42,588 research outputs found
AppAware: A Model for Privacy Policy Visualization for Mobile Applications
Privacy policies emerge as the main mechanism to inform users on the way their information is managed by online service providers, and still remain the dominant approach for this purpose. Literature notes that users find difficulties in understanding privacy policies because they are usually written in technical or legal language even, although most users are unfamiliar with them. These difficulties have led most users to skip reading privacy policies and blindly accept them. In an effort to address this challenge this paper presents AppWare, a multiplatform tool that intends to improve the visualization of privacy policies for mobile applications. AppWare formulates a visualized report with the permission set of an application, which is easily understandable by a common user. AppWare aims to bridge the difficulty to read privacy policies and android’s obscure permission set with a new privacy policy visualization model. To validate AppAware we conducted a survey through questionnaire aiming to evaluate AppAware in terms of installability, usability, and viability-purpose. The results demonstrate that AppAware is assessed above average by the users in all categories
Towards a Formal Model of Privacy-Sensitive Dynamic Coalitions
The concept of dynamic coalitions (also virtual organizations) describes the
temporary interconnection of autonomous agents, who share information or
resources in order to achieve a common goal. Through modern technologies these
coalitions may form across company, organization and system borders. Therefor
questions of access control and security are of vital significance for the
architectures supporting these coalitions.
In this paper, we present our first steps to reach a formal framework for
modeling and verifying the design of privacy-sensitive dynamic coalition
infrastructures and their processes. In order to do so we extend existing
dynamic coalition modeling approaches with an access-control-concept, which
manages access to information through policies. Furthermore we regard the
processes underlying these coalitions and present first works in formalizing
these processes. As a result of the present paper we illustrate the usefulness
of the Abstract State Machine (ASM) method for this task. We demonstrate a
formal treatment of privacy-sensitive dynamic coalitions by two example ASMs
which model certain access control situations. A logical consideration of these
ASMs can lead to a better understanding and a verification of the ASMs
according to the aspired specification.Comment: In Proceedings FAVO 2011, arXiv:1204.579
Link Before You Share: Managing Privacy Policies through Blockchain
With the advent of numerous online content providers, utilities and
applications, each with their own specific version of privacy policies and its
associated overhead, it is becoming increasingly difficult for concerned users
to manage and track the confidential information that they share with the
providers. Users consent to providers to gather and share their Personally
Identifiable Information (PII). We have developed a novel framework to
automatically track details about how a users' PII data is stored, used and
shared by the provider. We have integrated our Data Privacy ontology with the
properties of blockchain, to develop an automated access control and audit
mechanism that enforces users' data privacy policies when sharing their data
across third parties. We have also validated this framework by implementing a
working system LinkShare. In this paper, we describe our framework on detail
along with the LinkShare system. Our approach can be adopted by Big Data users
to automatically apply their privacy policy on data operations and track the
flow of that data across various stakeholders.Comment: 10 pages, 6 figures, Published in: 4th International Workshop on
Privacy and Security of Big Data (PSBD 2017) in conjunction with 2017 IEEE
International Conference on Big Data (IEEE BigData 2017) December 14, 2017,
Boston, MA, US
Security, Privacy and Safety Risk Assessment for Virtual Reality Learning Environment Applications
Social Virtual Reality based Learning Environments (VRLEs) such as vSocial
render instructional content in a three-dimensional immersive computer
experience for training youth with learning impediments. There are limited
prior works that explored attack vulnerability in VR technology, and hence
there is a need for systematic frameworks to quantify risks corresponding to
security, privacy, and safety (SPS) threats. The SPS threats can adversely
impact the educational user experience and hinder delivery of VRLE content. In
this paper, we propose a novel risk assessment framework that utilizes attack
trees to calculate a risk score for varied VRLE threats with rate and duration
of threats as inputs. We compare the impact of a well-constructed attack tree
with an adhoc attack tree to study the trade-offs between overheads in managing
attack trees, and the cost of risk mitigation when vulnerabilities are
identified. We use a vSocial VRLE testbed in a case study to showcase the
effectiveness of our framework and demonstrate how a suitable attack tree
formalism can result in a more safer, privacy-preserving and secure VRLE
system.Comment: Tp appear in the CCNC 2019 Conferenc
A Distributed Context-Aware Trust Management Architecture
The realization of a pervasive context-aware service platform imposes new challenges for the security and privacy aspects of the system in relation to traditional service platforms. One important aspect is related with the management of trust relationships, which is especially hard in a pervasive environment because users are supposed to interact with entities unknown before hand in an ad-hoc and dynamic manner. Current trust management solutions do not adapt nor scale well in this dynamic service provisioning scenario because they require previously defined trust relationships in order to operate. The objective of this thesis is to design, prototype and validate a context-aware distributed trust management architecture in order to address: (a) the lack of integration between available trust solutions and security and privacy management languages, and (b) the dynamic characteristics of a context-aware service platform
A European research roadmap for optimizing societal impact of big data on environment and energy efficiency
We present a roadmap to guide European research efforts towards a socially
responsible big data economy that maximizes the positive impact of big data in
environment and energy efficiency. The goal of the roadmap is to allow
stakeholders and the big data community to identify and meet big data
challenges, and to proceed with a shared understanding of the societal impact,
positive and negative externalities, and concrete problems worth investigating.
It builds upon a case study focused on the impact of big data practices in the
context of Earth Observation that reveals both positive and negative effects in
the areas of economy, society and ethics, legal frameworks and political
issues. The roadmap identifies European technical and non-technical priorities
in research and innovation to be addressed in the upcoming five years in order
to deliver societal impact, develop skills and contribute to standardization.Comment: 6 pages, 2 figures, 1 tabl
On Regulatory and Organizational Constraints in Visualization Design and Evaluation
Problem-based visualization research provides explicit guidance toward
identifying and designing for the needs of users, but absent is more concrete
guidance toward factors external to a user's needs that also have implications
for visualization design and evaluation. This lack of more explicit guidance
can leave visualization researchers and practitioners vulnerable to unforeseen
constraints beyond the user's needs that can affect the validity of
evaluations, or even lead to the premature termination of a project. Here we
explore two types of external constraints in depth, regulatory and
organizational constraints, and describe how these constraints impact
visualization design and evaluation. By borrowing from techniques in software
development, project management, and visualization research we recommend
strategies for identifying, mitigating, and evaluating these external
constraints through a design study methodology. Finally, we present an
application of those recommendations in a healthcare case study. We argue that
by explicitly incorporating external constraints into visualization design and
evaluation, researchers and practitioners can improve the utility and validity
of their visualization solution and improve the likelihood of successful
collaborations with industries where external constraints are more present.Comment: 9 pages, 2 figures, presented at BELIV workshop associated with IEEE
VIS 201
- …