Privacy Violation and Detection Using Pattern Mining Techniques

Privacy, its violations and techniques to bypass privacy violation have grabbed the centre-stage of both academia and industry in recent months. Corporations worldwide have become conscious of the implications of privacy violation and its impact on them and to other stakeholders. Moreover, nations across the world are coming out with privacy protecting legislations to prevent data privacy violations. Such legislations however expose organizations to the issues of intentional or unintentional violation of privacy data. A violation by either malicious external hackers or by internal employees can expose the organizations to costly litigations. In this paper, we propose PRIVDAM; a data mining based intelligent architecture of a Privacy Violation Detection and Monitoring system whose purpose is to detect possible privacy violations and to prevent them in the future. Experimental evaluations show that our approach is scalable and robust and that it can detect privacy violations or chances of violations quite accurately. Please contact the author for full text at [email protected]

Service Level Agreement-based GDPR Compliance and Security assurance in (multi)Cloud-based systems

Compliance with the new European General Data Protection Regulation (Regulation (EU) 2016/679) and security assurance are currently two major challenges of Cloud-based systems. GDPR compliance implies both privacy and security mechanisms definition, enforcement and control, including evidence collection. This paper presents a novel DevOps framework aimed at supporting Cloud consumers in designing, deploying and operating (multi)Cloud systems that include the necessary privacy and security controls for ensuring transparency to end-users, third parties in service provision (if any) and law enforcement authorities. The framework relies on the risk-driven specification at design time of privacy and security level objectives in the system Service Level Agreement (SLA) and in their continuous monitoring and enforcement at runtime.The research leading to these results has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 644429 and No 780351, MUSA project and ENACT project, respectively. We would also like to acknowledge all the members of the MUSA Consortium and ENACT Consortium for their valuable help

Evolution of security engineering artifacts: a state of the art survey

Security is an important quality aspect of modern open software systems. However, it is challenging to keep such systems secure because of evolution. Security evolution can only be managed adequately if it is considered for all artifacts throughout the software development lifecycle. This article provides state of the art on the evolution of security engineering artifacts. The article covers the state of the art on evolution of security requirements, security architectures, secure code, security tests, security models, and security risks as well as security monitoring. For each of these artifacts the authors give an overview of evolution and security aspects and discuss the state of the art on its security evolution in detail. Based on this comprehensive survey, they summarize key issues and discuss directions of future research

Enforcement of Labor Regulation and Informality

Enforcement of labor regulations in the formal sector may drive workers to informality because they increase the costs of formal labor. But better compliance with mandated benefits makes it attractive to be a formal employee. We show that, in locations with frequent inspections workers pay for mandated benefits by receiving lower wages. Wage rigidity prevents downward adjustment at the bottom of the wage distribution. As a result, lower paid formal sector jobs become attractive to some informal workers, inducing them to want to move to the formal sector.labor regulation, informality

SECURITY POLICY ENFORCEMENT IN APPLICATION ENVIRONMENTS USING DISTRIBUTED SCRIPT-BASED CONTROL STRUCTURES

Business processes involving several partners in different organisations impose demanding requirements on procedures for specification, execution and maintenance. A framework referred to as business process management (BPM) has evolved for this purpose over the last ten years. Other approaches, such as service-oriented architecture (SOA) or the concept of virtual organisations (VOs), assist in the definition of architectures and procedures for modelling and execution of so-called collaborative business processes (CBPs). Methods for the specification of business processes play a central role in this context, and, several standards have emerged for this purpose. Among these, Web Services Business Process Execution Language (WS-BPEL, usually abbreviated BPEL) has evolved to become the de facto standard for business process definition. As such, this language has been selected as the foundation for the research in this thesis. Having a broadly accepted standard would principally allow the specification of business processes in a platform-independent manner, including the capability to specify them at one location and have them executed at others (possibly spread across different organisations). Though technically feasible, this approach has significant security implications, particularly on the side that is to execute a process. The research project focused upon these security issues arising when business processes are specified and executed in a distributed manner. The central goal has been the development of methods to cope with the security issues arising when BPEL as a standard is deployed in such a way exploiting the significant aspect of a standard to be platform-independent The research devised novel methods for specifying security policies in such a manner that the assessment of compliance with these policies is greatly facilitated such that the assessment becomes suited to be performed automatically. An analysis of the securityrelevant semantics of BPEL as a specification language was conducted that resulted in the identification of so-called security-relevant semantic patterns. Based on these results, methods to specify security policy-implied restrictions in terms of such semantic patterns and to assess the compliance of BPEL scripts with these policies have been developed. These methods are particularly suited for assessment of remotely defined BPEL scripts since they allow for pre-execution enforcement of local security policies thereby mitigating or even removing the security implications involved in distributed definition and execution of business processes. As initially envisaged, these methods are comparatively easy to apply, as they are based on technologies customary for practitioners in this field. The viability of the methods proposed for automatic compliance assessment has been proven via a prototypic implementation of the essential functionality required for proof-of-concept.Darmstadt Node of the NRG Network at University of Applied Sciences Darmstad

Knowledge Representation Concepts for Automated SLA Management

Outsourcing of complex IT infrastructure to IT service providers has increased substantially during the past years. IT service providers must be able to fulfil their service-quality commitments based upon predefined Service Level Agreements (SLAs) with the service customer. They need to manage, execute and maintain thousands of SLAs for different customers and different types of services, which needs new levels of flexibility and automation not available with the current technology. The complexity of contractual logic in SLAs requires new forms of knowledge representation to automatically draw inferences and execute contractual agreements. A logic-based approach provides several advantages including automated rule chaining allowing for compact knowledge representation as well as flexibility to adapt to rapidly changing business requirements. We suggest adequate logical formalisms for representation and enforcement of SLA rules and describe a proof-of-concept implementation. The article describes selected formalisms of the ContractLog KR and their adequacy for automated SLA management and presents results of experiments to demonstrate flexibility and scalability of the approach.Comment: Paschke, A. and Bichler, M.: Knowledge Representation Concepts for Automated SLA Management, Int. Journal of Decision Support Systems (DSS), submitted 19th March 200

Towards transparent and secure IoT: Device intents declaration, and user privacy self awareness and control

In recent years, we have seen a growing wave of integration of new IoT (Internet of Things) technologies into society. The massive integration of these technologies has led to the emergence of several critical issues which have consequently created new challenges, for which no obvious answers have yet been found. One of the main challenges has to do with the security and privacy of information processed by IoT devices present in our daily life. At present there are no guarantees from the manufacturers of such IoT devices, which are connected on our networks, as regards the collection and sending of personal information, nor an expected behavior. Thus, in this work, we developed and tested a solution that aims to increase the privacy and security of information in Networks of IoT devices, from the perspective of controlling the communication of smart devices on the network. To include one tool capable of analyzing packets sent by IoT devices and another capable of defining and allowing the application of network traffic control rules to the packets in question. These tools were indispensable for investigation of the two central aspects of this dissertation, which are investigating how the declarations of communication intentions of the IoT devices specified by the manufacturers are used, in order to facilitate control of communication by consumers and enable them to detect violations of those intentions, and how to give users/consumers control over IoT communication, so that they can define what they do and do not want their devices to communicate.Nos últimos anos, assistimos a uma onda de crescimento da integração de novas tecnologias IoT (Internet Of Things) na sociedade. A integração massiva destas tecnologias levou ao aparecimento de vários aspetos críticos que, consequentemente, criou novos desafios, para os quais ainda não foram dadas respostas óbvias. Um dos principais desafios diz respeito à segurança e privacidade da informação dos dispositivos IoT presentes no nosso dia-a-dia. Atualmente, não existem quaisquer garantias por parte dos fabricantes destes equipamentos IoT, que estão conectados nas nossas redes, relativamente à recolha e envio de informação pessoal realizada pelos mesmos, bem como um comportamento expectável. Assim, neste trabalho, desenvolvemos e testamos uma solução que cujo objetivo é aumentar a privacidade e segurança da informação em redes de dispositivos IoT, na perspetiva do controlo da comunicação dos dispositivos inteligentes na rede. Para incluir-se uma ferramenta capaz de efetuar análise dos pacotes enviados pelos dispositivos IoT e uma outra capaz de definir e permitir a aplicação de regras de controlo de tráfego de rede aos pacotes mencionados. Estas ferramentas foram indispensáveis para a investigação dos dois aspetos centrais desta dissertação, que são a investigação de como as declarações de intenções de comunicação dos dispositivos IoT especificados pelos fabricantes são utilizadas, para facilitarem o controlo de comunicação destes pelos consumidores e permitir-lhes detetar violações dessas intenções e como atribuir ao utilizador/consumidor controlo sobre a comunicação IoT, para que este possa explicitar o pretende e não pretende que os seus dispositivos comuniquem

Cloud technology options towards Free Flow of Data

This whitepaper collects the technology solutions that the projects in the Data Protection, Security and Privacy Cluster propose to address the challenges raised by the working areas of the Free Flow of Data initiative. The document describes the technologies, methodologies, models, and tools researched and developed by the clustered projects mapped to the ten areas of work of the Free Flow of Data initiative. The aim is to facilitate the identification of the state-of-the-art of technology options towards solving the data security and privacy challenges posed by the Free Flow of Data initiative in Europe. The document gives reference to the Cluster, the individual projects and the technologies produced by them