Extension and evaluation of JXTA protocols for supporting reliable P2P distributed computing

Peer-reviewed

Computing the persistent homology of range images with alpha shapes

Laser scanning is becoming an increasingly popular method for measuring 3D objects in industrial design. Laser scanners produce a cloud of 3D points. For CAD software to be able to use such data, however, this point cloud needs to be turned into a vector format. A popular way to do this is to triangulate the assumed surface of the point cloud using alpha shapes. Alpha shapes start from the convex hull of the point cloud and gradually refine it towards the true surface of the object. Often it is nontrivial to decide when to stop this refinement. One criterion for this is to do so when the homology of the object stops changing. This is known as the persistent homology of the object. The goal of this thesis is to develop a way to compute the homology of a given point cloud when processed with alpha shapes, and to infer from it when the persistent homology has been achieved. Practically, the computation of such a characteristic of the target might be applied to power line tower span analysis.

Improved Privacy-Preserving P2P Multimedia Distribution Based on Recombined Fingerprints

Peer-reviewed

Corporate responsibility guaranteed by dialogue? Examining the relationship between nongovernmental organizations and business

The main objective of this doctoral dissertation is to examine the relationship between non-governmental organizations and business in the context of academic discourse, corporate responsibility discourse, and stakeholder dialogue. More specifically, motivated by the increasing emphasis on stakeholder dialogue as a tool for corporate responsibility and accountability, the aim is to critically assess the role of stakeholder dialogue as a self-regulatory mechanism, in particular from the perspective of foreign direct investments. The study comprises two parts; an introductory essay containing the research objectives, theoretical foundations and methodological choices, and four research articles that address one sub-objective: 1) to review the literature on NGO-business relations in business and society, management, and international business journals from 1998–2007; 2) to critically analyze the academic discourse on NGO-business relations; 3) to analyze the problematic aspects of sustainable foreign direct investments as a conceptual construct; and 4) to analyze the problematic aspects of stakeholder dialogue in connection with a foreign direct investment. The ontological and epistemological foundations of this dissertation build on the social constructionist view of reality. The dialogue in this study is viewed as a legitimacy bargaining process that is actively shaped by societal parties in discourse. Similarly, articulations of ‘partnership’ and ‘adversarial’ in NGO-business relations in academic business and society discourse are viewed as competing hegemonic interventions in the field. More specifically, the methods applied in the articles are literature review (Article 1), discourse theory (Article 2), conceptual analysis (Article 3), and case study with document analysis (Article 4). This dissertation has three main arguments and contributions. First, it is argued that the potential of stakeholder dialogue as a tool for corporate responsibility and accountability is inherently limited in both contexts. Second, the study shows the power implications of privileging partnership oriented NGO-business relations over adversarial ones, and of placing business at the centre of governance discourse. The third contribution is methodological: a new way to analyze academic discourse is presented by focusing on the problem setting of an article.

Usable Privacy Preservation in Mobile Electronic Personality

Personalised ubiquitous services have rapidly proliferated due technological advancements in sensing, ubiquitous and mobile computing. Evolving societal trends, business and the economic potential of Personal Information (PI) have overlapped the service niches. At the same time, the societal thirst for more personalised services has increased and are met by soliciting deeper and more privacy invasive PI from customers. Consequentially, reinforcing traditional privacy challenges and unearthed new risks that render classical safeguards ine ective. The absence of solutions to criticise personalised ubiquitous services from privacy perspectives, aggravates the situation. This thesis presents a solution permitting users' PI, stored in their mobile terminals to be disclosed to services in privacy preserving manner for personalisation needs. The approach termed, Mobile Electronic Personality Version 2 (ME2.0), is compared to alternative mechanisms. Within ME2.0, PI handling vulnerabilities of ubiquitous services are identi ed and sensitised on their practices and privacy implications. Vulnerability where PI may leak through covert solicits, excessive acquisitions and legitimate data re-purposing to erode users privacy are also considered. In this thesis, the design, components, internal structures, architectures, scenarios and evaluations of ME2.0 are detailed. The design addresses implications and challenges leveraged by mobile terminals. ME2.0 components and internal structures discusses the functions related to how PI pieces are stored and handled by terminals and services. The architecture focusses on di erent components and their exchanges with services. Scenarios where ME2.0 is used are presented from di erent environment views, before evaluating for performance, privacy and usability.

Accounting for competition, governance and accountability during institutional change in not-for-profit and public sector organisations

Purpose The aim of this thesis1 is to analyse theoretically how institutionalisation of competitive tendering2, governance and budgetary policies cannot be taken for granted to lead to accountability among institutional actors3. The nature of an institutionalised management accounting policy, its relevance as a source of power in organisational decision making, and in negotiating inter-organisational relationships, are also analysed. Practical motivation The practical motivation of the thesis is to show how practitioners and policy makers can institutionalise changes which improve the power of management accounting and control systems4 as a mechanism of accountability among institutional actors and in negotiating relationships with other organisations. Theoretical motivation and conceptual approach The theoretical motivation of the thesis is to extend the institutional framework of management accounting change proposed by Burns and Scapens (2000) by using the theories of critical realism, communicative action, negotiated order and the framework of circuits of power. The Burns and Scapens framework needs further theorisation to analyse the relationship between the institutionalisation of management accounting and accountability; and the relevance of management accounting information in negotiating in inter-organisational relationships. Methodology and field studies Field research took place in public and not-for-profit health care organisations and a municipality in Finland from 2008 to 2013. Data were gathered by document analysis, interviews, participation in meetings and observations. Findings The findings are explained in four different essays that show that institutionalisation of competitive tendering, governance and budgetary policies cannot be taken for granted to lead to accountability among institutional actors. The ways by which institutional actors think and act can be influenced by other institutional mechanisms, such as inter-organisational circuits of power and intraorganisational governance policies, independent of the institutional change process. The relevance of institutionalised management accounting policies in negotiating relationships between two or more organisations depends on processes and contexts through which institutional actors use management accounting information as a tool of communication, mutual understanding and power. Research limitations / implications The theoretical framework used can be applied validly in other studies. The empirical findings cannot be generalised directly to other organisations than the organisations analysed. Practical implications Competitive tendering and budgetary policies can be institutionalised to shape actions of institutional actors within an organisation. To lead to accountability, practitioners and policy makers should implement governance policies that increase the use of management accounting information in institutional actors’ thinking, actions and responsibility for their actions. To reach a negotiated order between organisations, institutionalised management accounting policies should be used as one of the tools of communication aiming to reach mutual agreement among institutional actors.

Pilvipalveluiden eri tietoturvaprofiilit ja -tasot

Työn tarkoituksena on selvittää, mitä valmiita ohjelmistoja tarjoavat pilvipalvelut lupaavat tietoturvastaan. Työssä tutustutaan eri pilvipalveluiden palveluehtoihin ja keskitytään analysoimaan palvelun tietoturvaa ja yksityisyyden suojaa näiden ehtojen mukaisesti. Tuloksena saadaan katsaus pilvipalveluiden tietoturvaan ja voidaan samalla päätellä, kuinka palvelut vastaavat pilven ominaisiin tietoturvauhkiin.

Big Data Processing in the Cloud: a Hydra/Sufia Experience

Presentation at Open Repositories 2014, Helsinki, Finland, June 9-13, 2014

Images of the future of privacy: A privacy dynamics framework and a causal layered

The future of privacy in the information age is a highly debated topic. In particular, new and emerging technologies such as ICTs and cognitive technologies are seen as threats to privacy. This thesis explores images of the future of privacy among non-experts within the time frame from the present until the year 2050. The aims of the study are to conceptualise privacy as a social and dynamic phenomenon, to understand how privacy is conceptualised among citizens and to analyse ideal-typical images of the future of privacy using the causal layered analysis method. The theoretical background of the thesis combines critical futures studies and critical realism, and the empirical material is drawn from three focus group sessions held in spring 2012 as part of the PRACTIS project. From a critical realist perspective, privacy is conceptualised as a social institution which creates and maintains boundaries between normative circles and preserves the social freedom of individuals. Privacy changes when actors with particular interests engage in technology-enabled practices which challenge current privacy norms. The thesis adopts a position of technological realism as opposed to determinism or neutralism. In the empirical part, the focus group participants are divided into four clusters based on differences in privacy conceptions and perceived threats and solutions. The clusters are fundamentalists, pragmatists, individualists and collectivists. Correspondingly, four ideal-typical images of the future are composed: ‘drift to low privacy’, ‘continuity and benign evolution’, ‘privatised privacy and an uncertain future’, and ‘responsible future or moral decline’. The images are analysed using the four layers of causal layered analysis: litany, system, worldview and myth. Each image has its strengths and weaknesses. The individualistic images tend to be fatalistic in character while the collectivistic images are somewhat utopian. In addition, the images have two common weaknesses: lack of recognition of ongoing developments and simplistic conceptions of privacy based on a dichotomy between the individual and society. The thesis argues for a dialectical understanding of futures as present images of the future and as outcomes of real processes and mechanisms. The first steps in promoting desirable futures are the awareness of privacy as a social institution, the awareness of current images of the future, including their assumptions and weaknesses, and an attitude of responsibility where futures are seen as the consequences of present choices.

Microsoftin pilvipalvelut pk-yrityksen päätelaite- ja tiedonhallinnassa

Diplomityössä tutkittiin Microsoftin pilvipalveluiden käyttöä pk-yrityksen päätelaitteiden hallinnassa sekä yrityksen tiedonhallinnassa. Kohdeyrityksenä oli pk-yritys, jolla on ollut Microsoftin pilvipalveluita käytössä jo useamman vuoden ajan. Pilvipalveluiden nopean päivitystahdin myötä uusimpien ominaisuuksien hyödyntäminen on suurelta osin jäänyt tekemättä. Tutkimus päädyttiin rajaamaan kohdeyrityksessä tehdyn vaatimusmäärittelyn mukaisiin tapauksiin, joihin pyrittiin etsimään vastauksia Microsoftin pilvipalveluiden tämän hetken ominaisuuksien avulla. Tutkimus toteutettiin tutustumalla kirjallisuuden avulla pilvitoimintamallin perusteisiin ja Microsoftin tarjoamiin pilvipalveluihin. Työn käytännön osuus toteutettiin useilla eri päätelaitteilla Office 365:den ja Windows Intunen muodostamassa testiympäristössä, jota laajennettiin Microsoft Azuren mahdollistamilla lisäominaisuuksilla. Pilvitoimintamallin yritykset taistelevat jatkuvasti käyttäjien luottamuksesta ja NSA:n vakoilutapauksen jälkeen palveluissa on tapahtunut paljon parannuksia. Tutkimuksessa todettiin erityisesti tiedon suojaamiskäytäntöjen ja hallintaominaisuuksien kehittyneen viime vuosina pilvitoimintamallin yritysten keskinäisen kilpailun myötä. Microsoftin pilvipalvelujen uudet ominaisuudet tarjoavat pk-yritysten käyttöön tehokkaita päätelaite- ja tiedonhallintaratkaisuja, joita on tähän asti ollut saatavilla vain suuryritysympäristöissä.

Critical infrastructure protection against cyber threats

A postgraduate seminar series with a title Critical Infrastructure Protection against Cyber Threats held at the Department of Military Technology of the National Defence University in the fall of 2013 and 2014. This book is a collection of some of talks that were presented in the seminar. The papers address origin of critical infrastructure protection, wargaming cyberwar in critical infrastructure defence, cyber-target categorization, supervisory control and data acquisition systems vulnerabilities, electric power as critical infrastructure, improving situational awareness of critical infrastructure and trust based situation awareness in high security cloud environment. This set of papers tries to give some insight to current issues of the network-centric critical infrastructure protection. The seminar has always made a publication of the papers but this has been an internal publication of the Finnish Defence Forces and has not hindered publication of the papers in international conferences. Publication of these papers in peer reviewed conferences has indeed been always the goal of the seminar, since it teaches writing conference level papers. We still hope that an internal publication in the department series is useful to the Finnish Defence Forces by offering an easy access to these papers.

Consumer online communication of corporate social responsibility in the sin industry context: Cases in the global online gambling industry.

So-called sin industries are often related to harmfulness, unethical business, and unproductiveness. Nowadays, the alcohol, gambling, and tobacco industries are most often considered to be part of sin industries, which is also the context of this study. However, the definition of a sin industry is always related to time and culture. Despite the controversies of sin industries, there are studies that have shown that corporate social responsibility (CSR) engagement is even more important for sin industries than for normal industries and that CSR has a positive effect on firm value in sin industries. With CSR this study refers to an ideology where company takes mostly voluntary actions towards various groups of stakeholders and the environment. In other words, the company goes beyond the legal norms and regulations. In particular, the purpose of this thesis is to find out how companies, operating in the online gambling industry, communicate about their CSR actions to consumers at their web pages. The online environment is essential for this study as online gambling environment is a source of many controversies in comparison to the traditional gambling halls and casinos. These include, for example, greater accessibility, anonymity, and availability of the service. This study uses qualitative textual analysis as its approach, more precisely the discourse analysis. In addition, as this study focuses on large international companies and their actions, also case study approach will be presented. The cases studied are Mybet, Unibet, and Bwin.Party. In order to study the subject, elements from discourse analysis are combined with insights of essential CSR theories, and the specific characteristics of the online gambling industry. As a background for the framework, this study uses the framework of Du & Vieira (2012). After analyzing the discourses of CSR communication and CSR practices, it seems that all of the case companies still do not use all the potential that the online environment provides in terms of CSR or stakeholder communication. There are large differences between different communication tools used at different web pages (gambling pages vs. corporation pages) and between the firms’ CSR profiles. Moreover, there are large differences in the CSR practices used in the web pages of the case companies. The findings of this study are partially alarming as the case companies represent the largest companies in the industry. There are major varieties between the companies’ CSR communication and clear shortcomings in some parts of the online communication. Moreover, the trust of the consumer was broken in some places. If this is the standard that the biggest players in the industry have set with regards to CSR communication, it is probable that the smaller players are performing even worse. Moreover, the regulators are most likely concentrating on the larger companies, so the smaller companies might have fewer incentives and pressure to perform according to the regulations or exceeding the legislation. The conclusions of this thesis provide insights to managers, regulators, and scholars. Suggestions for future studies are provided as well.

Enhancing Security of Linux OS against Administrators

Inside cyber security threats by system administrators are some of the main concerns of organizations about the security of systems. Since operating systems are controlled and managed by fully trusted administrators, they can negligently or intentionally break the information security and privacy of users and threaten the system integrity. In this thesis, we propose some solutions for enhancing the security of Linux OS by restricting administrators’ access to superuser’s privileges while they can still manage the system. We designed and implemented an interface for administrators in Linux OS called Linux Admins’ User Interface (LAUI) for managing the system in secure ways. LAUI along with other security programs in Linux like sudo protect confidentiality and integrity of users’ data and provide a more secure system against administrators’ mismanagement. In our model, we limit administrators to perform managing tasks in secure manners and also make administrators accountable for their acts. In this thesis we present some scenarios for compromising users’ data and breaking system integrity by system administrators in Linux OS. Then we evaluate how our solutions and methods can secure the system against these administrators’ mismanagement.

What is the current state of cloud service research and its promise for the future? A systematic literature review

The information technology (IT) industry has recently witnessed the proliferation of cloud services, which have allowed IT service providers to deliver on-demand resources to customers over the Internet. This frees both service providers and consumers from traditional IT-related burdens such as capital and operating expenses and allows them to respond rapidly to new opportunities in the market. Due to the popularity and growth of cloud services, numerous researchers have conducted studies on various aspects of cloud services, both positive and negative. However, none of those studies have connected all relevant information to provide a holistic picture of the current state of cloud service research. This study aims to investigate that current situation and propose the most promising future directions. In order to determine achieve these goals, a systematic literature review was conducted on studies with a primary focus on cloud services. Based on carefully crafted inclusion criteria, 52 articles from highly credible online sources were selected for the review. To define the main focus of the review and facilitate the analysis of literature, a conceptual framework with five main factors was proposed. The selected articles were organized under the factors of the proposed framework and then synthesized using a narrative technique. The results of this systematic review indicate that the impacts of cloud services on enterprises were the factor best covered by contemporary research. Researchers were able to present valuable findings about how cloud services impact various aspects of enterprises such as governance, performance, and security. By contrast, the role of service provider sub-contractors in the cloud service market remains largely uninvestigated, as do cloud-based enterprise software and cloud-based office systems for consumers. Moreover, the results also show that researchers should pay more attention to the integration of cloud services into legacy IT systems to facilitate the adoption of cloud services by enterprise users. After the literature synthesis, the present study proposed several promising directions for cloud service research by outlining research questions for the underexplored areas of cloud services, in order to facilitate the development of cloud service markets in the future.

Analysis of Automotive Cybersecurity - Attack surfaces and users’ privacy concerns

Modern automobiles are no longer just mechanical tools. The electronics and computing services they are shipping with are making them not less than a computer. They are massive kinetic devices with sophisticated computing power. Most of the modern vehicles are made with the added connectivity in mind which may be vulnerable to outside attack. Researchers have shown that it is possible to infiltrate into a vehicle’s internal system remotely and control the physical entities such as steering and brakes. It is quite possible to experience such attacks on a moving vehicle and unable to use the controls. These massive connected computers can be life threatening as they are related to everyday lifestyle. First part of this research studied the attack surfaces in the automotive cybersecurity domain. It also illustrated the attack methods and capabilities of the damages. Online survey has been deployed as data collection tool to learn about the consumers’ usage of such vulnerable automotive services. The second part of the research portrayed the consumers’ privacy in automotive world. It has been found that almost hundred percent of modern vehicles has the capabilities to send vehicle diagnostic data as well as user generated data to their manufacturers, and almost thirty five percent automotive companies are collecting them already. Internet privacy has been studies before in many related domain but no privacy scale were matched for automotive consumers. It created the research gap and motivation for this thesis. A study has been performed to use well established consumers privacy scale – IUIPC to match with the automotive consumers’ privacy situation. Hypotheses were developed based on the IUIPC model for internet consumers’ privacy and they were studied by the finding from the data collection methods. Based on the key findings of the research, all the hypotheses were accepted and hence it is found that automotive consumers’ privacy did follow the IUIPC model under certain conditions. It is also found that a majority of automotive consumers use the services and devices that are vulnerable and prone to cyber-attacks. It is also established that there is a market for automotive cybersecurity services and consumers are willing to pay certain fees to avail that.