Addressing Privacy in Traditional and Cloud-Based Systems

2015 ◽  
pp. 1631-1659
Author(s):  
Christos Kalloniatis ◽  
Evangelia Kavakli ◽  
Stefanos Gritzalis
Keyword(s):  
Credit Card ◽  
System Analysis ◽  
Systems Design ◽  
Personal Data ◽  
Research Area ◽  
Security And Privacy ◽  
Software Systems ◽  
Privacy Requirements ◽  
Credit Card Data ◽  
Privacy Violation

A major challenge in the field of software engineering is to make users trust the software that they use in their everyday activities for professional or recreational reasons. Amid the main criteria that formulate users' trust is the way that that their privacy is protected. Indeed, privacy violation is an issue of great importance for active online users that daily accomplish several transactions that may convey personal data, sensitive personal data, employee data, credit card data and so on. In addition, the appearance of cloud computing has elevated the number of personally identifiable information that users provide in order to gain access to various services, further raising user concerns as to how and to what extend information about them is communicated to others. The aim of this work is to elevate the modern practices for ensuring privacy during software systems design. To this end, the basic privacy requirements that should be considered during system analysis are introduced. Additionally, a number of well-known methods that have been introduced in the research area of requirements engineering which aim on eliciting and modeling privacy requirements during system design are introduced and critically analyzed. The work completes with a discussion of the additional security and privacy concepts that should be considered in the context of cloud-based information systems and how these affect current research.

Addressing Privacy in Traditional and Cloud-Based Systems

2017 ◽  
pp. 1900-1930
Author(s):  
Christos Kalloniatis ◽  
Evangelia Kavakli ◽  
Stefanos Gritzalis
Keyword(s):  
Credit Card ◽  
System Analysis ◽  
Systems Design ◽  
Personal Data ◽  
Research Area ◽  
Security And Privacy ◽  
Software Systems ◽  
Privacy Requirements ◽  
Credit Card Data ◽  
Privacy Violation

A major challenge in the field of software engineering is to make users trust the software that they use in their everyday activities for professional or recreational reasons. Amid the main criteria that formulate users' trust is the way that that their privacy is protected. Indeed, privacy violation is an issue of great importance for active online users that daily accomplish several transactions that may convey personal data, sensitive personal data, employee data, credit card data and so on. In addition, the appearance of cloud computing has elevated the number of personally identifiable information that users provide in order to gain access to various services, further raising user concerns as to how and to what extend information about them is communicated to others. The aim of this work is to elevate the modern practices for ensuring privacy during software systems design. To this end, the basic privacy requirements that should be considered during system analysis are introduced. Additionally, a number of well-known methods that have been introduced in the research area of requirements engineering which aim on eliciting and modeling privacy requirements during system design are introduced and critically analyzed. The work completes with a discussion of the additional security and privacy concepts that should be considered in the context of cloud-based information systems and how these affect current research.

Addressing Privacy in Traditional and Cloud-Based Systems

2014 ◽  
Vol 2 (1) ◽  
pp. 14-40 ◽  
Author(s):  
Christos Kalloniatis ◽  
Evangelia Kavakli ◽  
Stefanos Gritzalis
Keyword(s):  
Credit Card ◽  
System Analysis ◽  
Systems Design ◽  
Personal Data ◽  
Research Area ◽  
Security And Privacy ◽  
Software Systems ◽  
Privacy Requirements ◽  
Credit Card Data ◽  
Privacy Violation

A major challenge in the field of software engineering is to make users trust the software that they use in their everyday activities for professional or recreational reasons. Amid the main criteria that formulate users' trust is the way that that their privacy is protected. Indeed, privacy violation is an issue of great importance for active online users that daily accomplish several transactions that may convey personal data, sensitive personal data, employee data, credit card data and so on. In addition, the appearance of cloud computing has elevated the number of personally identifiable information that users provide in order to gain access to various services, further raising user concerns as to how and to what extend information about them is communicated to others. The aim of this work is to elevate the modern practices for ensuring privacy during software systems design. To this end, the basic privacy requirements that should be considered during system analysis are introduced. Additionally, a number of well-known methods that have been introduced in the research area of requirements engineering which aim on eliciting and modeling privacy requirements during system design are introduced and critically analyzed. The work completes with a discussion of the additional security and privacy concepts that should be considered in the context of cloud-based information systems and how these affect current research.

Designing Privacy Aware Information Systems

2011 ◽  
pp. 212-231
Author(s):  
Christos Kalloniatis ◽  
Evangelia Kavakli ◽  
Stefanos Gritzalis
Keyword(s):  
System Design ◽  
System Analysis ◽  
Personal Information ◽  
Systems Design ◽  
Research Area ◽  
Software Systems ◽  
User Privacy ◽  
Implementation Phase ◽  
Privacy Requirements ◽  
The Right

A major challenge in the field of software engineering is to make users trust the software that they use in their everyday activities for professional or recreational reasons. Trusting software depends on various elements, one of which is the protection of user privacy. Protecting privacy is about complying with user’s desires when it comes to handling personal information. Users’ privacy can also be defined as the right to determine when, how and to what extend information about them is communicated to others. Current research stresses the need for addressing privacy issues during the system design rather than during the system implementation phase. The aim of this chapter is to elevate the modern practices for ensuring privacy during the software systems’ design phase. Through the presentation of the modern methods, the basic privacy requirements that should be considered during system analysis are introduced. Additionally, a number of well known methods that have been introduced in the research area of requirements engineering which aim on eliciting and analyzing privacy requirements during system design are introduced and analyzed. Finally, a comparative analysis between these methods is presented.

Designing Secure and Privacy-Aware Information Systems

2017 ◽  
Vol 8 (2) ◽  
pp. 1-25
Author(s):  
Christos Kalloniatis ◽  
Argyri Pattakou ◽  
Evangelia Kavakli ◽  
Stefanos Gritzalis
Keyword(s):  
Information Systems ◽  
Personal Information ◽  
Research Area ◽  
Security And Privacy ◽  
Software Systems ◽  
Economic Relationships ◽  
Analysis And Design ◽  
Privacy Requirements ◽  
Systems Analysis And Design ◽  
User Data

Pervasiveness of information systems is well underway, redefining our social and economic relationships. This technological revolution has generated enormous capabilities, but also enabled the creation of new vulnerabilities and threats. A major challenge in the field of information systems is therefore, to ensure the trustworthiness of the underlying technologies that make possible the generation, collection, storage, processing and transmission of user data at rates more intensive than ever before. Trust in information systems depends on different aspects, one of which is the security of user's data. Data security is referred as the protection of user's data from corruption and unauthorized access. Another important aspect of trust is the protection of user's privacy. Protecting privacy is about complying with user's desires when it comes to handling personal information. Without security to guarantee data protection, appropriate uses of that data cannot be realized. This implies that security and privacy issues are inherently intertwined and should be viewed synergistically. The aim of this paper is to elevate modern practices for ensuring security and privacy during software systems analysis and design. To this end, the basic security and privacy requirements that should be considered are introduced. Additionally, a number of well known methods in the research area of requirements engineering which focus on eliciting and modeling security and privacy requirements are described. Finally, a comparative analysis between these methods is presented.

Designing Secure and Privacy-Aware Information Systems

2019 ◽  
pp. 390-418
Author(s):  
Christos Kalloniatis ◽  
Argyri Pattakou ◽  
Evangelia Kavakli ◽  
Stefanos Gritzalis
Keyword(s):  
Information Systems ◽  
Personal Information ◽  
Research Area ◽  
Security And Privacy ◽  
Software Systems ◽  
Economic Relationships ◽  
Analysis And Design ◽  
Privacy Requirements ◽  
Systems Analysis And Design ◽  
User Data

Pervasiveness of information systems is well underway, redefining our social and economic relationships. This technological revolution has generated enormous capabilities, but also enabled the creation of new vulnerabilities and threats. A major challenge in the field of information systems is therefore, to ensure the trustworthiness of the underlying technologies that make possible the generation, collection, storage, processing and transmission of user data at rates more intensive than ever before. Trust in information systems depends on different aspects, one of which is the security of user's data. Data security is referred as the protection of user's data from corruption and unauthorized access. Another important aspect of trust is the protection of user's privacy. Protecting privacy is about complying with user's desires when it comes to handling personal information. Without security to guarantee data protection, appropriate uses of that data cannot be realized. This implies that security and privacy issues are inherently intertwined and should be viewed synergistically. The aim of this paper is to elevate modern practices for ensuring security and privacy during software systems analysis and design. To this end, the basic security and privacy requirements that should be considered are introduced. Additionally, a number of well known methods in the research area of requirements engineering which focus on eliciting and modeling security and privacy requirements are described. Finally, a comparative analysis between these methods is presented.

Model Based Process to Support Security and Privacy Requirements Engineering

2012 ◽  
Vol 3 (3) ◽  
pp. 1-22 ◽  
Author(s):  
Shareeful Islam ◽  
Haralambos Mouratidis ◽  
Christos Kalloniatis ◽  
Aleksandar Hudic ◽  
Lorenz Zechner
Keyword(s):  
Requirements Engineering ◽  
Security And Privacy ◽  
Software Systems ◽  
Continuous Change ◽  
Privacy Requirements ◽  
Model Based ◽  
Systems Research ◽  
Implementation Techniques ◽  
Voting System ◽  
Eu Project

Software systems are becoming more complex, interconnected and liable to adopt continuous change and evolution. It’s necessary to develop appropriate methods and techniques to ensure security and privacy of such systems. Research efforts that aim to ensure security and privacy of software systems are distinguished through two main categories: (1) the development of requirements engineering methods, and (2) implementation techniques. Approaches that fall in the first category usually aim to address either security or privacy in an implicit way, with emphasis on the security aspects by developing methods to elicit and analyse security (and privacy) requirements. Works that fall in the latter categories focus specifically on the later stages of the development process irrespective of the organisational context in which the system will be incorporated. This work introduces a model-based process for security and privacy requirements engineering. In particular, the authors’ work includes activities which support to identify and analyse security and privacy requirements for the software system. Their purpose process combines concepts from two well-known requirements engineering methods, Secure Tropos and PriS. A real case study from the EU project E-vote, i.e., an Internet based voting system, is employed to demonstrate the applicability of the approach.

scholarly journals Deep Learning Approaches for Continuous Authentication Based on Activity Patterns Using Mobile Sensing

Sensors ◽  
2021 ◽  
Vol 21 (22) ◽  
pp. 7519
Author(s):  
Sakorn Mekruksavanich ◽  
Anuchit Jitpattanakul
Keyword(s):  
Deep Learning ◽  
Credit Card ◽  
User Authentication ◽  
Binary Classification ◽  
Activity Patterns ◽  
Personal Data ◽  
Security And Privacy ◽  
Sensor Data ◽  
Learning Approaches ◽  
Continuous Authentication

Smartphones as ubiquitous gadgets are rapidly becoming more intelligent and context-aware as sensing, networking, and processing capabilities advance. These devices provide users with a comprehensive platform to undertake activities such as socializing, communicating, sending and receiving e-mails, and storing and accessing personal data at any time and from any location. Nowadays, smartphones are used to store a multitude of private and sensitive data including bank account information, personal identifiers, account passwords and credit card information. Many users remain permanently signed in and, as a result, their mobile devices are vulnerable to security and privacy risks through assaults by criminals. Passcodes, PINs, pattern locks, facial verification, and fingerprint scans are all susceptible to various assaults including smudge attacks, side-channel attacks, and shoulder-surfing attacks. To solve these issues, this research introduces a new continuous authentication framework called DeepAuthen, which identifies smartphone users based on their physical activity patterns as measured by the accelerometer, gyroscope, and magnetometer sensors on their smartphone. We conducted a series of tests on user authentication using several deep learning classifiers, including our proposed deep learning network termed DeepConvLSTM on the three benchmark datasets UCI-HAR, WISDM-HARB and HMOG. Results demonstrated that combining various motion sensor data obtained the highest accuracy and energy efficiency ratio (EER) values for binary classification. We also conducted a thorough examination of the continuous authentication outcomes, and the results supported the efficacy of our framework.

Book Reviews

2014 ◽  
Vol 52 (4) ◽  
pp. 1177-1178
Keyword(s):  
Information Security ◽  
Credit Card ◽  
Personal Data ◽  
Security And Privacy ◽  
Management Tool ◽  
Security Risks ◽  
Economics Of Information ◽  
Security Costs ◽  
The Cost ◽  
The University

Shane Greenstein of Northwestern University reviews “The Economics of Information Security and Privacy”, by Rainer Bohme. The Econlit abstract of this book begins: “Thirteen papers, revised and previously presented at the 11th Workshop on the Economics of Information Security held in Berlin in June 2012, explore the economics of information security and privacy, focusing on the management of information security, the economics of information security, the economics of privacy, and the economics of cybercrime. Papers discuss information security costs; whether to invest or not to invest--assessing the economic viability of a policy and security configuration management tool; ad-blocking games--monetizing online content under the threat of ad avoidance; software security economics--theory, in practice; an empirical study on information security behaviors and awareness; sectoral and regional interdependency of Japanese firms under the influence of information security risks; whether we can afford integrity by proof-of-work--scenarios inspired by the Bitcoin currency; online promiscuity--prophylactic patching and the spread of computer transmitted infections; the privacy economics of voluntary overdisclosure in web forms; choice architecture and smartphone privacy--there's a price for that; personal data disclosure in a simulated credit card application; measuring the cost of cybercrime; and an analysis of e-crime in crowd-sourced labor markets--Mechanical Turk versus Freelancer. Böhme is with the European Research Center for Information Systems at the University of Münster.”

scholarly journals Biometrics, e-Identity, and the Balance between Security and Privacy: Case Study of the Passenger Name Record (PNR) System

2011 ◽  
Vol 11 ◽  
pp. 474-477 ◽  
Author(s):  
G. Nouskalis
Keyword(s):  
Human Rights ◽  
Data Processing ◽  
Credit Card ◽  
Personal Data ◽  
Security And Privacy ◽  
European Convention ◽  
Continuous State ◽  
Other Information ◽  
September 11 Attacks ◽  
Passport Data

The implementation of biometrics entails either the establishment of an identity or tracing a person's identity. Biometric passport data (e.g., irises, fingers, faces) can be used in order to verify a passenger's identity. The proposed Passenger Name Record (PNR) system contains all the information necessary to enable reservations to be processed and controlled by the booking and participating air carriers for each journey booked by or on behalf of any person. PNR data are related to travel movements, usually flights, and include passport data, name, address, telephone numbers, travel agent, credit card number, history of changes in the flight schedule, seat preferences, and other information. In the aftermath of the September 11 attacks, a new emergency political-law status of society was established: the continuous state of “war” against the so-called unlawful combatants of the “enemy”. Officially, the enemy is the terrorists, but the victims of the privacy invasions caused by the above new form of data processing are the civilians. The data processing based on biometrics is covered both by Directive 95/46 EC and Article 8 of the Convention on the Protection of Human Rights and Fundamental Freedoms (now the European Convention on Human Rights, “ECHR”). According to Article 2, Paragraph a of the above Directive, personal data shall mean any information relating to an identified or identifiable natural person; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his/her physical, physiological, mental, economic, cultural, or social identity.

Sign in / Sign up

Export Citation Format

Share Document