Language-Based Mechanisms for Privacy-by-Design

Tokas, Shukun; Owe, Olaf; Ramezanifarkhani, Toktam

doi:10.1007/978-3-030-42504-3_10

Cited by 8 publications

(12 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Additionally, to overcome security-critical situations that are one of the most challenging areas today, we aim to customize and extend CSDP to mitigate the attacks impact on the system, for example, by considering access control violation in the underlying modeling language [41]. Moreover, to prevent security vulnerabilities in software systems, we intend to investigate the CSDP effectiveness in secure software development to provide security by design to practically enforce GDPR [42].…”

Section: Discussionmentioning

confidence: 99%

A Crisis Situations Decision-Making Systems Software Development Process With Rescue Experiences

et al. 2020

Self Cite

View full text Add to dashboard Cite

Previously, we have proposed a computational model for decision-making in crisis situations called C-RPD (Computational Recognition Primed Decision). In this paper, a software development process customized for Crisis Situations Decision-Making Systems (CSDMSs) is proposed. Agile processes can skillfully manage uncertainty in software requirements and some of their features like incremental development can solve some problems in developing CSDMSs. However, these processes do not provide comprehensive solutions for issues like the lack of enough knowledge about CSDMSs, very rapid changes, urgent need to overcome security challenges, high development unpredictability, and the performance test. Extreme Programming (XP) is one of the best and most widely-used agile processes. In this article, a customized version of XP called Crisis Situations Decision-Making Systems Software Development Process (CSDP) is proposed. Standing first and second in five national and international RoboCup rescue agent simulation tournaments from 2006 to 2010 bear witness to the efficiency of the developed software using CSDP. Relying on its characteristics, CSDP has been able to practically tackle the challenges of developing CSDMSs such as the lack of crisis-related knowledge and cumulative nature of crisis-related knowledge, difficulty of extracting knowledge, long development cycle, and sudden and frequent changes in system requirements. INDEX TERMS Agile software development process, crisis management, crisis situations decision-making system, naturalistic decision making, recognition primed decision model, RoboCup rescue simulation agent benchmark.

show abstract

Section: Discussionmentioning

confidence: 99%

A Crisis Situations Decision-Making Systems Software Development Process With Rescue Experiences

et al. 2020

Self Cite

View full text Add to dashboard Cite

show abstract

“…Then, a data inventory tool GROK maps data types in code to high-level policy concepts, and the compliance checking then reduces to a form of information flow analysis. This is similar to our approach in [4] where we associate policy with the types carrying sensitive information, but the difference is that the type-policy mapping is integrated in the language. The policy specification language in [11] has some similarities with our work: the semantics of policies is compositional and policies are expressed as lists of positive and negative policies.…”

Section: Related Workmentioning

confidence: 98%

“…The runtime checking uses two special notions: The current purpose, denoted R current , is the purpose of the enclosing method, which we assume is statically specified, as in [4]. (Alternatively one could take the purpose defined in some other way, for instance by data-flow graphs as in [7].)…”

Section: Runtime Tagging Of Valuesmentioning

confidence: 99%

See 1 more Smart Citation

A Formal Framework for Consent Management

Tokas

Owe

2020

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

The aim of this work is to design a formal framework for consent management in line with EU's General Data Protection Regulation (GDPR). To make a general solution, we consider a high-level modeling language for distributed service-oriented systems, building on the paradigm of active objects. Our framework provides a general solution for data subjects to observe and change their privacy settings and to be informed about all personal data stored about them. The solution consists of a set of predefined types for privacy related concepts, a formalization of policy compliance, a set of interfaces that forms the basis of interaction with external users for consent management, a set of classes that is used in interaction with the runtime system, and a runtime system enforcing the consented policies.

show abstract

“…Belli et al (2017), Hansen et al (2008), Makri and Lambrinoudakis (2015), Ringmann et al (2018), Romanou (2018), andSchneider (2018) discuss and compare existing PbD principles. Tamburri (2020) and Tokas et al (2020) formalize the PbD principles included in the GDPR. Several other papers (Ahmadian et al, 2019;Alshammari & Simpson, 2017;Baldassarre et al, 2019;Bier et al, 2014;Cavoukian, 2020;Colesky et al, 2016;Finneran Dennedy et al, 2014;Drozd, 2016;Martín & Del Álamo, 2017;Mayfield, 2016;Suphakul & Senivongse, 2017) refine or implement PbD principles proposed by others.…”

Section: Privacy By Design Principlesmentioning

confidence: 99%

Data, data and even more data : empowering users to make well-informed decisions about online privacy

Barth¹

View full text Add to dashboard Cite

particular context and focusing on actual use of data and intended outcomes of data gathering might prove successful. To date, the balance between granularity and generalization of contexts remains unresolved (Solove, 2002). However, regulations specifying concrete conditions for processing personal data "are the decisive test for discerning whether [or not] society is aware of this price and willing to pay it. If the signs of experience are correct, this payment can be delayed no further" (Simitis, 1987; p. 746). Beyond access control and authentication:A technical perspective on information privacy "Computers constantly produce data. It's their input and output, but it's also a by-product of everything they do…they sense and record more than you're aware of" (Schneier, 2015, p. 15).The era of big data and unprecedented interconnectivity has allowed companies to amass datasets containing incredible amounts of personal information. By recording, storing, tracking and linking events over time, computers are able to identify patterns and gain insights into the individual preferences, interests or personal characteristics of users. As a result, behavioral tracking-and the profiling it makes possible-stand to become one of the most serious threats to privacy ever known.Techniques such as browser cookies and tracking 'pixels' allow monitoring the behavior of individual users across the internet. Cookies were designed to allow websites to recognize visitors to provide features such as automatic login, shopping carts, language settings, or saving preferences. However, advertising companies are increasingly using this technology on a large scale to record the activity of users across a large number of websites (Castelluccia, 2012;Nikiforakis et al., 2013). They do so by asking website owners to insert a small script (also known as a 'tracking pixel') into their pages in exchange for usage statistics. This allows advertising companies to create surprisingly accurate profiles of individuals based on their online behavior, potentially including information they might not even be aware of themselves (Gutwirth & Hildebrandt, 2008). These profiles are usually used to target ads, but they are also sold and shared, enabling discrimination and manipulation (Lyon, 2003;Zarsky, 2019). This kind of tracking is often invisible to users. Even if cookies are disabled or blocked, 'fingerprinting' allows tracking scripts to identify individuals based on specific configurations that are unique to the browser. This allows tracking users between 24 | Chapter 1 2 The privacy paradox -Investigating discrepancies between expressed privacy concerns and actual online behavior -A systematic literature review Barth, S., & De Jong, M. D. T. (2017). The privacy paradox -Investigating discrepancies between expressed privacy concerns and actual online behavior -A systematic literature review.

show abstract

Language-Based Mechanisms for Privacy-by-Design

Cited by 8 publications

References 18 publications

A Crisis Situations Decision-Making Systems Software Development Process With Rescue Experiences

A Crisis Situations Decision-Making Systems Software Development Process With Rescue Experiences

A Formal Framework for Consent Management

Data, data and even more data : empowering users to make well-informed decisions about online privacy

Contact Info

Product

Resources

About