APPS 2021: Third International Workshop on Adaptive and Personalized Privacy and Security

The work has been partially supported by the EU Horizon 2020 Grant 826278 “Securing Medical Data in Smart Patient-Centric Healthcare Systems” (Serums), and by a new European project, TRUSTID - Intelligent and Continuous Online Student Identity Management for Improving Security and Trust in European Higher Education Institutions, which is funded by the European Commission within the Erasmus+ 2020 Programme.The Third International Workshop on Adaptive and Personalized Privacy and Security (APPS 2021) aims to bring together researchers and practitioners working on diverse topics related to understanding and improving the usability of privacy and security software and systems, by applying user modeling, adaptation and personalization principles. Our special focus in 2021 is on challenges and opportunities related to the Covid-19 outbreak, more specifically on ensuring security and privacy of sensitive data and secure user interactions in online systems. The third edition of the workshop includes interdisciplinary contributions from Belgium, Cyprus, Germany, Greece, Portugal, the Netherlands, and United Kingdom, that introduce new and disruptive ideas, suggest novel solutions, and present research results about various aspects (theory, applications, tools) for bringing user modeling, adaptation and personalization principles into privacy and systems security. This summary gives a brief overview of APPS 2021, held online in conjunction with the 29th ACM Conference on User Modeling, Adaptation and Personalization (ACM UMAP 2021).Postprin

The Internet-of-Things Meets Business Process Management: Mutual Benefits and Challenges

The Internet of Things (IoT) refers to a network of connected devices collecting and exchanging data over the Internet. These things can be artificial or natural, and interact as autonomous agents forming a complex system. In turn, Business Process Management (BPM) was established to analyze, discover, design, implement, execute, monitor and evolve collaborative business processes within and across organizations. While the IoT and BPM have been regarded as separate topics in research and practice, we strongly believe that the management of IoT applications will strongly benefit from BPM concepts, methods and technologies on the one hand; on the other one, the IoT poses challenges that will require enhancements and extensions of the current state-of-the-art in the BPM field. In this paper, we question to what extent these two paradigms can be combined and we discuss the emerging challenges

HardIDX: Practical and Secure Index with SGX

Software-based approaches for search over encrypted data are still either challenged by lack of proper, low-leakage encryption or slow performance. Existing hardware-based approaches do not scale well due to hardware limitations and software designs that are not specifically tailored to the hardware architecture, and are rarely well analyzed for their security (e.g., the impact of side channels). Additionally, existing hardware-based solutions often have a large code footprint in the trusted environment susceptible to software compromises. In this paper we present HardIDX: a hardware-based approach, leveraging Intel's SGX, for search over encrypted data. It implements only the security critical core, i.e., the search functionality, in the trusted environment and resorts to untrusted software for the remainder. HardIDX is deployable as a highly performant encrypted database index: it is logarithmic in the size of the index and searches are performed within a few milliseconds rather than seconds. We formally model and prove the security of our scheme showing that its leakage is equivalent to the best known searchable encryption schemes. Our implementation has a very small code and memory footprint yet still scales to virtually unlimited search index sizes, i.e., size is limited only by the general - non-secure - hardware resources

Pairing a Circular Economy and the 5G-Enabled Internet of Things: Creating a Class of “Looping Smart Assets”

The increase in the world’s population has led to a massive rise in human consumption of the planet’s natural resources, well beyond their replacement rate. Traditional recycling concepts and methods are not enough to counter such effects. In this context, a circular economy (CE), that is, a restorative and regenerative by-design economy, can reform today’s “take–make–dispose” economic model. On the other hand, the Internet of Things (IoT) continues to gradually transform our everyday lives, allowing for the introduction of novel types of services while enhancing legacy ones. Taking this as our motivation, in this article we analyze the CE/IoT interplay, indicating innovative ways in which this interaction can drastically affect products and services, their underlying business models, and the associated ecosystems. Moreover, we present an IoT architecture that enables smart object integration into the IoT ecosystem. The presented architecture integrates circularityenabling features by maximizing the exploitation of assets toward a new type of IoT ecosystem that is circular by design (CbD). Finally, we provide a proof-of-concept implementation and an application study of the proposed architecture and results regarding the applicability of the proposed approach for the telecommunications (telecom) sector

Usability heuristics for fast crime data anonymization in resource-constrained contexts

This thesis considers the case of mobile crime-reporting systems that have emerged as an effective and efficient data collection method in low and middle-income countries. Analyzing the data, can be helpful in addressing crime. Since law enforcement agencies in resource-constrained context typically do not have the expertise to handle these tasks, a cost-effective strategy is to outsource the data analytics tasks to third-party service providers. However, because of the sensitivity of the data, it is expedient to consider the issue of privacy. More specifically, this thesis considers the issue of finding low-intensive computational solutions to protecting the data even from an "honest-but-curious" service provider, while at the same time generating datasets that can be queried efficiently and reliably. This thesis offers a three-pronged solution approach. Firstly, the creation of a mobile application to facilitate crime reporting in a usable, secure and privacy-preserving manner. The second step proposes a streaming data anonymization algorithm, which analyses reported data based on occurrence rate rather than at a preset time on a static repository. Finally, in the third step the concept of using privacy preferences in creating anonymized datasets was considered. By taking into account user preferences the efficiency of the anonymization process is improved upon, which is beneficial in enabling fast data anonymization. Results from the prototype implementation and usability tests indicate that having a usable and covet crime-reporting application encourages users to declare crime occurrences. Anonymizing streaming data contributes to faster crime resolution times, and user privacy preferences are helpful in relaxing privacy constraints, which makes for more usable data from the querying perspective. This research presents considerable evidence that the concept of a three-pronged solution to addressing the issue of anonymity during crime reporting in a resource-constrained environment is promising. This solution can further assist the law enforcement agencies to partner with third party in deriving useful crime pattern knowledge without infringing on users' privacy. In the future, this research can be extended to more than one low-income or middle-income countries