وبلاگ بلیان

Privacy Technologies and Policy: 5th Annual Privacy Forum, APF 2017, Vienna, Austria, June 7-8, 2017, Revised Selected Papers (Lecture Notes in Computer Science Book 10518)

معرفی کتاب «Privacy Technologies and Policy: 5th Annual Privacy Forum, APF 2017, Vienna, Austria, June 7-8, 2017, Revised Selected Papers (Lecture Notes in Computer Science Book 10518)» نوشتهٔ Erich Schweighofer, Herbert Leitold, Andreas Mitrakas, Kai Rannenberg, Manel Medina, Nikolaos Tsouroulas، منتشرشده توسط نشر Springer International Publishing : Imprint: Springer در سال 1051. این کتاب در فرمت pdf، زبان انگلیسی ارائه شده است.

This book constitutes the thoroughly refereed post-conference proceedings of the 5th Annual Privacy Forum, APF 2017, held in Vienna, Austria, in June 2017. The 12 revised full papers were carefully selected from 41 submissions on the basis of significance, novelty, and scientific quality. These selected papers are organized in three different chapters corresponding to the conference sessions. The first chapter, "Data Protection Regulation", discusses topics concerning big genetic data, a privacy-preserving European identity ecosystem, the right to be forgotten und the re-use of privacy risk analysis. The second chapter, "Neutralisation and Anonymization", discusses neutralisation of threat actors, privacy by design data exchange between CSIRTs, differential privacy and database anonymization. Finally, the third chapter, "Privacy Policies in Practice", discusses privacy by design, privacy scores, privacy data management in healthcare and trade-offs between privacy and utility. . Preface 6 APF 2017 Annual Privacy Forum Vienna, Austria, June 7–8, 2017 8 Organization 9 Contents 13 Data Protection Regulation 15 The GDPR and Big Data: Leading the Way for Big Genetic Data? 16 Abstract 16 1 Introduction 16 2 Genetic Data Under the Personal Data Protection Regulatory Framework 17 2.1 Genetic Data as a Novel Category of Personal Data? 17 2.2 Genetic Data Under the GDPR 19 2.3 Genetic Data as Personal Data 21 3 The GDPR and Big Data 24 3.1 Big Data vs Personal Data 24 3.2 Issues with Big Genetic Under the GDPR 26 4 Conclusion 30 Towards a Privacy-Preserving Reliable European Identity Ecosystem 32 1 Introduction 32 2 Identify Fraud 33 3 Related Work 34 4 ARIES Identity Ecosystem 35 4.1 ARIES Ecosystem Overview 35 4.2 Identity and Attribute Providers 38 4.3 Secure Vault 38 4.4 Digital Identity Derivation 39 4.5 Biometric Enrolment 39 4.6 Anonymous Credential Systems 40 5 Fraud Prevention 40 5.1 ARIES Enrolment and Authentication 40 5.2 e-Commerce Scenario 42 5.3 Identity Digitalization for Secure Travel Scenario 43 5.4 Supporting Law Enforcement Agencies 44 6 Conclusions 44 References 45 Forget Me, Forget Me Not - Redefining the Boundaries of the Right to Be Forgotten to Address Current Problems and Areas of Criticism 47 Abstract 47 1 Introduction 47 2 The Existing RtbF Regime 48 2.1 Google Spain Decision 48 2.2 General Data Protection Regulation (‘GDPR’) 49 3 Problems Surrounding the RtbF 50 3.1 The Conflict with Freedom of Speech 50 3.2 Lack of Criteria for Application 51 3.3 Google as Judge and Jury 52 4 Redefining the RtbF 53 4.1 Terminology 53 4.2 Current Legal Framework 53 4.3 Accurate Information 55 4.4 A Limited RtbF 57 5 Conclusion 58 Appendix 59 2. Google Spain v AEPD and Mario Costeja González 60 3. Regulation (EU) 2016/679 60 References 61 A Refinement Approach for the Reuse of Privacy Risk Analysis Results 65 1 Introduction 65 2 Preliminaries 66 3 General Approach 69 4 Phase 1: Generic Privacy Risk Analysis 71 4.1 Inputs: System Specification and System Components 71 4.2 Definition of Generic Data 71 4.3 Definition of Generic Risk Sources 72 4.4 Definition of Generic Feared Events 73 4.5 Definition of Generic Privacy Harms 73 4.6 Construction of Generic Harm Trees 73 5 Phase 2: Architecture-Specific Privacy Risk Analysis 74 5.1 Description of Arch.2 76 5.2 Risk Sources for Arch.2 76 5.3 Personal Data and Their Exploitability Values for Arch.2 77 5.4 Refinement of Generic Harm Trees for Arch.2 78 6 Phase 3: Context-Specific Privacy Risk Analysis 78 6.1 Definition of the Context 79 6.2 Definition of the Background Information Available to Risk Sources 79 6.3 Definition of the Technical Resources Available to the Risk Sources 79 6.4 Definition of the Motivation of the Risk Sources 80 6.5 Final Pruning of Harm Trees 81 6.6 Computation of Likelihoods Based on Harm Trees 81 6.7 Choice of Architecture 83 7 Related Works 83 8 Conclusion and Future Work 84 A Description of Phase 2 for Arch.1 and Arch.3 85 A.1 Arch.1: Use of an Encrypted Database 85 A.2 Arch.3: Match-on-Card Technology 87 B Pruning of Harm Trees and Likelihood Computation for Identity Theft (H.2) 89 References 94 Neutralisation and Anonymization 97 A Gamified Approach to Explore Techniques of Neutralization of Threat Actors in Cybercrime 98 Abstract 98 1 Introduction 98 2 State of the Art 99 2.1 Deterrence, Theory of Neutralization, and Techniques of Neutralization 99 2.2 Techniques of Neutralization in Cybercrime 100 2.3 Techniques of Neutralization in Cybersecurity and Cybercrime 101 2.4 Motivation and Subculture 103 3 Method 103 4 The Game Design of “Operation Digital Chameleon” 104 4.1 The Game Board and Game Activities 105 4.2 Threat Actors 106 5 Results 106 5.1 Techniques of Neutralization of Cyber Criminals 107 5.2 Techniques of Neutralization of Employees 108 5.3 Techniques of Neutralization of Hacktivists 109 5.4 Techniques of Neutralization of Nation States 109 5.5 Techniques of Neutralization of Script Kiddies 110 6 Discussion and Conclusion 111 6.1 Limitations 111 6.2 Implications for Practice and Research 111 Acknowledgments 112 References 112 Privacy by Design Data Exchange Between CSIRTs 115 Abstract 115 1 Introduction 115 2 Framework of Data Exchange: NIS Directive 116 3 Data Protection Law 117 4 Encrypted Codes as a Privacy by Design Solution 121 5 Definition and Modelling of Incidents 122 6 Data Protection Friendly Coding of Identifiers 125 7 Sanitizing Data from External Sources 127 8 Conclusions 128 Acknowledgments 129 References 129 Mr X vs. Mr Y: The Emergence of Externalities in Differential Privacy 131 1 Introduction 131 2 Differential Privacy 132 3 A Case for the Emergence of Externalities 135 4 The Likelihood Ratio 140 5 Conclusions 150 References 150 Diffix: High-Utility Database Anonymization 152 1 Introduction 152 2 Why Is Anonymization so Difficult? 153 3 Measure of Anonymity 155 4 Assumptions and Terminology 155 5 Diffix: A New Approach to Anonymization 156 5.1 Query Syntax 156 5.2 Key Insights 157 5.3 Details of Layered Sticky Noise 159 5.4 Sticky Noisy Threshold 160 5.5 Layered Sticky Noise with Range Shifting Attacks 161 5.6 Time Epochs for Difference Attacks on Changing Databases 162 6 Anonymous Statistical Functions 163 6.1 Anonymous Sum and Count 164 6.2 Anonymous Min and Max 165 6.3 Anonymous Median 166 7 Amount of Noise 166 8 Summary, Limitations, and Future Work 168 References 169 Privacy Policies in Practice 170 Towards a Principled Approach for Engineering Privacy by Design 171 1 Introduction 171 2 A Set of Criteria to Address the Challenges of Engineering Privacy by Design 172 2.1 The Challenges of Engineering Privacy by Design 172 2.2 An Analysis of Privacy Requirements Methods 174 2.3 A Set of Criteria for Engineering Privacy by Design 177 3 An Analysis of Privacy by Design 180 3.1 The Principles of Privacy by Design 180 4 Principles for Engineering Privacy by Design 182 4.1 Universal Privacy Principles and Protection Goals that Pertain to Global Infrastructures 182 4.2 A Data Lifecycle Model that Supports Achieving Privacy Assurance and Transparency 182 4.3 A Data-Centric Method that Identifies Privacy Concerns in a Comprehensive, Contextual and Non-reductive Manner 183 4.4 Design Strategies that Translate the Principles of Privacy by Design into Design Objectives 183 5 A Way Forward 184 5.1 The Personal Data Lifecycle as an Instance of the Information Lifecycle 184 5.2 A Data-Centric Method that Identifies Privacy Concerns in a Meaningful Manner 185 5.3 Design Strategies to Translate the Principles of Privacy by Design into Design Objectives 185 5.4 A Set of Privacy-Related Engineering Artefacts 185 6 Conclusion 185 References 186 PrivacyScore: Improving Privacy and Security via Crowd-Sourced Benchmarks of Websites 188 1 Introduction 188 2 Related Work 190 3 PrivacyScore Overview 191 3.1 Main Use Cases 191 3.2 User-Centric Results 192 3.3 Open Data Versus Privacy 193 4 Privacy and Security Checks 194 4.1 Privacy Checks 195 4.2 Security Checks 195 4.3 Incentives and Actionable Advice for Operators and Users 197 5 Implementation 197 6 Legal and Ethical Considerations 198 6.1 Legal Considerations 198 6.2 Ethical Considerations 199 7 Conclusion 199 References 200 Privacy Data Management and Awareness for Public Administrations: A Case Study from the Healthcare Domain 202 1 Introduction 203 2 State of the Art 204 3 The VisiOn Privacy Platform 206 3.1 The VisiOn Privacy Platform Functionalities 206 3.2 The Vision Privacy Platform Architecture 208 4 Case Study 210 4.1 Motivating Scenario 210 4.2 Privacy Level Agreement for Hospitals 212 4.3 Applying VPP in eHealth 213 4.4 Discussion 216 5 Conclusions 217 References 218 Better Data Protection by Design Through Multicriteria Decision Making: On False Tradeoffs Between Privacy and Utility 220 1 Introduction 220 2 A Case Study: Tracking Coffee Consumption 221 2.1 Context 221 2.2 Research Questions 223 2.3 Method 224 2.4 Results and Discussion (1) 225 2.5 Results and Discussion (2): Exploratory Analysis 230 3 Consequences for Risk/Privacy-Utility Models in DPbD 232 3.1 Risk-Utility Tradeoffs, DPbD, and Data Minimisation 233 3.2 Extending Risk-Utility Tradeoff Models by Multicriteria Decision-Making Modelling 235 4 Limitations and Lessons Learned 236 5 Summary, General Conclusions, and Future Work 237 References 238 Author Index 241 Front Matter ....Pages I-XIV Front Matter ....Pages 1-1 The GDPR and Big Data: Leading the Way for Big Genetic Data? (Kärt Pormeister)....Pages 3-18 Towards a Privacy-Preserving Reliable European Identity Ecosystem (Jorge Bernal Bernabe, Antonio Skarmeta, Nicolás Notario, Julien Bringer, Martin David)....Pages 19-33 Forget Me, Forget Me Not - Redefining the Boundaries of the Right to Be Forgotten to Address Current Problems and Areas of Criticism (Beata Sobkow)....Pages 34-51 A Refinement Approach for the Reuse of Privacy Risk Analysis Results (Sourya Joyee De, Daniel Le Métayer)....Pages 52-83 Front Matter ....Pages 85-85 A Gamified Approach to Explore Techniques of Neutralization of Threat Actors in Cybercrime (Andreas Rieb, Tamara Gurschler, Ulrike Lechner)....Pages 87-103 Privacy by Design Data Exchange Between CSIRTs (Erich Schweighofer, Vinzenz Heussler, Peter Kieseberg)....Pages 104-119 Mr X vs. Mr Y: The Emergence of Externalities in Differential Privacy (Maurizio Naldi, Giuseppe D’Acquisto)....Pages 120-140 Diffix: High-Utility Database Anonymization (Paul Francis, Sebastian Probst Eide, Reinhard Munz)....Pages 141-158 Front Matter ....Pages 159-159 Towards a Principled Approach for Engineering Privacy by Design (Majed Alshammari, Andrew Simpson)....Pages 161-177 PrivacyScore: Improving Privacy and Security via Crowd-Sourced Benchmarks of Websites (Max Maass, Pascal Wichmann, Henning Pridöhl, Dominik Herrmann)....Pages 178-191 Privacy Data Management and Awareness for Public Administrations: A Case Study from the Healthcare Domain (Vasiliki Diamantopoulou, Konstantinos Angelopoulos, Julian Flake, Andrea Praitano, José Francisco Ruiz, Jan Jürjens et al.)....Pages 192-209 Better Data Protection by Design Through Multicriteria Decision Making: On False Tradeoffs Between Privacy and Utility (Bettina Berendt)....Pages 210-230 Back Matter ....Pages 231-231
دانلود کتاب Privacy Technologies and Policy: 5th Annual Privacy Forum, APF 2017, Vienna, Austria, June 7-8, 2017, Revised Selected Papers (Lecture Notes in Computer Science Book 10518)