818 Hits in 5.6 sec

Measuring Privacy Disclosures in URL Query Strings

Andrew G. West, Adam J. Aviv
2014 IEEE Internet Computing  
Privacy-Enhanced URL Sharing To reduce privacy disclosures via URL query strings, we propose CleanURL, a system that uses back-end logic to determine both the necessity and sensitivity of key-value pairs  ...  URL Security T he privacy concerns surrounding URLs and query strings haven't been extensively reported on in the literature.  ... 
doi:10.1109/mic.2014.104 fatcat:vskd3p3mu5cblidiz6t5pylnqi

Security and Privacy in Web 2.0 [Guest editor's introduction]

Tyrone Grandison
2014 IEEE Internet Computing  
"Measuring Privacy Disclosures in URL Query Strings," by Andrew G. West and Adam J.  ...  In the most shocking example, a query string contained a plaintext username and password for a patient on a medical website.  ... 
doi:10.1109/mic.2014.119 fatcat:jbbxmbmwofhzdccau56mcs3r7e

The privacy practices of Web browser extensions

David M. Martin, Richard M. Smith, Michael Brittain, Ivan Fetch, Hailin Wu
2001 Communications of the ACM  
In this process, collects user IDs and the full URLs of forms, including query strings.  ...  Dash's privacy policy clearly states that they harvest search strings, but they do not mention other types of query strings. URL and IP address are undefined terms.  ...  Query string. Part of a URL, usually following the '?" character, that is given to a program on a Web server for further processing. Query strings can contain sensitive information. See §III.D.  ... 
doi:10.1145/359205.359226 fatcat:lf62lo6qffe2tem6yasyi332ia

Privacy Principles for Sharing Cyber Security Data

Gina Fisk, Calvin Ardi, Neale Pickett, John Heidemann, Mike Fisk, Christos Papadopoulos
2015 2015 IEEE Security and Privacy Workshops  
They are also complicated by the trade-offs in privacy preservation and utility present in anonymization to manage disclosure.  ...  These risks occur as information leaks in network traffic or logs, and also in queries made across organizations.  ...  As an example, an analyst interested in the retrieval of a specific URL could ask for that specific URL (maximum querier disclosure); she could ask for all URLs with a key substring, and then filter out  ... 
doi:10.1109/spw.2015.23 dblp:conf/sp/FiskAPHFP15 fatcat:r2amjo7hunf2pc6r35buraxnq4

Content-triggered trust negotiation

Adam Hess, Jason Holt, Jared Jacobson, Kent E. Seamons
2004 ACM Transactions on Privacy and Security  
Since client content is generated at the time of disclosure, the usual approach of associating a policy with the resource a priori does not work.  ...  In this thesis, I turn the conventional client/server access control model on its head, and address how to protect the sensitive content that clients disclose to servers.  ...  Vector Space Classification Static Structure +save() : Boolean -filename : String -sensitiveType : String Classification::Query +similar(in q : Query, in keywords : java.util.Vector) : Boolean «interface  ... 
doi:10.1145/1015040.1015044 fatcat:z2pjp2tzjrbtdiieyg35obmtmq

DisPA: An Intelligent Agent for Private Web Search [chapter]

Marc Juarez, Vicenç Torra
2014 Studies in Computational Intelligence  
We show that DisPA increases the privacy of the user and hinders re-identification. We also propose an algorithm to measure and evaluate the privacy properties offered by DisPA.  ...  A milestone in history of privacy breaches is the AOL search data leak in 2006 [7], when queries of approximately 650,000 users submitted over a 3-month period were disclosed [8] .  ...  Partial support by the Spanish MEC projects ARES (CONSOLIDER IN-GENIO 2010 CSD2007-00004) and COPRIVACY (TIN2011-27076-C03-03) is acknowledged.  ... 
doi:10.1007/978-3-319-09885-2_21 fatcat:jvdbmacdkngbrpmhd3in7anysy

If This Then What?

Iulia Bastys, Musard Balliu, Andrei Sabelfeld
2018 Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security - CCS '18  
For longterm protection, we develop a framework for information flow tracking in IoT apps.  ...  CCS CONCEPTS • Security and privacy → Web application security; Domainspecific security and privacy architectures;  ...  As shown in Section 3, the disclosure of such URLs allows for upload attacks.  ... 
doi:10.1145/3243734.3243841 dblp:conf/ccs/BastysBS18 fatcat:voeddsb5zndsjk3rphygofpvsa

An Adaptive Privacy Management System for Data Repositories [chapter]

Marco Casassa Mont, Siani Pearson
2005 Lecture Notes in Computer Science  
, in particular related to the disclosure of decryption keys.  ...  Add-ins can be deployed in the Privacy Management Service to extend the privacy enforcement mechanisms. • Disclosure management module: fundamentally, this module is in charge of disclosing decryption  ... 
doi:10.1007/11537878_24 fatcat:3szpka7kffecfiucywbbr54hli

Privacy Policies over Time: Curation and Analysis of a Million-Document Dataset [article]

Ryan Amos, Gunes Acar, Elena Lucherini, Mihir Kshirsagar, Arvind Narayanan, Jonathan Mayer
2020 arXiv   pre-print
We find that, over the last twenty years, privacy policies have more than doubled in length and the median reading level, while already challenging, has increased modestly.  ...  So far, prior research has been limited to analysis of privacy policies from a single point in time or from short spans of time, as researchers did not have access to a large-scale, longitudinal, curated  ...  The right column indicates the distinct number of sites. .5 intervals Label Text Query URL Query BBBOnLine (?:\bBBBOnLine\b|\bBetter\sBusiness\sBureau\b) \\b DAA (?  ... 
arXiv:2008.09159v2 fatcat:oevueqefcreojazb3qbz2rtnje

Anonymous Resolution of DNS Queries [chapter]

Sergio Castillo-Perez, Joaquin Garcia-Alfaro
2008 Lecture Notes in Computer Science  
We analyze in this paper the use of statistical noise for the construction of proper DNS queries.  ...  A first limitation is the possibility of attacks against the integrity and authenticity of our queries by means of, for instance, man-in-the-middle or replay attacks.  ...  We consider that the loss of privacy in ENUM queries is an important concern.  ... 
doi:10.1007/978-3-540-88873-4_5 fatcat:dieblhj7sbfd5k55e2qa725wv4

Toward Collaborative Defense Across Organizations

Takayuki Sasaki, Katsunari Yoshioka, Tsutomu Matsumoto
2018 Journal of Information Processing  
To avoid disclosure of confidential information, the key features of the proposed architecture are (1) exchange of trained classifiers, e.g., neural networks, that represent abstract information rather  ...  Differential privacy [17] has been proposed to control privacy disclosure when querying a database.  ...  In addition, they proposed a rate limit for queries to control information disclosure.  ... 
doi:10.2197/ipsjjip.26.790 fatcat:ciatf664gjcsdlhlkzyq624vxi

MyHealthMyData (MHMD): Deliverable 4.2 - MHMD Ontological Resources

Douglas Teodoro, Emilie Pasche, Rudolf Mayer, Patrick Ruch
2018 Zenodo  
While citizens and hospitals will share very heterogeneous and privacy-sensitive datasets in the network, research centres and industry need streamlined and homogeneous ways to search, discovery and access  ...  In this context, WP4 provides the services for harmonizing, ingesting, cataloguing and discovering dataset metadata across the MHMD network.  ...  URL person file URL Yes personfullname Sarah Lamb String person full name Yes personusername iamgirlygeekdom String person user name Yes privacy 0 Integer privacy No referenceentityid  ... 
doi:10.5281/zenodo.1243799 fatcat:jgis7zrkofcd7j5aw7plabmmg4

Nested Multiple Instance Learning in Modelling of HTTP network traffic [article]

Tomas Pevny, Marek Dedic
2020 arXiv   pre-print
In a challenging scenario measuring accuracy only on unseen domains/malware families, the proposed model is superior to the prior art while providing a valuable feedback to the security researchers.  ...  This paper demonstrates on the identification of infected computers in the computer network from their HTTP traffic, how to achieve this reflection using recent progress in multiple-instance learning.  ...  Due to privacy concerns, this work demonstrates this on a publicly available CSIC [26] dataset on a lower level of tokens in URL. strings.  ... 
arXiv:2002.04059v1 fatcat:2mqv3zzhw5bo7ccjb3ztbqeszq

The Privacy Policy Landscape After the GDPR

Thomas Linden, Rishabh Khandelwal, Hamza Harkous, Kassem Fawaz
2020 Proceedings on Privacy Enhancing Technologies  
We further develop a new workflow for the automated assessment of requirements in privacy policies.  ...  We conduct the first longitudinal, in-depth, and at-scale assessment of privacy policies before and after the GDPR.  ...  ., an English privacy policy) to 4,909 EU URLs, as well as 3,686 Global URLs.  ... 
doi:10.2478/popets-2020-0004 dblp:journals/popets/LindenKHF20 fatcat:az6hnasuy5giflbjwowmfwhwxy

Extracting Training Data from Large Language Models [article]

Nicholas Carlini, Florian Tramer, Eric Wallace, Matthew Jagielski, Ariel Herbert-Voss, Katherine Lee, Adam Roberts, Tom Brown, Dawn Song, Ulfar Erlingsson, Alina Oprea, Colin Raffel
2021 arXiv   pre-print
This paper demonstrates that in such settings, an adversary can perform a training data extraction attack to recover individual training examples by querying the language model.  ...  Our attack is possible even though each of the above sequences are included in just one document in the training data.  ...  user's query.  ... 
arXiv:2012.07805v2 fatcat:5isu4anuenfahfrnuj6odgihl4
« Previous Showing results 1 — 15 out of 818 results