发布求助
文献互助 智能选刊 最新文献

2015 IEEE/ACM 1st International Workshop on TEchnical and LEgal aspects of data pRivacy and SEcurity最新文献

筛选
英文 中文
Introducing New Technology into Italian Certified Electronic Mail: A Proposal 将新技术引入意大利认证电子邮件:一项建议
2015 IEEE/ACM 1st International Workshop on TEchnical and LEgal aspects of data pRivacy and SEcurity Pub Date : 2015-05-16 DOI: 10.5555/2821464.2821474
M. Buzzi, L. Ferrucci, F. Gennai, Claudio Petrucci
{"title":"Introducing New Technology into Italian Certified Electronic Mail: A Proposal","authors":"M. Buzzi, L. Ferrucci, F. Gennai, Claudio Petrucci","doi":"10.5555/2821464.2821474","DOIUrl":"https://doi.org/10.5555/2821464.2821474","url":null,"abstract":"Over the last decade, an increasing number of Certified E-Mail systems (CEM) have been implemented in Europe and worldwide, but their diffusion and validity are mainly restricted in a national arena. Despite the effort of European Union (EU) that recently defined a specification for guaranteeing interoperability of CEM systems between Member States, its adoption has not be not yet fuelled, mainly since any CEM system receives a legal value by its State legislation. It is difficult to extend the legal value of CEM security mechanisms, e.g. Receipts with timestamps which are considered evidences and legal proofs in disputes that may arise from different Parties inside a State, unless a common political and legal agreement will be created. At this aim, recently EU introduce the new Regulation on Electronic Identification and Trust Services (eIDAS), to address this issue. We believe that the first step for encouraging a more large adoption between communities is to implement CEMs using standard worldwide recognized solutions. In this paper we propose a technical evolution of the Italian CEM, called Posta Elettronica Certificata (PEC) moving from a close mechanisms to the adoption of a more standardized, distributed solution, based on DNS Security Extensions (DNSSec). This proposal would have a minimal impact on the legislation, restricted to the annex that defines PEC technical rules.","PeriodicalId":159844,"journal":{"name":"2015 IEEE/ACM 1st International Workshop on TEchnical and LEgal aspects of data pRivacy and SEcurity","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-05-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123852310","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Impact of Legal Interpretation in Business Process Compliance 法律解释对业务流程遵从性的影响
2015 IEEE/ACM 1st International Workshop on TEchnical and LEgal aspects of data pRivacy and SEcurity Pub Date : 2015-05-16 DOI: 10.1109/TELERISE.2015.13
S. Ghanavati, J. Hulstijn
{"title":"Impact of Legal Interpretation in Business Process Compliance","authors":"S. Ghanavati, J. Hulstijn","doi":"10.1109/TELERISE.2015.13","DOIUrl":"https://doi.org/10.1109/TELERISE.2015.13","url":null,"abstract":"Regulations are often written as open norms. Thus, the development of systems that support compliance involves interpretation. Often, compliance officers consider several alternative solutions. Comparing the feasibility and deciding which alternative to select are important tasks. In this paper, we aim to show how analyzing the impact of several interpretation can be supported by requirements engineering tools, in particular, by Legal-URN. Two cases are used to illustrate the importance of interpretation and how Legal-URN facilitates it.","PeriodicalId":159844,"journal":{"name":"2015 IEEE/ACM 1st International Workshop on TEchnical and LEgal aspects of data pRivacy and SEcurity","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-05-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130978821","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 17
Privacy Points as a Method to Support Privacy Impact Assessments 隐私点作为一种支持隐私影响评估的方法
2015 IEEE/ACM 1st International Workshop on TEchnical and LEgal aspects of data pRivacy and SEcurity Pub Date : 2015-05-16 DOI: 10.5555/2821464.2821478
Julia Himmel, Nikolas Siebler, Felix Laegeler, Marco Grupe, Hanno Langweg
{"title":"Privacy Points as a Method to Support Privacy Impact Assessments","authors":"Julia Himmel, Nikolas Siebler, Felix Laegeler, Marco Grupe, Hanno Langweg","doi":"10.5555/2821464.2821478","DOIUrl":"https://doi.org/10.5555/2821464.2821478","url":null,"abstract":"We introduce a lightweight and easy to use methodology to quantify relevant aspects of privacy based on the privacy points approach.","PeriodicalId":159844,"journal":{"name":"2015 IEEE/ACM 1st International Workshop on TEchnical and LEgal aspects of data pRivacy and SEcurity","volume":"8 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-05-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124863790","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Assessment of Access Control Systems Using Mutation Testing 使用突变测试的访问控制系统评估
2015 IEEE/ACM 1st International Workshop on TEchnical and LEgal aspects of data pRivacy and SEcurity Pub Date : 2015-05-16 DOI: 10.1109/TELERISE.2015.10
Said Daoudagh, F. Lonetti, E. Marchetti
{"title":"Assessment of Access Control Systems Using Mutation Testing","authors":"Said Daoudagh, F. Lonetti, E. Marchetti","doi":"10.1109/TELERISE.2015.10","DOIUrl":"https://doi.org/10.1109/TELERISE.2015.10","url":null,"abstract":"In modern pervasive applications, it is important to validate access control mechanisms that are usually defined by means of the standard XACML language. Mutation analysis has been applied on access control policies for measuring the adequacy of a test suite. In this paper, we present a testing framework aimed at applying mutation analysis at the level of the Java based policy evaluation engine. A set of Java based mutation operators is selected and applied to the code of the Policy Decision Point (PDP). A first experiment shows the effectiveness of the proposed framework in assessing the fault detection of XACML test suites and confirms the efficacy of the application of code-based mutation operators to the PDP.","PeriodicalId":159844,"journal":{"name":"2015 IEEE/ACM 1st International Workshop on TEchnical and LEgal aspects of data pRivacy and SEcurity","volume":"5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-05-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124463702","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 12
A Guide to End-to-End Privacy Accountability 端到端隐私问责指南
2015 IEEE/ACM 1st International Workshop on TEchnical and LEgal aspects of data pRivacy and SEcurity Pub Date : 2015-05-16 DOI: 10.1109/TELERISE.2015.12
Denis Butin, D. Métayer
{"title":"A Guide to End-to-End Privacy Accountability","authors":"Denis Butin, D. Métayer","doi":"10.1109/TELERISE.2015.12","DOIUrl":"https://doi.org/10.1109/TELERISE.2015.12","url":null,"abstract":"Accountability is considered a tenet of privacy management, yet implementing it effectively is no easy task. It requires a systematic approach with an overarching impact on the design and operation of IT systems. This article, which results from a multidisciplinary project involving lawyers, industry players and computer scientists, presents guidelines for the implementation of consistent sets of accountability measures in organisations. It is based on a systematic analysis of the Draft General Data Protection Regulation. We follow a systematic approach covering the whole life cycle of personal data and considering the three levels of privacy proposed by Bennett, namely accountability of policy, accountability of procedures and accountability of practice.","PeriodicalId":159844,"journal":{"name":"2015 IEEE/ACM 1st International Workshop on TEchnical and LEgal aspects of data pRivacy and SEcurity","volume":"368 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-05-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124616368","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
Common Length Name Representation: An Efficient Privacy-Preserving Scheme 公共长度名称表示:一种有效的隐私保护方案
2015 IEEE/ACM 1st International Workshop on TEchnical and LEgal aspects of data pRivacy and SEcurity Pub Date : 2015-05-16 DOI: 10.1109/TELERISE.2015.16
Hanna Farah, Daniel Amyot, K. Emam
{"title":"Common Length Name Representation: An Efficient Privacy-Preserving Scheme","authors":"Hanna Farah, Daniel Amyot, K. Emam","doi":"10.1109/TELERISE.2015.16","DOIUrl":"https://doi.org/10.1109/TELERISE.2015.16","url":null,"abstract":"Privacy-preserving record linkage is a valuable tool in various domains including the healthcare sector. Patient information is usually available in parts at more than one health organization. Given its sensitive nature, and the laws that protect patient privacy, these organizations cannot simply identify their patients to one another in order to complete their medical records. Yet, complete medical records lead to more informed decisions by doctors, therefore resulting in a higher quality of care. There are many methods in the literature that attempt to represent the identity of an individual in a privacy-preserving way to allow privacy-preserving record linkage. However, most of these techniques are subject to frequency attacks. We present a novel scheme for representing the name of an individual in a privacy-preserving manner that guards against frequency attacks, allows for small typing mistakes, and is efficient when linking large datasets.","PeriodicalId":159844,"journal":{"name":"2015 IEEE/ACM 1st International Workshop on TEchnical and LEgal aspects of data pRivacy and SEcurity","volume":"25 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-05-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123873350","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Identifying Transitivity Threats in Social Networks 识别社交网络中的及物性威胁
2015 IEEE/ACM 1st International Workshop on TEchnical and LEgal aspects of data pRivacy and SEcurity Pub Date : 2015-05-16 DOI: 10.1109/TELERISE.2015.11
Sorren Hanvey, Néstor Cataño
{"title":"Identifying Transitivity Threats in Social Networks","authors":"Sorren Hanvey, Néstor Cataño","doi":"10.1109/TELERISE.2015.11","DOIUrl":"https://doi.org/10.1109/TELERISE.2015.11","url":null,"abstract":"Transitivity threats refer to the unintended disclosure of information to unintended recipients as a consequence of an unrelated action. In the context of social networking sites, transitivity threats refer to potential privacy policy breaches that stem from the automated transmission of data/content due to user actions within the social network. For example, commenting on some content within the social network makes the commented content visible to the recipients of the comment, thereby breaching the privacy policy under which the original/commented content was shared. This paper presents a novel approach for modelling and comparing social network privacy policies to deal with transitivity threats. Our approach differs from existing approaches in its use of formal methods techniques to compare social network privacy policies. This work builds on a predicate calculus definition for social networking, modelling social network content, people, friendship relations, and privacy policies as access permissions to content. We have implemented our approach as a tool called Poporo. The tool extends on a previous version of the Poporo tool that checked a third party application's compliance with system invariants. We validate our approach by using Poporo on several examples.","PeriodicalId":159844,"journal":{"name":"2015 IEEE/ACM 1st International Workshop on TEchnical and LEgal aspects of data pRivacy and SEcurity","volume":"19 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-05-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125491747","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
A Cloud-Based Radiological Portal for the Patients: IT Contributing to Position the Patient as the Central Axis of the 21st Century Healthcare Cycles 面向患者的基于云的放射门户:IT有助于将患者定位为21世纪医疗保健周期的中轴线
2015 IEEE/ACM 1st International Workshop on TEchnical and LEgal aspects of data pRivacy and SEcurity Pub Date : 2015-05-16 DOI: 10.1109/TELERISE.2015.18
R. Sanz-Requena, Alejandro Mañas Garcia, José Luis Cabrera-Ayala, G. García-Martí
{"title":"A Cloud-Based Radiological Portal for the Patients: IT Contributing to Position the Patient as the Central Axis of the 21st Century Healthcare Cycles","authors":"R. Sanz-Requena, Alejandro Mañas Garcia, José Luis Cabrera-Ayala, G. García-Martí","doi":"10.1109/TELERISE.2015.18","DOIUrl":"https://doi.org/10.1109/TELERISE.2015.18","url":null,"abstract":"Information and communication technologies are rapidly changing the way data is managed in medicine. Patients are becoming proactive actors of their healthcare cycles and new technologies are setting the proper ground to achieve this goal. Patients need to have ubiquitous access to their medical records, especially when they have mobility needs, and cloud-based approaches are a promising solution. However, several issues arise regarding privacy and security of the data, considering legal requirements about sensitive personal data. In order to be compliant with these requirements, cloud applications need to be designed carefully, preventing by design any possible data breaches. This work proposes a design for a cloud-based radiological portal to allow patients access their medical images and reports from the cloud, ensuring that the data are only accessible when all the requirements of a specific contract are enforced. Requirements, architecture design, software components and validation methods are introduced.","PeriodicalId":159844,"journal":{"name":"2015 IEEE/ACM 1st International Workshop on TEchnical and LEgal aspects of data pRivacy and SEcurity","volume":"144 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-05-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130279135","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
Cryptography and Information Security in the Post-Snowden Era 后斯诺登时代的密码学与信息安全
2015 IEEE/ACM 1st International Workshop on TEchnical and LEgal aspects of data pRivacy and SEcurity Pub Date : 2015-05-16 DOI: 10.1109/TELERISE.2015.8
B. Preneel
{"title":"Cryptography and Information Security in the Post-Snowden Era","authors":"B. Preneel","doi":"10.1109/TELERISE.2015.8","DOIUrl":"https://doi.org/10.1109/TELERISE.2015.8","url":null,"abstract":"Summary form only given. In June 2013 Edward Snowden has transferred a set of sensitive documents to journalists, resulting in a continuous stream of revelations on mass surveillance by governments. In this talk we present an overview of these revelations, we also discuss their impact on our understanding of mass surveillance practices and the security of ICT systems. In particular, we discuss the known ways in which sophisticated attackers can bypass or undermine cryptography. We conclude by analyzing how these revelations affect future research in information security and privacy.","PeriodicalId":159844,"journal":{"name":"2015 IEEE/ACM 1st International Workshop on TEchnical and LEgal aspects of data pRivacy and SEcurity","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-05-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129985571","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 9
PPL v2.0: Uniform Data Access and Usage Control on Cloud and Mobile PPL v2.0:云和移动上的统一数据访问和使用控制
2015 IEEE/ACM 1st International Workshop on TEchnical and LEgal aspects of data pRivacy and SEcurity Pub Date : 2015-05-16 DOI: 10.1109/TELERISE.2015.9
Francesco Di Cerbo, Doliére Francis Somé, L. Gomez, S. Trabelsi
{"title":"PPL v2.0: Uniform Data Access and Usage Control on Cloud and Mobile","authors":"Francesco Di Cerbo, Doliére Francis Somé, L. Gomez, S. Trabelsi","doi":"10.1109/TELERISE.2015.9","DOIUrl":"https://doi.org/10.1109/TELERISE.2015.9","url":null,"abstract":"Cloud storage is one of the most popular categories of market services. It provides an easy means for consumers to store and share their data, also in mobility through convenient apps. However, such valuable functionality raises several security concerns. Among them, the risk of sensitive information disclosure or, for professional data, the risk of compliance violations. In this paper, we propose an access and usage control framework for seamless, uniform and secure data sharing across cloud and mobile which keeps data under the control of its owner, that expresses preferences according to privacy or security needs. To our knowledge, this is the first effort addressing simultaneously and consistently cloud and mobile platforms. Our proposal offers access and usage control of managed resources relying on the security policy languages XACML and PPL (extended to make use of cloud and mobile contextual information) and on specific engines (cloud, mobile) to enforce them. A use case is presented, to illustrate the framework in action.","PeriodicalId":159844,"journal":{"name":"2015 IEEE/ACM 1st International Workshop on TEchnical and LEgal aspects of data pRivacy and SEcurity","volume":"44 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-05-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125842637","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 13
下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信