Privacy Analysis of User Behavior Using Alignments

AbstractPrivacy is becoming a urgent issue in information systems nowadays because of the stringent requirements imposed by data protection regulations. Traditional security approaches based on access control and authorization are not adequate to address these requirements. The underlying fundamental problem is that those approaches are preventive and thus they are not able to deal with exceptions. In this paper, we present a practical privacy framework that shifts the problem of preventing infringements into a problem of detecting infringements. The framework is based on systematic log auditing, use of patterns and privacy metrics to detect and quantify infringements.

Download Full-text

A Context-Policy-based Approach to Access Control for Healthcare Data Protection

2020 International Computer Symposium (ICS) ◽

10.1109/ics51289.2020.00089 ◽

2020 ◽

Author(s):

M. Fahim Ferdous Khan ◽

Ken Sakamura

Keyword(s):

Access Control ◽

Data Protection ◽

Healthcare Data

Download Full-text

Access Control for Multi-tenancy in Cloud-Based Health Information Systems

2015 IEEE 2nd International Conference on Cyber Security and Cloud Computing ◽

10.1109/cscloud.2015.95 ◽

2015 ◽

Cited By ~ 4

Author(s):

Mohd Anwar ◽

Ashiq Imran

Keyword(s):

Information Systems ◽

Access Control ◽

Health Information ◽

Health Information Systems

Download Full-text

Trust-Based Access Control Model from Sociological Approach in Dynamic Online Social Network Environment

The Scientific World JOURNAL ◽

10.1155/2014/936319 ◽

2014 ◽

Vol 2014 ◽

pp. 1-8 ◽

Cited By ~ 5

Author(s):

Seungsoo Baek ◽

Seungjoo Kim

Keyword(s):

Social Network ◽

Access Control ◽

User Behavior ◽

Online Social Network ◽

Sociological Approach ◽

Access Control Models ◽

Control Rules ◽

Access Control Rules ◽

Dynamic Trust ◽

Privacy Breaches

There has been an explosive increase in the population of the OSN (online social network) in recent years. The OSN provides users with many opportunities to communicate among friends and family. Further, it facilitates developing new relationships with previously unknown people having similar beliefs or interests. However, the OSN can expose users to adverse effects such as privacy breaches, the disclosing of uncontrolled material, and the disseminating of false information. Traditional access control models such as MAC, DAC, and RBAC are applied to the OSN to address these problems. However, these models are not suitable for the dynamic OSN environment because user behavior in the OSN is unpredictable and static access control imposes a burden on the users to change the access control rules individually. We propose a dynamic trust-based access control for the OSN to address the problems of the traditional static access control. Moreover, we provide novel criteria to evaluate trust factors such as sociological approach and evaluate a method to calculate the dynamic trust values. The proposed method can monitor negative behavior and modify access permission levels dynamically to prevent the indiscriminate disclosure of information.

Download Full-text

Privacy-Respecting Location-Based Service Infrastructures: A Socio-Technical Approach to Requirements Engineering

Journal of theoretical and applied electronic commerce research ◽

10.3390/jtaer2030018 ◽

2007 ◽

Vol 2 (3) ◽

pp. 1-17

Author(s):

Lothar Fritsch

Keyword(s):

Information Systems ◽

Requirements Engineering ◽

Data Protection ◽

Interdisciplinary Research ◽

Boundary Object ◽

Location Based Service ◽

Technical Approach ◽

Sociological Knowledge ◽

Application Specific

This article presents an approach for the design of location-based information systems that support privacy functionality. Privacy-enhancing technology (PET) has been available for a considerable amount of time. New online applications and infrastructures for mobile and ubiquitous use have been installed. This has been done without usage of available PET, although they are favored by data protection experts. Designers of locationbased services (LBS) create infrastructures for business or application specific purposes. They have profitoriented views on the rationale for PET deployment. Finally, users have requirements that might be neither on the PET community’s nor on the business people's agenda. Many disciplines provide knowledge about the construction of community-spanning information systems. The challenge for designers of infrastructures and applications is to find a consensus that models all stakeholders’ interests – and takes advantage all involved community’s knowledge. This paper groups LBS stakeholders into a framework based onto a sociological knowledge construct called “boundary object”. For this purpose, a taxonomical analysis of publications in the stakeholder communities is performed. Then the paper proposes a socio-technical approach. Its goal is to find a suitable privacy design for a LBS infrastructure based on the boundary object. Topics for further interdisciplinary research efforts are identified and proposed for discussion.

Download Full-text

Ontology Centric Access Control Mechanism for Enabling Data Protection in Cloud

Indian Journal of Science and Technology ◽

10.17485/ijst/2016/v9i23/95148 ◽

2016 ◽

Vol 9 (23) ◽

Cited By ~ 4

Author(s):

M. Auxilia ◽

K. Raja

Keyword(s):

Access Control ◽

Data Protection ◽

Control Mechanism ◽

Access Control Mechanism

Download Full-text

Visualizing Event Sequence Data for User Behavior Evaluation of In-Vehicle Information Systems

10.1145/3409118.3475140 ◽

2021 ◽

Author(s):

Patrick Ebel ◽

Christoph Lingenfelder ◽

Andreas Vogelsang

Keyword(s):

Information Systems ◽

User Behavior ◽

Sequence Data ◽

Event Sequence ◽

Vehicle Information

Download Full-text

Assessing Threats and Vulnerable Attacks of Health Care Data in Cloud-Based Environment

International Journal of Recent Technology and Engineering - 2 ◽

10.35940/ijrte.b1610.078219 ◽

2019 ◽

Vol 8 (2) ◽

pp. 567-573

Keyword(s):

Information Systems ◽

Access Control ◽

Service Providers ◽

Universal Access ◽

Cloud Service ◽

Medical Attention ◽

Medical Systems ◽

Medical Practitioners ◽

Mandatory Requirement ◽

The Impact

What: Healthcare industries have been unified with the advent of cloud computing and Internet of Medical Things in recent past. How: As simplicity in access and transfer of medical reports increased, so does the impact of losing potential information. Adopting a cloud environment has eased the work of medical practitioners and provided world class medical attention to patients from remote corners of a nation. It has added the responsibility of cloud service providers to improvise the existing standards for protecting information in a virtual platform. A number of benefits not limitedto universal access, advice from renowned medical experts for deciding on diagnosis plan, alerting patients and hospitals in real timeand reducing the workload of labor are achieved by cloud environments. Hospital Information Systems (HIS) are the evolved data forms maintained manually in medical institutions and they are preferred in a cloud platform to improve interoperability. The information carried in such medical systems possesses critical information about patients that need to be protected over transmission between independent environments. This becomes a mandatory requirement for designing and implementing an access control mechanism to identify intention of users who enter into the environment. Relaxations in access control architectures will compromise the security of entire architecture and practice. Why: Intention - Demand Tree is proposed in this paper to limit the access rights of users based on their roles, requirements and permissions to monitor the usage of Health Information Systems. Investigative results illustrate that the risks of losing credible information has been limited and convenient than previous standards.

Download Full-text