286,500 research outputs found
An Approach for Managing Access to Personal Information Using Ontology-Based Chains
The importance of electronic healthcare has caused numerous
changes in both substantive and procedural aspects of healthcare
processes. These changes have produced new challenges to patient
privacy and information secrecy. Traditional privacy policies cannot
respond to rapidly increased privacy needs of patients in electronic
healthcare. Technically enforceable privacy policies are needed in
order to protect patient privacy in modern healthcare with its cross
organisational information sharing and decision making.
This thesis proposes a personal information flow model that specifies
a limited number of acts on this type of information. Ontology
classified Chains of these acts can be used instead of the
"intended/business purposes" used in privacy access control to
seamlessly imbuing current healthcare applications and their
supporting infrastructure with security and privacy functionality. In
this thesis, we first introduce an integrated basic architecture, design
principles, and implementation techniques for privacy-preserving
data mining systems. We then discuss the key methods of privacypreserving
data mining systems which include four main methods:
Role based access control (RBAC), Hippocratic database, Chain
method and eXtensible Access Control Markup Language (XACML).
We found out that the traditional methods suffer from two main
problems: complexity of privacy policy design and the lack of context
flexibility that is needed while working in critical situations such as the
one we find in hospitals. We present and compare strategies for
realising these methods. Theoretical analysis and experimental
evaluation show that our new method can generate accurate data
mining models and safe data access management while protecting
the privacy of the data being mined. The experiments followed
comparative kind of experiments, to show the ease of the design first
and then follow real scenarios to show the context flexibility in saving
personal information privacy of our investigated method
Medical Cyber-Physical Systems Development: A Forensics-Driven Approach
The synthesis of technology and the medical industry has partly contributed
to the increasing interest in Medical Cyber-Physical Systems (MCPS). While
these systems provide benefits to patients and professionals, they also
introduce new attack vectors for malicious actors (e.g. financially-and/or
criminally-motivated actors). A successful breach involving a MCPS can impact
patient data and system availability. The complexity and operating requirements
of a MCPS complicates digital investigations. Coupling this information with
the potentially vast amounts of information that a MCPS produces and/or has
access to is generating discussions on, not only, how to compromise these
systems but, more importantly, how to investigate these systems. The paper
proposes the integration of forensics principles and concepts into the design
and development of a MCPS to strengthen an organization's investigative
posture. The framework sets the foundation for future research in the
refinement of specific solutions for MCPS investigations.Comment: This is the pre-print version of a paper presented at the 2nd
International Workshop on Security, Privacy, and Trustworthiness in Medical
Cyber-Physical Systems (MedSPT 2017
A Human-centric Perspective on Digital Consenting: The Case of GAFAM
According to different legal frameworks such as the European General Data Protection Regulation (GDPR), an end-user's consent constitutes one of the well-known legal bases for personal data processing. However, research has indicated that the majority of end-users have difficulty in understanding what they are consenting to in the digital world. Moreover, it has been demonstrated that marginalized people are confronted with even more difficulties when dealing with their own digital privacy. In this research, we use an enactivist perspective from cognitive science to develop a basic human-centric framework for digital consenting. We argue that the action of consenting is a sociocognitive action and includes cognitive, collective, and contextual aspects. Based on the developed theoretical framework, we present our qualitative evaluation of the consent-obtaining mechanisms implemented and used by the five big tech companies, i.e. Google, Amazon, Facebook, Apple, and Microsoft (GAFAM). The evaluation shows that these companies have failed in their efforts to empower end-users by considering the human-centric aspects of the action of consenting. We use this approach to argue that their consent-obtaining mechanisms violate principles of fairness, accountability and transparency. We then suggest that our approach may raise doubts about the lawfulness of the obtained consentâparticularly considering the basic requirements of lawful consent within the legal framework of the GDPR
How authentic should a learning context be? Using real and simulated profiles in a classroom intervention to improve safety on social network sites
With the rise of social network sites (SNSs), there is an increasing need for safety education within the current cyber society. To this end, a variety of educational materials have been developed to prepare children to be vigilant when interacting on such sites. However, little is known about the critical design aspects necessary to make these materials effective. In this study, we build on the results of two previous studies, in which we found that general instructional principles drawn from constructivism, such as collaborative learning, are not always appropriate to teach children how to behave safely online. This study therefore focuses on the importance of authentic learning and active learning as critical design features. A quasi-experimental study was conducted in secondary schools in order to compare the impact of two classroom interventions about the risks on SNSs. As part of the intervention, students were presented scaffolds towards different risks related to an SNS-profile through a series of questions. In the control condition, these questions concerned a simulated SNS-profile on paper containing signs of many risks. In the experimental condition, students had to answer the same questions about their own SNS-profile on a computer. It was hypothesized that the simulated profile would not be experienced as realistic, and that students would have difficulties identifying with it. On the other hand, teenagers were expected to be able to recognize more risks on the simulated âworst-case scenarioâ profile than on their own profile, which would facilitate the scaffolding process in the control condition. The results of the study mostly confirmed these hypotheses. Furthermore, the question arose as to whether the intervention based on the studentâs own rea listic profile was educationally more valuable than the intervention based on the simulated profile, but no such added value was found. On the contrary, the scaffolding questions about the simulated profile were found to be more effective in teaching the teenagers about the different categories of risks that were tackled. Based on these findings, the importance of an authentic setting was put into perspective. Within the context of a classroom intervention to promote safety on SNSs, the exercise based on the simulated SNS-profile is put forward as the more effective teaching strategy
Understanding Shoulder Surfing in the Wild: Stories from Users and Observers
Research has brought forth a variety of authentication systems to mitigate observation attacks. However, there is little work about shoulder surfing situations in the real world. We present the results of a user survey (N=174) in which we investigate actual stories about shoulder surfing on mobile devices from both users and observers. Our analysis indicates that shoulder surfing mainly occurs in an opportunistic, non-malicious way. It usually does not have serious consequences, but evokes negative feelings for both parties, resulting in a variety of coping strategies. Observed data was personal in most cases and ranged from information about interests and hobbies to login data and intimate details about third persons and relationships. Thus, our work contributes evidence for shoulder surfing in the real world and informs implications for the design of privacy protection mechanisms
Governing autonomous vehicles: emerging responses for safety, liability, privacy, cybersecurity, and industry risks
The benefits of autonomous vehicles (AVs) are widely acknowledged, but there
are concerns about the extent of these benefits and AV risks and unintended
consequences. In this article, we first examine AVs and different categories of
the technological risks associated with them. We then explore strategies that
can be adopted to address these risks, and explore emerging responses by
governments for addressing AV risks. Our analyses reveal that, thus far,
governments have in most instances avoided stringent measures in order to
promote AV developments and the majority of responses are non-binding and focus
on creating councils or working groups to better explore AV implications. The
US has been active in introducing legislations to address issues related to
privacy and cybersecurity. The UK and Germany, in particular, have enacted laws
to address liability issues, other countries mostly acknowledge these issues,
but have yet to implement specific strategies. To address privacy and
cybersecurity risks strategies ranging from introduction or amendment of non-AV
specific legislation to creating working groups have been adopted. Much less
attention has been paid to issues such as environmental and employment risks,
although a few governments have begun programmes to retrain workers who might
be negatively affected.Comment: Transport Reviews, 201
- âŠ