39,759 Hits in 4.0 sec

Access Control Enforcement for Selective Disclosure of Linked Data [chapter]

Tarek Sayah, Emmanuel Coquery, Romuald Thion, Mohand-Saïd Hacid
2016 Lecture Notes in Computer Science  
Different user profiles may have access to different authorized subsets. In this case, selective disclosure appears as a promising incentive for linked data.  ...  We use a data-annotation approach to enforce access control policies. Our results are grounded on previously established formal results proposed in [3] .  ...  Several works have been proposed for controlling access to RDF data.  ... 
doi:10.1007/978-3-319-46598-2_4 fatcat:orjskpxg7faaljtannddnumaiy

Privacy-Preserving WebID Analytics on the Decentralized Policy-Aware Social Web

Yuh Jong Hu
2014 2014 IEEE/WIC/ACM International Joint Conferences on Web Intelligence (WI) and Intelligent Agent Technologies (IAT)  
Three types of semantics-enabled policy for access control, data handling, and data releasing, are designed and enforced to enable the effective and flexible privacy-preserving WebID analytics.3 Data analysts  ...  . 1 Propose the concept of the semantic WebID analytics pipeline for automated data protection and analytics. 2 Three types of semantics-enabled policy for access control, data handling, and data releasing  ...  Part I An Ontology for Data Releasing Policy (DRP)  ... 
doi:10.1109/wi-iat.2014.140 dblp:conf/webi/Hu14 fatcat:b7ayeoho2vf4vlptjpx2rvk2im

Isolation in Cloud Computing and Privacy-Enhancing Technologies

Noboru Sonehara, Isao Echizen, Sven Wohlgemuth
2011 Business & Information Systems Engineering  
Sustainability of Cloud Computing is assured for the uncritical services only. There is basically no company that entrusts critical data to a Cloud.  ...  Isolation can be seen as a special sort of privacy, where the a service should not get in contact with other services, and the provider of the Cloud should not know what data are used in the service and  ...  Acknowledgements This work was funded by the FIT-NII-Postdoctoral-Program of the German Academic Exchange Service (DAAD) and is a result of the Japanese-European Institute for Security (JEISec) at the  ... 
doi:10.1007/s12599-011-0160-x fatcat:n5e7a635vrfphiajrqgug7ti34

Tagging Disclosures of Personal Data to Third Parties to Preserve Privacy [chapter]

Sven Wohlgemuth, Isao Echizen, Noboru Sonehara, Günter Müller
2010 IFIP Advances in Information and Communication Technology  
As a countermeasure by an ex post enforcement of privacy policies, we propose to observe disclosures of personal data to third parties by using data provenance history and digital watermarking.  ...  Users are neither able to control the disclosure of personal data to third parties nor to check if the software service providers have followed the agreed-upon privacy policy.  ...  We would like to thank Jérémie Tharaud and the reviewers of IFIP SEC 2010 for their valuable comments.  ... 
doi:10.1007/978-3-642-15257-3_22 fatcat:4fzsleqrurh5bklrlwmygqxvce


Divya Muthukumaran, Dan O'Keeffe, Christian Priebe, David Eyers, Brian Shand, Peter Pietzuch
2015 Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security - CCS '15  
Such data disclosure vulnerabilities are common-they can be caused by a single omitted access control check in the application.  ...  Flow-Watcher monitors HTTP traffic and shadows part of an application's access control state based on a rule-based specification of the user-data-access (UDA) policy.  ...  A data object o i contains a set of data items, D(o i ) = {d 1 , d 2 , . . .}, for which access control must be enforced.  ... 
doi:10.1145/2810103.2813639 dblp:conf/ccs/MuthukumaranOPE15 fatcat:js23wv3neje5lhyrmlvpabssqi

Securing electronic health records without impeding the flow of information

Rakesh Agrawal, Christopher Johnson
2007 International Journal of Medical Informatics  
These technologies include (1) active enforcement of finegrained data disclosure policies, (2) efficient auditing of past database access to verify compliance with policies, (3) privacy-preserving data  ...  mining, (4) de-identification of personal data using an optimal method of kanonymization, and (5) secure information sharing among autonomous data sources.  ...  The first step in the enforcement process is for Continental to create a data disclosure policy.  ... 
doi:10.1016/j.ijmedinf.2006.09.015 pmid:17204451 fatcat:fc7tq5pyafa2vbssneks7x3rba

Enabling the 21st century health care information technology revolution

Rakesh Agrawal, Tyrone Grandison, Christopher Johnson, Jerry Kiernan
2007 Communications of the ACM  
HDB's Active Enforcement component advances this vision by enabling enforcement of fine-grained data disclosure policies.  ...  Alex selects the Disclosure Accounting task and requests an accounting of all persons who have accessed Claire's personal information.  ...  Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage  ... 
doi:10.1145/1216016.1216018 fatcat:ye7mm4gp4fat3nikbcnrubk5bu

Privacy in the Electronic Society [chapter]

Sabrina De Capitani di Vimercati, Pierangela Samarati
2006 Lecture Notes in Computer Science  
Users are often required to provide a vast amount of information about themselves on which the restrictions to be enforced may come from different input requirements, possibly under the control of different  ...  In this paper, we present the emerging trends in the data protection field to address the new needs and desiderata of today's systems.  ...  ., who can define a component policy) governing access control. -Policy enforcement.  ... 
doi:10.1007/11961635_1 fatcat:ugbgklji3jdllhdfukrje4wsle

Risk-Driven Compliant Access Controls for Clouds [article]

Hanene Boussi Rahmouni, Kamran Munir, Mohammed Odeh, Richard McClatchey
2012 arXiv   pre-print
These metrics will be integrated within usual data access-control policies and will be checked at policy analysis time before a decision to allow/deny the data access is made.  ...  In this position paper, we are suggesting an approach that starts with a conceptual model of explicit regulatory requirements for exchanging private data on a multijurisdictional environment and build  ...  We also consider for scalability concerns, identifying a selection of legal requirements with a high priority for enforcement.  ... 
arXiv:1202.5482v2 fatcat:2lu3w6fy4bfbxa3hgaddbz73ta

Semantic Enforcement of Privacy Protection Policies via the Combination of Ontologies and Rules

Yuh-Jong Hu, Hong-Yi Guo, and Guang-De Lin
2008 2008 IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing (sutc 2008)  
We hope that this study might shed some light on the study of future general information disclosure and rights delegation controlled on the open Web environment.  ...  Furthermore, we express privacy protection management policies as a set of ontology statements, rules, and facts for both information disclosure and rights delegation using one of the above ontologies+  ...  However, this access control scenario cannot be easily enforced and implemented on the open Web where there are so many websites within it for users to randomly surf and search for their intended information  ... 
doi:10.1109/sutc.2008.59 dblp:conf/sutc/HuGL08 fatcat:o4h7gpzqzjc6bl2kjykimt3obi

Measuring Discrepancies in Airbnb Guest Acceptance Rates Using Anonymized Demographic Data [article]

Siddhartha Basu, Ruthie Berman, Adam Bloomston, John Campbell, Anne Diaz, Nanako Era, Benjamin Evans, Sukhada Palkar, Skyler Wharton
2022 arXiv   pre-print
Specifically, the system enforces the privacy model of p-sensitive k-anonymity to conduct measurement without ever storing or having access to a 1:1 mapping between user identifiers and perceived race.  ...  Our work establishes that measurement of experience gaps with anonymized data is feasible and can be used to guide the development of policies to promote equitable outcomes for users of Airbnb as well  ...  ) and has background knowledge of the quasi-identifiers (in this system, knowledge of User Data and Select Guest Data), they may be able to achieve sensitive attribute disclosure for some users through  ... 
arXiv:2204.12001v1 fatcat:fm2cy5m3qvdzlnvtglxdby7dla

Privacy by Data Provenance with Digital Watermarking - A Proof-of-Concept Implementation for Medical Services with Electronic Health Records

Jeremie Tharaud, Sven Wohlgemuth, Isao Echizen, Noboru Sonehara, Gunter Muller, Pascal Lafourcade
2010 2010 Sixth International Conference on Intelligent Information Hiding and Multimedia Signal Processing  
In this article, we propose an evaluation of a proof-of-concept implementation of a usage control system for an ex post enforcement of privacy rules regarding the disclosure of personal data to third parties  ...  When you move your information into the cloud, you lose control of it. The cloud gives you access to your data, but you have no way of ensuring no one else has access to these data.  ...  Albert-Ludwig University of Freiburg (Germany) as well as with the National School of Applied Mathematics and Computer Science of Grenoble (ENSIMAG, France).  ... 
doi:10.1109/iihmsp.2010.130 dblp:conf/iih-msp/TharaudWESML10 fatcat:itkqksbonrfpzdmxwezvtnfahi

Privacy policy-driven mashups

Soon Ae Chun, Janice Warner, Angelos D. Keromytis
2013 International Journal of Business Continuity and Risk Management (IJBCRM)  
A big unaddressed challenge is how to adequately protect the privacy of individuals when information about them in the data sources are to be accessed and joined by mashup providers, which is different  ...  In this paper, we present a Privacy Specification and Enforcement Model for Mashups that considers privacy preferences expressed in three different logical networks: personal privacy policies (PPP), data  ...  Any opinion, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the National Science Foundation.  ... 
doi:10.1504/ijbcrm.2013.058989 fatcat:gh6x3opjqrad3gptpmoaqcd4si

Disclosure control in multi-domain publish/subscribe systems

Jatinder Singh, David M. Eyers, Jean Bacon
2011 Proceedings of the 5th ACM international conference on Distributed event-based system - DEBS '11  
Security policies set the bounds for communication, enforced only where necessary at specific points of the publish/subscribe process, to provide control while retaining the efficiency benefits of the  ...  However, there is tension between the convenience of open information delivery, and the need to protect data from unauthorised access.  ...  Acknowledgments The authors acknowledge the Technology Strategy Board (TS/H000062/1) and EPSRC (RG55622) for their support. 9 References  ... 
doi:10.1145/2002259.2002283 dblp:conf/debs/SinghEB11 fatcat:la4nxutvjbb5rfujeeqhwd64pi

A privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirements

Mina Deng, Kim Wuyts, Riccardo Scandariato, Bart Preneel, Wouter Joosen
2010 Requirements Engineering  
Therefore, the selection of sound privacy countermeasures is simplified.  ...  Ready or not, the digitalization of information has come and privacy is standing out there, possibly at stake.  ...  First, there is insufficient access control of the data store leading to the information disclosure threat at a data store.  ... 
doi:10.1007/s00766-010-0115-7 fatcat:pecasx6ohbbphjgemhilttt5re
« Previous Showing results 1 — 15 out of 39,759 results