| 1. |
- Colesky, Michael, et al.
(författare)
-
Helping Software Architects Familiarize with the General Data Protection Regulation
- 2019
-
Ingår i: 2019 IEEE International Conference on Software Architecture Companion (ICSA-C). - : IEEE. - 9781728118772 - 9781728118765 ; , s. 226-229
-
Konferensbidrag (refereegranskat)abstract
- Abstract—The General Data Protection Regulation (GDPR)impacts any information systems that process personal datain or from the European Union. Yet its enforcement is stillrecent. Organizations under its effect are slow to adopt itsprinciples. One particular difficulty is the low familiarity withthe regulation among software architects and designers. Thedifficulty to interpret the content of the legal regulation ata technical level adds to that. This results in problems inunderstanding the impact and consequences that the regulationmay have in detail for a particular system or project context.In this paper we present some early work and emergingresults related to supporting software architects in this situation.Specifically, we target those who need to understand how theGDPR might impact their design decisions. In the spirit ofarchitectural tactics and patterns, we systematically identifiedand categorized 155 forces in the regulation. These results formthe conceptual base for a first prototypical tool. It enablessoftware architects to identify the relevant forces by guidingthem through an online questionnaire. This leads them to relevantfragments of the GDPR and potentially relevant privacy patterns.We argue that this approach may help software professionals,in particular architects, familiarize with the GDPR and outlinepotential paths for evaluation.
|
|
| 2. |
- Fischer-Hübner, Simone, 1963-, et al.
(författare)
-
A MOOC on Privacy by Design and the GDPR
- 2018
-
Ingår i: Information Security Education. - Cham, Switzerland : Springer. - 9783319997346 ; , s. 95-107
-
Konferensbidrag (refereegranskat)abstract
- In this paper we describe how we designed a massive open online course (mooc) on Privacy by Design with a focus on how to achieve compliance with the eu gdpr principles and requirements in it engineering and management. This mooc aims at educating both professionals and undergraduate students, i.e., target groups with distinct educational needs and requirements, within a single course structure. We discuss why developing and publishing such a course is a timely decision and fulfills the current needs of the professional and undergraduate education. The mooc is organized in five modules, each of them with its own learning outcomes and activities. The modules focus on different aspects of the gdpr that data protection officers have to be knowledgeable about, ranging from the legal basics, to data protection impact assessment methods, and privacy-enhancing technologies. The modules were delivered using hypertext, digital content and three video production styles: slides with voice-over, talking heads and interviews. The main contribution of this work is the roadmap on how to design a highly relevant mooc on privacy by design and the gdpr aimed at an heterogeneous audience.
|
|
| 3. |
- Fritsch, Lothar, 1970-, et al.
(författare)
-
Applications of Privacy and Security Research in the Upcoming Battlefield of Things
- 2018
-
Ingår i: Proceedings of the 17th European Conference on Cyber Warfare and Security. - Reading : Academic Conferences and Publishing International Limited. - 9781911218852 - 9781911218869
-
Konferensbidrag (refereegranskat)abstract
- This article presents the results of a trend scouting study on the applicability of contemporary information privacy and information security research in future defence scenarios in a 25-year-horizon. We sketch the expected digital warfare and defence environment as a “battlefield of things” where connected objects, connected soldiers and automated and autonomous sensing and acting systems are core elements. Based on this scenario, we discuss current research in information security and information privacy and their relevance and applicability for the future scenario.
|
|
| 4. |
- Fritsch, Lothar, 1970-
(författare)
-
Comments on ”The grant life cycle – a researcher’s handbook”
- 2017
-
Rapport (övrigt vetenskapligt/konstnärligt)abstract
- The grant proposing introduction tutorial for young researchers is undergoing revision at Karlstad University. The Grants and Innovation Office (GIO) has requested suggestions for improvements from researchers. This document is a review of the existing document, including suggestions, critique and recommendations for complementary information in support of the GIO presentation at the Computer Science Department on March 29, 2017.
|
|
| 5. |
- Fritsch, Lothar, 1970-, et al.
(författare)
-
Derived Partial Identities Generated from App Permissions
- 2017
-
Ingår i: Open Identity Summit 2017. - Bonn : Gesellschaft für Informatik. - 9783885796718 ; , s. 117-130
-
Konferensbidrag (refereegranskat)abstract
- This article presents a model of partial identities derived from app permissions that is based on Pfitzmann and Hansen’s terminology for privacy [PH10]. The article first shows how app permissions accommodate the accumulation of identity attributes for partial digital identities by building a model for identity attribute retrieval through permissions. Then, it presents an experimental survey of partial identity access for selected app groups. By applying the identity attribute retrieval model on the permission access log from the experiment, we show how apps’ permission usage is providing to identity profiling.
|
|
| 6. |
|
|
| 7. |
- Fritsch, Lothar, 1970-, et al.
(författare)
-
I’m Not That Old Yet! The Elderly and Us in HCI and Assistive Technology
- 2018
-
Ingår i: Proceedings of the Mobile Privacy and Security for an Ageing Population workshop at the 20th International Conference on Human-Computer Interaction with Mobile Devices and Services (MobileHCI) 2018. - Barcelona : University of Bath; Cranfield university; Northumbria university, Newcastle; University of Portsmouth.
-
Konferensbidrag (övrigt vetenskapligt/konstnärligt)abstract
- Recent HCI research in information security and privacy focuses on the Elderly. It aims at the provision of inclu-sive, Elderly-friendly interfaces for security and data protection features. Much attention is put on care situa-tions where the image of the Elderly is that of sick or disabled persons not mastering contemporary infor-mation technology. That population is however a frac-tion of the group called the Elderly. In this position pa-per, we argue that the Elderly are a very diverse popu-lation. We discuss issues rising from researchers and software architects’ misconception of the Elderly as technology-illiterate and unable. We suggest a more nuanced approach that includes changing personal abil-ities over the course of life.
|
|
| 8. |
- Fritsch, Lothar, 1970-, et al.
(författare)
-
Implications of Privacy & Security Research for the Upcoming Battlefield of Things
- 2019
-
Ingår i: Journal of Information Warfare. - : Peregrine Technical Solutions, LLC. - 1445-3312. ; 17:4, s. 72-87
-
Tidskriftsartikel (refereegranskat)abstract
- This article presents the results of a trend-scouting study on the applicability of contemporary information privacy and information security research in future defence scenarios in a 25-year-horizon. The authors sketch the expected digital warfare and defence environment as a‘Battlefield of Things’ in which connected objects, connected soldiers, and automated and autonomous sensing and acting systems are core elements. Based on this scenario, the authors discuss current research in information security and information privacy and their relevance and applicability for the future scenario.
|
|
| 9. |
- Fritsch, Lothar, 1970-
(författare)
-
Partial commitment – "Try before you buy" and "Buyer’s remorse" for personal data in Big Data & Machine learning
- 2017
-
Ingår i: Trust Management XI. - Cham, Switzerland : Springer. - 9783319591704 - 9783319591711 ; , s. 3-11
-
Konferensbidrag (refereegranskat)abstract
- The concept of partialcommitment is discussed in the context of personal privacy management in datascience. Uncommitted, promiscuous or partially committed user’s data may eitherhave a negative impact on model or data quality, or it may impose higherprivacy compliance cost on data service providers. Many Big Data (BD) andMachine Learning (ML) scenarios involve the collection and processing of largevolumes of person-related data. Data is gathered about many individuals as wellas about many parameters in individuals. ML and BD both spend considerable resourceson model building, learning, and data handling. It is therefore important toany BD/ML system that the input data trained and processed is of high quality,represents the use case, and is legally processes in the system. Additionalcost is imposed by data protection regulation with transparency, revocation andcorrection rights for data subjects. Data subjects may, for several reasons, only partially accept a privacypolicy, and chose to opt out, request data deletion or revoke their consent fordata processing. This article discusses the concept of partial commitment andits possible applications from both the data subject and the data controllerperspective in Big Data and Machine Learning.
|
|
| 10. |
- Fritsch, Lothar, 1970-
(författare)
-
Privacy dark patterns in identity management
- 2017
-
Ingår i: Open Identity Summit 2017. - Bonn : Gesellschaft für Informatik. - 9783885796718 ; , s. 93-104
-
Konferensbidrag (refereegranskat)abstract
- This article presents three privacy dark patterns observed in identity management. Dark patterns are software design patterns that intentionally violate requirements, in the given case privacy requirements for identity management. First, the theoretical background is presented, and then next, the observed patterns are documented, described and formalized. The resulting dark patterns show how security is used as obfuscation of data collection, how the seemingly harmless collection of additional data is advertised to end users, and how the use of anonymization technology is actively discouraged by service providers.
|
|
| 11. |
- Fritsch, Lothar, 1970-
(författare)
-
Summary of the 2nd 7DAV008 Peer Review PhD course deployment, 28-September-2017 : Technical report LOF2017-3.
- 2017
-
Rapport (populärvet., debatt m.m.)abstract
- The course is intended to teach 1st-year doctoral students about peer reviewing as part of the scientific production cycle. As preparation for the course, the students receive a reading list with articles covering various aspects of peer review. Students then have to select one article they will summarize in a 10-minute presentation for the seminar group. Another student will complement as a respondent with a 5-minute slot for presentation. A half-day seminar is then held where the students will present and discuss their reviewed articles. This is followed up with a session on various professional and ethical issues to consider when acting as a reviewer. A following session shows and discusses examples of review reports, with possible contributions of student-received reviews. Finally, the course introduces Easychair, a platform for managing peer reviews. Following the seminar course, the students have to perform five peer reviews in collaboration with and instruction from their supervisors. The course will be completed when the seminar and five reviews are completed.
|
|
| 12. |
- Hatamian, Majid, et al.
(författare)
-
A Multilateral Privacy Impact Analysis Method for Android Apps
- 2019
-
Ingår i: Privacy Technologies and Policy. - Cham : Springer. - 9783030217518 - 9783030217525 ; , s. 87-106
-
Konferensbidrag (refereegranskat)abstract
- Smartphone apps have the power to monitor most of people’s private lives. Apps can permeate private spaces, access and map social relationships, monitor whereabouts and chart people’s activities in digital and/or real world. We are therefore interested in how much information a particular app can and intends to retrieve in a smartphone. Privacy-friendliness of smartphone apps is typically measured based on single-source analyses, which in turn, does not provide a comprehensive measurement regarding the actual privacy risks of apps. This paper presents a multi-source method for privacy analysis and data extraction transparency of Android apps. We describe how we generate several data sets derived from privacy policies, app manifestos, user reviews and actual app profiling at run time. To evaluate our method, we present results from a case study carried out on ten popular fitness and exercise apps. Our results revealed interesting differences concerning the potential privacy impact of apps, with some of the apps in the test set violating critical privacy principles. The result of the case study shows large differences that can help make relevant app choices.
|
|
| 13. |
- Keller, Joerg, et al.
(författare)
-
Cyberattack Detection and Response J.UCS Special Issue
- 2019
-
Ingår i: Journal of universal computer science (Online). - : GRAZ UNIV TECHNOLOGY, INST INFORMATION SYSTEMS COMPUTER MEDIA-IICM. - 0948-695X .- 0948-6968. ; 25:11, s. 1394-1395
-
Tidskriftsartikel (övrigt vetenskapligt/konstnärligt)
|
|
| 14. |
- Lenhard, Jörg, et al.
(författare)
-
A Literature Study on Privacy Patterns Research
- 2017
-
Ingår i: SEAA 2017 - 43rd Euromicro Conference Series on Software Engineering and Advanced Applications. - : IEEE. - 9781538621417 - 9781538621424 ; , s. 194-200
-
Konferensbidrag (refereegranskat)abstract
- Context: Facing the implementation of the EU General Data Protection Regulation in May 2018, many commercial software providers will soon need to adapt their products to new privacy-related constraints. Privacy patterns defined for different aspects of the software engineering process promise to be a useful concept for this task. In this situation, it seems valuable to characterize the state of the research related to privacy patterns.Objective: To identify, characterize and classify the contributions made by published research results related to patterns in the context of considering privacy concerns in engineering software. Method: A literature review in form of a mapping study of scientific articles was performed. The resulting map structures the relevant body of work into multiple dimensions, illustrating research focuses and gaps.Results: Results show that empirical evidence in this field is scarce and that holistic approaches to engineering privacy into software based on patterns are lacking. This potentially hinders industrial adoption.Conclusion: Based on these results, we recommend to empirically validate existing privacy patterns, to consolidate them in pattern catalogues and languages, and to move towards seamless approaches from engineering privacy requirements to implementation.
|
|
| 15. |
- Momen, Nurul, 1988-, et al.
(författare)
-
Did App Privacy Improve After the GDPR?
- 2019
-
Ingår i: IEEE Security and Privacy. - : IEEE. - 1540-7993 .- 1558-4046. ; 17:6, s. 10-20
-
Tidskriftsartikel (refereegranskat)abstract
- In this article, we present an analysis of app behavior before and after the regulatory change in dataprotection in Europe. Our data shows that app privacy has moderately improved after the implementationof the General Data Protection Regulation.In May 2018, stronger regulation of the processingof personal data became law in the EuropeanUnion, known as the General Data Protection Regulation(GDPR).1 The expected effect of the regulation was betterprotection of personal data, increased transparencyof collection and processing, and stronger interventionrights of data subjects, with some authors claiming thatthe GDPR would change the world, or at least that ofdata protection regulation.2 The GDPR had a two-year(2016–2018) implementation period that followedfour years of preparation. At the time of this writing,in November 2019, one and one-half years have passedsince the implementation of GDPR.Has the GDPR had an effect on consumer software?Has the world of code changed too? Did theGDPR have a measurable effect on mobile apps’behavior? How should such a change in behavior bemeasured?In our study, we decided to use two indicators for measurement:Android dangerous permission16 privileges anduser feedback from the Google Play app market. We collecteddata from smartphones with an installed app set formonths before GDPR implementation on 25 May 2018and months after that date.
|
|
| 16. |
- Momen, Nurul, et al.
(författare)
-
How much Privilege does an App Need? Investigating Resource Usage of Android Apps
- 2017
-
Ingår i: Proceedings of the Fifteenth International Conference on Privacy, Security and Trust – PST 2017 (IEEE proceedings pendings). - : IEEE. - 9781538624876 - 9781538624883
-
Konferensbidrag (refereegranskat)abstract
- Arguably, one of the default solutions to many of today’s everyday errands is to install an app. In order to deliver a variety of convenient and user-centric services, apps need to access different types of information stored in mobile devices, much of which is personal information. In principle, access to such privacy sensitive data should be kept to a minimum. In this study, we focus on privilege utilization patterns by apps installed on Android devices. Though explicit consent is required prior to first time access to the resource, the unavailability of usage information makes it unclear when trying to reassess the users initial decision. On the other hand, if granted privilege with little or no usage, it would suggest the likely violation of the principle of least privilege. Our findings illustrate a plausible requirement for visualising resource usage to aid the user in their decision- making and finer access control mechanisms.
|
|
| 17. |
- Momen, Nurul
(författare)
-
Towards Measuring Apps' Privacy-Friendliness
- 2018
-
Licentiatavhandling (övrigt vetenskapligt/konstnärligt)abstract
- Today's phone could be described as a charismatic tool that has the ability to keep human beings captivated for a considerable amount of their precious time. Users remain in the illusory wonderland with free services, while their data becomes the subject to monetizing by a genie called big data. In other words, users pay with their personal data but the price is in a way invisible. Poor means to observe and to assess the consequences of data disclosure causes hindrance for the user to be aware of and to take preventive measures.Mobile operating systems use permission-based access control mechanism to guard system resources and sensors. Depending on the type, apps require explicit consent from the user in order to avail access to those permissions. Nonetheless, it does not put any constraint on access frequency. Granted privileges allow apps to access to users' personal information for indefinite period of time until being revoked explicitly. Available control tools lack monitoring facility which undermines the performance of access control model. It has the ability to create privacy risks and nontransparent handling of personal information for the data subject.This thesis argues that app behavior analysis yields information which has the potential to increase transparency, to enhance privacy protection, to raise awareness regarding consequences of data disclosure, and to assist the user in informed decision making while selecting apps or services. It introduces models and methods, and demonstrates the risks with experiment results. It also takes the risks into account and makes an effort to determine apps' privacy-friendliness based on empirical data from app-behavior analysis.
|
|
| 18. |
|
|
| 19. |
|
|
| 20. |
- Tjostheim, Ingvar, et al.
(författare)
-
Similar Information Privacy Behavior in 60-65s vs. 50-59ers - Findings From A European Survey on The Elderly
- 2018
-
Ingår i: Proceedings of the Mobile Privacy and Security for an Ageing Population workshop at the 20th International Conference on Human-Computer Interaction with Mobile Devices and Services (MobileHCI) 2018; September 3, 2018, Barcelona, Spain. - Barcelona : University of Bath; Cranfield university; Northumbria university, Newcastle; University of Portsmouth.
-
Konferensbidrag (övrigt vetenskapligt/konstnärligt)abstract
- In this article, we presentfindings from a European survey with 10 countries on the subject sharing of personal information and concernsof the citizens. We compare the age group 60-65 years old with the age group 50-59, and in addition compare the Nordic region with the non-nordic population.There are more similarities than differences. The survey indicates that many of the elderly 60-65 take steps to protect their personal data.
|
|
| 21. |
- Tjøstheim, Ingvar, et al.
(författare)
-
Research Directions for Studying Users’ Privacy Awareness
- 2016
-
Rapport (övrigt vetenskapligt/konstnärligt)abstract
- In this document, we present a set of research questions on how to evoke reflection aboutsharing of personal data and privacy. We look into analytical approaches to understandthe phenomenon of people’s privacy behaviour and into synthetical approaches to letthe user practise privacy skills to increase awareness using visualisation and simulationtechnologies in scenarios of relevance to the user. We also review potential risks to security,privacy, anonymity, and other assets and the use of information in social media, foradvertisement and commercial activities.
|
|
