18 research outputs found

    Model-based Approaches to Privacy Compliance

    Get PDF
    In the last decade, information technologies have been developing dramatically, and therefore data harvested via the Internet is growing rapidly. This technological change has a negative impact on privacy due to the sensitivity of the data collected and shared without convenient control or monitoring.\ua0The General Data Protection Regulation (GDPR) of the European Union has been in effect for more than three years, limiting how organizations collect, manage, and handle personal data. The GDPR poses both new challenges and opportunities for technological institutions. In this work, we address various aspects of privacy and propose approaches that can overcome some challenges of the GDPR.\ua0We focus on improving two currently adopted approaches to leverage them to enforce some of the GDPR\u27s requirements by design.\ua0The first part of this work is devoted to developing an access control model to effectively capture the nature of information accessed and shared in online social networks (OSNs).\ua0They might raise serious problems in what concerns users\u27 privacy. One privacy risk is caused by accessing and sharing co-owned data items, i.e., when a user posts a data item that involves other users, some users\u27 privacy might be disclosed. Another risk is caused by the privacy settings offered by OSNs that do not, in general, allow fine-grained enforcement.\ua0We propose a collaborative access control framework to deal with such privacy issues. We also present a proof-of-concept implementation of our approach.In the second part of the thesis, we adopt Data Flow Diagrams (DFDs) as a convenient representation to integrate privacy engineering activities into software design. DFDs are inadequate as a modeling tool for privacy, and there is a need to evolve them to be a privacy-aware approach.\ua0The first privacy-related lack that we solve is automatically inserting privacy requirements during design. Secondly, since DFDs have a hierarchical structure, we propose a refinement framework for DFDs that preserves structural and functional properties and the underlying privacy concepts. Finally, we take a step towards modeling privacy properties, and in particular purpose limitation, in DFDs, by defining a mathematical framework that elaborates how the purpose of a DFD should be specified, verified, or inferred. We provide proof-of-concept tools for all the proposed frameworks and evaluate them through case studies

    Enhancing Privacy Management on Social Network Services

    Full text link
    Tesis por compendioIn the recent years, social network services, such as Facebook or LinkedIn, have experienced an exponential growth. People enjoy their functionalities, such as sharing photos, finding friends, looking for jobs, and in general, they appreciate the social benefits that social networks provide. However, as using social network has become routine for many people, privacy breaches that may occur in social network services have increased users' concerns. For example, it is easy to find news about people being fired because of something they shared on a social network. To enable people define their privacy settings, service providers employ simple access controls which usually rely exclusively on lists or circles of friends. Although these access controls are easy to configure by average users, research literature points out that they are lacking elements, such as tie strength, that play a key role when users decide what to share and with whom. Additionally, despite the simplicity of current access controls, research on privacy on social media reports that people still struggle to effectively control how their information flows on these services. To provide users with a more robust privacy framework, related literature proposes a new paradigm for access controls based on relationships. In contrast to traditional access controls where permissions are granted based on users and their roles, this paradigm employs social elements such as the relationship between the information owner and potential viewers (e.g., only my siblings can see this photo). Access controls that follow this paradigm provide users with mechanisms for disclosure control that represent more naturally how humans reason about privacy. Furthermore, these access controls can deal with specific issues that social network services present. Specifically, users often share information that concerns many people, especially other members of the social network. In such situations, two or more people can have conflicting privacy preferences; thus, an appropriate sharing policy may not be apparent. These situations are usually identified as multiuser privacy scenarios. Since relationship based access controls are complex for the average social network user, service providers have not adopted them. Therefore, to enable the implementation of such access controls in current social networks, tools and mechanisms that facilitate their use must be provided. To that aim, this thesis makes five contributions: (1) a review of related research on privacy management on social networks that identifies pressing challenges in the field, (2) BFF, a tool for eliciting automatically tie strength and user communities, (3) a new access control that employs communities, individual identifiers, tie strength, and content tags, (4) a novel model for representing and reasoning about multiuser privacy scenarios, employing three types of features: contextual factors, user preferences, and user arguments; and, (5) Muppet, a tool that recommends sharing policies in multiuser privacy scenarios.En los últimos años, los servicios de redes sociales, como Facebook o LinkedIn, han experimentado un crecimiento exponencial. Los usuarios valoran positivamente sus muchas funcionalidades tales como compartir fotos, o búsqueda de amigos y trabajo. En general, los usuarios aprecian los beneficios que las redes sociales les aportan. Sin embargo, mientras el uso de redes sociales se ha convertido en rutina para mucha gente, brechas de privacidad que pueden ocurrir en redes sociales han aumentado los recelos de los usuarios. Por ejemplo, es sencillo encontrar en las noticias casos sobre personas que han perdido su empleo debido a algo que compartieron en una red social. Para facilitar la definición de los ajustes de privacidad, los proveedores de servicios emplean controles de acceso sencillos que normalmente se basan, de forma exclusiva, en listas o círculos de amigos. Aunque estos controles de acceso son fáciles de configurar por un usuario medio, investigaciones recientes indican que éstos carecen de elementos tales como la intensidad de los vínculos personales, que juegan un papel clave en cómo los usuarios deciden qué compartir y con quién. Además, a pesar de la simplicidad de los controles de acceso, investigaciones sobre privacidad en redes sociales señalan que los usuarios han de esforzarse para controlar de forma efectiva como su información fluye en estos servicios. Para ofrecer a los usuarios un marco de privacidad más robusto, trabajos recientes proponen un nuevo paradigma para controles de acceso basado en relaciones. A diferencia de los controles de acceso tradicionales donde los permisos se otorgan en base a usuarios y sus roles, este paradigma emplea elementos sociales como la relación entre el propietario de la información y su audiencia potencial (por ejemplo, sólo mis hermanos pueden ver la foto). Los controles de acceso que siguen este paradigma ofrecen a los usuarios mecanismos para el control de la privacidad que representan de una forma más natural como los humanos razonan sobre cuestiones de privacidad. Además, estos controles de acceso pueden lidiar con problemáticas específicas que presentan las redes sociales. Específicamente, los usuarios comparten de forma habitual información que atañe a muchas personas, especialmente a otros miembros de la red social. En tales situaciones, dos o más personas pueden tener preferencias de privacidad que entran en conflicto. Cuando esto ocurre, no hay una configuración correcta de privacidad que sea evidente. Estas situaciones son normalmente identificadas como escenarios de privacidad multiusuario. Dado que los controles de acceso basados en relaciones son complejos para el usuario promedio de redes sociales, los proveedores de servicios no los han adoptado. Por lo tanto, para permitir la implementación de tales controles de acceso en redes sociales actuales, es necesario que se ofrezcan herramientas y mecanismos que faciliten su uso. En este sentido, esta tesis presenta cinco contribuciones: (1) una revisión del estado del arte en manejo de privacidad en redes sociales que permite identificar los retos más importantes en el campo, (2) BFF, una herramienta para obtener automáticamente la intensidad de los vínculos personales y las comunidades de usuarios, (3) un nuevo control de acceso que emplea comunidades, identificadores individuales, la intensidad de los vínculos personales, y etiquetas de contenido, (4) un modelo novedoso para representar y razonar sobre escenarios de privacidad multiusario que emplea tres tipos de características: factores contextuales, preferencias de usuario, y argumentos de usuario; y, (5) Muppet, una herramienta que recomienda configuraciones de privacidad en escenarios de privacidad multiusuario.En els darrers anys, els servicis de xarxes socials, com Facebook o LinkedIn, han experimentat un creixement exponencial. Els usuaris valoren positivament les seues variades funcionalitats com la compartició de fotos o la cerca d'amics i treball. En general, els usuaris aprecien els beneficis que les xarxes socials els aporten. No obstant això, mentre l'ús de les xarxes socials s'ha convertit en rutina per a molta gent, bretxes de privacitat que poden ocórrer en xarxes socials han augmentat els recels dels usuaris. Per exemple, és senzill trobar notícies sobre persones que han perdut el seu treball per alguna cosa que compartiren a una xarxa social. Per facilitar la definició dels ajustos de privacitat, els proveïdors de servicis empren controls d'accés senzills que normalment es basen, de forma exclusiva, en llistes o cercles d'amics. Encara que aquests controls d'accés són fàcils d'emprar per a un usuari mitjà, investigacions recents indiquen que aquests manquen elements com la força dels vincles personals, que juguen un paper clau en com els usuaris decideixen què compartir i amb qui. A més a més, malgrat la simplicitat dels controls d'accés, investigacions sobre privacitat en xarxes socials revelen que els usuaris han d'esforçar-se per a controlar de forma efectiva com fluix la seua informació en aquests servicis. Per a oferir als usuaris un marc de privacitat més robust, treballs recents proposen un nou paradigma per a controls d'accés basat en relacions. A diferència dels controls d'accés tradicionals on els permisos s'atorguen segons usuaris i els seus rols, aquest paradigma empra elements socials com la relació entre el propietari de la informació i la seua audiència potencial (per exemple, sols els meus germans poden veure aquesta foto). Els controls d'accés que segueixen aquest paradigma ofereixen als usuaris mecanismes per al control de la privacitat que representen d'una forma més natural com els humans raonen sobre la privacitat. A més a més, aquests controls d'accés poden resoldre problemàtiques específiques que presenten les xarxes socials. Específicament, els usuaris comparteixen de forma habitual informació que concerneix moltes persones, especialment a altres membres de la xarxa social. En aquestes situacions, dues o més persones poden tindre preferències de privacitat que entren en conflicte. Quan açò ocorre, no hi ha una configuració de privacitat correcta que siga evident. Aquestes situacions són normalment identificades com escenaris de privacitat multiusari. Donat que els controls d'accés basats en relacions són complexos per a l'usuari mitjà de xarxes socials, els proveïdors de servicis no els han adoptat. Per tant, per a permetre la implementació d'aquests controls d'accés en xarxes socials actuals, és necessari oferir ferramentes i mecanismes que faciliten el seu ús. En aquest sentit, aquesta tesi presenta cinc contribucions: (1) una revisió de l'estat de l'art en maneig de privacitat en xarxes socials que permet identificar els reptes més importants en el camp, (2) BFF, una ferramenta per a obtenir automàticament la força dels vincles personals i les comunitats d'usuaris, (3) un nou control d'accés que empra comunitats, identificadors individuals, força dels vincles personals, i etiquetes de contingut, (4) un model nou per a representar i raonar sobre escenaris de privacitat multiusari que empra tres tipus de característiques: factors contextuals, preferències d'usuari, i arguments d'usuaris; i, (5) Muppet, una ferramenta que recomana configuracions de privacitat en escenaris de privacitat multiusuari.López Fogués, R. (2017). Enhancing Privacy Management on Social Network Services [Tesis doctoral no publicada]. Universitat Politècnica de València. https://doi.org/10.4995/Thesis/10251/85978TESISCompendi

    Privacy conflict analysis in web interaction models

    Get PDF
    User privacy has become an important topic with strong implications for the manner by which software systems are designed and used. However, it is not a straightforward consideration on how the instrumentation of data processing activities contribute to the privacy risk of data subjects when interacting with data processors online. In this work, we present a series of methods to assist Data Protection Officers (DPOs) in the modelling and review of data processing activity between data processors online. We articulate an awareness formalism to model the knowledge gain of data processors and the privacy expectations of a data subject. Privacy conflict is defined in this work as an event where the expectations of the data subject do not align with the data processors knowledge gain resulting from data processing activity. We introduce a Selenium workflow for the elicitation of data processing activity of web services online in the creation of an information flow network model. We further articulate a series of privacy anti-patterns to be matched as attributes on this model to identify data processing activity between two data processors facilitating conflict between data subjects and processors. Each anti-pattern illustrates a distinct manner by which conflict can arise on the information flow model. We define privacy risk as the ratio of third party data processors that facilitate an anti-pattern to the total number of third party data processors connected to a first party data processor. Risk in turn quantifies the privacy harm a data subject may incur when interacting with data processors online. Pursuant to the reduction of privacy risk, we present a multi objective approach to model the inherit tensions of balancing the utility of a data subject against the cost incurred by a data processor in the removal of anti-patterns. We present our approach to first elicit the Pareto efficient set of anti-patterns, before operating on a utility function of programmable biases to output a single recommendation. We evaluate our approach against trivial selection strategies to reduce privacy risk and illustrate the key benefit of a granular approach to analysis. We conclude this work with an outlook on how the work can be expanded along with critical reflections

    Semantic discovery and reuse of business process patterns

    Get PDF
    Patterns currently play an important role in modern information systems (IS) development and their use has mainly been restricted to the design and implementation phases of the development lifecycle. Given the increasing significance of business modelling in IS development, patterns have the potential of providing a viable solution for promoting reusability of recurrent generalized models in the very early stages of development. As a statement of research-in-progress this paper focuses on business process patterns and proposes an initial methodological framework for the discovery and reuse of business process patterns within the IS development lifecycle. The framework borrows ideas from the domain engineering literature and proposes the use of semantics to drive both the discovery of patterns as well as their reuse

    A framework for crowd simulation based on the JMonkey game engine

    Get PDF
    La simulación de multitudes juega un papel crucial cuando se trata del desarrollo de entornos inteligentes. La mayoría de los investigadores desarrollan simulaciones usando motores de juegos comerciales a través de los editores que éstos proporcionan. Esto di culta el poder realizar una experimentación profunda sobre simulaciones de multitudes, y fuerza que la línea de investigación deba atenerse al paradigma de desarrollo propuesto por la herramienta. El objetivo principal del trabajo desarrollado es la contribución de un simulador de multitudes basado en 3D, con una arquitectura modular y extensible, adecuada para la experimentación con simulaciones de multitudes. Este framework se centrará de forma especial en la navegación y la coordinación de multitudes sobre un modelo realista del entorno, capaz de reproducir situaciones del mundo real. El simulador incluye implementaciones de algoritmos conocidos para el movimiento de multitudes, integrando también implementaciones de terceros. El trabajo tiene en cuenta la necesidad de representaciones visualmente convincentes de la simulación más allá de las representaciones 2D, utilizadas regularmente en la literatura. Para ello, se contribuye con extensiones a herramientas de terceros que permiten importar texturas, animaciones y mallas que mejoran la calidad de la simulación. El desempeño de la simulación se demuestra en un caso de estudio donde el desafío es encontrar una población cuyo comportamiento, dentro del simulador, reproduce un determinado tráfico entrante / saliente medido en áreas específicas de un edificio. Este trabajo ha sido financiado por el proyecto MOSI-AGIL (S2013 / ICE-3019) a través de la Gobierno de la Comunidad de Madrid y Fondos Estructurales Europeos (FEDER)

    Modeling and exploitation of the traces of interactions in the collaborative working environment

    Get PDF
    Les sciences humaines et le progrès social ne peuvent pas se poursuivre sans collaboration. Avec le développement rapide des technologies de l'information et la popularité des appareils intelligents, le travail collaboratif est beaucoup plus simple et plus fréquents que jamais. Les gens peuvent travailler ensemble sans tenir compte de leur emplacement/ location géographique ou de la limitation de temps. Les environnements de travail de collaboration basés sur le Web sont conçus et consacrés à supporter/soutenir le travail individuel et le travail en groupe dans divers domaines: la recherche, les affaires, l'éducation, etc. N'importe quelle activité dans un système d'information produit un ensemble de traces. Dans un contexte de travail collaboratif, de telles traces peuvent être très volumineuses et hétérogènes. Pour un Environnement de Travail Collaboratif (ETC) typique Basé sur le Web, les traces sont principalement produites par des activités collaboratives ou des interactions collaboratives et peuvent être enregistrées. Les traces modélisées ne représentent pas seulement la connaissance, mais aussi l'expérience acquise par les acteurs via leurs interactions mutuelles ou les interactions qu'ils ont avec le système. Avec la complexité croissante de la structure de groupe et les besoins fréquents de collaboration, les interactions existantes deviennent de plus en plus difficiles à saisir et à analyser. Or, pour leurs travaux futurs, les gens ont souvent besoin de récupérer des informations issues de leurs activités de collaboration précédentes. Cette thèse se concentre sur la définition, la modélisation et l'exploitation des différentes traces dans le contexte d'Environnement de Travail Collaboratif et en particulier aux Traces Collaboratives dans l'espace de travail partagé de groupe (ou l'espace de travail collaboratif). Un modèle de traces de collaboration qui peuvent efficacement enrichir l'expérience du groupe et aider à la collaboration de groupe est proposé et détaillé. Nous présentons ensuite et définissons un type de filtre complexe comme un moyen possible d'exploiter ces traces. Plusieurs scénarios de base d'exploitation des traces collaboratives sont présentés. Pour chacun d'entre eux, nous présentons leurs effets et les avantages procurés par ces effets dans l'environnement de travail collaboratif. En effet, un cadre de l'exploitation des traces général est introduit et nous expliquons mis en œuvre dans un ETC. Trois approches collaboratives générant des traces sont discutées à l'aide d'exemples: l'Analyse SWOT, l'intégration de modèle de maturité de la capacité (CMMI) et le Système de Recommandation de Groupe. Une expérimentation de ce modèle a été réalisée dans le cadre de la plate-forme collaborative E-MEMORAe2.0. Cette expérience montre que notre modèle de trace collaborative et le cadre d'exploitation proposé pour l'environnement de travail collaboratif peuvent faciliter à la fois le travail personnel et de groupe. Notre approche peut être appliquée comme un moyen générique pour traiter différents sujets et problèmes, qu'il s'agisse de collaboration ou de l'exploitation des traces laissées dans un ECT.Human science and social progress cannot continue without collaboration. With the rapid development of information technologies and the popularity of smart devices, collaborative work is much simpler and more common than ever. People can work together irrespective of their geographical location or time limitation. In recently years, Web-based Collaborative Working Environments (CWE) are designed and devoted to support both individual and group work to a greater extent in various areas: research, business, learning and etc. Any activity in an information system produces a set of traces. In a collaborative working context, such traces may be very voluminous and heterogeneous. For a typical Webbased Collaborative Working Environment, traces are mainly produced by collaborative activities or interactions and can be recorded. The modeled traces not only represent knowledge but also experience concerning the interactive actions among the actors or between actors and the system. With the increasing complexity of group structure and frequent collaboration needs, the existing interactions become more difficult to grasp and to analyze. And for the future work, people often need to retrieve more information from their previous collaborative activities. This thesis focuses on defining, modeling and exploiting the various traces in the context of CWE, in particular, Collaborative Traces (CTs) in the group shared/collaborativeworkspace. A model of collaborative traces that can efficiently enrich group experience and assist group collaboration is proposed and detailed. In addition, we introduce and define a type of complex filter as a possible means to exploit the traces. Several basic scenarios of collaborative traces exploitation are presented describing their effects and advantages in CWE. Furthermore, a general traces exploitation framework is introduced and implemented in CWE. Three possible traces based collaborative approaches are discussed with comprehensive examples: SWOT Analysis, Capability Maturity Model Integration (CMMI) and Group Recommendation System. As a practical experience we tested our model in the context of the E-MEMORAe2.0 collaborative platform. Practical cases show that our proposed CT model and the exploitation framework for CWE can facilitate both personal and group work. This approach can be applied as a generic way for addressing different types of collaboration and trace issues/problems in CWE.COMPIEGNE-BU (601592101) / SudocSudocFranceF

    Using virtual reality to enhance informal learning in small and medium enterprises

    Get PDF
    My original contribution to knowledge is the use of computer generated, three-dimensional (3D) virtual worlds using Second Life® as a three-way sustained engagement and a mechanism for a genuinely productive dialogue between Further Education (FE) colleges, employers, employees and apprentices. This thesis shows how the use of virtual worlds creates meaningful employer engagement where Small and Medium Enterprises (SMEs) are involved in planning and contributing to learning (Healey et al, 2014). A radical rethink is taking place about the way we should learn. That is that most learning is informal, at work, under the guidance of non-educationalists and that this situation is universal in the government's priority area of apprenticeship (HM Treasury, 2015) and among most private providers. I will discuss how virtual environments allow SMEs to work in ways they cannot in real life and juxtapose this against the real world, in order to reveal the previously misunderstood connections between the two. The question of Further Education (FE) reform has been widely debated (Bailey et al, 2015, Kelly, 2015) with former Skills Minister, Nick Boles, questioning whether the general FE college model has a future (Evans, 2015) and The Centre for Vocational Education Research (2015) reporting “FE needs to be rethought and rebuilt”. The gap in research for UK vocational education is significant, in comparison to school or university education (Coffield 2008, Grollmann, 2008) and detrimental to the UK government’s drive to recruiting 3 million apprentices by 2020 (Gov.UK, 2015a). This thesis addresses the use of virtual worlds to enhance work transitions both educationally and work related with special attention to apprentices. Specifically, I will be looking at research that pays attention to the socio-cultural context of situated learning (Lave and Wenger, 1991, Vygotsky, 1978), in order to show communities of practice in virtual worlds, transferring motivation and knowledge management. I argue working in virtual worlds bridges the gap between education and industry to develop a modern workforce for the continuation of learning across formal and informal settings (Vavoula et al, 2007) and how its use is endless and hugely enriching by allowing learning to be much more opportunistic. There are so many opportunities in the use of virtual worlds, related particularly to a three-way partnership in learning between apprentices and employees, employers and FE colleges: co-ordination of off- and on-the-job learning; real-time oversight for employers of their employees’ progress; use of virtual events at work to enrich learning, demonstrations of processes and development of learning communities
    corecore