Privacy Issues in Web Services: An Ontology Based Solution

AbstractPrivacy is the right of a person to specify that when, how and to what amount information about him is disclosed to others. Due to the tremendous use and popularity of web services, the likelihood of intentional and unintentional privacy disclosures is also increasing. The web services users generate a rich amount of information when they browse the websites of the service providers, access social networking sites to post their comments & product reviews, and store their data in the cloud. The data such generated is a voluminous and valuable treasure for the marketers as well as advertisers. The emerging technologies and fast increasing online activities of users are posing new threats to user's privacy and digital life. While accessing the web services, users unknowingly agree to the privacy policy of the service provider through which they authorize the service providers to collect and share their personally identifiable information. Most of the users think that while accepting the privacy policy of the service provider, they are protecting their privacy but actually they are signing the policy which informs them about the privacy rights they are surrendering to the service providers. In this paper, we aim to minimise the privacy related information disclosure of the user through various prevalent semantic web based technologies

Ontology-based access control for social network systems

As the information flowing around in social network systems is mainly related or can be attributed to their users, controlling access to such information by individual users becomes a crucial requirement. The intricate semantic relations among data objects, different users, and between data objects and users further add to the complexity of access control needs. In this paper, we propose an access control model based on semantic web technologies that takes into account the above mentioned complex relations. The proposed model enables expressing much more fine-grained access control policies on a social network knowledge base than the existing models. We demonstrate the applicability of our approach by implementing a proof-of-concept prototype of the proposed access control framework and evaluating its performance

A model-driven privacy compliance decision support for medical data sharing in Europe

Objectives: Clinical practitioners and medical researchers often have to share health data with other colleagues across Europe. Privacy compliance in this context is very important but challenging. Automated privacy guidelines are a practical way of increasing users' awareness of privacy obligations and help eliminating unintentional breaches of privacy. In this paper we present an ontology-plus-rules based approach to privacy decision support for the sharing of patient data across European platforms. Methods: We use ontologies to model the required domain and context information about data sharing and privacy requirements. In addition, we use a set of Semantic Web Rule Language rules to reason about legal privacy requirements that are applicable to a specific context of data disclosure. We make the complete set invocable through the use of a semantic web application acting as an interactive privacy guideline system can then invoke the full model in order to provide decision support. Results: When asked, the system will generate privacy reports applicable to a specific case of data disclosure described by the user. Also reports showing guidelines per Member State may be obtained. Conclusion: The advantage of this approach lies in the expressiveness and extensibility of the modelling and inference languages adopted and the ability they confer to reason with complex requirements interpreted from high level regulations. However, the system cannot at this stage fully simulate the role of an ethics committee or review board. © Schattauer 2011

Protecting Personal Private Information in Collaborative Environments

The ability to collaborate has always been vitally important to businesses and enterprises. With the availability of current networking and computing power, the creation of Collaborative Working Environments (CWEs) has allowed for this process to occur anytime over any geographical distance. Sharing information between individuals through collaborative environments creates new challenges in privacy protection for organizations and the members of organizations. This thesis confronts the problems when attempting to protect the personal private information of collaborating individuals. In this thesis, a privacy-by-policy approach is taken to addressing the issue of protecting private information within collaborative environments. A privacy-by-policy approach to privacy protection provides collaborating individuals with notice and choice surrounding their private information, in order to provide an individual with a level of control over how their information is to be used. To this end, a collaborative privacy architecture for providing privacy within a collaborative environment is presented. This architecture uses ontologies to express the static concept and relation definitions required for privacy and collaboration. The collaborative privacy architecture also contains a Collaborative Privacy Manager (CPM) service which handles changes in dynamic collaborative environments. The goals of this thesis are to provide privacy mechanisms for the non-client centric situation of collaborative working environments. This thesis also strives to provide privacy through technically enforceable and customizable privacy policies. To this end, individual collaborators are provided with access, modification rights, and transparency through the use of ontologies built into the architecture. Finally, individual collaborators are provided these privacy protections in a way that is easy to use and understand and use. A collaborative scenario as a test case is described to present how this architecture would benefit individuals and organizations when they are engaged in collaborative work. In this case study a university and hospital are engaged in collaborative research which involves the use of private information belonging to collaborators and patients from the hospital. This case study also highlights how different organizations can be under different sets of legislative guidelines and how these guidelines can be incorporated into the privacy architecture. Through this collaboration scenario an implementation of the collaborative privacy architecture is provided, along with results from semantic and privacy rule executions, and measurements of how actions carried out by the architecture perform under various conditions

Ontology for Blind SQL Injection

In cyberspace, there exists a prevalent problem that heavily occurs to web application databases and that is the exploitation of websites by using SQL injection attacks. This kind of attack becomes more difficult when it comes to blind SQL vulnerabilities. In this paper, we will first make use of this vulnerability, and subsequently, we will build an ontology (OBSQL) to address the detection of the blind SQL weakness. Therefore, to achieve the exploitation, we reproduce the attacks against a website in production mode. We primarily detect the presence of the vulnerability, after we use our tools to abuse it. Last but not least, we prove the importance of applying ontology in cybersecurity for this matter. The mitigation techniques in our ontology will be addressed in our future work

Privacy-preserving Transactions on the Web

There is a rapid growth in the number of applications using sensitive and personal information on the World Wide Web. This growth creates an urgent need to maintain the anonymity of the participants in many web transactions and to preserve the privacy of their sensitive data during data dissemination over the web. First, maintaining the anonymity of users on the World Wide Web is essential for a number of web applications. Anonymity cannot be assured by single interested individuals or an organization but requires participation from other web nodes owned by other entities. Second, preserving the privacy of sensitive data is another very important issue in web transactions. Today, exchanging and sharing personal data between various participants in web transactions endangers privacy. In this article, we discuss various research directions and challenges that need to be addressed while trying to accomplish our goal of maintaining the anonymity of participants and preserving the privacy of sensitive data in web transactions. To maintain anonymity of participants in a web transaction, we propose a method based on the modi fied form of the club mechanism with economic incentives, a solution which rests upon the Prisoner’s Dilemma approach. We compare our approach to other well-known dat a-sharing approaches such as Crowds, Tor, Tarzan and LPWA. To maintain the privacy of sensitive data, we propose a solution based on privacy-preserving data dissemination (P2D2). We also present a solution to implement our approach using Semantic Web Rule Languages and Jena—a Java-based inference engine

Semantic-based policy engineering for autonomic systems

This paper presents some important directions in the use of ontology-based semantics in achieving the vision of Autonomic Communications. We examine the requirements of Autonomic Communication with a focus on the demanding needs of ubiquitous computing environments, with an emphasis on the requirements shared with Autonomic Computing. We observe that ontologies provide a strong mechanism for addressing the heterogeneity in user task requirements, managed resources, services and context. We then present two complimentary approaches that exploit ontology-based knowledge in support of autonomic communications: service-oriented models for policy engineering and dynamic semantic queries using content-based networks. The paper concludes with a discussion of the major research challenges such approaches raise

Authorization schema for electronic health-care records: for Uganda

This thesis discusses how to design an authorization schema focused on ensuring each patient's data privacy within a hospital information system

Security Management Framework for the Internet of Things

The increase in the design and development of wireless communication technologies offers multiple opportunities for the management and control of cyber-physical systems with connections between smart and autonomous devices, which provide the delivery of simplified data through the use of cloud computing. Given this relationship with the Internet of Things (IoT), it established the concept of pervasive computing that allows any object to communicate with services, sensors, people, and objects without human intervention. However, the rapid growth of connectivity with smart applications through autonomous systems connected to the internet has allowed the exposure of numerous vulnerabilities in IoT systems by malicious users. This dissertation developed a novel ontology-based cybersecurity framework to improve security in IoT systems using an ontological analysis to adapt appropriate security services addressed to threats. The composition of this proposal explores two approaches: (1) design time, which offers a dynamic method to build security services through the application of a methodology directed to models considering existing business processes; and (2) execution time, which involves monitoring the IoT environment, classifying vulnerabilities and threats, and acting in the environment, ensuring the correct adaptation of existing services. The validation approach was used to demonstrate the feasibility of implementing the proposed cybersecurity framework. It implies the evaluation of the ontology to offer a qualitative evaluation based on the analysis of several criteria and also a proof of concept implemented and tested using specific industrial scenarios. This dissertation has been verified by adopting a methodology that follows the acceptance in the research community through technical validation in the application of the concept in an industrial setting.O aumento no projeto e desenvolvimento de tecnologias de comunicação sem fio oferece múltiplas oportunidades para a gestão e controle de sistemas ciber-físicos com conexões entre dispositivos inteligentes e autônomos, os quais proporcionam a entrega de dados simplificados através do uso da computação em nuvem. Diante dessa relação com a Internet das Coisas (IoT) estabeleceu-se o conceito de computação pervasiva que permite que qualquer objeto possa comunicar com os serviços, sensores, pessoas e objetos sem intervenção humana. Entretanto, o rápido crescimento da conectividade com as aplicações inteligentes através de sistemas autônomos conectados com a internet permitiu a exposição de inúmeras vulnerabilidades dos sistemas IoT para usuários maliciosos. Esta dissertação desenvolveu um novo framework de cibersegurança baseada em ontologia para melhorar a segurança em sistemas IoT usando uma análise ontológica para a adaptação de serviços de segurança apropriados endereçados para as ameaças. A composição dessa proposta explora duas abordagens: (1) tempo de projeto, o qual oferece um método dinâmico para construir serviços de segurança através da aplicação de uma metodologia dirigida a modelos, considerando processos empresariais existentes; e (2) tempo de execução, o qual envolve o monitoramento do ambiente IoT, a classificação de vulnerabilidades e ameaças, e a atuação no ambiente garantindo a correta adaptação dos serviços existentes. Duas abordagens de validação foram utilizadas para demonstrar a viabilidade da implementação do framework de cibersegurança proposto. Isto implica na avaliação da ontologia para oferecer uma avaliação qualitativa baseada na análise de diversos critérios e também uma prova de conceito implementada e testada usando cenários específicos. Esta dissertação foi validada adotando uma metodologia que segue a validação na comunidade científica através da validação técnica na aplicação do nosso conceito em um cenário industrial