what the behavior of the Price of Fairness (PoF) for it is. For the well-defined region of α, we provide efficient and easily-implementable approximation algorithms for the k-center objective, which in certain cases also enjoy bounded-PoF guarantees. We finally complement our analysis by an extensive suite of experiments that validates the effectiveness of our theoretical results. 

   more » « less
3. Information-Theoretic Topology-Hiding Broadcast: Wheels, Stars, Friendship, and Beyond

   https://doi.org/10.4230/LIPIcs.ITC.2024.1  

   Banoun, D'or; Boyle, Elette; Cohen, Ran (January 2024, ITC)

   Aggarwal, Divesh (Ed.)

   Topology-hiding broadcast (THB) enables parties communicating over an incomplete network to broadcast messages while hiding the network topology from within a given class of graphs. Although broadcast is a privacy-free task, it is known that THB for certain graph classes necessitates computational assumptions, even against "honest but curious" adversaries, and even given a single corrupted party. Recent works have tried to understand when THB can be obtained with information-theoretic (IT) security (without cryptography or setup assumptions) as a function of properties of the corresponding graph class. We revisit this question through a case study of the class of wheel graphs and their subgraphs. The nth wheel graph is established by connecting n nodes who form a cycle with another "center" node, thus providing a natural extension that captures and enriches previously studied graph classes in the setting of IT-THB. We present a series of new findings in this line. We fully characterize feasibility of IT-THB for any class of subgraphs of the wheel, each possessing an embedded star (i.e., a well-defined center connected to all other nodes). Our characterization provides evidence that IT-THB feasibility may correlate with a more fine-grained degree structure - as opposed to pure connectivity - of the corresponding graphs. We provide positive results achieving perfect IT-THB for new graph classes, including ones where the number of nodes is unknown. Further, we provide the first feasibility of IT-THB on non-degenerate graph-classes with t > 1 corruptions, for the class of friendship graphs (Erdös, Rényi, Sós '66). 

   more » « less
4. Connecting Evaluation and Computing Education Research: Why is it so Important?

   https://doi.org/10.1145/3159450.3159642  

   Decker, Adrienne; McGill, Monica M.; Ravitz, Jason; Snow, Eric; Zarch, Rebecca (January 2018, SIGCSE '18 Proceedings of the 49th ACM Technical Symposium on Computer Science Education)

   With the growth of computing education research in the last decade, we have found a call for a strengthening of empiricism within the computing education research community. Computer science education researchers are being asked to focus not only the innovation that the research creates or the question it answers, but also on validating the claims we made about the work. In this session, we will explore the relationship between evaluation and computing education research and why it is so vital to the success of the many computing education initiatives underway. It will also help computing faculty engaged in computer science education research understand why it is essential to integrate evaluation and validation from the very first conceptual stages of their intervention programs. 

   more » « less
5. Connecting Evaluation and Computing Education Research: Why is it so Important?

   https://doi.org/10.1145/31594950.3159642  

   Decker, Adrienne; McGill, Monica M.; Ravitz, Jason; Snow, Eric; Zarch, Rebecca (February 2018, SIGCSE '18 Proceedings of the 49th ACM Technical Symposium on Computer Science Education)

   With the growth of computing education research in the last decade, we have found a call for a strengthening of empiricism within the computing education research community. Computer science education researchers are being asked to focus not only the innovation that the research creates or the question it answers, but also on validating the claims we made about the work. In this session, we will explore the relationship between evaluation and computing education research and why it is so vital to the success of the many computing education initiatives underway. It will also help computing faculty engaged in computer science education research understand why it is essential to integrate evaluation and validation from the very first conceptual stages of their intervention programs. 

   more » « less