A Policy-Driven Approach to Secure Extraction of COVID-19 Data From Research Papers

The entire scientific and academic community has been mobilized to gain a better understanding of the COVID-19 disease and its impact on humanity. Most research related to COVID-19 needs to analyze large amounts of data in very little time. This urgency has made Big Data Analysis, and related questions around the privacy and security of the data, an extremely important part of research in the COVID-19 era. The White House OSTP has, for example, released a large dataset of papers related to COVID research from which the research community can extract knowledge and information. We show an example system with a machine learning-based knowledge extractor which draws out key medical information from COVID-19 related academic research papers. We represent this knowledge in a Knowledge Graph that uses the Unified Medical Language System (UMLS). However, publicly available studies rely on dataset that might have sensitive data. Extracting information from academic papers can potentially leak sensitive data, and protecting the security and privacy of this data is equally important. In this paper, we address the key challenges around the privacy and security of such information extraction and analysis systems. Policy regulations like HIPAA have updated the guidelines to access data, specifically, data related to COVID-19, securely. In the US, healthcare providers must also comply with the Office of Civil Rights (OCR) rules to protect data integrity in matters like plasma donation, media access to health care data, telehealth communications, etc. Privacy policies are typically short and unstructured HTML or PDF documents. We have created a framework to extract relevant knowledge from the health centers’ policy documents and also represent these as a knowledge graph. Our framework helps to understand the extent to which individual provider policies comply with regulations and define access control policies that enforce the regulation rules on data in the knowledge graph extracted from COVID-related papers. Along with being compliant, privacy policies must also be transparent and easily understood by the clients. We analyze the relative readability of healthcare privacy policies and discuss the impact. In this paper, we develop a framework for access control decisions that uses policy compliance information to securely retrieve COVID data. We show how policy compliance information can be used to restrict access to COVID-19 data and information extracted from research papers.

Download Full-text

Privacy and Security Issues in Online Social Networks

Future Internet ◽

10.3390/fi10120114 ◽

2018 ◽

Vol 10 (12) ◽

pp. 114 ◽

Cited By ~ 14

Author(s):

Shaukat Ali ◽

Naveed Islam ◽

Azhar Rauf ◽

Ikram Din ◽

Mohsen Guizani ◽

...

Keyword(s):

Social Networks ◽

Online Social Networks ◽

Virtual Communities ◽

Service Providers ◽

Security And Privacy ◽

Security Issue ◽

Sensitive Data ◽

Privacy And Security ◽

Security Issues ◽

Social Sphere

The advent of online social networks (OSN) has transformed a common passive reader into a content contributor. It has allowed users to share information and exchange opinions, and also express themselves in online virtual communities to interact with other users of similar interests. However, OSN have turned the social sphere of users into the commercial sphere. This should create a privacy and security issue for OSN users. OSN service providers collect the private and sensitive data of their customers that can be misused by data collectors, third parties, or by unauthorized users. In this paper, common security and privacy issues are explained along with recommendations to OSN users to protect themselves from these issues whenever they use social media.

Download Full-text

Improvement of Privacy and Security in Hybrid Cloud with Attribute Group Based Access Control

International Journal of Scientific Research in Computer Science Engineering and Information Technology ◽

10.32628/cseit19518 ◽

2019 ◽

pp. 57-61

Author(s):

Kayalvili S ◽

Sowmitha V

Keyword(s):

Cloud Computing ◽

Access Control ◽

Data Storage ◽

Service Providers ◽

Cloud Service ◽

Security Requirements ◽

Security And Privacy ◽

Data Outsourcing ◽

Privacy And Security ◽

Control Approach

Cloud computing enables users to accumulate their sensitive data into cloud service providers to achieve scalable services on-demand. Outstanding security requirements arising from this means of data storage and management include data security and privacy. Attribute-based Encryption (ABE) is an efficient encryption system with fine-grained access control for encrypting out-sourced data in cloud computing. Since data outsourcing systems require flexible access control approach Problems arises when sharing confidential corporate data in cloud computing. User-Identity needs to be managed globally and access policies can be defined by several authorities. Data is dual encrypted for more security and to maintain De-Centralization in Multi-Authority environment.

Download Full-text

The Impact of Operating System on Bandwidth in Open VPN Technology

Baghdad Science Journal ◽

10.21123/bsj.13.1.204-211 ◽

2016 ◽

Vol 13 (1) ◽

pp. 204-211

Author(s):

Baghdad Science Journal

Keyword(s):

Operating System ◽

Operating Systems ◽

Data Privacy ◽

The Internet ◽

Sensitive Data ◽

Privacy And Security ◽

Basic Source ◽

Basic Functions ◽

And Performance ◽

The Impact

The internet is a basic source of information for many specialities and uses. Such information includes sensitive data whose retrieval has been one of the basic functions of the internet. In order to protect the information from falling into the hands of an intruder, a VPN has been established. Through VPN, data privacy and security can be provided. Two main technologies of VPN are to be discussed; IPSec and Open VPN. The complexity of IPSec makes the OpenVPN the best due to the latter’s portability and flexibility to use in many operating systems. In the LAN, VPN can be implemented through Open VPN to establish a double privacy layer(privacy inside privacy). The specific subnet will be used in this paper. The key and certificate will be generated by the server. An authentication and key exchange will be based on standard protocol SSL/TLS. Various operating systems from open source and windows will be used. Each operating system uses a different hardware specification. Tools such as tcpdump and jperf will be used to verify and measure the connectivity and performance. OpenVPN in the LAN is based on the type of operating system, portability and straightforward implementation. The bandwidth which is captured in this experiment is influenced by the operating system rather than the memory and capacity of the hard disk. Relationship and interoperability between each peer and server will be discussed. At the same time privacy for the user in the LAN can be introduced with a minimum specification.

Download Full-text

Influencing User’s Behavior Concerning Android Privacy Policy: An Overview

Mobile Information Systems ◽

10.1155/2021/3452700 ◽

2021 ◽

Vol 2021 ◽

pp. 1-19

Author(s):

Ming Di ◽

Shah Nazir ◽

Fucheng Deng

Keyword(s):

User Behavior ◽

Third Party ◽

Security And Privacy ◽

Sensitive Data ◽

Privacy And Security ◽

Android Apps ◽

Search Results ◽

Privacy Risks ◽

Work Done

The wide-ranging implementation of Android applications used in various devices, from smartphones to intelligent television, has made it thought-provoking for developers. The permission granting mechanism is one of the defects imposed by the developers. Such assessing of defects does not allow the user to comprehend the implication of privacy for granting permission. Mobile applications are speedily easily reachable to typical users of mobile. Despite possible applications for improving the affordability, availability, and effectiveness of delivering various services, it handles sensitive data and information. Such data and information carry considerable security and privacy risks. Users are usually unaware of how the data can be managed and used. Reusable resources are available in the form of third-party libraries, which are broadly active in android apps. It provides a diversity of functions that deliver privacy and security concerns. Host applications and third-party libraries are run in the same process and share similar permissions. The current study has presented an overview of the existing approaches, methods, and tools used for influencing user behavior concerning android privacy policy. Various prominent libraries were searched, and their search results were analyzed briefly. The search results were presented in diverse perspectives for showing the details of the work done in the area. This will help researchers to offer new solutions in the area of the research.

Download Full-text

A Study on Privacy and Security Aspects of Facebook

International Journal of Technology Diffusion ◽

10.4018/jtd.2012100105 ◽

2012 ◽

Vol 3 (4) ◽

pp. 48-55 ◽

Cited By ~ 1

Author(s):

Syed Hassan Faraz ◽

Syed Hassan Tanvir ◽

Saqib Saeed

Keyword(s):

Empirical Data ◽

Leisure Time ◽

Security And Privacy ◽

Social Web ◽

User Privacy ◽

Privacy Policies ◽

Privacy And Security ◽

Web Based

Social web has changed the concept of leisure time. As a result street neighbors have been replaced by e-neighbors and walls have become e-walls to share ideas and gossips. Despite so many advantages we cannot ignore potential threats to user privacy and security. In order to be extremely usable, such systems should have strict security and privacy policies in place. In this paper the authors focus on “Facebook” to understand privacy and security problems by carrying out a web based survey. Based on the findings from empirical data the authors propose different enhancements for the improvement of user privacy and potential threats to user account security.

Download Full-text

A Fine-Grained IoT Data Access Control Scheme Combining Attribute-Based Encryption and Blockchain

Security and Communication Networks ◽

10.1155/2021/5308206 ◽

2021 ◽

Vol 2021 ◽

pp. 1-13

Author(s):

Xiaofeng Lu ◽

Songbing Fu ◽

Cheng Jiang ◽

Pietro Lio

Keyword(s):

Access Control ◽

Distributed Storage ◽

Data Access ◽

Security And Privacy ◽

Privacy And Security ◽

Fine Grained ◽

Blockchain Technology ◽

Data Access Control ◽

Attribute Based Encryption ◽

Control Scheme

IoT technology has been widely valued and applied, and the resulting massive IoT data brings many challenges to the traditional centralized data management, such as performance, privacy, and security challenges. This paper proposes an IoT data access control scheme that combines attribute-based encryption (ABE) and blockchain technology. Symmetric encryption and ABE algorithms are utilized to realize fine-grained access control and ensure the security and openness of IoT data. Moreover, blockchain technology is combined with distributed storage to solve the storage bottleneck of blockchain systems. Only the hash values of the data, the hash values of the ciphertext location, the access control policy, and other important information are stored on the blockchain. In this scheme, smart contract is used to implement access control. The results of experiments demonstrate that the proposed scheme can effectively protect the security and privacy of IoT data and realize the secure sharing of data.

Download Full-text

A Review on Security and Privacy Issues in IoT Devices

Academic Journal of Nawroz University ◽

10.25007/ajnu.v10n4a1245 ◽

2022 ◽

Vol 10 (4) ◽

pp. 192-205

Author(s):

Reben Mohammed Saleem Kurda ◽

Umran Abdullah Haje ◽

Muhamad Hussein Abdulla ◽

Zhwan Mohammed Khalid

Keyword(s):

Fire Safety ◽

Hardware Security ◽

Security And Privacy ◽

The Internet ◽

Sensitive Data ◽

Privacy And Security ◽

Security Practices ◽

Safety Protection ◽

Iot Devices ◽

Privacy Issues

In our everyday lives, the IoT is everywhere. They are used for the monitoring and documentation of environmental improvements, fire safety and even other useful roles in our homes, hospitals and the outdoors. IoT-enabled devices that are linked to the internet transmit and receive a large amount of essential data over the network. This provides an opportunity for attackers to infiltrate IoT networks and obtain sensitive data. However, the risk of a loss of privacy and security could outweigh any of these benefits. Many tests have been carried out in order to solve these concerns and find a safer way to minimize or remove the effect of IoT technologies on privacy and security practices in order to protect them. The issue with IoT devices is that they have small output modules, making it impossible to adapt current protection methods to them. This constraint necessitates the presentation of lightweight algorithms that enable IoT devices. In this article, investigated the context and identify different safety, protection, and approaches for securing components of IoT-based ecosystems and systems, as well as evolving security solutions. In addition, several proposed algorithms and authentication methods in IoT were discussed in order to avoid various types of attacks while keeping the limitations of the IoT framework in mind. Also discuss some hardware security in IoT devices.

Download Full-text

Blockchain Platforms and Access Control Classification for IoT Systems

Symmetry ◽

10.3390/sym12101663 ◽

2020 ◽

Vol 12 (10) ◽

pp. 1663

Author(s):

Adam Ibrahim Abdi ◽

Fathy Elbouraey Eassa ◽

Kamal Jambi ◽

Khalid Almarhabi ◽

Abdullah Saad AL-Malaise AL-Ghamdi

Keyword(s):

Access Control ◽

Single Point ◽

Security And Privacy ◽

Future Research ◽

Control Mechanisms ◽

Privacy And Security ◽

Security Issues ◽

Massive Growth ◽

Blockchain Technology ◽

Comparison Table

The Internet of Things paradigm is growing rapidly. In fact, controlling this massive growth of IoT globally raises new security and privacy issues. The traditional access control mechanisms provide security to IoT systems such as DAC (discretionary access control) and mandatory access control (MAC). However, these mechanisms are based on central authority management, which raises some issues such as absence of scalability, single point of failure, and lack of privacy. Recently, the decentralized and immutable nature of blockchain technology integrated with access control can help to overcome privacy and security issues in the IoT. This paper presents a review of different access control mechanisms in IoT systems. We present a comparison table of reviewed access control mechanisms. The mechanisms’ scalability, distribution, security, user-centric, privacy and policy enforcing are compared. In addition, we provide access control classifications. Finally, we highlight challenges and future research directions in developing decentralized access control mechanisms for IoT systems.

Download Full-text

PRIVACY AND SECURITY FOR TELEHEALTH DEVICES

Innovation in Aging ◽

10.1093/geroni/igz038.3081 ◽

2019 ◽

Vol 3 (Supplement_1) ◽

pp. S836-S836

Author(s):

London Thompson ◽

Csilla Farkas

Keyword(s):

Older Adults ◽

Access Control ◽

Large Scale ◽

Security And Privacy ◽

Technical Expertise ◽

Privacy And Security ◽

Cyber Threats ◽

Lack Of Control ◽

Access Privileges ◽

User Friendly

Abstract In this research, we study the privacy and security capabilities provided by telehealth devices. Our aim is to evaluate how vulnerable these popular devices are in the presence of malicious cyber attackers. As older adults increasingly rely on telehealth devices, it is crucial that cybersecurity aspects of these devices are clearly communicated to them. Moreover, older adults frequently lack the technical expertise to evaluate the security and privacy capabilities of the devices. The lack of control over telehealth devices is a major concern for older adults. Older adults view certain limitations within these devices as decreasing their privacy and security. These limitations include the lack of control over accepting calls, taking screenshots, and assigning access privileges. For large scale adaptation of telehealth devices by older adults, it is crucial that these devices not only satisfy their intended purpose but also exhibit user friendly features and strong security and privacy capabilities. Modeling cyber threats against telehealth devices is not studied sufficiently . Malicious actors may compromise telehealth devices and create further threats to security and privacy of the users. In this research, we studied the cyber threats against telehealth devices. We built a threat model that ranks cyber threats based on their impact. We investigated how the operating system of popular devices supports access control. We found that none of the current technologies support location-based access control. We claim that this represents a major limitation and that supporting location-based access control is necessary to ensure users’ privacy in their own home.

Download Full-text

A privacy and security analysis of early-deployed COVID-19 contact tracing Android apps

Empirical Software Engineering ◽

10.1007/s10664-020-09934-4 ◽

2021 ◽

Vol 26 (3) ◽

Author(s):

Majid Hatamian ◽

Samuel Wairimu ◽

Nurul Momen ◽

Lothar Fritsch

Keyword(s):

Time Pressure ◽

Security Analysis ◽

Security Requirements ◽

Security And Privacy ◽

Contact Tracing ◽

Privacy And Security ◽

Android Apps ◽

Dynamic Performances ◽

The Impact

AbstractAs this article is being drafted, the SARS-CoV-2/COVID-19 pandemic is causing harm and disruption across the world. Many countries aimed at supporting their contact tracers with the use of digital contact tracing apps in order to manage and control the spread of the virus. Their idea is the automatic registration of meetings between smartphone owners for the quicker processing of infection chains. To date, there are many contact tracing apps that have already been launched and used in 2020. There has been a lot of speculations about the privacy and security aspects of these apps and their potential violation of data protection principles. Therefore, the developers of these apps are constantly criticized because of undermining users’ privacy, neglecting essential privacy and security requirements, and developing apps under time pressure without considering privacy- and security-by-design. In this study, we analyze the privacy and security performance of 28 contact tracing apps available on Android platform from various perspectives, including their code’s privileges, promises made in their privacy policies, and static and dynamic performances. Our methodology is based on the collection of various types of data concerning these 28 apps, namely permission requests, privacy policy texts, run-time resource accesses, and existing security vulnerabilities. Based on the analysis of these data, we quantify and assess the impact of these apps on users’ privacy. We aimed at providing a quick and systematic inspection of the earliest contact tracing apps that have been deployed on multiple continents. Our findings have revealed that the developers of these apps need to take more cautionary steps to ensure code quality and to address security and privacy vulnerabilities. They should more consciously follow legal requirements with respect to apps’ permission declarations, privacy principles, and privacy policy contents.

Download Full-text