nach oben

Erschienen in:

2020 | OriginalPaper | Buchkapitel

pQUANT: A User-Centered Privacy Risk Analysis Framework

verfasst von : Welderufael B. Tesfay, Dimitra Nastouli, Yannis C. Stamatiou, Jetzabel M. Serna

Erschienen in: Risks and Security of Internet and Systems

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

The last few decades have entertained a fast digital transformation of our daily activities. This has brought about numerous benefits as well as unanticipated consequences. As such, on the consequences side, information privacy incidents have become prevalent. This has further raised the concern of users and data protection bodies alike. Thus, quantifying and communicating privacy risks plays paramount role in raising user awareness, designing appropriate technical solutions, and enacting legal frameworks. However, previous research in privacy risk quantification has not considered the user’s heterogeneously subjective perceptions of privacy, and her right to informational self determination since, often, the privacy risk analysis and prevention takes place once the data is out of her control. In this paper, we present a user-centered privacy risk quantification framework coupled with granular and usable privacy risk warnings. The framework takes a new approach in that it empowers users to take informed privacy protection decisions prior to unintended data disclosure.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Correction to: “I do it because they do it”: Social-Neutralisation in Information Security Practices of Saudi Medical Interns

Nächstes Kapitel An Industrial Trial of an Approach to Identification and Modelling of Cybersecurity Risks in the Context of Digital Secondary Substations

CNIL, How to implement the data protection act, (2012). URL http://goo.gl/jdlw5O, last access, May 2, 2017.

The descriptions of the attributes http://archive.ics.uci.edu/ml/machine-learning-databases/adult/adult.names.

Data philanthropy is a newly emerging concept in which private sector, or citizens participate in donating data for the public good, cf. http://corporatecitizenship.bc.edu/data-philanthropy.

The EU data protection reform and big data factsheet. http://www.ec.europa.eu/justice/data-protection/files/data-protection-big-data_factsheet_web_en.pdf. Accessed 07 June 2017

Acquisti, A., Brandimarte, L., Loewenstein, G.: Privacy and human behavior in the age of information. Science 347(6221), 509–514 (2015)CrossRef

Bal, G., Rannenberg, K., Hong, J.: Styx: design and evaluation of a new privacy risk communication method for smartphones. In: Cuppens-Boulahia, N., Cuppens, F., Jajodia, S., Abou El Kalam, A., Sans, T. (eds.) SEC 2014. IAICT, vol. 428, pp. 113–126. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-55415-5_10CrossRef

Banerjee, M., Karimi Adl, R., Wu, L., Barker, K.: Quantifying privacy violations. In: Jonker, W., Petković, M. (eds.) SDM 2011. LNCS, vol. 6933, pp. 1–17. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-23556-6_1CrossRef

Biega, J., Mele, I., Weikum, G.: Probabilistic prediction of privacy risks in user search histories. In: Proceedings of the First International Workshop on Privacy and Security of Big Data, pp. 29–36. ACM (2014)

Christin, D., Michalak, M., Hollick, M.: Raising user awareness about privacy threats in participatory sensing applications through graphical warnings. In: Proceedings of International Conference on Advances in Mobile Computing & #38; Multimedia, MoMM 2013, pp. 445:445–445:454. ACM, New York (2013)

Clifford, R., Popa, A.: Maximum subset intersection. Inf. Process. Lett. 111(7), 323–325 (2011)MathSciNetCrossRef

de Montjoye, Y.-A., Radaelli, L., Singh, V.K., Pentland, A.: Unique in the shopping mall: on the reidentifiability of credit card metadata. Science 347(6221), 536–539 (2015)CrossRef

Dini, G., Martinelli, F., Matteucci, I., Petrocchi, M., Saracino, A., Sgandurra, D.: Risk analysis of android applications: a user-centric solution. Future Gener. Comput. Syst. 80, 505–518 (2016)CrossRef

10.

Du, W., Teng, Z., Zhu, Z.: Privacy-maxent: integrating background knowledge in privacy quantification. In: Proceedings of the 2008 ACM SIGMOD International Conference on Management of Data, pp. 459–472. ACM (2008)

11.

Enck, W., et al.: TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In: Proceedings of the 9th USENIX Conference on Operating Systems Design and Implementation, OSDI 2010, pp. 1–6. USENIX Association, Berkeley (2010)

12.

Fawaz, K., Shin, K.G.: Location privacy protection for smartphone users. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, CCS 2014, pp. 239–250. ACM, New York (2014)

13.

Hansen, M., Berlich, P., Camenisch, J., Clauß, S., Pfitzmann, A., Waidner, M.: Privacy-enhancing identity management. Inf. Secur. Tech. Rep. 9(1), 35–44 (2004)CrossRef

14.

Hogganvik, I., Stølen, K.: A graphical approach to risk identification, motivated by empirical investigations. In: Nierstrasz, O., Whittle, J., Harel, D., Reggio, G. (eds.) MODELS 2006. LNCS, vol. 4199, pp. 574–588. Springer, Heidelberg (2006). https://doi.org/10.1007/11880240_40CrossRef

15.

Hong, W., Thong, J.Y.: Internet privacy concerns: an integrated conceptualization and four empirical studies. MIS Q. 37, 275–298 (2013) CrossRef

16.

Ngoc, T.H., Echizen, I., Komei, K., Yoshiura, H.: New approach to quantification of privacy on social network sites. In: 2010 24th IEEE International Conference on Advanced Information Networking and Applications (AINA), pp. 556–564. IEEE (2010)

17.

PARTY, A.D.P.W.: UCI machine learning repository adult data set. https://archive.ics.uci.edu/ml/datasets/adult. Accessed 30 Mar 2017

18.

Rotenberg, M., Jacobs, D.: Updating the law of information privacy: the new framework of the European Union. Harv. JL Pub. Pol’y 36, 605 (2013)

19.

Sattar, A.S., Li, J., Ding, X., Liu, J., Vincent, M.: A general framework for privacy preserving data publishing. Knowl.-Based Syst. 54, 276–287 (2013)CrossRef

20.

Slovic, P., Weber, E.U.: Perception of risk posed by extreme events (2002)

21.

Tesfay, W.B., Hofmann, P., Nakamura, T., Kiyomoto, S., Serna, J.: I read but don’t agree: privacy policy benchmarking using machine learning and the EU GDPR. In: Companion Proceedings of The Web Conference 2018, pp. 163–166. International World Wide Web Conferences Steering Committee (2018)

22.

Tesfay, W.B., Hofmann, P., Nakamura, T., Kiyomoto, S., Serna, J.: PrivacyGuide: towards an implementation of the EU GDPR on internet privacy policy evaluation. In: Proceedings of the Fourth ACM International Workshop on Security and Privacy Analytics, pp. 15–21. ACM (2018)

23.

Tuunainen, V.K., Pitkänen, O., Hovi, M.: Users’ awareness of privacy on online social networking sites-case facebook. In: Bled 2009 Proceedings, p. 42 (2009)

24.

Wan, Z., et al.: A game theoretic framework for analyzing re-identification risk. PLoS One 10, e0120592 (2015). Supporting information. threshold, 7:9CrossRef

25.

Watanabe, C., Amagasa, T., Liu, L.: Privacy risks and countermeasures in publishing and mining social network data. In: 2011 7th International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom), pp. 55–66. IEEE (2011)

Titel: pQUANT: A User-Centered Privacy Risk Analysis Framework
verfasst von: Welderufael B. Tesfay
Dimitra Nastouli
Yannis C. Stamatiou
Jetzabel M. Serna
Verlag: Springer International Publishing
Buch: Risks and Security of Internet and Systems
Print ISBN: 978-3-030-41567-9

Electronic ISBN: 978-3-030-41568-6

Copyright-Jahr: 2020
DOI: https://doi.org/10.1007/978-3-030-41568-6_1

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"