Research

This research paper describes a new attack called Knowledge Transfer Attack (KTA) that can steal private labels (the correct answers or classifications) from graph-based vertical federated learning (GVFL, a system where multiple parties collaborate on machine learning while keeping their data private). Unlike previous attacks that required unrealistic access to training data or labeled examples, KTA only needs auxiliary graphs from unrelated domains to infer the private labels, making it a more practical threat to real-world GVFL systems.

This research proposes ByITFL and LoByITFL, two new federated learning (FL, a method where multiple computers train an AI model together without sharing raw data) schemes that protect user privacy while defending against Byzantine users (participants who send corrupted or malicious data). ByITFL uses Lagrange coded computing (a technique that spreads data across multiple servers to protect it) and re-randomization to achieve perfect privacy but requires significant communication overhead, while LoByITFL reduces communication costs but requires a Trusted Third Party (TTP, an external organization that users must trust) for one-time setup before training begins.

ParaVul is a framework that uses LLMs (large language models, AI systems trained on huge amounts of text) combined with RAG (retrieval-augmented generation, where an AI pulls in external documents to answer questions) to detect vulnerabilities in smart contracts (self-executing programs on blockchain networks). The framework improves detection accuracy and reduces computational costs by using a new fine-tuning technique called SLoRA (Sparse Low-Rank Adaptation) and combining multiple detection methods through a verification module.

This research paper, published in May 2026, discusses a system that automatically chooses appropriate security protections to reduce risks in software applications. The work addresses how to match the right defensive techniques to specific vulnerabilities without requiring manual human selection.

This academic article examines how to secure business communications by combining human-focused practices with new research findings. The work suggests that protecting enterprise systems requires attention to both the people using them and technological solutions.

This study tested whether Western theories about why employees follow security policies apply to Saudi workers by surveying 401 employees. The research found that cultural differences and local policies significantly affect how employees think about security compliance, meaning that strategies to encourage safe behavior need to be tailored to specific cultures rather than using one-size-fits-all approaches.

A study of 350 MBA students and 42 information systems graduates found that feedback from generative AI (AI systems that create new text or content) has mixed effects on workers: it boosts confidence in their abilities and motivation, but simultaneously makes them feel devalued and replaceable because the AI can perform the same tasks independently. The research also discovered that GenAI creates 'prompt engineering convergence' (where different types of work become repetitive prompting and reviewing tasks), which doesn't motivate workers the way traditional job variety does.

This research examines why patients hesitate to share health information with health information technology systems (HIT, software that stores and manages medical records). The study found that patients are more willing to share information when they feel in control of how the technology is used, when they trust that their data is protected by security measures and regulations, and when they perceive real benefits from sharing. Conversely, patients become less willing to share when they feel their data is being tracked without their knowledge.

This report presents a framework for measuring research impact in Information Systems, a field where traditional academic metrics (like citation counts) don't capture the full value of research for organizations and society. Researchers from a global workshop developed a matrix that evaluates research across six themes (such as stakeholder engagement and ethics) and four project phases (planning, delivering, measuring, communicating) to help IS researchers design more impactful work.

Remote patient monitoring (RPM), a system using information and communication technologies to track patients' health from a distance, has expanded rapidly due to COVID-19 and payment policy changes, but faces significant challenges in how healthcare data is managed across fragmented systems. The main obstacles fall into three areas: trust and responsibility issues, limited and disconnected infrastructure (the technical systems that don't work well together), and changes in how healthcare workers do their jobs and what skills they need. The article calls for future research and curriculum changes to help information systems professionals address these challenges.

This study describes the design of a data space, which is a system that lets multiple organizations share and exchange data while protecting privacy and giving countries control over their data. The researchers created a data space for the cultural sector, where participants vary widely in size and technical skill, and they found that successful data spaces should be designed to make it easy for all types of organizations to join, regardless of their resources or technical expertise.

A panel of Australian information systems academics examined how generative AI (GenAI, AI systems that create new text, images, or code based on patterns in training data) is changing higher education, drawing on research from 45 universities across Australia and New Zealand. The panel identified key challenges including learning assurance (ensuring students actually learn the material), privacy, intellectual property rights, and security, while also exploring opportunities for innovation in teaching and research. The discussion emphasized the need for responsible AI governance and policies to guide institutions in adopting GenAI safely and ethically.

Technology-facilitated domestic and family abuse (TFDFA, which is abuse carried out through digital devices and platforms) affects one in two Australian adults, yet the Information Systems research field has largely ignored this problem compared to other disciplines. The authors argue that IS researchers need to urgently study how digital platforms enable abuse, develop design principles to reduce harm, and create frameworks that protect vulnerable people while respecting their digital access.

A panel of academics discussed how AI is changing their work in teaching, research, and service roles, finding both opportunities to boost productivity and concerns about ethical and professional risks. The impact of AI in academia depends on factors at multiple levels, including individual understanding of AI, how institutions govern its use, and discipline-specific practices. The researchers recommend that Information System scholars study human-AI collaboration, build trustworthy AI tools, and examine how AI affects academics' careers.

Twin transition refers to the deliberate alignment of digital and sustainability transformations, which has become a priority for policymakers and corporations but lacks sufficient research and practical guidance. A workshop identified five key challenges: conceptual confusion about what twin transition means, difficulty measuring progress, gaps between stated goals and actual practices, issues of political power and influence, and the need for researchers to examine their own biases. The researchers warn that progress is threatened by four pitfalls: assuming technology alone will solve problems, overconfidence in ideological approaches, fragmented efforts across different organizations, and getting stuck in endless analysis rather than taking action.

This academic paper examines how cybercrime threats have changed during times of crisis and uncertainty, particularly focusing on the pandemic period. The study analyzes the relationship between unstable conditions and increased cyber attacks, helping researchers and security professionals understand how criminals exploit situations when organizations and people are stressed or distracted.

This research paper examines TLS 1.3 (the protocol that encrypts data sent between your browser and websites) with a focus on validating its security and performance when used with Intelligent Transport System certificates (digital credentials for vehicles and infrastructure in connected transportation systems). The authors are working toward formal validation, which means mathematically proving the protocol works correctly and securely in this specific context.

This research paper proposes a method for securely sharing data across different organizations or systems using threshold secret sharing (a technique where data is split into pieces so that a minimum number of pieces are needed to reconstruct it) and zero-knowledge proofs (cryptographic methods that let one party prove something is true without revealing the actual information). The approach aims to allow data sharing while maintaining auditability, meaning organizations can track and verify that data was shared appropriately.

This is a survey paper that examines vulnerabilities and attack methods targeting embodied AI systems (AI systems that control physical robots or devices in the real world). The paper reviews the landscape of security risks in embodied AI and appears to focus on understanding these threats rather than proposing specific fixes.