49 research outputs found
Service Outsourcing Character Oriented Privacy Conflict Detection Method in Cloud Computing
Cloud computing has provided services for users as a software paradigm. However, it is difficult to ensure privacy information security because of its opening, virtualization, and service outsourcing features. Therefore how to protect user privacy information has become a research focus. In this paper, firstly, we model service privacy policy and user privacy preference with description logic. Secondly, we use the pellet reasonor to verify the consistency and satisfiability, so as to detect the privacy conflict between services and user. Thirdly, we present the algorithm of detecting privacy conflict in the process of cloud service composition and prove the correctness and feasibility of this method by case study and experiment analysis. Our method can reduce the risk of user sensitive privacy information being illegally used and propagated by outsourcing services. In the meantime, the method avoids the exception in the process of service composition by the privacy conflict, and improves the trust degree of cloud service providers
A secure architecture enabling end-user privacy in the context of commercial wide-area location-enhanced web services
Mobile location-based services have raised privacy concerns amongst mobile phone users who may need to supply their identity and location information to untrustworthy third parties in order to access these applications. Widespread acceptance of such services may therefore depend on how privacy sensitive information will be handled in order to restore usersâ confidence in what could become the âkiller appâ of 3G networks.
The work reported in this thesis is part of a larger project to provide a secure architecture to enable the delivery of location-based services over the Internet. The security of transactions and in particular the privacy of the information transmitted has been the focus of our research. In order to protect mobile usersâ identities, we have designed and implemented a proxy-based middleware called the Orient Platform together with its Orient Protocol, capable of translating their real identity into pseudonyms.
In order to protect usersâ privacy in terms of location information, we have designed and implemented a Location Blurring algorithm that intentionally downgrades the quality of location information to be used by location-based services. The algorithm takes into account a blurring factor set by the mobile user at her convenience and blurs her location by preventing real-time tracking by unauthorized entities. While it penalizes continuous location tracking, it returns accurate and reliable information in response to sporadic location queries.
Finally, in order to protect the transactions and provide end-to-end security between all the entities involved, we have designed and implemented a Public Key Infrastructure based on a Security Mediator (SEM) architecture. The cryptographic algorithms used are identitybased, which makes digital certificate retrieval, path validation and revocation redundant in our environment. In particular we have designed and implemented a cryptographic scheme based on Hessâ work [108], which represents, to our knowledge, the first identity-based signature scheme in the SEM setting. A special private key generation process has also been developed in order to enable entities to use a single private key in conjunction with multiple pseudonyms, which significantly simplifies key management.
We believe our approach satisfies the security requirements of mobile users and can help restore their confidence in location-based services
Privacidade em comunicaçÔes de dados para ambientes contextualizados
Doutoramento em InformĂĄticaInternet users consume online targeted advertising based on information collected
about them and voluntarily share personal information in social networks.
Sensor information and data from smart-phones is collected and used
by applications, sometimes in unclear ways. As it happens today with smartphones,
in the near future sensors will be shipped in all types of connected
devices, enabling ubiquitous information gathering from the physical environment,
enabling the vision of Ambient Intelligence. The value of gathered data,
if not obvious, can be harnessed through data mining techniques and put to
use by enabling personalized and tailored services as well as business intelligence
practices, fueling the digital economy.
However, the ever-expanding information gathering and use undermines the
privacy conceptions of the past. Natural social practices of managing privacy
in daily relations are overridden by socially-awkward communication tools, service
providers struggle with security issues resulting in harmful data leaks,
governments use mass surveillance techniques, the incentives of the digital
economy threaten consumer privacy, and the advancement of consumergrade
data-gathering technology enables new inter-personal abuses.
A wide range of fields attempts to address technology-related privacy problems,
however they vary immensely in terms of assumptions, scope and approach.
Privacy of future use cases is typically handled vertically, instead
of building upon previous work that can be re-contextualized, while current
privacy problems are typically addressed per type in a more focused way.
Because significant effort was required to make sense of the relations and
structure of privacy-related work, this thesis attempts to transmit a structured
view of it. It is multi-disciplinary - from cryptography to economics, including
distributed systems and information theory - and addresses privacy issues of
different natures.
As existing work is framed and discussed, the contributions to the state-of-theart
done in the scope of this thesis are presented. The contributions add to
five distinct areas: 1) identity in distributed systems; 2) future context-aware
services; 3) event-based context management; 4) low-latency information flow
control; 5) high-dimensional dataset anonymity. Finally, having laid out such
landscape of the privacy-preserving work, the current and future privacy challenges
are discussed, considering not only technical but also socio-economic
perspectives.Quem usa a Internet vĂȘ publicidade direccionada com base nos seus hĂĄbitos
de navegação, e provavelmente partilha voluntariamente informação pessoal
em redes sociais. A informação disponĂvel nos novos telemĂłveis Ă© amplamente
acedida e utilizada por aplicaçÔes móveis, por vezes sem razÔes claras
para isso. Tal como acontece hoje com os telemĂłveis, no futuro muitos tipos
de dispositivos elecĂłnicos incluirĂŁo sensores que permitirĂŁo captar dados do
ambiente, possibilitando o surgimento de ambientes inteligentes. O valor dos
dados captados, se não for óbvio, pode ser derivado através de técnicas de
anålise de dados e usado para fornecer serviços personalizados e definir estratégias
de negĂłcio, fomentando a economia digital.
No entanto estas pråticas de recolha de informação criam novas questÔes de
privacidade. As pråticas naturais de relaçÔes inter-pessoais são dificultadas
por novos meios de comunicação que não as contemplam, os problemas de
segurança de informação sucedem-se, os estados vigiam os seus cidadãos,
a economia digital leva å monitorização dos consumidores, e as capacidades
de captação e gravação dos novos dispositivos eletrónicos podem ser usadas
abusivamente pelos prĂłprios utilizadores contra outras pessoas.
Um grande nĂșmero de ĂĄreas cientĂficas focam problemas de privacidade relacionados
com tecnologia, no entanto fazem-no de maneiras diferentes e
assumindo pontos de partida distintos. A privacidade de novos cenĂĄrios Ă©
tipicamente tratada verticalmente, em vez de re-contextualizar trabalho existente,
enquanto os problemas actuais sĂŁo tratados de uma forma mais focada.
Devido a este fraccionamento no trabalho existente, um exercĂcio muito relevante
foi a sua estruturação no ùmbito desta tese. O trabalho identificado é
multi-disciplinar - da criptografia Ă economia, incluindo sistemas distribuĂdos
e teoria da informação - e trata de problemas de privacidade de naturezas
diferentes.
à medida que o trabalho existente é apresentado, as contribuiçÔes feitas por
esta tese sĂŁo discutidas. Estas enquadram-se em cinco ĂĄreas distintas: 1)
identidade em sistemas distribuĂdos; 2) serviços contextualizados; 3) gestĂŁo
orientada a eventos de informação de contexto; 4) controlo de fluxo de
informação com latĂȘncia baixa; 5) bases de dados de recomendação anĂłnimas.
Tendo descrito o trabalho existente em privacidade, os desafios actuais
e futuros da privacidade são discutidos considerando também perspectivas
socio-econĂłmicas
Effects of perceived privacy protection: does reading privacy notices matter?
Many consumers do not read privacy notices despite the fact that websites post privacy notices to address consumers\u27 long-standing concerns about privacy protection on the internet. To understand why consumers do not read privacy notices and the impact of reading (or not reading) privacy notices on the found effect of privacy notices, data were collected from 137 readers of privacy notices and 97 non-readers of privacy notices. This research\u27s test of the moderating effects of reading (or not reading) privacy notices found that perceived privacy protection positively affected trust and negatively affected perceived information risk and that the negative effect of perceived privacy protection on perceived information risk became stronger for privacy notice readers. This research also developed a typology of reasons why consumers read and do not read privacy notices
A design theory for transparency of information privacy practices
The rising diffusion of information systems (IS) throughout society poses an increasingly serious threat to privacy as a social value. One approach to alleviating this threat is to establish transparency of i nformation privacy practices (TIPP) so that consumers can better understand how their information is processed. However, the design of transparency artifacts (eg, privacy notices) has clearly not followed this approach, given the ever-increasing volume of information processing. Hence, consumers face a situation where they cannot see the âforest for the treesâ when aiming to ascertain whether information processing meets their privacy expectations. A key problem is that overly comprehensive information presentation results in information overload and is thus counterproductive for establishing TIPP. We depart from the extant design logic of transparency artifacts and develop a theoretical foundation (TIPP theory) for transparency artifact designs useful for establishing TIPP from the perspective of privacy as a social value. We present TIPP theory in two parts to capture the sociotechnical interplay. The first part translates abstract knowledge on the IS artifact and privacy into a description of social subsystems of transparency artifacts, and the second part conveys prescriptive design knowledge in form of a corresponding IS design theory. TIPP theory establishes a bridge from the complexity of the privacy concept to a metadesign for transparency artifacts that is useful to establish TIPP in any IS. In essence, transparency artifacts must accomplish more than offering comprehensive information; they must also be adaptive to the current information needs of consumers
Foundations of Security Analysis and Design III, FOSAD 2004/2005- Tutorial Lectures
he increasing relevance of security to real-life applications, such as electronic commerce and Internet banking, is attested by the fast-growing number of research groups, events, conferences, and summer schools that address the study of foundations for the analysis and the design of security aspects. This book presents thoroughly revised versions of eight tutorial lectures given by leading researchers during two International Schools on Foundations of Security Analysis and Design, FOSAD 2004/2005, held in Bertinoro, Italy, in September 2004 and September 2005. The lectures are devoted to: Justifying a Dolev-Yao Model under Active Attacks, Model-based Security Engineering with UML, Physical Security and Side-Channel Attacks, Static Analysis of Authentication, Formal Methods for Smartcard Security, Privacy-Preserving Database Systems, Intrusion Detection, Security and Trust Requirements Engineering
Priv-C : une politique de confidentialité personnalisable
Les politiques de confidentialitĂ© dĂ©finissent comment les services en ligne collectent, utilisent et partagent les donnĂ©es des utilisateurs. Bien quâĂ©tant le principal moyen pour informer les usagers de lâutilisation de leurs donnĂ©es privĂ©es, les politiques de confidentialitĂ© sont en gĂ©nĂ©ral ignorĂ©es par ces derniers. Pour cause, les utilisateurs les trouvent trop longues et trop vagues, elles utilisent un vocabulaire souvent difficile et nâont pas de format standard.
Les politiques de confidentialitĂ© confrontent Ă©galement les utilisateurs Ă un dilemme : celui dâaccepter obligatoirement tout le contenu en vue dâutiliser le service ou refuser le contenu sous peine de ne pas y avoir accĂšs. Aucune autre option nâest accordĂ©e Ă lâutilisateur.
Les données collectées des utilisateurs permettent aux services en ligne de leur fournir un service, mais aussi de les exploiter à des fins économiques (publicités ciblées, revente, etc). Selon diverses études, permettre aux utilisateurs de bénéficier de cette économie de la vie privée pourrait restaurer leur confiance et faciliter une continuité des échanges sur Internet.
Dans ce mĂ©moire, nous proposons un modĂšle de politique de confidentialitĂ©, inspirĂ© du P3P (une recommandation du W3C, World Wide Web Consortium), en Ă©largissant ses fonctionnalitĂ©s et en rĂ©duisant sa complexitĂ©. Ce modĂšle suit un format bien dĂ©fini permettant aux utilisateurs et aux services en ligne de dĂ©finir leurs prĂ©fĂ©rences et besoins. Les utilisateurs ont la possibilitĂ© de dĂ©cider de lâusage spĂ©cifique et des conditions de partage de chacune de leurs donnĂ©es privĂ©es. Une phase de nĂ©gociation permettra une analyse des besoins du service en ligne et des prĂ©fĂ©rences de lâutilisateur afin dâĂ©tablir un contrat de confidentialitĂ©.
La valeur des donnĂ©es personnelles est un aspect important de notre Ă©tude. Alors que les compagnies disposent de moyens leur permettant dâĂ©valuer cette valeur, nous appliquons dans ce mĂ©moire, une mĂ©thode hiĂ©rarchique multicritĂšres. Cette mĂ©thode va permettre Ă©galement Ă chaque utilisateur de donner une valeur Ă ses donnĂ©es personnelles en fonction de lâimportance quâil y accorde.
Dans ce modĂšle, nous intĂ©grons Ă©galement une autoritĂ© de rĂ©gulation en charge de mener les nĂ©gociations entre utilisateurs et services en ligne, et de gĂ©nĂ©rer des recommandations aux usagers en fonction de leur profil et des tendances.Privacy policies define the way online services collect, use and share usersâ data. Although they are the main channel through which users are informed about the use of their private data, privacy policies are generally ignored by them. This is due to their long and vague content, their difficult vocabulary and their no standard format.
Privacy policies also confront users to a dilemma. Indeed, they must agree to all their content in order to use the service or reject it, and in this case they do not have access to the service. No other alternative is given to the user.
Online services process data collected from users to provide them a service, but they also exploit those data for economic purposes (targeted advertising, resale, etc.). According to various studies, allowing users to benefit from the use of their data could restore their trust towards online services and facilitate data exchanges on the Internet.
In this work, we propose a new model of privacy policy, inspired by the P3P (a World Wide Web Consortium - W3C Recommendation) but increasing its functionalities and reducing its complexity. This model defines a specific structure allowing users and online services to define their preferences and needs. Users have the opportunity to decide for each of their private data, specifying how it will be used and shared. A negotiation phase will allow a needs analysis of the online service and preferences of the user to establish a confidentiality agreement.
The value of personal data is also an important aspect of our study. While companies have resources allowing them to rate this value, we apply in this thesis, a hierarchical multi-criteria method. This method will allow each user to give value to his personal data according to the importance he attaches to it.
In this model, we also integrate a regulation authority. It is in charge of conducting negotiations between users and online services, and generate recommendations to users based on their profile and current trends
Tools and techniques for security and privacy of big data: Healthcare system as a case study
As a case study, this Master thesis will also review the state-of-the-art of security and privacy issues in big data as applied to healthcare industry
An Empirical Evaluation Of Key Factors Contributing To Internet Abuse In The Workplace
Purpose â This study seeks to synthesize theories from communication, psychology and criminologyto examine the factors that influence the two most popular topics in industry â internet abuse andaddiction at the workplace. Design/methodology/approach â The survey results of 351 responseswere analyzed to test the proposed hypotheses and research model using structural equationmodeling. Data were collected in Southern Science Park in Taiwan.Findings â It was found that personality factors such as locus of control and self-esteem significantlyinfluence employeesâ internet addictions; and internet addiction significantly impacts employeesâinternet abuse at the workplace. Practical implications â Employers should pay special attention toemployeesâ personalities because they play important roles in internet addiction and internet abuse.Also a good internet policy will be useful especially to a panoptic working environment, which isbecoming popular. Originality/value. his study provides a comprehensive theoretical foundation tobetter understand the two controversial issues in industry. The empirical study validates theimportant theories of locus of control, self-esteem, use and gratification, control, and containment inworkplace surveillance and deviant behavior researc