A privacy awareness system for software design

There have been concerting policy and legal initiatives to mitigate the privacy harm resulting from badly designed software technology. But one main challenge to realizing these initiatives is the difficulty in translating proposed principles and regulations into concrete and verifiable evidence in technology. This is partly due to the lack of systematic techniques and tools to address privacy in the software design, hence making it difficult for the designer to measure disclosure risk in a more intuitive way, taking into account the privacy objective that matters to each end user. To bridge this gap, we propose a framework for verifying the satisfaction of user privacy objectives in software design. Our approach is based on the (un)awareness that users acquire when information is disclosed, as it relates to the communication properties of objects in a design. This property is used to determine the expected privacy utility that users will derive from the design for a specified privacy objective. We demonstrate through case studies how this approach can help designers determine which design decision undermines users’ privacy expectations and better design alternatives

On sharing and synchronizing groupware calendars under android platform

(c) 2016 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other users, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works for resale or redistribution to servers or lists, or reuse of any copyrighted components of this work in other works.Sharing a calendar of tasks and events is a cornerstone in collaborative group work. Indeed, the individual work of the members of the group as well as the group work as a whole need the calendar to guide their activity and to meet the deadlines, milestones, deliverables of a project, etc. Additionally the members of the group should be able to work both offline and online, which arises when members of the group use smartphones and can eventually run out of Internet connection from time to time, or simply want to develop some activities locally. In the former case, they should have access to the calendar locally, while in the later case they should access the calendar online, shared by all members of the group. In both cases they should be able to see eventually the same information, namely the local calendars of the members should be synchronized with the group calendar. For the case of smartphones under Android system, one solution could be using the Google calendar, however, that is not easily tailorable to collaborative group work. In this paper we present an analysis, design and implementation of group work calendar that meets several requirements such as 1) sharing among all of members of the group, 2) synchronization among local calendars of members and global group calendar, 3) conflict resolution through a voting system, 4) awareness of changes in the entries (tasks, members, events, etc.) of the calendar and 5) all these requirements under proper privacy, confidentiality and security mechanisms. Moreover, we extend the sharing of calendars among different groups, a situation which often arises in enterprises when different groups need to be aware of other projects' development, or, when some members participate in more than one project at the same time.Peer ReviewedPostprint (author's final draft

A heuristic evaluation of the Facebook's advertising tool beacon

Interface usability is critical to the successful adoption of information systems. The aim of this study is to evaluate interface of Facebook's advertising tool Beacon by using privacy heuristics [4]. Beacon represents an interesting case study because of the negative media and user backlash it received. The findings of heuristic evaluation suggest violation of privacy heuristics [4]. Here, analysis identified concerns about user choice and consent, integrity and security of data, and awareness and notice. Beacon was an innovative tool, therefore, its systematic evaluation was needed in order to identify privacy problems, their causes and subsequent consequences. The study provides useful insights to human computer interaction (HCI) designers of online social networks

Exploring Consumers’ Attitudes of Smart TV Related Privacy Risks

A number of privacy risks are inherent in the Smart TV ecosystem. It is likely that many consumers are unaware of these privacy risks. Alternatively, they might be aware but consider the privacy risks acceptable. In order to explore this, we carried out an online survey with 200 participants to determine whether consumers were aware of Smart TV related privacy risks. The responses revealed a meagre level of awareness. We also explored consumers’ attitudes towards specific Smart TV related privacy risks. We isolated a number of factors that influenced rankings and used these to develop awareness-raising messages. We tested these messages in an online survey with 155 participants. The main finding was that participants were generally unwilling to disconnect their Smart TVs from the Internet because they valued the Smart TV’s Internet functionality more than their privacy. We subsequently evaluated the awareness-raising messages in a second survey with 169 participants, framing the question differently. We asked participants to choose between five different Smart TV Internet connection options, two of which retained functionality but entailed expending time and/or effort to preserve privacy

Software for Wearable Devices: Challenges and Opportunities

Wearable devices are a new form of mobile computer system that provides exclusive and user-personalized services. Wearable devices bring new issues and challenges to computer science and technology. This paper summarizes the development process and the categories of wearable devices. In addition, we present new key issues arising in aspects of wearable devices, including operating systems, database management system, network communication protocol, application development platform, privacy and security, energy consumption, human-computer interaction, software engineering, and big data.Comment: 6 pages, 1 figure, for Compsac 201

Medical Cyber-Physical Systems Development: A Forensics-Driven Approach

The synthesis of technology and the medical industry has partly contributed to the increasing interest in Medical Cyber-Physical Systems (MCPS). While these systems provide benefits to patients and professionals, they also introduce new attack vectors for malicious actors (e.g. financially-and/or criminally-motivated actors). A successful breach involving a MCPS can impact patient data and system availability. The complexity and operating requirements of a MCPS complicates digital investigations. Coupling this information with the potentially vast amounts of information that a MCPS produces and/or has access to is generating discussions on, not only, how to compromise these systems but, more importantly, how to investigate these systems. The paper proposes the integration of forensics principles and concepts into the design and development of a MCPS to strengthen an organization's investigative posture. The framework sets the foundation for future research in the refinement of specific solutions for MCPS investigations.Comment: This is the pre-print version of a paper presented at the 2nd International Workshop on Security, Privacy, and Trustworthiness in Medical Cyber-Physical Systems (MedSPT 2017

Mobile recommender apps with privacy management for accessible and usable technologies

The paper presents the preliminary results of an ongoing survey of the use of computers and mobile devices, interest in recommender apps and knowledge and concerns about privacy issues amongst English and Italian speaking disabled people. Participants were found to be regular users of computers and mobile devices for a range of applications. They were interested in recommender apps for household items, computer software and apps that met their accessibility and other requirements. They showed greater concerns about controlling access to personal data of different types than this data being retained by the computer or mobile device. They were also willing to make tradeoffs to improve device performance

Localization to Enhance Security and Services in Wi-Fi Networks under Privacy Constraints

Developments of seamless mobile services are faced with two broad challenges, systems security and user privacy - access to wireless systems is highly insecure due to the lack of physical boundaries and, secondly, location based services (LBS) could be used to extract highly sensitive user information. In this paper, we describe our work on developing systems which exploit location information to enhance security and services under privacy constraints. We describe two complimentary methods which we have developed to track node location information within production University Campus Networks comprising of large numbers of users. The location data is used to enhance security and services. Specifically, we describe a method for creating geographic firewalls which allows us to restrict and enhance services to individual users within a specific containment area regardless of physical association. We also report our work on LBS development to provide visualization of spatio-temporal node distribution under privacy considerations