Privacy analysis using ontologies

CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy Pub Date : 2012-02-07 DOI:10.1145/2133601.2133627

M. Kost, J. Freytag

{"title":"Privacy analysis using ontologies","authors":"M. Kost, J. Freytag","doi":"10.1145/2133601.2133627","DOIUrl":null,"url":null,"abstract":"As information systems extensively exchange information between participants, privacy concerns may arise from potential misuse. Existing design approaches consider non-technical privacy requirements of different stakeholders during the design and the implementation of a system. However, a technical approach for privacy analysis is largely missing.\n This paper introduces a formal approach for technically evaluating an information system with respect to its designed or implemented privacy protection. In particular, we introduce a system model that describes various system aspects such as its information flow. We define the semantics of this system model by using ontologies. Based on the system model together with a given privacy ontology, and given privacy requirements we analyze the modeled system to detect privacy leakages and to calculate privacy indicators. The proposed method provides a technical approach to check whether a system conforms to the privacy requirements of the stakeholders or not.","PeriodicalId":90472,"journal":{"name":"CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy","volume":"27 1","pages":"205-216"},"PeriodicalIF":0.0000,"publicationDate":"2012-02-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"20","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2133601.2133627","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 20

Abstract

As information systems extensively exchange information between participants, privacy concerns may arise from potential misuse. Existing design approaches consider non-technical privacy requirements of different stakeholders during the design and the implementation of a system. However, a technical approach for privacy analysis is largely missing. This paper introduces a formal approach for technically evaluating an information system with respect to its designed or implemented privacy protection. In particular, we introduce a system model that describes various system aspects such as its information flow. We define the semantics of this system model by using ontologies. Based on the system model together with a given privacy ontology, and given privacy requirements we analyze the modeled system to detect privacy leakages and to calculate privacy indicators. The proposed method provides a technical approach to check whether a system conforms to the privacy requirements of the stakeholders or not.

查看原文本刊更多论文

使用本体进行隐私分析

由于信息系统在参与者之间广泛交换信息，可能会因潜在的滥用而引起隐私问题。现有的设计方法在系统的设计和实现过程中考虑不同利益相关者的非技术隐私需求。然而，隐私分析的技术方法在很大程度上是缺失的。本文介绍了一种正式的方法，用于技术上评估信息系统对其设计或实现的隐私保护。特别是，我们引入了一个系统模型，该模型描述了系统的各个方面，如信息流。我们通过使用本体来定义这个系统模型的语义。在系统模型的基础上，结合给定的隐私本体和隐私需求，对建模后的系统进行分析，检测隐私泄漏并计算隐私指标。该方法提供了一种技术方法来检查系统是否符合利益相关者的隐私要求。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

CODASPY : proceedings of the ... ACM conference on data and application security and privacy. ACM Conference on Data and Application Security & Privacy

自引率

0.00%

发文量