SwePub - sökning: WFRF:(Fritsch Lothar)

Numrering	Referens	Omslagsbild	Hitta
1.	Berthold, Stefan (författare) Inter-temporal Privacy Metrics 2014 Doktorsavhandling (övrigt vetenskapligt/konstnärligt)abstract Informational privacy of individuals has significantly gained importance after information technology has become widely deployed. Data, once digitalised, can be copied, distributed, and long-term stored at negligible costs. This has dramatic consequences for individuals that leave traces in the form of personal data whenever they interact with information technology, for instance, computers and phones; or even when information technology is recording the personal data of aware or unaware individuals. The right of individuals for informational privacy, in particular to control the flow and use of their personal data, is easily undermined by those controlling the information technology.The objective of this thesis is to study the measurement of informational privacy with a particular focus on scenarios where an individual discloses personal data to a second party which uses this data for re-identifying the individual within a set of other individuals. We contribute with privacy metrics for several instances of this scenario in the publications included in this thesis, most notably one which adds a time dimension to the scenario for modelling the effects of the time passed between data disclosure and usage. The result is a new framework for inter-temporal privacy metrics.
2.	Bisztray, Tamas, et al. (författare) Data Protection Impact Assessment in Identity Control Management with a Focus on Biometrics 2020 Ingår i: Open Identity Summit 2020. - Bonn : Gesellschaft für Informatik e.V.. - 9783885796992 ; , s. 185-192 Konferensbidrag (refereegranskat)abstract Privacy issues concerning biometric identification are becoming increasingly relevant due to their proliferation in various fields, including identity and access control management (IAM). The General Data Protection Regulation (GDPR) requires the implementation of a data protection impact assessment for privacy critical systems. In this paper, we analyse the usefulness of two different privacy impact assessment frameworks in the context of biometric data protection. We use experiences from the SWAN project that processes four different biometric characteristics for authentication purposes. The results of this comparison elucidate how useful these frameworks are in identifying sector-specific privacy risks related to IAM and biometric identification.
3.	Colesky, Michael, et al. (författare) Helping Software Architects Familiarize with the General Data Protection Regulation 2019 Ingår i: 2019 IEEE International Conference on Software Architecture Companion (ICSA-C). - : IEEE. - 9781728118772 - 9781728118765 ; , s. 226-229 Konferensbidrag (refereegranskat)abstract Abstract—The General Data Protection Regulation (GDPR)impacts any information systems that process personal datain or from the European Union. Yet its enforcement is stillrecent. Organizations under its effect are slow to adopt itsprinciples. One particular difficulty is the low familiarity withthe regulation among software architects and designers. Thedifficulty to interpret the content of the legal regulation ata technical level adds to that. This results in problems inunderstanding the impact and consequences that the regulationmay have in detail for a particular system or project context.In this paper we present some early work and emergingresults related to supporting software architects in this situation.Specifically, we target those who need to understand how theGDPR might impact their design decisions. In the spirit ofarchitectural tactics and patterns, we systematically identifiedand categorized 155 forces in the regulation. These results formthe conceptual base for a first prototypical tool. It enablessoftware architects to identify the relevant forces by guidingthem through an online questionnaire. This leads them to relevantfragments of the GDPR and potentially relevant privacy patterns.We argue that this approach may help software professionals,in particular architects, familiarize with the GDPR and outlinepotential paths for evaluation.
4.	Deng, Ming, et al. (författare) Personal rights management : Taming camera-phones for individual privacy enforcement 2006 Ingår i: Privacy Enhancing Technologies. - Berlin, Heidelberg : Springer. - 9783540687900 ; , s. 172-189 Konferensbidrag (refereegranskat)abstract With ubiquitous use of digital camera devices, especially in mobile phones, privacy is no longer threatened by governments and companies only. The new technology creates a new threat by ordinary people, who could take and distribute pictures of an individual with no risk and little cost in any situation in public or private spaces. Fast distribution via web based photo albums, online communities and web pages expose an individual's private life to the public. Social and legal measures are increasingly taken to deal with this problem, but they are hard to enforce in practice. In this paper, we proposed a model for privacy infrastructures aiming for the distribution channel such that as soon as the picture is publicly available, the exposed individual has a chance to find it and take proper action in the first place. The implementation issues of the proposed protocol are discussed. Digital rights management techniques are applied in our proposed infrastructure, and data identification techniques such as digital watermarking and robust perceptual hashing are proposed to enhance the distributed content identification.
5.	Fischer-Hübner, Simone, 1963-, et al. (författare) A MOOC on Privacy by Design and the GDPR 2018 Ingår i: Information Security Education. - Cham, Switzerland : Springer. - 9783319997346 ; , s. 95-107 Konferensbidrag (refereegranskat)abstract In this paper we describe how we designed a massive open online course (mooc) on Privacy by Design with a focus on how to achieve compliance with the eu gdpr principles and requirements in it engineering and management. This mooc aims at educating both professionals and undergraduate students, i.e., target groups with distinct educational needs and requirements, within a single course structure. We discuss why developing and publishing such a course is a timely decision and fulfills the current needs of the professional and undergraduate education. The mooc is organized in five modules, each of them with its own learning outcomes and activities. The modules focus on different aspects of the gdpr that data protection officers have to be knowledgeable about, ranging from the legal basics, to data protection impact assessment methods, and privacy-enhancing technologies. The modules were delivered using hypertext, digital content and three video production styles: slides with voice-over, talking heads and interviews. The main contribution of this work is the roadmap on how to design a highly relevant mooc on privacy by design and the gdpr aimed at an heterogeneous audience.
6.	Fritsch, Lothar, 1970-, et al. (författare) A holistic approach to Open-Source VoIP security : Preliminary results from the EUX2010sec project 2009 Ingår i: Networks, 2009. ICN '09. Eighth International Conference on. - : IEEE. ; , s. 275-280 Konferensbidrag (refereegranskat)abstract This paper describes the approach and preliminary results from the research project EUX2010sec. The project works closely with Voice-over-IP (VoIP) companies and users. It aims at providing better security of opera source VoIP installations. The work towards this goal is organized by gathering researchers and practitioners around several scientific activities that range from security modeling and verification up to testbed testing. The expected outcomes of the project are a solid scientific and practical understanding of the security options for setting tip VoIP infrastructures, particular guidance on secure, typical setups of such infrastructures, The project's special focus is on producing results relevant to the practitioners in the project, aiming at the stimulation of innovation and the provision of highest quality in open-source based VoIP products and services.
7.	Fritsch, Lothar, 1970-, et al. (författare) Applications of Privacy and Security Research in the Upcoming Battlefield of Things 2018 Ingår i: Proceedings of the 17th European Conference on Cyber Warfare and Security. - Reading : Academic Conferences and Publishing International Limited. - 9781911218852 - 9781911218869 Konferensbidrag (refereegranskat)abstract This article presents the results of a trend scouting study on the applicability of contemporary information privacy and information security research in future defence scenarios in a 25-year-horizon. We sketch the expected digital warfare and defence environment as a “battlefield of things” where connected objects, connected soldiers and automated and autonomous sensing and acting systems are core elements. Based on this scenario, we discuss current research in information security and information privacy and their relevance and applicability for the future scenario.
8.	Fritsch, Lothar, 1970- (författare) Comments on ”The grant life cycle – a researcher’s handbook” 2017 Rapport (övrigt vetenskapligt/konstnärligt)abstract The grant proposing introduction tutorial for young researchers is undergoing revision at Karlstad University. The Grants and Innovation Office (GIO) has requested suggestions for improvements from researchers. This document is a review of the existing document, including suggestions, critique and recommendations for complementary information in support of the GIO presentation at the Computer Science Department on March 29, 2017.
9.	Fritsch, Lothar, 1970-, et al. (författare) Derived Partial Identities Generated from App Permissions 2017 Ingår i: Open Identity Summit 2017. - Bonn : Gesellschaft für Informatik. - 9783885796718 ; , s. 117-130 Konferensbidrag (refereegranskat)abstract This article presents a model of partial identities derived from app permissions that is based on Pfitzmann and Hansen’s terminology for privacy [PH10]. The article first shows how app permissions accommodate the accumulation of identity attributes for partial digital identities by building a model for identity attribute retrieval through permissions. Then, it presents an experimental survey of partial identity access for selected app groups. By applying the identity attribute retrieval model on the permission access log from the experiment, we show how apps’ permission usage is providing to identity profiling.
10.	Fritsch, Lothar, 1970- (författare) How Big Data Helps SDN with data Protection and Privacy 2018 Ingår i: Big Data and Software Defined Networks. - London, UK : Institution of Engineering and Technology. - 9781785613043 ; , s. 339-351 Bokkapitel (refereegranskat)
11.	Fritsch, Lothar (författare) Identification collapse - contingency in Identity Management 2020 Ingår i: Open Identity Summit 2020. - Bonn : Gesellschaft für Informatik e.V.. - 9783885796992 ; , s. 15-26 Konferensbidrag (refereegranskat)abstract Identity management (IdM) facilitates identification, authentication and authorization inmost digital processes that involve humans. Digital services as well as work processes, customerrelationship management, telecommunications and payment systems rely on forms of IdM. IdMis a business-critical infrastructure. Organizations rely on one specific IdM technology chosen tofit a certain context. Registration, credential issuance and deployment of digital identities are thenbound to the chosen technology. What happens if that technology is disrupted? This article discussesconsequences and mitigation strategies for identification collapse based on case studies and literaturesearch. The result is a surprising shortage of available documented mitigation and recovery strategiesfor identification collapse.
12.	Fritsch, Lothar (författare) Identity Management as a target in cyberwar 2020 Ingår i: Open Identity Summit 2020. - Bonn : Gesellschaft für Informatik e.V.. - 9783885796992 ; , s. 61-70 Konferensbidrag (refereegranskat)abstract This article will discuss Identity Management (IdM) and digital identities in the context ofcyberwar. Cyberattacks that target or exploit digital identities in this context gain leverage throughthe central position of IdM digital infrastructures. Such attacks will compromize service operations,reduce the security of citizens and will expose personal data - those of military personell included. Thearticle defines the issue, summarizes its background and then discusses the implications of cyberwarfor vendors and applicants digital identity management infrastructures where IdM is positioned as acritical infrastructure in society.
13.	Fritsch, Lothar, 1970-, et al. (författare) I’m Not That Old Yet! The Elderly and Us in HCI and Assistive Technology 2018 Ingår i: Proceedings of the Mobile Privacy and Security for an Ageing Population workshop at the 20th International Conference on Human-Computer Interaction with Mobile Devices and Services (MobileHCI) 2018. - Barcelona : University of Bath; Cranfield university; Northumbria university, Newcastle; University of Portsmouth. Konferensbidrag (övrigt vetenskapligt/konstnärligt)abstract Recent HCI research in information security and privacy focuses on the Elderly. It aims at the provision of inclu-sive, Elderly-friendly interfaces for security and data protection features. Much attention is put on care situa-tions where the image of the Elderly is that of sick or disabled persons not mastering contemporary infor-mation technology. That population is however a frac-tion of the group called the Elderly. In this position pa-per, we argue that the Elderly are a very diverse popu-lation. We discuss issues rising from researchers and software architects’ misconception of the Elderly as technology-illiterate and unable. We suggest a more nuanced approach that includes changing personal abil-ities over the course of life.
14.	Fritsch, Lothar, 1970-, et al. (författare) Implications of Privacy & Security Research for the Upcoming Battlefield of Things 2019 Ingår i: Journal of Information Warfare. - : Peregrine Technical Solutions, LLC. - 1445-3312. ; 17:4, s. 72-87 Tidskriftsartikel (refereegranskat)abstract This article presents the results of a trend-scouting study on the applicability of contemporary information privacy and information security research in future defence scenarios in a 25-year-horizon. The authors sketch the expected digital warfare and defence environment as a‘Battlefield of Things’ in which connected objects, connected soldiers, and automated and autonomous sensing and acting systems are core elements. Based on this scenario, the authors discuss current research in information security and information privacy and their relevance and applicability for the future scenario.
15.	Fritsch, Lothar, 1970-, et al. (författare) On the Internet of Things, Trust is Relative 2012 Ingår i: CONSTRUCTURING AMBIENT INTELLIGENCE. - : Springer Berlin/Heidelberg. - 9783642314780 ; , s. 267-273 Konferensbidrag (refereegranskat)abstract End-users on the Internet of Things (IoT) will encounter many different devices and services; they will need to decide whether or not they can trust these devices and services with their information. We identify three items of trust information that end-users will need to determine if they should trust something on the IoT. We create a taxonomy of the likely scenarios end-users will encounter on the IoT and present five trust strategies for obtaining this trust information. Upon applying these strategies to our scenarios, we find that there is no strategy that can work efficiently and effectively in every situations; end-users will need to apply the strategy that best fits their current situation. Offering multiple trust strategies in parallel and having this information transparent to end-users will ensure a sustainable IoT.
16.	Fritsch, Lothar, 1970- (författare) Partial commitment – "Try before you buy" and "Buyer’s remorse" for personal data in Big Data & Machine learning 2017 Ingår i: Trust Management XI. - Cham, Switzerland : Springer. - 9783319591704 - 9783319591711 ; , s. 3-11 Konferensbidrag (refereegranskat)abstract The concept of partialcommitment is discussed in the context of personal privacy management in datascience. Uncommitted, promiscuous or partially committed user’s data may eitherhave a negative impact on model or data quality, or it may impose higherprivacy compliance cost on data service providers. Many Big Data (BD) andMachine Learning (ML) scenarios involve the collection and processing of largevolumes of person-related data. Data is gathered about many individuals as wellas about many parameters in individuals. ML and BD both spend considerable resourceson model building, learning, and data handling. It is therefore important toany BD/ML system that the input data trained and processed is of high quality,represents the use case, and is legally processes in the system. Additionalcost is imposed by data protection regulation with transparency, revocation andcorrection rights for data subjects. Data subjects may, for several reasons, only partially accept a privacypolicy, and chose to opt out, request data deletion or revoke their consent fordata processing. This article discusses the concept of partial commitment andits possible applications from both the data subject and the data controllerperspective in Big Data and Machine Learning.
17.	Fritsch, Lothar, 1970- (författare) Privacy dark patterns in identity management 2017 Ingår i: Open Identity Summit 2017. - Bonn : Gesellschaft für Informatik. - 9783885796718 ; , s. 93-104 Konferensbidrag (refereegranskat)abstract This article presents three privacy dark patterns observed in identity management. Dark patterns are software design patterns that intentionally violate requirements, in the given case privacy requirements for identity management. First, the theoretical background is presented, and then next, the observed patterns are documented, described and formalized. The resulting dark patterns show how security is used as obfuscation of data collection, how the seemingly harmless collection of additional data is advertised to end users, and how the use of anonymization technology is actively discouraged by service providers.
18.	Fritsch, Lothar, 1970- (författare) Security and privacy engineering for corporate use of social community platforms 2011 Ingår i: INFORMATIK 2011 - Informatik schafft Communities - 41. Jahrestagung der Gesellschaft für Informatik e.V.. - : Gesellschaft für Informatik. - 9783885792864 Konferensbidrag (refereegranskat)
19.	Fritsch, Lothar, 1970- (författare) Summary of the 2nd 7DAV008 Peer Review PhD course deployment, 28-September-2017 : Technical report LOF2017-3. 2017 Rapport (populärvet., debatt m.m.)abstract The course is intended to teach 1st-year doctoral students about peer reviewing as part of the scientific production cycle. As preparation for the course, the students receive a reading list with articles covering various aspects of peer review. Students then have to select one article they will summarize in a 10-minute presentation for the seminar group. Another student will complement as a respondent with a 5-minute slot for presentation. A half-day seminar is then held where the students will present and discuss their reviewed articles. This is followed up with a session on various professional and ethical issues to consider when acting as a reviewer. A following session shows and discusses examples of review reports, with possible contributions of student-received reviews. Finally, the course introduces Easychair, a platform for managing peer reviews. Following the seminar course, the students have to perform five peer reviews in collaboration with and instruction from their supervisors. The course will be completed when the seminar and five reviews are completed.
20.	Fritsch, Lothar, 1970- (författare) The Clean Privacy Ecosystem of the Future Internet 2013 Ingår i: Future Internet. - : MDPI. - 1999-5903. ; 5:1, s. 34-45 Tidskriftsartikel (refereegranskat)abstract This article speculates on the future of privacy and electronic identities on the Internet. Based on a short review of security models and the development of privacy-enhancing technology, privacy and electronic identities will be discussed as parts of a larger context—an ecosystem of personal information and electronic identities. The article argues for an ecosystem view of personal information and electronic identities, as both personal information and identity information are basic required input for many applications. Therefore, for both application owners and users, a functioning ecosystem of personal information and electronic identification is important. For the future of the Internet, high-quality information and controlled circulation of such information is therefore argued as decisive for the value of future Internet applications.
21.	Fritsch, Lothar, 1970-, et al. (författare) Towards Inclusive Identity Management : 1st IDIS workshop 2008 2010 Ingår i: Identity in the Information Society. - : Springer. - 1876-0678. ; 3:3, s. 515-538 Tidskriftsartikel (refereegranskat)abstract The article argues for a shift of perspective in identity management (IDM) research and development. Accessibility and usability issues affect identity management to such an extent that they demand a reframing and reformulation of basic designs and requirements of modern identity management systems. The rationale for the traditional design of identity management systems and mechanisms has been security concerns as defined in the field of security engineering. By default the highest security level has been recommended and implemented, often without taking end-user needs and accessibility issues into serious consideration. The article provides a conceptual framework for inclusive IDM, a brief overview of the regulatory status of inclusive IDM and a taxonomy of inclusive identity management methods. Several widespread IDM approaches, methods and techniques are analyzed and discussed from the perspective of inclusive design. Several important challenges are identified and some ideas for solutions addressing the challenges are proposed and discussed.
22.	Fritsch, Lothar, 1970- (författare) Trust and Privacy in the Internet of Things in the User’s View - Keynote talk on "Future Trends and Challenges" track 2012 Ingår i: Chip-to-Cloud Security Forum 2012. - Nice, France. Konferensbidrag (refereegranskat)
23.	Hatamian, Majid, et al. (författare) A Multilateral Privacy Impact Analysis Method for Android Apps 2019 Ingår i: Privacy Technologies and Policy. - Cham : Springer. - 9783030217518 - 9783030217525 ; , s. 87-106 Konferensbidrag (refereegranskat)abstract Smartphone apps have the power to monitor most of people’s private lives. Apps can permeate private spaces, access and map social relationships, monitor whereabouts and chart people’s activities in digital and/or real world. We are therefore interested in how much information a particular app can and intends to retrieve in a smartphone. Privacy-friendliness of smartphone apps is typically measured based on single-source analyses, which in turn, does not provide a comprehensive measurement regarding the actual privacy risks of apps. This paper presents a multi-source method for privacy analysis and data extraction transparency of Android apps. We describe how we generate several data sets derived from privacy policies, app manifestos, user reviews and actual app profiling at run time. To evaluate our method, we present results from a case study carried out on ten popular fitness and exercise apps. Our results revealed interesting differences concerning the potential privacy impact of apps, with some of the apps in the test set violating critical privacy principles. The result of the case study shows large differences that can help make relevant app choices.
24.	Hatamian, Majid, et al. (författare) A privacy and security analysis of early-deployed COVID-19 contact tracing Android apps 2021 Ingår i: Empirical Software Engineering. - : Springer Nature. - 1382-3256 .- 1573-7616. ; 26:3 Tidskriftsartikel (refereegranskat)abstract As this article is being drafted, the SARS-CoV-2/COVID-19 pandemic is causing harm and disruption across the world. Many countries aimed at supporting their contact tracers with the use of digital contact tracing apps in order to manage and control the spread of the virus. Their idea is the automatic registration of meetings between smartphone owners for the quicker processing of infection chains. To date, there are many contact tracing apps that have already been launched and used in 2020. There has been a lot of speculations about the privacy and security aspects of these apps and their potential violation of data protection principles. Therefore, the developers of these apps are constantly criticized because of undermining users’ privacy, neglecting essential privacy and security requirements, and developing apps under time pressure without considering privacy- and security-by-design. In this study, we analyze the privacy and security performance of 28 contact tracing apps available on Android platform from various perspectives, including their code’s privileges, promises made in their privacy policies, and static and dynamic performances. Our methodology is based on the collection of various types of data concerning these 28 apps, namely permission requests, privacy policy texts, run-time resource accesses, and existing security vulnerabilities. Based on the analysis of these data, we quantify and assess the impact of these apps on users’ privacy. We aimed at providing a quick and systematic inspection of the earliest contact tracing apps that have been deployed on multiple continents. Our findings have revealed that the developers of these apps need to take more cautionary steps to ensure code quality and to address security and privacy vulnerabilities. They should more consciously follow legal requirements with respect to apps’ permission declarations, privacy principles, and privacy policy contents.
25.	Iwaya, Leonardo H, et al. (författare) Early Labour App: Developing a practice-based mobile health application for digital early labour support 2023 Ingår i: International Journal of Medical Informatics. - : Elsevier. - 1386-5056 .- 1872-8243. ; 177 Tidskriftsartikel (refereegranskat)abstract Background: Pregnant women in early labour have felt excluded from professional care, and their partners have been restricted from being involved in the birthing process. Expectant parents must be better prepared to deal with fear and stress during early labour. There is a need for evidence-based information and digital applications that can empower couples during childbirth.Objective: To develop and identify requirements for a practice-based mobile health (mHealth) application for Digital Early Labour Support.Methods: This research started with creating an expert group composed of a multidisciplinary team capable of informing the app development process on evidence-based practices. In consultation with the expert group, the app was built using an agile development approach (i.e., Scrum) within a continuous software engineering setting (i.e., CI/CD, DevOps), also including user and security tests.Results: During the development of the Early Labour App, two main types of challenges emerged: (1) user challenges, related to understanding the users’ needs and experience with the app, and (2) team challenges, related to the software development team in particular, and the necessary skills for translating an early labour intervention into a digital solution. This study reaffirms the importance of midwife support via blended care and the opportunity of complementing it with an app. The Early Labour App was easy to use, the women needed little to no help, and the partner's preparation was facilitated. The combination of the app together with blended care opens up awareness, thoughts and feelings about the method and provides good preparation for the birth.Conclusion: We propose the creation of the Early Labour App, a mHealth app for early labour support. The preliminary tests conducted for the Early Labour App show that the app is mature, allowing it to be used in the project's Randomised Control Trial, which is already ongoing.
26.	Josang, Audun, et al. (författare) Privacy Policy Referencing 2010 Ingår i: Trust, Privacy and Security in Digital Business. - Berlin, Heidelberg : Springer. - 9783642151514 ; , s. 129-140 Konferensbidrag (refereegranskat)abstract Data protection legislation was originally defined for a context where personal information is mostly stored on centralized servers with limited connectivity and openness to 3rd party access. Currently, servers are connected to the Internet, where a large amount of personal information is continuously being exchanged as part of application transactions. This is very different from the original context of data protection regulation. Even though there are rather strict data protection laws in an increasing number of countries, it is in practice rather challenging to ensure an adequate protection for personal data that is communicated on-line. The enforcement of privacy legislation and policies therefore might require a technological basis, which is integrated with adequate amendments to the legal framework. This article describes a new approach called Privacy Policy Referencing, and outlines the technical and the complementary legal framework that needs to be established to support it.
27.	Keller, Joerg, et al. (författare) Cyberattack Detection and Response J.UCS Special Issue 2019 Ingår i: Journal of universal computer science (Online). - : GRAZ UNIV TECHNOLOGY, INST INFORMATION SYSTEMS COMPUTER MEDIA-IICM. - 0948-695X .- 0948-6968. ; 25:11, s. 1394-1395 Tidskriftsartikel (övrigt vetenskapligt/konstnärligt)
28.	Kohlweiss, Markulf, et al. (författare) Efficient oblivious augmented maps : Location-based services with a payment broker 2007 Ingår i: PRIVACY ENHANCING TECHNOLOGIES. - Katholieke Univ Leuven, ESAT, COSIC, B-3001 Louvain, Belgium.. - 9783540755500 ; , s. 77-94 Konferensbidrag (refereegranskat)abstract Secure processing of location data in location-based services (LBS) can be implemented with cryptographic protocols. We propose a protocol based on oblivious transfer and homomorphic encryption. Its properties are the avoidance of personal information on the services side, and a fair revenue distribution scheme. We discuss this in contrast to other LBS solutions that seek to anonymize information as well as possible towards the services. For this purpose, we introduce a proxy party. The proxy interacts with multiple services and collects money from subscribing users. Later on, the proxy distributes the collected payment to the services based on the number of subscriptions to each service. Neither the proxy nor the services learn the exact relation between users and the services they are subscribed to.
29.	Kohlweiss, Markulf, et al. (författare) Privatsphäre trotz intelligenter Zähler 2012 Ingår i: digma - Zeitschrift für Datenrecht und Informationssicherheit. - 1424-9944. ; 12:1, s. 22-26 Tidskriftsartikel (refereegranskat)
30.	Konig, Wolfgang, et al. (författare) Innovation promotion in the public environment through Public private partnerships - : The example of satellite navigation 2007 Ingår i: Wirtschaftsinformatik. - Univ Frankfurt, Inst Wirtschaftsinformat, D-60054 Frankfurt, Germany. Univ Frankfurt, Inst Wirtschaftsinformat, D-60486 Frankfurt, Germany. : Springer Science and Business Media LLC. - 0937-6429 .- 1861-8936. ; 49:2, s. 77-79 Tidskriftsartikel (övrigt vetenskapligt/konstnärligt)
31.	Kävrestad, Joakim, 1989- (författare) Context-Based Micro-Training : Enhancing cybersecurity training for end-users 2022 Doktorsavhandling (övrigt vetenskapligt/konstnärligt)abstract This research addresses the human aspect of cybersecurity by developing a method for cybersecurity training of end-users. The reason for addressing that area is that human behaviour is widely regarded as one of the most used attack vectors. Exploiting human behaviour through various social engineering techniques, password guessing, and more is a common practice for attackers. Reports even suggest that human behaviour is exploited in 95% of all cybersecurity attacks. Human behaviour with regard to cybersecurity has been long discussed in the research. It is commonly suggested that users need support to behave securely. Training is often suggested as the way to improve user behaviour, and there are several different training methods available. The available training methods include instructor-led training, game-based training, eLearning, etc. However, even with the diversity of existing training methods, the effectiveness of such training has been questioned by recent research. Research suggests that existing training does not facilitate knowledge retention and user participation to a high enough degree. This research aims to address the problems with current training practices by developing a new method for cybersecurity training of end-users. The research used a design science (DS) approach to develop the new method in three increasingly complex design cycles. Principles for cybersecurity training were developed based on previous research and the Technology Acceptance Model and made the theoretical foundation of the reserach. The result is a theoretically grounded method for cybersecurity training that outlines goals and guidelines for how such training should be implemented. It has been evaluated in several steps with more than 1800 survey participants and 300 participants in various experiments. The evaluations have shown that it can both support users towards secure behaviour and be appreciated by its users. The main contribution of this research is the method for cybersecurity training, Context-Based Micro-Training (CBMT). CBMT is a theoretical contribution that describes good practices for cybersecurity training for end-users. Practitioners can adopt it as a guide on how to implement such training or to support procurement decisions. The research also shows the importance of integrating usability into the development of security practices. Users must positively receive both training and the guidelines imposed by training since positive user perception increases user adoption. Finally, the research shows that following security guidelines is difficult. While training is essential, this research suggests that training alone is not enough, and future research should consider the interplay between training and other support mechanisms.
32.	Lenhard, Jörg, et al. (författare) A Literature Study on Privacy Patterns Research 2017 Ingår i: SEAA 2017 - 43rd Euromicro Conference Series on Software Engineering and Advanced Applications. - : IEEE. - 9781538621417 - 9781538621424 ; , s. 194-200 Konferensbidrag (refereegranskat)abstract Context: Facing the implementation of the EU General Data Protection Regulation in May 2018, many commercial software providers will soon need to adapt their products to new privacy-related constraints. Privacy patterns defined for different aspects of the software engineering process promise to be a useful concept for this task. In this situation, it seems valuable to characterize the state of the research related to privacy patterns.Objective: To identify, characterize and classify the contributions made by published research results related to patterns in the context of considering privacy concerns in engineering software. Method: A literature review in form of a mapping study of scientific articles was performed. The resulting map structures the relevant body of work into multiple dimensions, illustrating research focuses and gaps.Results: Results show that empirical evidence in this field is scarce and that holistic approaches to engineering privacy into software based on patterns are lacking. This potentially hinders industrial adoption.Conclusion: Based on these results, we recommend to empirically validate existing privacy patterns, to consolidate them in pattern catalogues and languages, and to move towards seamless approaches from engineering privacy requirements to implementation.
33.	Momen, Nurul, 1988-, et al. (författare) Accept - Maybe - Decline : Introducing Partial Consent for the Permission-based Access Control Model of Android 2020 Ingår i: SACMAT '20: Proceedings of the 25th ACM Symposium on Access Control Models and Technologies. - New York, NY, USA : ACM Digital Library. ; , s. 71-80 Konferensbidrag (refereegranskat)abstract The consent to personal data sharing is an integral part of modern access control models on smart devices. This paper examines the possibility of registering conditional consent which could potentially increase trust in data sharing. We introduce an indecisive state of consenting to policies that will enable consumers to evaluate data services before fully committing to their data sharing policies. We address technical, regulatory, social, individual and economic perspectives for inclusion of partial consent within an access control mechanism. Then, we look into the possibilities to integrate it within the access control model of Android by introducing an additional button in the interface---\emph{Maybe}. This article also presents a design for such implementation and demonstrates feasibility by showcasing a prototype built on Android platform. Our effort is exploratory and aims to shed light on the probable research direction.
34.	Momen, Nurul, 1988-, et al. (författare) App-generated digital identities extracted through Androidpermission-based data access - a survey of app privacy 2020 Ingår i: Sicherheit 2020. - : Gesellschaft für Informatik. - 9783885796954 ; , s. 15-28 Konferensbidrag (refereegranskat)abstract Smartphone apps that run on Android devices can access many types of personal information. Such information can be used to identify, profile and track the device users when mapped into digital identity attributes. This article presents a model of identifiability through access to personal data protected by the Android access control mechanism called permissions. We present an abstraction of partial identity attributes related to such personal data, and then show how apps accumulate such attributes in a longitudinal study that was carried out over several months. We found that apps' successive access to permissions accumulates such identity attributes, where different apps show different interest in such attributes.
35.	Momen, Nurul, 1988-, et al. (författare) Did App Privacy Improve After the GDPR? 2019 Ingår i: IEEE Security and Privacy. - : IEEE. - 1540-7993 .- 1558-4046. ; 17:6, s. 10-20 Tidskriftsartikel (refereegranskat)abstract In this article, we present an analysis of app behavior before and after the regulatory change in dataprotection in Europe. Our data shows that app privacy has moderately improved after the implementationof the General Data Protection Regulation.In May 2018, stronger regulation of the processingof personal data became law in the EuropeanUnion, known as the General Data Protection Regulation(GDPR).1 The expected effect of the regulation was betterprotection of personal data, increased transparencyof collection and processing, and stronger interventionrights of data subjects, with some authors claiming thatthe GDPR would change the world, or at least that ofdata protection regulation.2 The GDPR had a two-year(2016–2018) implementation period that followedfour years of preparation. At the time of this writing,in November 2019, one and one-half years have passedsince the implementation of GDPR.Has the GDPR had an effect on consumer software?Has the world of code changed too? Did theGDPR have a measurable effect on mobile apps’behavior? How should such a change in behavior bemeasured?In our study, we decided to use two indicators for measurement:Android dangerous permission16 privileges anduser feedback from the Google Play app market. We collecteddata from smartphones with an installed app set formonths before GDPR implementation on 25 May 2018and months after that date.
36.	Momen, Nurul, et al. (författare) How much Privilege does an App Need? Investigating Resource Usage of Android Apps 2017 Ingår i: Proceedings of the Fifteenth International Conference on Privacy, Security and Trust – PST 2017 (IEEE proceedings pendings). - : IEEE. - 9781538624876 - 9781538624883 Konferensbidrag (refereegranskat)abstract Arguably, one of the default solutions to many of today’s everyday errands is to install an app. In order to deliver a variety of convenient and user-centric services, apps need to access different types of information stored in mobile devices, much of which is personal information. In principle, access to such privacy sensitive data should be kept to a minimum. In this study, we focus on privilege utilization patterns by apps installed on Android devices. Though explicit consent is required prior to first time access to the resource, the unavailability of usage information makes it unclear when trying to reassess the users initial decision. On the other hand, if granted privilege with little or no usage, it would suggest the likely violation of the principle of least privilege. Our findings illustrate a plausible requirement for visualising resource usage to aid the user in their decision- making and finer access control mechanisms.
37.	Momen, Nurul, 1988- (författare) Measuring Apps' Privacy-Friendliness : Introducing transparency to apps' data access behavior 2020 Doktorsavhandling (övrigt vetenskapligt/konstnärligt)abstract Mobile apps brought unprecedented convenience to everyday life, and nowadays, hardly any interactive service exists without having an interface through an app. The rich functionalities of apps rely on the pervasive capabilities of the mobile device, such as its cameras and other types of sensors. Consequently, apps generate a diverse and large amount of data, which can often be deemed as privacy-sensitive data. As the mobile device is also equipped with several means to transmit the collected data, such as WiFi and 4G, it brings further concerns about individuals' privacy.Even though mobile operating systems use access control mechanisms to guard system resources and sensors, apps exercise their granted privileges in an opaque manner. Depending on the type of privilege, apps require explicit approval from the user in order to acquire access to them through permissions. Nonetheless, granting permission does not put constraints on the access frequency. Granted privileges allow the app to access users' personal data for a long period of time, typically until the user explicitly revokes the access. Furthermore, available control tools lack monitoring features, and therefore, the user faces hindrances to comprehend the magnitude of personal data access. Such circumstances can erode intervenability from the interface of the phone, lead to incomprehensible handling of personal data, and thus, create privacy risks for the user.This thesis covers a long-term investigation of apps' data access behavior and makes an effort to shed light on various privacy implications. It also shows that app behavior analysis yields information that has the potential to increase transparency, to enhance privacy protection, to raise awareness regarding consequences of data disclosure, and to assist the user in informed decision-making while selecting apps or services. We introduce models, methods, and demonstrate the data disclosure risks with experimental results. Finally, we show how to communicate privacy risks through the user interface by taking the results of app behavior analyses into account.
38.	Momen, Nurul, 1988-, et al. (författare) Smartphone-Apps unter Beobachtung 2020 Ingår i: digma - Zeitschrift für Datenrecht und Informationssicherheit. - Zürich (CH) : Schulthess Juristische Medien AG. - 1424-9944. ; 20:3, s. 152-155 Tidskriftsartikel (övrigt vetenskapligt/konstnärligt)abstract Smartphones mit Android-Betriebssystem haben ein Zugriffskontrollsystem, welches auf Zugriffsrechten – zugeteilt per App – basiert. Damit werden Zugriffe von Android-Anwendungen Dritter auf kritische Ressourcen einschränkt. Einige dieser Rechte – von Google als sogenannte «dangerous permissions» definiert – bedürfen vor ihrer Aktivierung der Zustimmung des Nutzers. Dies geschieht durch ein Anklicken einer Zustimmung nach Start der App. Danach kann die App nach Belieben auf die jeweilige Datenquelle, beispielsweise Standortdaten (GPS), Kamera, Telefonstatus oder Adressbuch, zugreifen. Verlangt eine App Zugriff beispielsweise auf das Adressbuch, so muss vom Nutzer der Adressbuch-Zugriff beim ersten Versuch genehmigt werden. Diese Genehmigung wird dann ohne zeitliche Einschränkung in der App für zukünftige Zugriffe hinterlegt.Eine Verweigerung der Rechte in den Einstellungen führt oft zu Fehlfunktionen der Apps.Laufzeitberechtigungen werden auf Gruppenbasis erteilt. Um zum Beispiel Bluetooth verwenden zu können, wie es die Covid App benötigt, muss der Nutzer die Zustimmung zur Gruppe «Standort» geben. Wenn eine Anwendung erneut Laufzeitberechtigungen anfordert, die sich auf dieselbe Berechtigungsgruppe beziehen, werden, sobald eine davon erteilt ist, auch alle anderen erteilt. In unserer Forschung stellten wir uns die Aufgabe, die Zugriffsfrequenzen auf datenschutzrelevante Datenquellen zu messen. Ziel war die Quantifizierung des Risikos für den Nutzer und die Schaffung von Transparenz über Datensammlungen sowohl in wissenschaftlicher Perspektive also auch zur Information von Endnutzern. Im Folgenden beschreiben wir Ergebnisse und Vorgehensweise unserer Studien.
39.	Momen, Nurul (författare) Towards Measuring Apps' Privacy-Friendliness 2018 Licentiatavhandling (övrigt vetenskapligt/konstnärligt)abstract Today's phone could be described as a charismatic tool that has the ability to keep human beings captivated for a considerable amount of their precious time. Users remain in the illusory wonderland with free services, while their data becomes the subject to monetizing by a genie called big data. In other words, users pay with their personal data but the price is in a way invisible. Poor means to observe and to assess the consequences of data disclosure causes hindrance for the user to be aware of and to take preventive measures.Mobile operating systems use permission-based access control mechanism to guard system resources and sensors. Depending on the type, apps require explicit consent from the user in order to avail access to those permissions. Nonetheless, it does not put any constraint on access frequency. Granted privileges allow apps to access to users' personal information for indefinite period of time until being revoked explicitly. Available control tools lack monitoring facility which undermines the performance of access control model. It has the ability to create privacy risks and nontransparent handling of personal information for the data subject.This thesis argues that app behavior analysis yields information which has the potential to increase transparency, to enhance privacy protection, to raise awareness regarding consequences of data disclosure, and to assist the user in informed decision making while selecting apps or services. It introduces models and methods, and demonstrates the risks with experiment results. It also takes the risks into account and makes an effort to determine apps' privacy-friendliness based on empirical data from app-behavior analysis.
40.	Nordin, Anna, 1972-, et al. (författare) Body-Area Sensing in Maternity Care : Evaluation of Commercial Wristbands for Pre-birth Stress Management 2022 Ingår i: Lecture Notes of the Institute for Computer Sciences Social Informatics and Telecommunications Engineering. - Cham : Springer. - 9783030955922 ; , s. 168-175 Konferensbidrag (refereegranskat)abstract Many women use digital tools during pregnancy and birth. There are many existing mobile applications to measure quantity and length of contractions during early labour, but there is a need to offer evidence-based, credible electronic and digital solutions to parents-to-be. This article presents ongoing research work in a research project regarding mobile telemetric supported maternity care. It summarizes an approach for stress management in late maternity and under birth preparation that is based on body area sensing, our investigation of the properties of commercially available wearable wristbands for body sensing, and the insights gained from testing the wristbands from the project's perspective. We found that sensing precision is very variable depending on the wristband model, while the flows of medical personal data exclusively are routed through vendor cloud platforms outside the EU. The impact of our findings for the use of commercial wristbands in European medical research and practice is discussed in the conclusion.
41.	Open Identity Summit 2017 : Proceedings 2017 Proceedings (redaktörskap) (refereegranskat)
42.	Paintsil, Ebenezer, et al. (författare) A Taxonomy of Privacy and Security Risks Contributing Factors 2011 Ingår i: IFIP Advances in Information and Communication Technology. - Berlin, Heidelberg : Springer. - 1868-4238. ; 352, s. 52-63 Tidskriftsartikel (refereegranskat)
43.	Paintsil, Ebenezer, et al. (författare) A Taxonomy of Privacy and Security Risks Contributing Factors 2011 Ingår i: PRIVACY AND IDENTITY MANAGEMENT FOR LIFE. - : Springer. - 9783642207686 ; , s. 52-63 Konferensbidrag (refereegranskat)abstract Identity management system(s) (IDMS) do rely on tokens in order to function. Tokens can contribute to privacy or security risk in IDMS. Specifically, the characteristics of tokens contribute greatly to security and privacy risks in IDMS. Our understanding of how the characteristics of token contribute to privacy and security risks will help us manage the privacy and security risks in IDMS. In this article, we introduce a taxonomy of privacy and security risks contributing factors to improve our understanding of how tokens affect privacy and security in ID MS. The taxonomy is based on a survey of IDMS articles. We observed that our taxonomy can form the basis for a risk assessment model.
44.	Paintsil, Ebenezer, et al. (författare) Executable Model-Based Risk Analysis Method for Identity Management Systems : Using Hierarchical Colored Petri Nets Executable Model-Based Risk Assessment Method for Identity Management Systems 2013 Ingår i: Trust, Privacy, and Security in Digital Business. - Berlin, Heidelberg : Springer. - 9783642403422 - 9783642372827 ; , s. 48-61 Konferensbidrag (refereegranskat)abstract Model-based risk analysis methods use graphical models to facilitate participation, risk communication and documentation and thereby improve the risk analysis process. Currently, risk analysis methods for identity management systems (IDMSs) mainly rely on time consuming and expensive manual inspections and lack graphical models. This article introduces the executable model-based risk analysis method (EM-BRAM) with the aim of addressing these challenges. The EM-BRAM employs graphical models to enhance risk analysis in IDMSs. It identifies risk contributing factors for IDMSs and uses them as inputs to a colored petri nets (CPNs) model of a targeted IDMS. It then verifies the system’s risk using CPNs’ state space analysis and queries. Currently, risk assessment methods for identity management systems (IDMSs) are lacking. This makes it difficult to compare IDMSs based on how they enhance privacy and security of system stakeholders. This article proposes the executable model-based risk assessment method (EM-BRAM) with the aim of addressing this challenge. The EM-BRAM identifies risk factors inherent in IDMSs and uses them as inputs to a colored petri nets (CPNs) model of a targeted IDMS. It then estimates or verifies the system’s security and privacy risks using CPNs’ state space analysis and queries.
45.	Paintsil, Ebenezer, et al. (författare) Towards Legal Privacy Risk Assessment Automation in Social Media 2011 Ingår i: INFORMATIK 2011 - Informatik schafft Communities. - : Gesellschaft für Informatik. - 9783885792864 Konferensbidrag (refereegranskat)
46.	Policies and Research in Identity Management : Proceedings of the Second IFIP WG11.6 working conference IDMAN 2010, Oslo, Norway, November 18-19, 2010 2010 Proceedings (redaktörskap) (refereegranskat)
47.	Privacy and Identity Management. Facing up to Next Steps : 11th IFIP WG 9.2, 9.5, 9.6/11.7, 11.4, 11.6/SIG 9.2.2 International Summer School, Karlstad, Sweden, August 21-26, 2016, Revised Selected Papers 2017 Proceedings (redaktörskap) (refereegranskat)
48.	Røssvoll, Till Halbach, et al. (författare) Reducing the User Burden of Identity Management : A Prototype Based Case Study for a Social-Media Payment Application Trustworthy and Inclusive Identity Management for Applications in Social Media 2013 Ingår i: ACHI 2013, The Sixth International Conference on Advances in Computer-Human Interactions. - : International Academy, Research and Industry Association (IARIA). - 9781612082509 - 9783642392641 Konferensbidrag (refereegranskat)abstract We describe a prototype for inclusive and secure identity management regarding a bill sharing application in social media. Beginning with the principals of universal design, and involving groups of users with impairments, we designed a set of alternative authentication methods based on OpenID. This work explains the scenario and the particularities of designing a trust, security, and privacy infrastructure with a high degree of usability for diverse user groups, and which is aligned with the requirements from regulatory frameworks. The user trials show that several authentication alternatives in multiple modalities are welcomed by impaired users, but many have restrictions when it comes to payments in the context of social media.
49.	Scherner, Tobias, et al. (författare) Technology Assurance 2011 Ingår i: Digital Privacy. - Heidelberg : Springer Berlin/Heidelberg. - 9783642190490 Bokkapitel (refereegranskat)abstract This chapter documents the experiences of assurance evaluation during the early stage of a large software development project. The PRIME project researches, contracts and integrates privacy-respecting software to business environments. There exist several approaches to ensure the quality of secure software. Some of these approaches have the focus of quality assurance at a very early stage of the development process and have weaknesses to ensure the quality of this process until the product is ready to enter the market. Other approaches, like the CC, focus on inspection, or more concrete evaluation, of ready-to-market products.
50.	Schulz, Trenton, et al. (författare) Accessibility and Inclusion Requirements for Future e-Identity Solutions 2014 Ingår i: Computers Helping People with Special Needs. - Berlin, Heidelberg : Springer. - 9783319085982 ; , s. 316-323 Konferensbidrag (refereegranskat)abstract Future e-identity services will need to be accessible for people with different types of abilities. We review current sets of accessibility guidelines and standards, current assistive technology, and current e-identity technology to determine accessibility and inclusion requirements for a future e-identity solution. For our project, we found that the area we could influence the most was the development of user interface for the client for e-identity and focused on these areas with the assumption that users would have access to inclusive cards and card readers. The requirements are divided into content and presentation, control and operation, legal requirements, testing, and help and support. We also provide possible areas for future research.

Skapa referenser, mejla, bekava och länka

Länka till träfflistan

Träfflista för sökning "WFRF:(Fritsch Lothar) "

Avgränsa träffmängd

År