وبلاگ بلیان

Data Privacy Management and Security Assurance : 11th International Workshop, DPM 2016 and 5th International Workshop, QASA 2016, Heraklion, Crete, Greece, September 26-27, 2016, Proceedings

معرفی کتاب «Data Privacy Management and Security Assurance : 11th International Workshop, DPM 2016 and 5th International Workshop, QASA 2016, Heraklion, Crete, Greece, September 26-27, 2016, Proceedings» نوشتهٔ Giovanni Livraga, Vicenç Torra, Alessandro Aldini, Fabio Martinelli, Neeraj Suri (eds.)، منتشرشده توسط نشر Springer International Publishing : Imprint : Springer. این کتاب در فرمت pdf، زبان انگلیسی ارائه شده است.

This book constitutes the refereed proceedings of the 11th International Workshop on Data Privacy Management, DPM 2016 and the 5th International Workshop on Quantitative Aspects in Security Assurance, QASA 2016, held in Heraklion, Crete, Greece, in September 2016. 9 full papers and 4 short papers out of 24 submissions are included in the DPM 2016 Workshop. They are organized around areas related to the management of privacy-sensitive informations, such as translation of high-level business goals into system-level privacy policies; administration of sensitive identifiers; data integration and privacy engineering. The QASA workshop centeres around research topics with a particular emphasis on the techniques for service oriented architectures, including aspects of dependability, privacy, risk and trust. Three full papers and one short papers out of 8 submissions are included in QASA 2016. Foreword from the DPM 2016 Program Chairs 6 11th International Workshop on Data Privacy Management – DPM 2016 7 Foreword from the QASA 2016 Program Chairs 9 5th International Workshop on Quantitative Aspects in Security Assurance – QASA 2016 10 Contents 11 Quantitative Aspects in Security Assurance 13 Metrics for Transparency 14 1 Introduction 14 2 Related Work 15 3 Methodology 16 4 Metrics 17 4.1 The Eight Metrics 17 4.2 Synthesis 23 5 Use Case 23 6 Discussion and Conclusion 26 References 28 Understanding Bifurcation of Slow Versus Fast Cyber-Attackers 30 1 Introduction 30 2 Related Work 31 3 Definitions 32 4 Modeling Detection and Response 34 5 Optimizing Attacker Strategy 36 6 Economic Considerations Attacker 38 7 Attacker Behavior Analysis 39 8 The Defender's Dilemma 40 9 Conclusion and Discussion 42 References 43 Decomposing Global Quantitative Properties into Local Ones 45 1 Introduction 45 2 C-semirings 46 3 Quantitative Contexts 48 4 Quantifying Properties in a Distributed Environment 49 4.1 Multi-action C-semiring Hennessy-Milner Logic (c-HMn) 49 5 Decomposition of Properties 51 6 Quantitative Chinese-Wall Policy 57 7 Related Work 58 8 Conclusion and Future Work 60 References 60 Efficient SAT-Based Pre-image Enumeration for Quantitative Information Flow in Programs 62 1 Introduction 62 2 Counting Algorithms for (Pre-)Images 64 3 Experiment and Discussion 67 4 Related Work 68 5 Conclusion 69 References 69 Privacy Protection 70 Controlled Management of Confidentiality-Preserving Relational Interactions 71 1 Introduction 71 2 Fundamentals of Controlled Interaction Execution 75 3 Outline of the CIE Prototype 77 4 Global Settings and Initial Client States 78 5 Dynamic Censor Selection 81 6 Example of Settings and Censor Selections 82 7 Sketch of a Verification 85 8 Conclusions 86 References 87 Privacy-Preserving Abuse Detection in Future Decentralised Online Social Networks 88 1 Introduction 88 2 Defining Abuse 89 3 Data Model 90 4 Learning Without Privacy 91 5 Privacy-Preserving Learning 93 5.1 Account Properties 93 5.2 Message Properties 93 5.3 Message Is Invasive 93 5.4 Messages Over Age 94 5.5 Age of Account 94 5.6 Number of Subscribers 95 5.7 Subscription Subscription 95 5.8 Subscriber Subscriber 96 5.9 Subscribers Subscriptionr 98 6 Evaluation 99 7 Discussion 102 8 Conclusion 102 References 103 Privacy-Preserving Targeted Mobile Advertising: Formal Models and Analysis 104 1 Introduction 104 2 Motivation and Background 105 2.1 An Abstract TMA System 105 2.2 Motivation 107 3 A Privacy-Preserving Solution 108 4 Formal Models 109 4.1 A Model of TMA 109 4.2 A Model of PPTMA 111 5 Application of the PPTMA Model 113 5.1 The First Stage of the Ad-Selection Process: Pre-download Ads 113 5.2 The Second Stage of the Ad-Selection Process: Local Ad Selection 115 5.3 Click-Audit Obfuscating and Click-Fraud Detecting 116 6 Analysis 117 7 Conclusions 118 References 119 Identification, Authentication, and Authorization 121 Searchable Encryption for Biometric Identification Revisited 122 1 Introduction 122 2 Preliminaries 123 2.1 Symmetric Searchable Encryption 124 2.2 Useful Tools 126 3 High-Level Descriptions of Our Schemes 126 4 A Non-adaptive Scheme 127 4.1 Algorithms Description 128 4.2 Leakage Analysis of the 1-NA Scheme 128 4.3 A Simulator for the 1-NA Scheme 129 5 An Adaptive Scheme 130 5.1 Algorithms Description 130 5.2 Leakage Analysis of the 2-A Scheme 131 5.3 A Simulator for the 2-A Scheme 132 6 Application to Biometric Identification 133 6.1 Biometric Identification from SSE 133 6.2 The Biometric Identification Protocol 134 6.3 Experiments 135 References 137 On the User Acceptance of Privacy-Preserving Attribute-Based Credentials -- A Qualitative Study 139 1 Introduction 139 2 Contribution 140 3 How Privacy-ABCs Work 140 4 Related Works 141 5 Experiment Design 142 5.1 Experiment Platform Setup 142 5.2 Conducting the Experiment 144 5.3 Data Analysis Methodology 145 6 Results 146 6.1 Perceived Benefits: 146 6.2 Perceived Barriers to Use: 148 6.3 Desired Application: 149 6.4 Trust to the Technology and Trust Anchors: 150 6.5 Smartcard vs Cloud-Based Wallet: 151 6.6 Summary 152 7 Limitations 153 8 Conclusion 153 References 154 Investigating the Animation of Application Permission Dialogs: A Case Study of Facebook 155 1 Introduction 155 2 Facebook Application Permission Dialogs 157 3 Related Work 158 3.1 User Attention Acquisition 158 3.2 Risk Communication and Informed Consent 158 4 Animated Dialog Design 159 4.1 Design Elements 159 4.2 Dialog Prototype 161 5 Pilot Study 161 5.1 Design 161 5.2 Participants 164 6 Results 164 6.1 Attention Switch and Maintenance 164 6.2 Permission Comprehension 167 6.3 Permission Authorization Behavior 168 6.4 Ease of Use and Learnability 169 7 Discussion 170 8 Conclusion 170 References 171 Security and Secure Applications 172 Securing Multiparty Protocols Against the Exposure of Data to Honest Parties 173 1 Introduction 173 2 Preliminaries 175 3 Related Work 176 4 Weak Collusion Preservation 177 4.1 Definitions 177 4.2 Composition Theorem 180 4.3 Relations to the Existing Notions 181 5 Attacks Detected in WCP Model 182 6 Achieving t-WCP Security 183 6.1 Adversaries Weaker Than Active 183 6.2 Active Adversary 187 7 Conclusions 187 References 187 Secure Frequent Pattern Mining by Fully Homomorphic Encryption with Ciphertext Packing 189 1 Introduction 189 2 Related Work 191 3 Preliminaries 191 3.1 Apriori Algorithm 192 3.2 P3CC and -Pattern Uncertainty 193 3.3 Polynomial CRT Packing over FHE 194 3.4 Total Summation over CRT-represented Ciphertext 194 4 Efficient Frequent Pattern Mining Algorithm over FHE 194 4.1 Polynomial CRT Packing and Batching 195 4.2 Optimization by Caching 196 5 Experimental Evaluation 197 5.1 Experiment with Ciphertext Packing 199 5.2 Optimization by Caching 199 5.3 Security and Data Size 200 6 Conclusions and Future Work 201 References 202 Isabelle Modelchecking for Insider Threats 204 1 Introduction and Overview 204 2 Background 205 2.1 Social Explanation in Isabelle 205 2.2 Challenge IoT Insider 206 2.3 Example -- Employee Blackmail 207 3 IoT Case Study in Isabelle Insider Framework 208 3.1 Infrastructure Graph and Policies 208 3.2 Analysis of Security and Privacy Properties 210 4 Extensions of Sociological Explanation to State Change 211 4.1 Refined Attack Scenario 211 4.2 Infrastructure Graph State Transition 212 4.3 Modelchecking for Insider Attacks in Isabelle 213 5 Related Work and Conclusions 216 References 217 DPM Short Papers 219 Managing and Presenting User Attributes over a Decentralized Secure Name System 220 1 Introduction 220 2 Related Work 221 3 Design of a Decentralized Attribute Sharing System 222 3.1 User Attributes and Identity Tokens 222 3.2 Tickets 223 3.3 Client Authorization Protocol 223 3.4 Token and Grant Management 224 3.5 Trust Establishment 224 4 Protocol and Implementation 225 5 Conclusion 226 A Appendix - Casper Sources 227 References 227 PRIAM: A Privacy Risk Analysis Methodology 228 1 Introduction 228 2 PRIAM: Information Gathering Phase 229 2.1 Definition of the Information System 229 2.2 Definition of the Stakeholders 229 2.3 Definition of the Personal Data 230 2.4 Definition of the Risk Sources 230 2.5 Definition of the Privacy Weaknesses 230 2.6 Definition of the Feared Events 231 2.7 Definition of the Privacy Harms 231 3 PRIAM: Risk Assessment Phase 232 4 Related Works 234 5 Conclusion 235 References 235 A Study from the Data Anonymization Competition Pwscup 2015 237 1 Introduction 237 2 Anonymization 238 2.1 Outline of the Competition 238 2.2 Fundamental Definitions 238 2.3 Anonymization 238 2.4 Re-Identification 239 2.5 Common Dataset 239 2.6 Security: Re-Id 240 2.7 Definition of Utility and Security 241 3 Results and Evaluation 241 3.1 Competition Results 241 3.2 Evaluation of Utility Measures 242 3.3 Trade-Off Between Utility and Security 242 3.4 Evaulation of Re-Identifications Technique 243 3.5 Effect of k-anonymity 243 4 Conclusions 244 References 244 Refactoring Preserves Security 245 1 Introduction 245 2 Decentralized Label Model --- DLM 246 2.1 Labels 246 2.2 Label Lattice and Relabeling 247 2.3 Observation and State Transition Model 247 3 Security of Refactoring 248 4 Example 250 5 Conclusions 252 References 252 Author Index 253 Front Matter....Pages I-XIV Front Matter....Pages 1-1 Metrics for Transparency....Pages 3-18 Understanding Bifurcation of Slow Versus Fast Cyber-Attackers....Pages 19-33 Decomposing Global Quantitative Properties into Local Ones....Pages 34-50 Efficient SAT-Based Pre-image Enumeration for Quantitative Information Flow in Programs....Pages 51-58 Front Matter....Pages 59-59 Controlled Management of Confidentiality-Preserving Relational Interactions....Pages 61-77 Privacy-Preserving Abuse Detection in Future Decentralised Online Social Networks....Pages 78-93 Privacy-Preserving Targeted Mobile Advertising: Formal Models and Analysis....Pages 94-110 Front Matter....Pages 111-111 Searchable Encryption for Biometric Identification Revisited....Pages 113-129 On the User Acceptance of Privacy-Preserving Attribute-Based Credentials – A Qualitative Study....Pages 130-145 Investigating the Animation of Application Permission Dialogs: A Case Study of Facebook....Pages 146-162 Front Matter....Pages 163-163 Securing Multiparty Protocols Against the Exposure of Data to Honest Parties....Pages 165-180 Secure Frequent Pattern Mining by Fully Homomorphic Encryption with Ciphertext Packing....Pages 181-195 Isabelle Modelchecking for Insider Threats....Pages 196-210 Front Matter....Pages 211-211 Managing and Presenting User Attributes over a Decentralized Secure Name System....Pages 213-220 PRIAM: A Privacy Risk Analysis Methodology....Pages 221-229 A Study from the Data Anonymization Competition Pwscup 2015 ....Pages 230-237 Refactoring Preserves Security....Pages 238-245 Back Matter....Pages 247-247 This book constitutes the revised selected papers of the 10th International Workshop on Data Privacy Management, DPM 2015, and the 4th International Workshop on Quantitative Aspects in Security Assurance, QASA 2015, held in Vienna, Austria, in September 2015, co-located with the 20th European Symposium on Research in Computer Security, ESORICS 2015. In the DPM 2015 workshop edition, 39 submissions were received. In the end, 8 full papers, accompanied by 6 short papers, 2 position papers and 1 keynote were presented in this volume. The QASA workshop series responds to the increasing demand for techniques to deal with quantitative aspects of security assurance at several levels of the development life-cycle of systems and services, from requirements elicitation to run-time operation and maintenance. QASA 2015 received 11 submissions, of which 4 papers are presented in this volume as well
دانلود کتاب Data Privacy Management and Security Assurance : 11th International Workshop, DPM 2016 and 5th International Workshop, QASA 2016, Heraklion, Crete, Greece, September 26-27, 2016, Proceedings