Automatic static analysis of software performance

Performance is a critical component of software quality. Software performance can have drastic repercussions on an application, frustrating its users, breaking the functionality of its components, or even rendering it defenseless against hackers. Unfortunately, unlike in the program verification domain, robust analysis techniques for software performance are almost non-existent. In this thesis we formalize important classes of performance-related bugs and security vulnerabilities, and implement novel static analysis techniques for automatically detecting them in widely used open-source applications. Our tools are able to uncover 92 performance bugs and 47 security vulnerabilities, while analyzing hundreds of thousands of lines of code and reporting a modest amount of false positives. Our work opens a new avenue for research: the development of rigorous automatic analyses for effective software performance understanding, inspired by traditional research in functional verification.Computer Science

Power Consumption Analysis, Measurement, Management, and Issues:A State-of-the-Art Review of Smartphone Battery and Energy Usage

The advancement and popularity of smartphones have made it an essential and all-purpose device. But lack of advancement in battery technology has held back its optimum potential. Therefore, considering its scarcity, optimal use and efficient management of energy are crucial in a smartphone. For that, a fair understanding of a smartphone's energy consumption factors is necessary for both users and device manufacturers, along with other stakeholders in the smartphone ecosystem. It is important to assess how much of the device's energy is consumed by which components and under what circumstances. This paper provides a generalized, but detailed analysis of the power consumption causes (internal and external) of a smartphone and also offers suggestive measures to minimize the consumption for each factor. The main contribution of this paper is four comprehensive literature reviews on: 1) smartphone's power consumption assessment and estimation (including power consumption analysis and modelling); 2) power consumption management for smartphones (including energy-saving methods and techniques); 3) state-of-the-art of the research and commercial developments of smartphone batteries (including alternative power sources); and 4) mitigating the hazardous issues of smartphones' batteries (with a details explanation of the issues). The research works are further subcategorized based on different research and solution approaches. A good number of recent empirical research works are considered for this comprehensive review, and each of them is succinctly analysed and discussed

Identity Management and Authorization Infrastructure in Secure Mobile Access to Electronic Health Records

We live in an age of the mobile paradigm of anytime/anywhere access, as the mobile device is the most ubiquitous device that people now hold. Due to their portability, availability, easy of use, communication, access and sharing of information within various domains and areas of our daily lives, the acceptance and adoption of these devices is still growing. However, due to their potential and raising numbers, mobile devices are a growing target for attackers and, like other technologies, mobile applications are still vulnerable. Health information systems are composed with tools and software to collect, manage, analyze and process medical information (such as electronic health records and personal health records). Therefore, such systems can empower the performance and maintenance of health services, promoting availability, readability, accessibility and data sharing of vital information about a patients overall medical history, between geographic fragmented health services. Quick access to information presents a great importance in the health sector, as it accelerates work processes, resulting in better time utilization. Additionally, it may increase the quality of care. However health information systems store and manage highly sensitive data, which raises serious concerns regarding patients privacy and safety, and may explain the still increasing number of malicious incidents reports within the health domain. Data related to health information systems are highly sensitive and subject to severe legal and regulatory restrictions, that aim to protect the individual rights and privacy of patients. Along side with these legislations, security requirements must be analyzed and measures implemented. Within the necessary security requirements to access health data, secure authentication, identity management and access control are essential to provide adequate means to protect data from unauthorized accesses. However, besides the use of simple authentication models, traditional access control models are commonly based on predefined access policies and roles, and are inflexible. This results in uniform access control decisions through people, different type of devices, environments and situational conditions, and across enterprises, location and time. Although already existent models allow to ensure the needs of the health care systems, they still lack components for dynamicity and privacy protection, which leads to not have desire levels of security and to the patient not to have a full and easy control of his privacy. Within this master thesis, after a deep research and review of the stat of art, was published a novel dynamic access control model, Socio-Technical Risk-Adaptable Access Control modEl (SoTRAACE), which can model the inherent differences and security requirements that are present in this thesis. To do this, SoTRAACE aggregates attributes from various domains to help performing a risk assessment at the moment of the request. The assessment of the risk factors identified in this work is based in a Delphi Study. A set of security experts from various domains were selected, to classify the impact in the risk assessment of each attribute that SoTRAACE aggregates. SoTRAACE was integrated in an architecture with requirements well-founded, and based in the best recommendations and standards (OWASP, NIST 800-53, NIST 800-57), as well based in deep review of the state-of-art. The architecture is further targeted with the essential security analysis and the threat model. As proof of concept, the proposed access control model was implemented within the user-centric architecture, with two mobile prototypes for several types of accesses by patients and healthcare professionals, as well the web servers that handles the access requests, authentication and identity management. The proof of concept shows that the model works as expected, with transparency, assuring privacy and data control to the user without impact for user experience and interaction. It is clear that the model can be extended to other industry domains, and new levels of risks or attributes can be added because it is modular. The architecture also works as expected, assuring secure authentication with multifactor, and secure data share/access based in SoTRAACE decisions. The communication channel that SoTRAACE uses was also protected with a digital certificate. At last, the architecture was tested within different Android versions, tested with static and dynamic analysis and with tests with security tools. Future work includes the integration of health data standards and evaluating the proposed system by collecting users’ opinion after releasing the system to real world.Hoje em dia vivemos em um paradigma móvel de acesso em qualquer lugar/hora, sendo que os dispositivos móveis são a tecnologia mais presente no dia a dia da sociedade. Devido à sua portabilidade, disponibilidade, fácil manuseamento, poder de comunicação, acesso e partilha de informação referentes a várias áreas e domínios das nossas vidas, a aceitação e integração destes dispositivos é cada vez maior. No entanto, devido ao seu potencial e aumento do número de utilizadores, os dispositivos móveis são cada vez mais alvos de ataques, e tal como outras tecnologias, aplicações móveis continuam a ser vulneráveis. Sistemas de informação de saúde são compostos por ferramentas e softwares que permitem recolher, administrar, analisar e processar informação médica (tais como documentos de saúde eletrónicos). Portanto, tais sistemas podem potencializar a performance e a manutenção dos serviços de saúde, promovendo assim a disponibilidade, acessibilidade e a partilha de dados vitais referentes ao registro médico geral dos pacientes, entre serviços e instituições que estão geograficamente fragmentadas. O rápido acesso a informações médicas apresenta uma grande importância para o setor da saúde, dado que acelera os processos de trabalho, resultando assim numa melhor eficiência na utilização do tempo e recursos. Consequentemente haverá uma melhor qualidade de tratamento. Porém os sistemas de informação de saúde armazenam e manuseiam dados bastantes sensíveis, o que levanta sérias preocupações referentes à privacidade e segurança do paciente. Assim se explica o aumento de incidentes maliciosos dentro do domínio da saúde. Os dados de saúde são altamente sensíveis e são sujeitos a severas leis e restrições regulamentares, que pretendem assegurar a proteção dos direitos e privacidade dos pacientes, salvaguardando os seus dados de saúde. Juntamente com estas legislações, requerimentos de segurança devem ser analisados e medidas implementadas. Dentro dos requerimentos necessários para aceder aos dados de saúde, uma autenticação segura, gestão de identidade e controlos de acesso são essenciais para fornecer meios adequados para a proteção de dados contra acessos não autorizados. No entanto, além do uso de modelos simples de autenticação, os modelos tradicionais de controlo de acesso são normalmente baseados em políticas de acesso e cargos pré-definidos, e são inflexíveis. Isto resulta em decisões de controlo de acesso uniformes para diferentes pessoas, tipos de dispositivo, ambientes e condições situacionais, empresas, localizações e diferentes alturas no tempo. Apesar dos modelos existentes permitirem assegurar algumas necessidades dos sistemas de saúde, ainda há escassez de componentes para accesso dinâmico e proteção de privacidade , o que resultam em níveis de segurança não satisfatórios e em o paciente não ter controlo directo e total sobre a sua privacidade e documentos de saúde. Dentro desta tese de mestrado, depois da investigação e revisão intensiva do estado da arte, foi publicado um modelo inovador de controlo de acesso, chamado SoTRAACE, que molda as diferenças de acesso inerentes e requerimentos de segurança presentes nesta tese. Para isto, o SoTRAACE agrega atributos de vários ambientes e domínios que ajudam a executar uma avaliação de riscos, no momento em que os dados são requisitados. A avaliação dos fatores de risco identificados neste trabalho são baseados num estudo de Delphi. Um conjunto de peritos de segurança de vários domínios industriais foram selecionados, para classificar o impacto de cada atributo que o SoTRAACE agrega. O SoTRAACE foi integrado numa arquitectura para acesso a dados médicos, com requerimentos bem fundados, baseados nas melhores normas e recomendações (OWASP, NIST 800-53, NIST 800-57), e em revisões intensivas do estado da arte. Esta arquitectura é posteriormente alvo de uma análise de segurança e modelos de ataque. Como prova deste conceito, o modelo de controlo de acesso proposto é implementado juntamente com uma arquitetura focada no utilizador, com dois protótipos para aplicações móveis, que providênciam vários tipos de acesso de pacientes e profissionais de saúde. A arquitetura é constituída também por servidores web que tratam da gestão de dados, controlo de acesso e autenticação e gestão de identidade. O resultado final mostra que o modelo funciona como esperado, com transparência, assegurando a privacidade e o controlo de dados para o utilizador, sem ter impacto na sua interação e experiência. Consequentemente este modelo pode-se extender para outros setores industriais, e novos níveis de risco ou atributos podem ser adicionados a este mesmo, por ser modular. A arquitetura também funciona como esperado, assegurando uma autenticação segura com multi-fator, acesso e partilha de dados segura baseado em decisões do SoTRAACE. O canal de comunicação que o SoTRAACE usa foi também protegido com um certificado digital. A arquitectura foi testada em diferentes versões de Android, e foi alvo de análise estática, dinâmica e testes com ferramentas de segurança. Para trabalho futuro está planeado a integração de normas de dados de saúde e a avaliação do sistema proposto, através da recolha de opiniões de utilizadores no mundo real

An Experimental Evaluation of Smart Toys’ Security and Privacy Practices

Smart toys have captured an increasing share of the toy market, and are growing ubiquitous in households with children. These toys can be considered as a subset of Internet of Things (IoT) devices, often containing sensors and artificial intelligence capabilities. They may collect personal information, and frequently have Internet connectivity directly or indirectly through companion apps. Recent studies have found security flaws in many smart toys that have led to serious privacy leaks or allowed tracking a child’s physical location. Some well-publicized discoveries of this nature have led governments around the world to ban some of these toys. To complement recent efforts in analyzing and quantifying security and privacy issues of smart toys, we set out to create two thorough analysis frameworks that are specifically crafted for smart toys. The first framework is designed to analyze legally-binding privacy policies and terms-of-use documentation of smart toys. It is based on a set of privacy-sensitive criteria that we carefully define to systematically evaluate selected privacy aspects of smart toys. We augment our work with a static analysis for the companion Android apps, which are, in most cases, essential for intended functioning of the toys. We use our framework to evaluate a representative set of 11 smart toys, along with 11 companion apps. Our analysis highlights several instances of unnecessary collection of privacy-sensitive information, the use of over-privileged apps, incomplete/lack of information about data storage practices and legal compliance. The proposed framework is a step towards enabling a comparison of smart toys from a privacy perspective, which can be useful to parents, regulatory bodies, and law-makers. The second framework is used to investigate security and privacy practices - based on experimental analysis - of those specific kinds of IoT devices. In particular, we inspect the real practice of smart toys to determine the personal information they collect and security measures used to protect them. We also investigate potential security and privacy flaws in smart toys that can lead to leakage of private information, or allow an adversary to control the toy to lure, harm, or distress a child. Smart toys pose risks unique to this category of devices, and our work is intended to define these risks and assess a subset of toys against them. We perform a thorough experimental analysis of five smart toys and their companion apps. Our systematic analysis has uncovered that several of these toys may expose children to multiple threats through physical, nearby, or remote access to the toy. The presented frameworks unite and complement several existing adhoc analyses, and help comprehensive evaluation of other smart toys

Principles of Security and Trust: 7th International Conference, POST 2018, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2018, Thessaloniki, Greece, April 14-20, 2018, Proceedings

authentication; computer science; computer software selection and evaluation; cryptography; data privacy; formal logic; formal methods; formal specification; internet; privacy; program compilers; programming languages; security analysis; security systems; semantics; separation logic; software engineering; specifications; verification; world wide we

On Privacy Notions in Anonymous Communication

Many anonymous communication networks (ACNs) with different privacy goals have been developed. However, there are no accepted formal definitions of privacy and ACNs often define their goals and adversary models ad hoc. However, for the understanding and comparison of different flavors of privacy, a common foundation is needed. In this paper, we introduce an analysis framework for ACNs that captures the notions and assumptions known from different analysis frameworks. Therefore, we formalize privacy goals as notions and identify their building blocks. For any pair of notions we prove whether one is strictly stronger, and, if so, which. Hence, we are able to present a complete hierarchy. Further, we show how to add practical assumptions, e.g. regarding the protocol model or user corruption as options to our notions. This way, we capture the notions and assumptions of, to the best of our knowledge, all existing analytical frameworks for ACNs and are able to revise inconsistencies between them. Thus, our new framework builds a common ground and allows for sharper analysis, since new combinations of assumptions are possible and the relations between the notions are known

Online Privacy in Mobile and Web Platforms: Risk Quantification and Obfuscation Techniques

The wide-spread use of the web and mobile platforms and their high engagement in human lives pose serious threats to the privacy and confidentiality of users. It has been demonstrated in a number of research works that devices, such as desktops, mobile, and web browsers contain subtle information and measurable variation, which allow them to be fingerprinted. Moreover, behavioural tracking is another form of privacy threat that is induced by the collection and monitoring of users gestures such as touch, motion, GPS, search queries, writing pattern, and more. The success of these methods is a clear indication that obfuscation techniques to protect the privacy of individuals, in reality, are not successful if the collected data contains potentially unique combinations of attributes relating to specific individuals. With this in view, this thesis focuses on understanding the privacy risks across the web and mobile platforms by identifying and quantifying the privacy leakages and then designing privacy preserving frameworks against identified threats. We first investigate the potential of using touch-based gestures to track mobile device users. For this purpose, we propose and develop an analytical framework that quantifies the amount of information carried by the user touch gestures. We then quantify users privacy risk in the web data using probabilistic method that incorporates all key privacy aspects, which are uniqueness, uniformity, and linkability of the web data. We also perform a large-scale study of dependency chains in the web and find that a large proportion of websites under-study load resources from suspicious third-parties that are known to mishandle user data and risk privacy leaks. The second half of the thesis addresses the abovementioned identified privacy risks by designing and developing privacy preserving frameworks for the web and mobile platforms. We propose an on-device privacy preserving framework that minimizes privacy leakages by bringing down the risk of trackability and distinguishability of mobile users while preserving the functionality of the existing apps/services. We finally propose a privacy-aware obfuscation framework for the web data having high predicted risk. Using differentially-private noise addition, our proposed framework is resilient against adversary who has knowledge about the obfuscation mechanism, HMM probabilities and the training dataset

Design, analysis and implementation of advanced methodologies to measure the socio-economic impact of personal data in large online services

El ecosistema web es enorme y, en general, se sustenta principalmente en un atributo intangible que sostiene la mayoría de los servicios gratuitos: la explotación de la información personal del usuario. A lo largo de los años, la preocupación por la forma en que los servicios utilizan los datos personales ha aumentado y atraído la atención de los medios de comunicación, gobiernos, reguladores y también de los usuarios. Esta recogida de información personal es hoy en día la principal fuente de ingresos en Internet. Además, por si fuera poco, la publicidad online es la pieza que lo sustenta todo. Sin la existencia de datos personales en comunión con la publicidad online, Internet probablemente no sería el gigante que hoy conocemos. La publicidad online es un ecosistema muy complejo en el que participan múltiples actores. Es el motor principal que genera ingresos en la red, y en pocos años ha evolucionado hasta llegar a miles de millones de usuarios en todo el mundo. Mientras navegan, los usuarios generan datos muy valiosos sobre sí mismos que los anunciantes utilizan después para ofrecerles productos relevantes en los que podrían estar interesados. Se trata de un enfoque bidireccional, ya que los anunciantes pagan a intermediarios para que muestren anuncios al público que, en principio, está más interesado. Sin embargo, este comercio, intercambio y tratamiento de datos personales, además de abrir nuevas vías de publicidad, exponen la privacidad de los usuarios. Esta incesante recopilación y comercialización de la información personal suele quedar tras un muro opaco, donde el usuario generalmente desconoce para qué se utilizan sus datos. Las iniciativas de privacidad y transparencia se han incrementado a lo largo de los años para empoderar al usuario en este negocio que mueve miles de millones de dólares en ingresos. No en vano, tras varios escándalos, como el de Facebook Cambridge Analytica, las empresas y los reguladores se han unido para crear transparencia y proteger a los usuarios de las malas prácticas derivadas del uso de su información personal. Por ejemplo, el Reglamento General de Protección de Datos, es el ejemplo más prometedor de regulación, que afecta a todos los estados miembros de la Unión Europea, abogando por la protección de los usuarios. El contenido de esta tesis tomará como referencia esta legislación. Por todo ello, el propósito de esta tesis consiste en aportar herramientas y metodologías que pongan de manifiesto usos inapropiados de datos personales por las grandes compañías del ecosistema publicitario online, y cree transparencia entre los usuarios, proporcionando, a su vez, soluciones para que se protejan. Así pues, el contenido de esta tesis ofrece diseño, análisis e implementación de metodologías que miden el impacto social y económico de la información personal online en los servicios extensivos de Internet. Principalmente, se centra en Facebook, una de las mayores redes sociales y servicios en la web, que cuenta con más de 2,8B de usuarios en todo el mundo y generó unos ingresos solo en publicidad online de más de 84 mil millones de dólares en el año 2020. En primer lugar, esta tesis presenta una solución, en forma de extensión del navegador llamada FDVT (Data Valuation Tool for Facebook users), para proporcionar a los usuarios una estimación personalizada y en tiempo real del dinero que están generando para Facebook. Analizando el número de anuncios e interacciones en una sesión, el usuario obtiene información sobre su valor dentro de esta red social. La extensión del navegador ha tenido una importante repercusión y adopción tanto por parte de los usuarios, instalándose más de 10k veces desde su lanzamiento público en octubre de 2016, como de los medios de comunicación, apareciendo en más de 100 medios. En segundo lugar, el estudio e investigación de los posibles riesgos asociados al tratamiento de los datos de los usuarios debe seguir también a la creación de este tipo de soluciones. En este contexto, esta tesis descubre y desvela resultados impactantes sobre el uso de la información personal: (i) cuantifica el número de usuarios afectados por el uso de atributos sensibles utilizados para la publicidad en Facebook, utilizando como referencia la definición de datos sensibles del Reglamento General de Protección de Datos. Esta tesis se basa en el uso de Procesamiento de Lenguaje Natural para identificar los atributos sensibles, y posteriormente utiliza el la plataforma de creación de anuncios de Facebook para recuperar el número de usuarios asignados con esta información sensible. Dos tercios de los usuarios de Facebook se ven afectados por el uso de datos personales sensibles que se les atribuyen. Además, la legislación parece no tener efecto en este uso de atributos sensibles por parte de Facebook, y presenta graves riesgos para los usuarios. (ii) Se modela cuál es el número de atributos que no identifican a priori personalmente al usuario y que aun así son suficientes para identificar de forma única a un individuo sobre una base de datos de miles de millones de usuarios, y se demuestra que llegar a un solo usuario es plausible incluso sin conocer datos que lo identifiquen personalmente de ellos mismos. Los resultados demuestran que 22 intereses al azar de un usuario son suficientes para identificarlo unívocamente con un 90% de probabilidad, y 4 si tomamos los menos populares. Por último, esta tesis se ha visto afectada por el estallido de la pandemia del COVID- 19, lo que ha contribuido al análisis de la evolución del mercado de la publicidad en línea con este periodo. La investigación demuestra que el mercado de la publicidad muestra una inelasticidad casi perfecta en la oferta y que cambió su composición debido a un cambio en el comportamiento en línea de los usuarios. También ilustra el potencial que tiene la utilización de los datos de los grandes servicios en línea, dado que ya tienen una alta tasa de adopción, y presenta un protocolo para la localización de contactos que han estado potencialmente expuestos a personas que direon positivo en COVID-19, en contraste con el fracaso de las nuevas aplicaciones de localización de contactos. En conclusión, la investigación de esta tesis muestra el impacto social y económico de la publicidad online y de los grandes servicios online en los usuarios. La metodología utilizada y desplegada sirve para poner de manifiesto y cuantificar los riesgos derivados de los datos personales en los servicios en línea. Presenta la necesidad de tales herramientas y metodologías en consonancia con la nueva legislación y los deseos de los usuarios. Siguiendo estas peticiones, en la búsqueda de transparencia y privacidad, esta tesis muestra soluciones y medidas fácilmente implementables para prevenir estos riesgos y capacitar al usuario para controlar su información personal.The web ecosystem is enormous, and overall it is sustained by an intangible attribute that mainly supports the majority of free services: the exploitation of personal information. Over the years, concerns on how services use personal data have increased and attracted the attention of media and users. This collection of personal information is the primary source of revenue on the Internet nowadays. Furthermore, on top of this, online advertising is the piece that supports it all. Without the existence of personal data in communion with online advertising, the Internet would probably not be the giant we know today. Online advertising is a very complex ecosystem in which multiple stakeholders take part. It is the motor that generates revenue on the web, and it has evolved in a few years to reach billions of users worldwide. While browsing, users generate valuable data about themselves that advertisers later use to offer them relevant products in which users could be interested. It is a two-way approach since advertisers pay intermediates to show ads to the public that is, in principle, most interested. However, this trading, sharing, and processing of personal data and behavior patterns, apart from opening up new advertising ways, expose users’ privacy. This incessant collection and commercialization of personal information usually fall behind an opaque wall, where the user often does not know what their data is used for. Privacy and transparency initiatives have increased over the years to empower the user in this business that moves billions of US dollars in revenue. Not surprisingly, after several scandals, such as the Facebook Cambridge Analytica scandal, businesses and regulators have joined forces to create transparency and protect users against the harmful practices derived from the use of their personal information. For instance, the General Data Protection Regulation (GDPR), is the most promising example of a data protection regulation, affecting all the member states of the European Union (EU), advocating for protecting users. The content of this thesis will use this legislation as a reference. For all these reasons, the purpose of this thesis is to provide tools and methodologies that reveal inappropriate uses of personal data by large companies in the online advertising ecosystem and create transparency among users, providing solutions to protect themselves. Thus, the content of this thesis offers design, analysis, and implementation of methodologies that measure online personal information’s social and economic impact on extensive Internet services. Mainly, it focuses on Facebook (FB), one of the largest social networks and services on the web, accounting with more than 2.8B Monthly Active Users (MAU) worldwide and generating only in online advertising revenue, more than $84B in 2020. First, this thesis presents a solution, in the form of a browser extension called Data Valuation Tool for Facebook users (FDVT), to provide users with a personalized, real-time estimation of the money they are generating for FB. By analyzing the number of ads and interactions in a session, the user gets information on their value within this social network. The add-on has had significant impact and adoption both by users, being installed more than 10k times since its public launch in October 2016, and media, appearing in more than 100 media outlets. Second, the study and research of the potential risks associated with processing users’ data should also follow the creation of these kinds of solutions. In this context, this thesis discovers and unveils striking results on the usage of personal information: (i) it quantifies the number of users affected by the usage of sensitive attributes used for advertising on FB, using as reference the definition of sensitive data from the GDPR. This thesis relies on the use of Natural Language Processing (NLP) to identify sensitive attributes, and it later uses the FB Ads Manager to retrieve the number of users assigned with this sensitive information. Two-thirds of FB users are affected by the use of sensitive personal data attributed to them. Moreover, the legislation seems not to affect this use of sensitive attributes from FB, and it presents severe risks to users. (ii) It models the number of non-Personal Identifiable Information (PII) attributes that are enough to uniquely identify an individual over a database of billions of users and proofs that reaching a single user is plausible even without knowing PII data of themselves. The results demonstrate that 22 interests at random from a user are enough to identify them uniquely with a 90% of probability, and 4 when taking the least popular ones. Finally, this thesis was affected by the outbreak of the COVID-19 pandemic what led to side contribute to the analysis of how the online advertising market evolved during this period. The research shows that the online advertising market shows an almost perfect inelasticity on supply and that it changed its composition due to a change in users’ online behavior. It also illustrates the potential of using data from large online services which already have a high adoption rate and presents a protocol for contact tracing individuals who have been potentially exposed to people who tested positive in COVID-19, in contrast to the failure of newly deployed contact tracing apps. In conclusion, the research for this thesis showcases the social and economic impact of online advertising and extensive online services on users. The methodology used and deployed is used to highlight and quantify the risks derived from personal data in online services. It presents the necessity of such tools and methodologies in line with new legislation and users’ desires. Following these requests, in the search for transparency and privacy, this thesis displays easy implementable solutions and measurements to prevent these risks and empower the user to control their personal information.This work was supported by the Ministerio de Educación, Cultura y Deporte, Spain, through the FPU Grant FPU16/05852, the Ministerio de Ciencia e Innovación, Spain, through the project ACHILLES Grant PID2019-104207RB-I00, the H2020 EU-Funded SMOOTH project under Grant 786741, and the H2020 EU-Funded PIMCITY project under Grant 871370.Programa de Doctorado en Ingeniería Telemática por la Universidad Carlos III de MadridPresidente: David Larrabeiti López.- Secretario: Gregorio Ignacio López López.- Vocal: Noel Cresp