9,413 research outputs found
Potential mass surveillance and privacy violations in proximity-based social applications
Proximity-based social applications let users interact with people that are
currently close to them, by revealing some information about their preferences
and whereabouts. This information is acquired through passive geo-localisation
and used to build a sense of serendipitous discovery of people, places and
interests. Unfortunately, while this class of applications opens different
interactions possibilities for people in urban settings, obtaining access to
certain identity information could lead a possible privacy attacker to identify
and follow a user in their movements in a specific period of time. The same
information shared through the platform could also help an attacker to link the
victim's online profiles to physical identities. We analyse a set of popular
dating application that shares users relative distances within a certain radius
and show how, by using the information shared on these platforms, it is
possible to formalise a multilateration attack, able to identify the user
actual position. The same attack can also be used to follow a user in all their
movements within a certain period of time, therefore identifying their habits
and Points of Interest across the city. Furthermore we introduce a social
attack which uses common Facebook likes to profile a person and finally
identify their real identity
Privacy-Preserving Reengineering of Model-View-Controller Application Architectures Using Linked Data
When a legacy system’s software architecture cannot be redesigned, implementing
additional privacy requirements is often complex, unreliable and
costly to maintain. This paper presents a privacy-by-design approach to
reengineer web applications as linked data-enabled and implement access
control and privacy preservation properties. The method is based on the
knowledge of the application architecture, which for the Web of data is
commonly designed on the basis of a model-view-controller pattern. Whereas
wrapping techniques commonly used to link data of web applications duplicate
the security source code, the new approach allows for the controlled
disclosure of an application’s data, while preserving non-functional properties
such as privacy preservation. The solution has been implemented
and compared with existing linked data frameworks in terms of reliability,
maintainability and complexity
Anonymizing cybersecurity data in critical infrastructures: the CIPSEC approach
Cybersecurity logs are permanently generated by network devices to describe security incidents. With modern computing technology, such logs can be exploited to counter threats in real time or before they gain a foothold. To improve these capabilities, logs are usually shared with external entities. However, since cybersecurity logs might contain sensitive data, serious privacy concerns arise, even more when critical infrastructures (CI), handling strategic data, are involved.
We propose a tool to protect privacy by anonymizing sensitive data included in cybersecurity logs. We implement anonymization mechanisms grouped through the definition of a privacy policy. We adapt said approach to the context of the EU project CIPSEC that builds a unified security framework to orchestrate security products, thus offering better protection to a group of CIs. Since this framework collects and processes security-related data from multiple devices of CIs, our work is devoted to protecting privacy by integrating our anonymization approach.Peer ReviewedPostprint (published version
- …