Transforming Privacy Policies to Auditing Specifications

Biswas, Debmalya; Niemi, Valtteri

doi:10.1109/hase.2011.51

Cited by 7 publications

(3 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Finally, regarding Auditing process, Biswas and Niemi [29] proposes a solution to streamline the log generation by deriving the auditing specifications directly from the policies to be audited.…”

Section: Feasibilitymentioning

confidence: 99%

Requirements, design and evaluation of a privacy reference architecture for web applications and services

Basso

Moraes

Jino

et al. 2015

Proceedings of the 30th Annual ACM Symposium on Applied Computing

View full text Add to dashboard Cite

Organizational Information Systems (IS) collect, store, and manage personal and business information through web applications and services. Due to regulation laws and to protect the privacy of users, clients, and business partners, such information must be kept private. This paper proposes a privacy reference architecture that can serve as foundation for the analysis, design and development of web applications with privacy concerns. Using the proposed reference architecture, these applications can manage personal information in a more secure manner, protecting such information from different sources of privacy violation. Also, it can be used as a standardization model that facilitates system integration and communication. The architecture was evaluated regarding four key quality attributes: completeness, applicability, usability and feasibility. Results show that it brings values for the stakeholders and is an important tool in the analysis and implementation of applications with privacy protection.

show abstract

Section: Feasibilitymentioning

confidence: 99%

Requirements, design and evaluation of a privacy reference architecture for web applications and services

Basso

Moraes

Jino

et al. 2015

Proceedings of the 30th Annual ACM Symposium on Applied Computing

View full text Add to dashboard Cite

show abstract

“…Regulations and codes of conduct We find tools to define and enforce privacy policies [45], privacy-friendly access control protocols to ensure that data are only accessed by authorized parties [8], and audit tools to verify that no inappropriate access has taken place [5]. For example, Kumari et al [31] propose usage control mechanisms for data shared by smart meters.…”

Section: Related Workmentioning

confidence: 99%

Privacy-preserving smart metering revisited

Rial

Danezis

Kohlweiss

2016

Int. J. Inf. Secur.

View full text Add to dashboard Cite

Privacy-preserving billing protocols are useful in settings where a meter measures user consumption of some service, such as smart metering of utility consumption, payas-you-drive insurance and electronic toll collection. In such settings, service providers apply fine-grained tariff policies that require meters to provide a detailed account of user consumption. The protocols allow the user to pay to the service provider without revealing the user's consumption measurements. Our contribution is twofold. First, we propose a general model where a meter can output meter readings to multiple users, and where a user receives meter readings from multiple meters. Unlike previous schemes, our model accommodates a wider variety of smart metering applications. Second, we describe a protocol based on polynomial commitments that improves the efficiency of previous protocols for tariff policies that employ splines to compute the price due.

show abstract

“…A widespread solution is Shibboleth (Shibboleth, 2014), whose emphasis is on the privacy of user attributes, based on privacy policies and the user's personal preferences. Finally, regarding auditing process, Biswas and Niemi (2011) propose a solution to streamline the log generation process by deriving the auditing specifications directly from the policies to be audited.…”

Section: Privacy Protection Toolsmentioning

confidence: 99%

PrivAPP

Basso¹

View full text Add to dashboard Cite

Web applications and web services are relevant technologies nowadays, supporting a wide range of services, such as e-commerce, e-banking, e-government, and others. Usually, to access these services, users, customers, and business partners need to provide personally identifiable information (PII), such as addresses, social security IDs, and credit card numbers.Furthermore, modern applications can automatically gather information related to users' activities, such as, for example, usage pattern or approximate location. Once this information is made available, it is no longer under the control of their owner regarding how it is actually handled, which raises privacy concerns. If on one hand companies and organizations want to be able to gather, data mine and share PII information, on the other hand they are interested in keeping such information private due to privacy laws and their credibility with respect to how able they are to protect the privacy of their users. This work presents a comprehensive approach to support the analysis, design, and development of web applications and services with privacy concerns. The approach is composed of a Privacy Conceptual Model (systematizes privacy concepts, showing privacy elements and their relations in an organized way), a Privacy Reference Architecture (abstract architecture which describes functionalities that must be addressed during the development of web applications to protect the privacy of the users) and a Privacy UML Profile (extension of the UML language to incorporate privacy concepts) and it allows stakeholders to better understand the privacy domain, as well as modeling and developing web applications consistently with the privacy policies enabling their enforcement. This way, PII can be managed in a more secure manner and protected from different sources of privacy violation. A case study was developed applying the approach to improve privacy protection for an online bookstore. The approach was evaluated considering two important key attributes: applicability and completeness. Results show that the approach adds value to the stakeholders and is an important contribution towards improving the process of designing web applications in the privacy domain.

show abstract

Transforming Privacy Policies to Auditing Specifications

Cited by 7 publications

References 6 publications

Requirements, design and evaluation of a privacy reference architecture for web applications and services

Requirements, design and evaluation of a privacy reference architecture for web applications and services

Privacy-preserving smart metering revisited

PrivAPP

Contact Info

Product

Resources

About