Dissertations / Theses on the topic 'Privacy design'
To see the other types of publications on this topic, follow the link: Privacy design.
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 dissertations / theses for your research on the topic 'Privacy design.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse dissertations / theses on a wide variety of disciplines and organise your bibliography correctly.
1
Alhussein, Nawras. "Privacy by Design & Internet of Things: managing privacy." Thesis, Malmö universitet, Fakulteten för teknik och samhälle (TS), 2018. http://urn.kb.se/resolve?urn=urn:nbn:se:mau:diva-20590.
Full textAbstract:
Personlig integritet motsvarar det engelska begreppet privacy, som kan uttryckas som rätten att få bli lämnad ifred. Det har ifrågasatts många gånger om personlig integritet verkligen finns på internet, speciellt i Internet of Things-system eller smarta system som de också kallas. Fler frågor ställs i samband med att den nya allmänna dataskyddsförordningen inom europeiska unionen börjar gälla i maj. I detta arbete studeras privacy by design-arbetssättet som den allmänna dataskyddsförordningen (GDPR) bland annat kommer med. I studien besvaras om privacy by design kommer kunna öka skyddet av den personliga integriteten i Internet of Things-system. För- och nackdelar tas upp och hur företag och vanliga användare påverkas. Genom en litteraturstudie och två intervjuer har frågan kunnat besvaras. Det visade sig att en stor del av problematiken inom Internet of Things avseende personlig integritet kan lösas genom att styra data. I privacy by design-arbetssättet ingår att skydda data i alla tillstånd genom olika metoder som kryptering. På det sättet bidrar privacy by design till ökad säkerhet inom Internet of Things-system.Privacy means the right to be left alone. It has been questioned many times if privacy really exists on the internet, especially in Internet of Things systems or smart systems as they are also called. More questions occur when the new general data protection regulation (GDPR) within the European Union applies in May. In this paper privacy by design that the general data protection regulation comes with is being studied. This study answers whether privacy by design will be able to increase the protection of privacy in Internet of Things systems. Advantages and disadvantages are also addressed and how companies and common users are affected by the implementation of privacy by design. The question has been answered by a literature review and two interviews. It turned out that a significant part of the problems in Internet of Things regarding privacy may be solved by data management. The privacy by design includes protection of data in all states through different methods such as encryption. In this way, privacy by design contributes to increased security within Internet of Things system.
2
Iachello, Giovanni. "Privacy and Proportionality." Diss., Georgia Institute of Technology, 2006. http://hdl.handle.net/1853/10487.
Full textAbstract:
Over the past several years, the press, trade publications and academic literature have reported with increasing frequency on the social concerns caused by ubiquitous computingInformation Technology (IT) embedded in artifacts, infrastructure and environments of daily life. Designers and researchers of ubiquitous computing (ubicomp) technologies have spent considerable efforts to address these concerns, which include privacy and data protection issues, information security and personal safety. Yet, designing successful ubicomp applications is still an unreliable and expensive endeavor, in part due to imperfect understanding of how technology is appropriated, the lack of effective design tools and the challenges of prototyping these applications in realistic conditions.
I introduce the concept of proportionality as a principle able to guide design of ubiquitous computing applications and specifically to attack privacy and security issues. Inspired by the principle, I propose a design process framework that assists the practitioner in making reasoned and documented design choices throughout the development process. I validate the design process framework through a quantitative design experiment vis--vis other design methods. Furthermore, I present several case studies and evaluations to demonstrate the design methods effectiveness and generality. I claim that the design method helps to identify some of the obstacles to the acceptance of ubiquitous computing applications and to translate security and privacy concerns into research questions in the design process. I further discuss some of the inquiry and validation techniques that are appropriate to answer these questions.
3
WITTE, NATHAN ALLAN. "PRIVACY: ARCHITECTURE IN SUPPORT OF PRIVACY REGULATION." University of Cincinnati / OhioLINK, 2003. http://rave.ohiolink.edu/etdc/view?acc_num=ucin1053701814.
Full text
4
Spiekermann-Hoff, Sarah. "The Challenges of Privacy by Design." The Association for Computing Machinery, 2012. http://dx.doi.org/10.1145/2209249.2209263.
Full textAbstract:
Heralded by regulators, Privacy by Design holds the promise to solve the digital world's privacy problems. But there are immense challenges, including management commitment and step-by-step methods to integrate privacy into systems.
5
Islam, Mohammad Badiul. "Privacy by design for social networks." Thesis, Queensland University of Technology, 2014. https://eprints.qut.edu.au/71389/1/Mohammad%20Badiul_Islam_Thesis.pdf.
Full textAbstract:
This research has established a new privacy framework, privacy model, and privacy architecture to create more transparent privacy for social networking users. The architecture is designed into three levels: Business, Data, and Technology, which is based on The Open Group Architecture Framework (TOGAF®). This framework and architecture provides a novel platform for investigating privacy in Social Networks (SNs). This approach mitigates many current SN privacy issues, and leads to a more controlled form of privacy assessment. Ultimately, more privacy will encourage more connections between people across SN services.
6
Fischer-Hübner, Simone. "IT-security and privacy : design and use of privacy-enhancing security mechanisms /." Berlin [u.a.] : Springer, 2001. http://www.loc.gov/catdir/enhancements/fy0812/2001034161-d.html.
Full text
7
Floderus, Sebastian, and Vincent Tewolde. "Analysing privacy concerns in smartcameras : in correlation with GDPR and Privacy by Design." Thesis, Blekinge Tekniska Högskola, Institutionen för datavetenskap, 2021. http://urn.kb.se/resolve?urn=urn:nbn:se:bth-21980.
Full textAbstract:
Background. The right to privacy is every persons right, data regulation laws suchas the GDPR and privacy preserving concepts like Privacy by Design (PbD) aid inthis matter. IoT devices are highly vulnerable to attacks because of their limitedstorage and processing capabilities, even more so for internet connected cameras.With the use of security auditing techniques and privacy analysis methods it ispossible to identify security and privacy issues for Internet of Things (IoT) devices. Objectives. The research aims to evaluate three selected IoT cameras’ ability toprotect privacy of their consumers. As well as investigating the role GDPR and PbDhas in the design and operation of each device. Methods. A literature review was performed in order to gain valuable knowledgeof how to design a case study that would evaluate privacy issues of IoT devices incorrelation with GDPR and PbD. The case study consists of 14 cases designed toexplore security and privacy related issues. They were executed in a monitored andcontrolled network environment to detect data flow between devices. Results. There was a noticeable difference in the security and privacy enhancingtechnologies used between some manufactures. Furthermore, there was a distinctdisparity of how transparent each system was with the processed data, which is acrucial part of both GDPR and PbD. Conclusions. All three companies had taken GDPR and PbD into considerationin the design on the IoT systems, however to different extents. One of the IoTmanufactures could benefit from incorporating PbD more thoroughly into the designand operation of their product. Also the GDPR could benefit from having referencesto security standards and frameworks in order simplify the process for companies tosecure their systems.
8
Ripmann, Nina. "User Interface Design for Privacy Enhancing Technology." Thesis, Norges teknisk-naturvitenskapelige universitet, Institutt for telematikk, 2012. http://urn.kb.se/resolve?urn=urn:nbn:no:ntnu:diva-18731.
Full textAbstract:
A significant amount of information is available of us online due to the increased use of the Internet and online services. It appears to be a tendency among users to not read privacy policies when creating user accounts online because policies are known to be long and complicated documents that are hard to understand. Users also feel like they don't really have a choice than to accept the policy if they want to use the service. This have created privacy concerns and a need for better privacy control for users, since the users usually don't know what they have agreed to when accepting policies.SINTEF ICT have developed a privacy enhancing technology (PET), named Privacy Advisor, whose purpose is to help users think about privacy and information sharing online. This is done by Privacy Advisor interpreting webpages privacy policies for the users and giving advices on whether the webpages should be trusted or not. The users are then given the opportunity to provide feedback to Privacy Advisor and the system will use this to adapt to the users privacy preferences. A graphical user interface (GUI) for Privacy Advisor were developed using prototyping with iterative improvement of the design, based on feedback from SINTEF ICT and potential users. Feedback from users was collected by performing usability testing with observation, followed by a questionnaire. Usability testing was also conducted to determine the designs usability and find breakdowns in the design. The feedback showed that there were some breakdowns in the system. These were presentation of text that was confusing for some users, where they did not understand the meaning of the text, or buttons that was not intuitive enough. These breakdowns were fixed for the final version of the design suggestion. The users also navigated well in the prototype and managed to complete all the given tasks. The system also received positive feedback concerning further use and the need for a program like Privacy Advisor, and because of these elements, the usability were determined as good when the final improvements and fixing of breakdowns were completed. A final design for Privacy Advisor, implemented as a Google Chrome extension was then presented to SINTEF ICT.
9
Simmingsköld, Carl. "Privacy by Design : Inbyggd integritet i patientjournaler." Thesis, Högskolan i Skövde, Institutionen för kommunikation och information, 2013. http://urn.kb.se/resolve?urn=urn:nbn:se:his:diva-8331.
Full textAbstract:
I dagens hälso- och sjukvård behandlas patientuppgifter elektroniskt i patientjournalsystem. Uppgifterna ska behandlas med högsta möjliga säkerhetsåtgärder eftersom de innehåller känslig information om patienter. Patientuppgifterna behöver dock alltid vara tillgängliga för att vårdgivarna ska kunna ge bästa tänkbara vård. På grund av att hanteringen av patientinformation är kritisk, måste IT-systemen följa regler och upprätthålla en hög integritet. Privacy by Design (PbD) är tänkt att adressera problemet genom att integritetsaspekten får stå i fokus genom IT-systemets hela livscykel. PbD beskriver hur system ska vara, exempelvis att inte mer information än det som verkligen behövs ska samlas in, och att ge registrerade i IT-system insyn om vad som finns sparat om dem. Studien har analyserat på vilket sätt principerna och ramverket PbD används i patientjournalsystem för att skydda patientens integritet. Resultatet visar att det finns stora brister för att skydda patientens integritet framförallt genom avsaknad på kryptering i databaser och intern nätverkstrafik. Användarna kan dessutom tillgodose sig med mer information än de behöver och det finns dåligt med begränsningar för vad som kan skrivas in i patientjournalerna.
10
Segal, Aaron. "Design and Implementation of Privacy-Preserving Surveillance." Thesis, Yale University, 2017. http://pqdtopen.proquest.com/#viewpdf?dispub=10584958.
Full textAbstract:
The modern internet and phone networks offer very little security, privacy, or accountability to their users. As people conduct their business and social lives online and over the phone, they naturally generate private or sensitive data about themselves. But any number of parties can and do track this data. Not only the services people interact with everyday, but third-party services for ad tracking, malicious hackers, government agencies operating with nebulous legal authority, and service providers themselves can and do observe and track users. They can then use the sensitive data in a variety of objectionable ways.
Changing this state of affairs without an earth-shattering technological breakthrough may appear to be a hopeless situation. But, in this dissertation, we demonstrate how existing technology can, if deployed and used properly, markedly improve privacy for users and accountability for those collecting data. We discuss two techniques for achieving these improvements: privacy-preserving surveillance and anonymous communication. For each technique, we present example protocols for which we have implemented fast prototypes running on commercial hardware.
First, we define the notion of privacy-preserving surveillance. Currently, a government agency can collect and examine bulk user data while making no distinction between the legitimate target of investigation and the average person, and with little or no oversight from other agencies. Privacy-preserving surveillance is an alternative legal regime in which searches of sensitive user data could only take place with the active collaboration of multiple government agencies. Trust is distributed amongst these agencies, assuring that no single authority can unilaterally view sensitive user data (or metadata). We then show how two types of bulk surveillance, currently in use by the authorities, could be made privacy-preserving by the adoption of modern cryptographic protocols to secure data.
We also discuss protocols for anonymous communication. We take two approaches to anonymity. First, we present an improvement to the Tor network, an anonymity substrate based on onion routing that is already deployed in the wild. Second, we present a complete specification of the dining-cryptographers-based Verdict protocol arid formally prove its anonymity, security, and accountability properties.
11
Li, Zuxing. "Privacy-by-Design for Cyber-Physical Systems." Doctoral thesis, KTH, ACCESS Linnaeus Centre, 2017. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-211908.
Full textAbstract:
It is envisioned that future cyber-physical systems will provide a more convenient living and working environment. However, such systems need inevitably to collect and process privacy-sensitive information. That means the benefits come with potential privacy leakage risks. Nowadays, this privacy issue receives more attention as a legal requirement of the EU General Data Protection Regulation. In this thesis, privacy-by-design approaches are studied where privacy enhancement is realized through taking privacy into account in the physical layer design. This work focuses in particular on cyber-physical systems namely sensor networks and smart grids. Physical-layer performance and privacy leakage risk are assessed by hypothesis testing measures. First, a sensor network in the presence of an informed eavesdropper is considered. Extended from the traditional hypothesis testing problems, novel privacy-preserving distributed hypothesis testing problems are formulated. The optimality of deterministic likelihood-based test is discussed. It is shown that the optimality of deterministic likelihood-based test does not always hold for an intercepted remote decision maker and an optimal randomized decision strategy is completely characterized by the privacy-preserving condition. These characteristics are helpful to simplify the person-by-person optimization algorithms to design optimal privacy-preserving hypothesis testing networks. Smart meter privacy becomes a significant issue in the development of smart grid technology. An innovative scheme is to exploit renewable energy supplies or an energy storage at a consumer to manipulate meter readings from actual energy demands to enhance the privacy. Based on proposed asymptotic hypothesis testing measures of privacy leakage, it is shown that the optimal privacy-preserving performance can be characterized by a Kullback-Leibler divergence rate or a Chernoff information rate in the presence of renewable energy supplies. When an energy storage is used, its finite capacity introduces memory in the smart meter system. It is shown that the design of an optimal energy management policy can be cast to a belief state Markov decision process framework.QC 20170815
12
Jensen, Carlos. "Designing for Privacy in Interactive Systems." Diss., Georgia Institute of Technology, 2005. http://hdl.handle.net/1853/7588.
Full textAbstract:
People are increasingly concerned about online privacy and how computers collect, process, share, and store their personal information. Such concerns are understandable given the growing number of privacy invasions and the pervasiveness of information capture and sharing between IT systems. This situation has led to an increasingly regulated environment, limiting what systems may do, and what safeguards they must offer users. Privacy is an especially important concern in the fields of computer supported collaborative work (CSCW), Ubiquitous Computing, and e-commerce, where the nature of the applications often requires some information collection and sharing.
In order to minimize risks to users it is essential to identify privacy problems early in the design process. Several methods and frameworks for accomplishing this have been proposed in the last decades. These frameworks, though based on hard-earned experience and great insight, have not seen widespread adoption despite the high level of interest in this topic. Part of the reason for this is likely the lack of evaluation and study of these frameworks.
In our research we examine the key design and analysis frameworks and their elements, and compare these to the kinds of problems users face and are concerned with in terms of privacy. Based on this analysis of the relative strengths and weaknesses of existing design frameworks we derive a new design framework; STRAP (STRuctured Analysis of Privacy). In STRAP we combine light-weight goal-oriented analysis with heuristics to provide a simple yet effective design framework. We validate our analysis by demonstrating in a series of design experiments that STRAP is more efficient and effective than any one of the existing design frameworks, and provide quantitative and qualitative evidence of the value of using such frameworks as part of the design process.
13
Coss, David. "Cloud Privacy Audit Framework: A Value-Based Design." VCU Scholars Compass, 2013. http://scholarscompass.vcu.edu/etd/3106.
Full textAbstract:
The rapid expansion of cloud technology provides enormous capacity, which allows for the collection, dissemination and re-identification of personal information. It is the cloud’s resource capabilities such as these that fuel the concern for privacy. The impetus of these concerns are not too far removed from those expressed by Mason in 1986, when he identified privacy as one of the biggest ethical issues facing the information age. There seems to be continuous ebb and flow relationship with respect to privacy concerns and the development of new information communication technologies such as cloud computing. Privacy issues are a concern to all types of stakeholders in the cloud. Individuals using the cloud are exposed to privacy threats when they are persuaded to provide personal information unwantedly. An Organization using a cloud service is at risk of non-compliance to internal privacy policies or legislative privacy regulations. The cloud service provider has a privacy risk of legal liability and credibility concerns if sensitive information is exposed. The data subject is at risk of having personal information exposed. In essence everyone who is involved in cloud computing has some level of privacy risk that needs to be evaluated before, during and after they or an organization they interact with adopts a cloud technology solution. This resonates a need for organizations to develop privacy practices that are socially responsible towards the protection of their stakeholders’ information privacy. This research is about understanding the relationship between individual values and their privacy objectives. There is a lack of clarity in organizations as to what individuals consider privacy to be. Therefore, it is essential to understand an individual’s privacy values. Individuals seem to have divergent perspectives on the nature and scope of how their personal information is to be kept private in different modes of technologies. This study is concerned with identifying individual privacy objectives for cloud computing. We argue that privacy is an elusive concept due to the evolving relationship between technology and privacy. Understanding and identifying individuals’ privacy objectives are an influential step in the process of protecting the privacy in cloud computing environments. The aim of this study is to identify individual privacy values and develop cloud privacy objectives, which can be used to design a privacy audit for cloud computing environments. We used Keeney’s (1992) value focused thinking approach to identify individual privacy values with respect to emerging cloud technologies, and to develop an understanding of how cloud privacy objectives are shaped by the individual’s privacy values. We discuss each objective and how they relate to privacy concerns in cloud computing. We also use the cloud privacy objectives in a design science study to design a cloud privacy audit framework. We then discuss the how this research helps privacy managers develop a cloud privacy strategy, evaluate cloud privacy practices and develop a cloud privacy audit to ensure privacy. Lastly, future research directions are proposed.
14
Alalouch, Chaham Rajab. "Hospital ward design : implications for space and privacy." Thesis, Heriot-Watt University, 2009. http://hdl.handle.net/10399/2234.
Full textAbstract:
This thesis examines the relationships between hospital ward design and aspects of visual privacy as a design criterion. It involves three stakeholders: users (potential and actual patients), experts and architects. In particular it explores the relationships between the spatial design of the plan configuration of buildings, in this case hospital open wards, and subjective judgments on spatial location for privacy across different demographics and cultural backgrounds. These variables are considered in the context of the current guidelines on, and regulations of, ward design criteria, and architects’ prioritisation of these criteria. Mixed methodological approaches – i.e. qualitative and quantitative methods – are employed. Space Syntax theory and its particular technique Visibility Graph Analysis (VGA) are used to quantify the spatial structure of six generic open ward types. A series of statistical analyses allowed the investigation of the relationships between measures of plan configurations and patterns of preferences in relation to beds’ spatial location for privacy assessed by means of a questionnaire. This is followed by qualitative policy analyses and semi-structured interviews with experts to provide a set of the relevant ward design criteria, which is used to conduct choice-based conjoint analysis to explore architects’ prioritisation of ward design criteria including patient’s privacy. Results showed a systematic relationship between the chosen location for privacy and spatial properties of the ward plans best represented by two measures: Integration and Control, with integration being the best predictor of preference. This was found to encompass universal preference for spatial locations of privacy across culture, age and gender and a specific significant difference as a result of previous experience of space. A reasonable awareness of the importance of patient’s privacy as a design criterion was found not only in the current guidelines and regulations on ward design but also in experts’ perception and architects’ prioritisation of ward design criteria. However, it appears that there is no framework to assess people’s privacy preference or specific information to guide architects on spatial preference. Systematic findings with respect to plan configurations are not only important in themselves, they provide the context within which detailed design choices can be made.
15
Liu, Huichuan. "Privacy-implicated system design in the virtual marketplace /." The Ohio State University, 1996. http://rave.ohiolink.edu/etdc/view?acc_num=osu1487936356159555.
Full text
16
O'REILLY, JOSEPH MATTHEW. "LEGAL PRIVACY AND PSYCHOLOGICAL PRIVACY: AN EVALUATION OF COURT ORDERED DESIGN STANDARDS (ENVIRONMENTAL, PSYCHIATRIC HOSPITALS, ARCHITECTURE)." Diss., The University of Arizona, 1985. http://hdl.handle.net/10150/187916.
Full textAbstract:
The legal system and the social sciences share an interest in privacy but have developed separate conceptualizations of the concept. The result is two similar but conflicting theories of privacy that make different assumptions about how people behave and how that behavior can be controlled. The purpose of this study was to begin testing these theories by examining the operationalization of privacy through mandated standards intended to ensure privacy for the mentally ill. Specifically, the standards set in Wyatt v. Stickney, which reflect the idea that privacy is a sphere of space free from outside intrusion, were examined to see if they did indeed ensure privacy. Using two units in a facility that met the standards mandated by the court in Wyatt v. Stickney, the research examined staff and patient perceptions of privacy. Thirty-five patients were interviewed and twenty-four staff completed questionnaires on the overall habitability of the unit and patient privacy. Results indicated that the Wyatt court's operationalization of privacy as primarily a visual phenomena was inadequate and although the specific standards ordered to ensure privacy were reported to be effective by a simple majority of patients, overall patients reported a lack of privacy. Staff responses were generally in agreement with patients but they tended to use more extreme or stronger ratings. The present study also has implications for the legal conceptualization of privacy. It was found that privacy was perceived as important by patients; that autonomy as evidenced by control was an important issue for a minority of patients; and, the right of selective disclosure was not a major concern of patients. Needed future areas of research that were identified included: comparing privacy ratings across a variety of group living situations, comparing the mentally ill's conceptualizations of privacy from others, determining the effect of privacy on the therapeutic goals of an institution and therapeutic outcome and, determine the relative importance of privacy to the mentally ill.
17
Tancock, David. "Design and implementation of a privacy impact assessment tool." Thesis, University of Bristol, 2015. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.683387.
Full textAbstract:
A Privacy Impact Assessment (PIA) is a systematic process for evaluating the possible future effects that a particular activity or proposal may have on an individual's privacy. It focuses on understanding the system, initiative or scheme, identifying and mitigating adverse privacy impacts and informing decision makers who must decide whether the project should proceed and in what form. A PIA, as a proactive business process, is thus properly distinguished from reactive processes, such as privacy issue analysis, privacy audits and privacy law compliance checking, applied to existing systems to ensure their continuing conformity with internal rules and external requirements. Typically, in most of the major jurisdictions (i.e. Canada, United States (US) etc.) that conduct PIAs, PIA tools and document templates are used by organisations for project compliance/analysis in relation to their own national, state or sector-specific requirements. However, in the United Kingdom (UK) organisations typically use manual documents in one form or another (i.e. ranging from un-systematised documentation sets to organised Microsoft Templates) to undertake PIAs, which are usually based upon the advice given by the Information Commissioner's Office (lCO) and its UK PIA Handbook, or upon their own organisational rules and procedures. Therefore, while manual documents provide some benefits with regard to user comprehension and ease of use, there are some disadvantages in using them including: human error, data duplication, and time consumption. The research described in this thesis focuses upon demonstrating and exploring the extent to which an automated tool might assist in the process of carrying out PIAs in the UK, and thereby improve PIA uptake. Such a PIA tool may set the bar higher for the process itself, help organisations in carrying out PIAs more easily in the UK, facilitate comparison and improve standardisation. A PIA tool is developed and described, in the form of a software prototype based upon a Decision Support System (DSS), that is a type of expert system that addresses the complexity of privacy compliance requirements for organisations (in both public and private sectors). More specifically, the developed automated PIA tool may help decision makers within organisations decide whether a new project (where "project" is defined in a broad sense, encompassing a scheme, notion, or product etc.), should go ahead and if so, in what form (i.e. what restrictions there are, what additional checks should be made, etc.). Therefore, techniques outlined in this thesis for the development of the PIA tool include: requirements elicitation; stakeholder mapping; data collection; data analysis; UML (Unified Modelling Language) modelling, and the software implementation of an expert system. In addition, Artificial Intelligence (AI)techniques are assessed with regards to how these can be used to enhance the PIA process, and a technique is developed to incorporate expression of belief. Stakeholders outlined in this thesis are anyone with an interest in such a PIA tool. For example, the intended users of the tool are stakeholders, as they have an interest in having a product that addresses the complexity of privacy compliance requirements for organisations (in both public and private sectors). In addition, stakeholders were mapped into a number of stakeholder groups including: privacy, data protection, computer security, records management, PIA consultants, and software development. Thus stakeholders were selected to provide requirements for the PIA tool (i.e. functional and non-functional requirements), and also to participate in the PIA tools validation process (i.e. a judgement on the functionality, usability, and portability of the PIA tool). The outcomes of the research include both a proof of concept implementation of a PIA tool, and analysis of a stakeholder-derived validation process for that tool
18
Spiekermann-Hoff, Sarah, and Marie Caroline Oetzel. "A systematic methodology for privacy impact assessments: a design science approach." Palgrave Macmillan UK, 2014. http://dx.doi.org/10.1057/ejis.2013.18.
Full textAbstract:
For companies that develop and operate IT applications that process the personal data of customers and employees, a major problem is protecting these data and preventing privacy breaches. Failure to adequately address this problem can result in considerable damage to the company's reputation and finances, as well as negative effects for customers or employees (data subjects). To address this problem, we propose a methodology that systematically considers privacy issues by using a step-by-step privacy impact assessment (PIA). Existing PIA approaches cannot be applied easily because they are improperly structured or imprecise and lengthy. We argue that companies that employ our PIA can achieve "privacy-by-design", which is widely heralded by data protection authorities. In fact, the German Federal Office for Information Security (BSI) ratified the approach we present in this article for the technical field of RFID and published it as a guideline in November 2011. The contribution of the artefacts we created is twofold: First, we provide a formal problem representation structure for the analysis of privacy requirements. Second, we reduce the complexity of the privacy regulation landscape for practitioners who need to make privacy management decisions for their IT applications.
19
Kitkowska, Agnieszka. "Advancing Models of Privacy Decision Making : Exploring the What & How of Privacy Behaviours." Licentiate thesis, Karlstads universitet, Institutionen för matematik och datavetenskap (from 2013), 2018. http://urn.kb.se/resolve?urn=urn:nbn:se:kau:diva-69974.
Full textAbstract:
People's decisions do not happen in a vacuum; there are multiple factors that may affect them. There are external determinants, such as cost/benefit calculation of decision outcomes. There are also internal factors, such as attitudes, personality, emotions, age, and nationality. Frequently, the latter have a final say on the decision at hand, and similar determinants are triggered during the digital interaction when people make decisions about their privacy. The current digital privacy landscape is filled with recurring security breaches and leaks of personal information collected by online service providers. Growing dependency on Internet-connected devices and increasing privacy risks prompted policy makers to protect individuals' right to privacy. In Europe, the General Data Protection Regulation requires companies to provide adequate information about their data collection and processing practices to users, to increase privacy awareness and enable better decision making. Regardless, currently there is no sufficient, usable technology, which could help people make improved privacy decisions, decreasing over-disclosure and oversharing. Hence, multidisciplinary researchers aim at developing new privacy-enhancing solutions. To define such solutions and successfully convey data provision and processing practices, potential risks, or harms resulting from information disclosure, it is crucial to understand cognitive processes underpinning privacy decisions. In this thesis, we examine privacy decisions and define factors that influence them. We investigate the attitude-behaviour relationship and identify privacy concerns affecting perceptions of privacy. Additionally, we examine factors influencing information sharing, such as emotional arousal and personality traits. Our results demonstrate that there is a relationship between privacy concerns and behaviours, and that simplified models of behaviour are insufficient to predict privacy decisions. Our findings show that internal factors, such as nationality and culture, emotional arousal, and individual characteristics, affect privacy decisions. Based on our findings, we conclude that future models of privacy should incorporate such determinants. Further, we postulate that privacy user interfaces must become more flexible and personalised than the current solutions.Growing dependency on Internet-connected devices and increasing privacy risks prompted policymakers to protect individuals’ right to privacy. In Europe, the General Data Protection Regulation requires companies to provide users with adequate information about data collection and processing practices to increase privacy awareness and enable better decisions. Hence, multidisciplinary researchers aim at developing new privacy-enhancing solutions. However, to develop such solutions it is crucial to understand cognitive processes underpinning privacy decisions. This thesis objective is to investigate privacy behaviours. We identify privacy concerns affecting perceptions of privacy and examine factors influencing information sharing. We show that simplified models of behaviour are insufficient predictors of privacy decisions, and that demographic characteristic, emotion and personality affect privacy attitudes and behaviours. Based on our findings we conclude that future models of privacy and designs of privacy user interfaces must incorporate such behavioural determinants.
20
Kolivodiakos, Paraskevas. "Evaluating End Users’ Online Privacy Preferences and Identifying PET Design Requirements: A Literature Review." Thesis, Luleå tekniska universitet, Datavetenskap, 2018. http://urn.kb.se/resolve?urn=urn:nbn:se:ltu:diva-67720.
Full textAbstract:
In this research end user privacy preferences regarding online resources web and mobile applications and websites are investigated and design requirements needed for the development of a privacy focused, privacy enhancing technology tool are identified, as derived from the literature, the crowd source based solution is the most appealing solution so it is fully analyzed according to our research main focus.
21
Vaziritabar, Shahram. "Design and privacy in modern and traditional housing in Iran." Thesis, Oxford Brookes University, 1990. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.258725.
Full text
22
Jagadeesan, Harini. "Design and Verification of Privacy and User Re-authentication Systems." Thesis, Virginia Tech, 2009. http://hdl.handle.net/10919/32394.
Full textAbstract:
In the internet age, privacy and security have become major concerns since an increasing number of transactions are made over an unsecured network. Thus there is a greater chance for private data to be misused. Further, insider attacks can result in loss of valuable data. Hence there arises a strong need for continual, non-intrusive, quick user re-authentication. Previously, a number of studies have been conducted on authentication using behavioral attributes. Currently, few successful re-authentication mechanisms are available since they use either the mouse or the keyboard for re-authentication and target particular applications. However, successful re-authentication is still dependent on a large number of factors such as user excitation level, fatigue and using just the keyboard or the mouse does not mitigate these factors successfully.
Both keyboard and mouse contain valuable, hard-to-duplicate information about the userâ s behavior. This can be used for analysis and identification of the current user. We propose an application independent system that uses this information for user re-authentication. This system will authenticate the user continually based on his/her behavioral attributes obtained from both the keyboard and mouse operations. This re-authentication system is simple, continual, non-intrusive and easily deployable. To utilize the mouse and keyboard information for re-authentication, we propose a novel heuristic that uses the percentage of mouse-to-keyboard interaction ratio. This heuristic allows us to extract suitable user-behavioral attributes. The extracted data is compared with an already trained database for user re-authentication.
The accuracy of the system is calculated by the number of correct identifications to total number of identifications. At present, the accuracy of the system is around 96% for application based user re-authentication and around 82% for application independent user re-authentication. We perform black box, white box testing and Spec# verification procedures that prove the robustness of the proposed system. On testing POCKET, a privacy protection software for children, it was found that the security of POCKET was inadequate at the user level. Our system enhances POCKET security at the user level and ensures that the childâ s privacy is protected.
Master of Science
23
Chang, Wei. "Security and Privacy Issues in Social Information-Assisted Application Design." Diss., Temple University Libraries, 2016. http://cdm16002.contentdm.oclc.org/cdm/ref/collection/p245801coll10/id/406720.
Full textAbstract:
Computer and Information SciencePh.D.
In recent years, social networks and their related theories and applications attract widespread attentions in computer science. Many applications are designed by exploring the social information among users, such as social peer-to-peer systems, mobile cloud, and online recommendation systems. Most of the existing works only focus on how to use social information but ignore the fact that social information itself may cause severe security and privacy problems. In this dissertation, we first present some social information-assisted application systems that we have designed, and then, we present several social information-involved privacy and security risks and their countermeasures. Generally speaking, the design procedure of any social information-assisted application involves three tasks: publishing, accessing, and using social information. However, all of these tasks contain privacy and security issues. Social information can be published from a centralized system or a distributed one. For the centralized scheme, the social information is directly published from online social networking systems, such as Facebook or Twitter. However, we found that the data of a social network essentially is a time-evolving graph. Most of the existing approaches fail to preserve users' identity privacy once a malicious attacker has the external knowledge about the victim's time-varying behaviors. For avoiding the new privacy issue, we propose a time-based anonymization scheme. For the distributed social information-sharing scheme, each user's information is propagated from friend to friend's friends, and so on. We design a new scheme to gradually enhance the privacy protection along a propagation path, in the meanwhile, maximally preserve the overall utility of the user's data. From a data accessing aspect, social information can be used by malicious users for launching new attacks. In this dissertation, we find a friendship-based privacy disclosure attack, and a corresponding defense approach is designed. Location-based service has been widely adopted. In order to preserve location privacy, users usually turn off the corresponding applications when visiting sensitive locations. However, once social relationships are known, attackers are able to infer these hidden locations, which disclose users' location privacy. For preserving the location privacy, we design a fake location-based approach, which efficiently disorders the social-geographic relationships among users. From the data usage aspect, social information and its related data may come from users. A system may lose functioning if some malicious users inject plenty of fake information. Mobile clouds and Friend Locator are two typical systems, which are vulnerable to the fake information-related attacks. Mobile clouds explore the idle computing resources of surrounding devices by recruiting nearby friends to participate in the same task. However, malicious users may inject wrong friendships information to mess up the system. When visiting a new place, Friend Locator provides navigation services for participators by creating a map based their trajectories. The functioning of the system is based on the trust among participators. Once a user's device is controlled by attackers, all other users may receive wrong navigation. For defending these attacks, we provide different countermeasure.
Temple University--Theses
24
Asif, Hazem. "The Mall: A world-building speculation on the future of privacy." VCU Scholars Compass, 2018. https://scholarscompass.vcu.edu/etd/5403.
Full textAbstract:
This thesis is a science fiction exploration of a future dystopian world where privacy becomes a dominant currency that is distributed according to social class and ranking mechanisms. It utilizes speculative world-building to study the unanticipated implications of technology on personal privacy, surveillance and social inequality on future societies. The project introduces The Mall, as a highly efficient and hyper-connected world, but also exposes its downfall as a society with heightened cultural and socio-political disparities. Inspired by past civilizations, the development of the modern nation-state as well as contemporary society, the design adapts, appropriates and reformulates existing cultures into new hybrid possibilities. This thesis project is presented as an illustrated coded tapestry that allows the viewer to explore and interact with various components of the narrative to speculate and critique an alternative future-world void of privacy.
25
Mahajan, Yash. "PRADA-TF: Privacy-Diversity-Aware Online Team Formation." Thesis, Virginia Tech, 2021. http://hdl.handle.net/10919/103857.
Full textAbstract:
In this work, we propose a PRivAcy-Diversity-Aware Team Formation framework, namely PRADA-TF, that can be deployed based on the trust relationships between users in online social networks (OSNs). Our proposed PRADA-TF is mainly designed to reflect team members' domain expertise and privacy preserving preferences when a task requires a wide range of diverse domain expertise for its successful completion. The proposed PRADA-TF aims to form a team for maximizing its productivity based on members' characteristics in their diversity, privacy preserving, and information sharing. We leveraged a game theory called Mechanism Design in order for a mechanism designer as a team leader to select team members that can maximize the team's social welfare, which is the sum of all team members' utilities considering team productivity, members' privacy preserving, and potential privacy loss caused by information sharing. To screen a set of candidate teams in the OSN, we built an expert social network based on real co-authorship datasets (i.e., Netscience) with 1,590 scientists, used the semi-synthetic datasets to construct a trust network based on a belief model called Subjective Logic, and identified trustworthy users as candidate team members. Via our extensive simulation experiments, we compared the seven different TF schemes, including our proposed and existing TF algorithms, and analyzed the key factors that can significantly impact the expected and actual social welfare, expected and actual potential privacy leakout, and team diversity of a selected team.Master of Science
In this work, we propose a PRivAcy-Diversity-Aware Team Formation framework, namely PRADA-TF, that can be deployed based on the trust relationships between users in online social networks (OSNs). Our proposed PRADA-TF is mainly designed to reflect team members' domain expertise and privacy preserving preferences when a task requires a wide range of diverse domain expertise for its successful completion. The proposed PRADA-TF aims to form a team based on members' characteristics in their diversity, privacy preserving, and information sharing so as to maximize the performance of the team. We leveraged a game theory called Mechanism Design in order for a mechanism designer as a team leader to select team members that can maximize the team's social welfare, which is the sum of all team members' utilities considering team productivity, members' privacy preserving, and potential privacy loss caused by information sharing. To screen a set of candidate teams in the OSN, we built an expert social network based on real co-authorship datasets with 1,590 scientists, used the semi-synthetic datasets to construct a trust network representing the trust relationship between the users in OSNs, and identified trustworthy users as candidate team members. Via our extensive simulation experiments, we compared the seven different team formation (TF) schemes, including our proposed and existing TF algorithms, and analyzed the key factors that can significantly impact the expected and actual social welfare, expected and actual potential privacy leakout, and team diversity of a selected team.
26
Stoner, Eliza V. "Commodifying convenience, cleanliness, and privacy American public restroom design since 1851 /." Access to citation, abstract and download form provided by ProQuest Information and Learning Company; downloadable PDF file 7.26 Mb., 112 p, 2006. http://gateway.proquest.com/openurl?url_ver=Z39.88-2004&res_dat=xri:pqdiss&rft_val_fmt=info:ofi/fmt:kev:mtx:dissertation&rft_dat=xri:pqdiss:1435845.
Full text
27
Alaqra, Ala Sarah. "The Wicked Problem of Privacy : Design Challenge for Crypto-based Solutions." Licentiate thesis, Karlstads universitet, Institutionen för matematik och datavetenskap (from 2013), 2018. http://urn.kb.se/resolve?urn=urn:nbn:se:kau:diva-67134.
Full textAbstract:
Data privacy has been growing in importance in recent years, especially with the continuous increase of online activity. Researchers study, design, and develop solutions aimed at enhancing users’ data privacy. The wicked problem of data privacy is a continuous challenge that defies straightforward solutions. Since there are many factors involved in data privacy, such as technological, legal, and human aspects, we can only aim at mitigating rather than solving this wicked problem. Our aim was to focus on human aspects for designing usable crypto-based privacy-enhancing solutions. In this thesis, we followed a user centered design method by using empirical qualitative means for investigating user’s perceptions and opinions of our solutions. Most of our work has focused on redactable signatures in the cloud context within the eHealth use-case. Redactable signatures are a privacy enhancing scheme allowing to remove parts of a signed document by a specified party for achieving data minimization without invalidating the respective signature. We mainly used semi-structures interviews and focus groups in our investigations. Our results yielded key HCI considerations as well as guidelines of different means for supporting the design of future solutions.Data privacy has been growing in importance in recent years, especially with the continuous increase of online activity. Researchers continuously study, design, and develop solutions aimed at enhancing users’ data privacy. The wicked problem of data privacy is the continuous challenge that defies straightforward solutions. Since there are many factors involved in data privacy, such as technological, legal, and human aspects, we can only aim at mitigating rather than solving this wicked problem. Our aim was to focus on human aspects for designing usable crypto-based privacy-enhancing solutions. In this thesis, we followed a user centered design method by using empirical qualitative means for investigating user’s perceptions and opinions of our solutions. Most of our work has focused on redactable signatures in the cloud context within an eHealth use-case. Redactable signatures are a privacy-enhancing scheme, which allow the removal of parts of a signed document by a specified party without invalidating the respective signature. Our results yielded key HCI considerations as well as guidelines of different means for supporting the design of future solutions.
Paper 3 was included as manuscript in the thesis.
28
Gandarillas, Carlos. "The impact of web site design and privacy practices on trust." FIU Digital Commons, 2002. http://digitalcommons.fiu.edu/etd/3448.
Full textAbstract:
The most significant issue facing the growth of eCommerce is trust. This research was conducted to determine the type of information users are willing to allow entities to collect online, such as a user's email addresses and click-stream behavior, and its affect on trust. This study determined empirically that participants were more willing to submit non-personally identifying data (e.g., clickstream data) over personally identifying information (e.g., email address); participants were wary of submitting any personal information such as an email address; when a participant submits an email address, it may not be his or her primary email address; the opting defaults for solicitations did not affect trust; participants did not read the privacy policy; and that these findings applied to all web sites, regardless of whether they were shopping/commerce, community, download, or informational. Based on the results, several design guidelines were developed to aid web site designers in creating trusted sites.
29
Gustavsson, Sara. "An Assessment of Privacy by Design as a Stipulation in GDPR." Thesis, Uppsala universitet, Institutionen för informationsteknologi, 2020. http://urn.kb.se/resolve?urn=urn:nbn:se:uu:diva-414374.
Full textAbstract:
As observed by the European Union, rapid technological development and globalization have brought profoundly new challenges for the protection of individuals' privacy, as a consequence of processing personal data. The General Data Protection Regulation (GDPR) has embarked on including the technical framework Privacy by Design as a proactive measurement to incorporate privacy and data protection in technical design. This thesis have conducted an assessment of how various stakeholders perceive privacy and data protection as a consequence of incorporating Privacy by Design in their operational activities to assure GDPR compliance. To get an in-depth understanding of how the framework has affected the continuation of ensuring the human-right aspects of privacy in technology, five interviewees from different organizations and belonging sectors have shared their experience of working with Privacy by Design. It was found in the results that the interviewees all believed that a a privacy mindset is an essential factor to fulfill the objectives of Privacy by Design, and something organizations continuously has to nurture. Yet, there is a desire that software engineers can demonstrate that they understand privacy beyond a technical perspective, something that the maturity of Privacy by Design can invoke. To conclude, Privacy by Design remains to be perceived as an framework with the potential to ensure data protection though technical design, but more frequent empirical research of privacy design techniques is deemed necessary as a result of Privacy by Design being a stipulation in GDPR.
30
Meddeoda, Gedara Kavindra Kulathilake. "Design for Addressing Data Privacy Issues in Legacy Enterprise Application Integration." Thesis, Luleå tekniska universitet, Institutionen för system- och rymdteknik, 2019. http://urn.kb.se/resolve?urn=urn:nbn:se:ltu:diva-74245.
Full textAbstract:
Electronic message transfer is the key element in enterprise application integration (EAI) and the privacy of data transferred must be protected by the systems involved in the message transfer from origin to the destination. The recent data privacy regulation such as GDPR (General Data Protection Regulation) has enforced the organizations to ensure the privacy of the personal data handled with obligations to provide visibility and control over to the data owner. Privacy concerns with relevant to sensitive data embedded and transferred through business-to-business (B2B) middleware platforms in enterprise architecture are mostly at risk with the legacy nature of the products and the complexity of system integrations. This poses a great threat and challenge to organizations processing sensitive data over the interconnected systems in complying with regulatory requirements. This research proposes a solution design to address the data privacy issues related to personal data handled in an enterprise application integration framework. Where electronic messages used to transfer personally identifiable information (PII). The proposal consisting of a design called “Safety Locker” to issue unique tokens related to encrypted PII elements stored in a persistence data storage based on Apache Ignite. While adding REST API interfaces to access the application functionality such as tokenization, de-tokenization, token management and accessing audit logs. The safety locker can run as a standalone application allowing clients to access its functionality remotely utilizing hypertext transfer protocol (HTTP). The design allows the data controllers to ensure the privacy of PII by embedding tokens generated from the application within the electronic messages transferred through interconnected systems. The solution design is evaluated through a proof of concept implementation, which can be adapted, enhanced to apply in EAI implementations.
31
Othman, Zulkeplee. "Privacy, modesty, hospitality and the design of Muslim homes in Australia." Thesis, Queensland University of Technology, 2016. https://eprints.qut.edu.au/92619/1/Zulkeplee_Othman_Thesis.pdf.
Full textAbstract:
This cross-disciplinary, exploratory case study architectural research adopts a social science methodological approach to investigate the influence of cultural traditions and religious teachings on domestic behaviours and utilisation of interior spaces of six Muslim families' homes in Brisbane. Based on the tripartite principles of privacy, modesty and hospitality (PMH), this study acknowledges the contributions of Australian homes in providing a safe and private domain for these families to undertake daily activities while continuing their cultural and religious traditions. This research further acknowledges the significance of Australian homes to these families in the promotion of social inclusion to the wider society.
32
Alawaji, Ahmed S. "Privacy and security risks for national health records systems." Thesis, Massachusetts Institute of Technology, 2018. http://hdl.handle.net/1721.1/118558.
Full textAbstract:
Thesis: S.M. in Engineering and Management, Massachusetts Institute of Technology, System Design and Management Program, 2018.Page 104 blank. Cataloged from PDF version of thesis.
Includes bibliographical references (pages 101-103).
A review of national health records (NEHR) systems shows that privacy and security risks have a profound impact on the success of such projects. Countries have different approaches when dealing with privacy and security considerations. The aims of this study were to explore how governments can design secure national health records systems. To do that systematically, we developed a framework to analyze NEHR systems. We then applied the framework to investigate the privacy and security risks in these systems. The studied systems demonstrate that getting privacy and security right have a considerable impact on the success of NEHR projects. Also, our study reveals that the healthcare system structure has a substantial impact on the adoption and usage rates of the system. The studied cases uncover many opportunities for improving privacy and security measures in future projects. The framework demonstrates the utility of applying it to the three cases.
by Ahmed S. Alawaji.
S.M. in Engineering and Management
33
Caine, Kelly Erinn. "Exploring everyday privacy behaviors and misclosures." Diss., Atlanta, Ga. : Georgia Institute of Technology, 2009. http://hdl.handle.net/1853/31665.
Full textAbstract:
Thesis (Ph.D)--Psychology, Georgia Institute of Technology, 2010.Committee Chair: Fisk, Arthur; Committee Member: Catrambone, Richard; Committee Member: Foley, Jim; Committee Member: Jeffries, Robin; Committee Member: Rogers, Wendy. Part of the SMARTech Electronic Thesis and Dissertation Collection.
34
Peng, Kun. "Analysis and Design of Secure Sealed-Bid Auction." Thesis, Queensland University of Technology, 2004. https://eprints.qut.edu.au/15848/1/Kun_Peng_Thesis.pdf.
Full textAbstract:
Auctions have a long history and are an effective method to distributed resources. In the era of Internet and e-commerce, electronic sealed-bid auction play an important role in business. However, it is a risk to run a sealed-bid auction through the Internet, which is an open and unreliable environment. There are many security concerns about correctness and fairness of the auction and privacy of the bidders in electronic sealed-bid auctions. Cryptology seems to be the only security solution for electronic sealed-bid auction. On the other hand, a practical electronic sealed-bid auction scheme must be efficient. So efficient application of cryptographic tools to electronic sealed-bid auction is the focus of this thesis. Firstly, security requirements of sealed-bid auctions are surveyed. The auction result must be determined correctly according to the submitted bids and the pre-defined auction rule. The bidders must compete with each other in a fair play and none of them can take advantage of others. The auction must be publicly verifiable, so that the auction result is acceptable by everyone. Usually, a losing bidder hopes to keep his bid secret, so the losing bids should be kept secret. In different applications, different auction rules may be applied. So, to avoid a tie, a large number of biddable prices must be accepted in some applications. Secondly, the currently known sealed-bid auction schemes are classified. In recent years, many sealed-bid auction schemes based on various cryptographic primitives have been proposed. Nearly all of them can be classified into five models. In the Model 1, each bid is known to the auctioneers, who can find the winning bid and winner very efficiently. Bid privacy is not implemented in Model 1. In Model 2 homomorphic bid opening is employed, so that the winning bid and winner can be found while the losing bids are kept secret. In Model 3 very strong bid privacy is achieved through a Dutch-style bid opening, which is highly inefficient. In Model 4, the link between the bids and bidders instead of confidentiality of the bids is kept secret. This kind of confidentiality is weaker than normal bid privacy and called relative bid privacy in this thesis. (Complete confidentiality of the bids in the end of the auction is called absolute bid privacy.) Implementation of relative bid privacy can be very efficient if an efficient anonymous channel can be constructed. Model 5 uses secure evaluation to open the bids and find the auction result and makes it possible to achieve absolute bid privacy efficiently. Three main cryptographic primitives are explored and employed to design new auction schemes in four auction models. The first tool is batch verification, which can improve computational efficiency in auction schemes. The second is mix network, which can be used to implement anonymous channels in Model 4 and Model 5. Two new efficient mix networks are designed and used in Model 2, Model 4 and Model 5. The third is secure evaluation, which is employed in two new auction schemes in Model 5 to achieve strong bid privacy efficiently. Other cryptographic primitives employed in the auction schemes include efficient 1-out-of-w oblivious transfer in Model 2 and key chain in Model 3. Five new auction schemes are proposed. The first scheme in Model 2 batch verifies bid validity to improve efficiency. The second scheme optimises the key chain used in Model 3 to obtain a more advanced auction scheme. The third scheme implements a concrete anonymous channel in Model 4 for the first time and achieves relative bid privacy and high efficiency convincingly. The last two employ new secure evaluation techniques to achieve absolute bid privacy and high efficiency. With these five new auction schemes, better solutions are achieved in various auction applications.
35
Peng, Kun. "Analysis and Design of Secure Sealed-Bid Auction." Queensland University of Technology, 2004. http://eprints.qut.edu.au/15848/.
Full textAbstract:
Auctions have a long history and are an effective method to distributed resources. In the era of Internet and e-commerce, electronic sealed-bid auction play an important role in business. However, it is a risk to run a sealed-bid auction through the Internet, which is an open and unreliable environment. There are many security concerns about correctness and fairness of the auction and privacy of the bidders in electronic sealed-bid auctions. Cryptology seems to be the only security solution for electronic sealed-bid auction. On the other hand, a practical electronic sealed-bid auction scheme must be efficient. So efficient application of cryptographic tools to electronic sealed-bid auction is the focus of this thesis. Firstly, security requirements of sealed-bid auctions are surveyed. The auction result must be determined correctly according to the submitted bids and the pre-defined auction rule. The bidders must compete with each other in a fair play and none of them can take advantage of others. The auction must be publicly verifiable, so that the auction result is acceptable by everyone. Usually, a losing bidder hopes to keep his bid secret, so the losing bids should be kept secret. In different applications, different auction rules may be applied. So, to avoid a tie, a large number of biddable prices must be accepted in some applications. Secondly, the currently known sealed-bid auction schemes are classified. In recent years, many sealed-bid auction schemes based on various cryptographic primitives have been proposed. Nearly all of them can be classified into five models. In the Model 1, each bid is known to the auctioneers, who can find the winning bid and winner very efficiently. Bid privacy is not implemented in Model 1. In Model 2 homomorphic bid opening is employed, so that the winning bid and winner can be found while the losing bids are kept secret. In Model 3 very strong bid privacy is achieved through a Dutch-style bid opening, which is highly inefficient. In Model 4, the link between the bids and bidders instead of confidentiality of the bids is kept secret. This kind of confidentiality is weaker than normal bid privacy and called relative bid privacy in this thesis. (Complete confidentiality of the bids in the end of the auction is called absolute bid privacy.) Implementation of relative bid privacy can be very efficient if an efficient anonymous channel can be constructed. Model 5 uses secure evaluation to open the bids and find the auction result and makes it possible to achieve absolute bid privacy efficiently. Three main cryptographic primitives are explored and employed to design new auction schemes in four auction models. The first tool is batch verification, which can improve computational efficiency in auction schemes. The second is mix network, which can be used to implement anonymous channels in Model 4 and Model 5. Two new efficient mix networks are designed and used in Model 2, Model 4 and Model 5. The third is secure evaluation, which is employed in two new auction schemes in Model 5 to achieve strong bid privacy efficiently. Other cryptographic primitives employed in the auction schemes include efficient 1-out-of-w oblivious transfer in Model 2 and key chain in Model 3. Five new auction schemes are proposed. The first scheme in Model 2 batch verifies bid validity to improve efficiency. The second scheme optimises the key chain used in Model 3 to obtain a more advanced auction scheme. The third scheme implements a concrete anonymous channel in Model 4 for the first time and achieves relative bid privacy and high efficiency convincingly. The last two employ new secure evaluation techniques to achieve absolute bid privacy and high efficiency. With these five new auction schemes, better solutions are achieved in various auction applications.
36
Sokolova, Karina. "Bridging the gap between Privacy by Design and mobile systems by patterns." Thesis, Troyes, 2016. http://www.theses.fr/2016TROY0008/document.
Full textAbstract:
De nos jours, les smartphones et les tablettes génèrent, reçoivent, mémorisent et transfèrent vers des serveurs une grande quantité de données en proposant des services aux utilisateurs via des applications mobiles facilement téléchargeables et installables. Le grand nombre de capteurs intégrés dans un smartphone lui permet de collecter de façon continue des informations très précise sur l'utilisateur et son environnement. Cette importante quantité de données privées et professionnelles devient difficile à superviser.L'approche «Privacy by Design», qui inclut sept principes, propose d'intégrer la notion du respect des données privées dès la phase de la conception d’un traitement informatique. En Europe, la directive européenne sur la protection des données privées (Directive 95/46/EC) intègre des notions du «Privacy by Design». La nouvelle loi européenne unifiée (General Data Protection Régulation) renforce la protection et le respect des données privées en prenant en compte les nouvelles technologies et confère au concept de «Privacy by Design» le rang d’une obligation légale dans le monde des services et des applications mobiles.L’objectif de cette thèse est de proposer des solutions pour améliorer la transparence des utilisations des données personnelles mobiles, la visibilité sur les systèmes informatiques, le consentement et la sécurité pour finalement rendre les applications et les systèmes mobiles plus conforme au «Privacy by (re)Design»Nowadays, smartphones and smart tablets generate, receive, store and transfer substantial quantities of data, providing services for all possible user needs with easily installable programs, also known as mobile applications. A number of sensors integrated into smartphones allow the devices to collect very precise information about the owner and his environment at any time. The important flow of personal and business data becomes hard to manage.The “Privacy by Design” approach with 7 privacy principles states privacy can be integrated into any system from the software design stage. In Europe, the Data Protection Directive (Directive 95/46/EC) includes “Privacy by Design” principles. The new General Data Protection Regulation enforces privacy protection in the European Union, taking into account modern technologies such as mobile systems and making “Privacy by Design” not only a benefit for users, but also a legal obligation for system designers and developers.The goal of this thesis is to propose pattern-oriented solutions to cope with mobile privacy problems, such as lack of transparency, lack of consent, poor security and disregard for purpose limitation, thus giving mobile systems more Privacy by (re) Design
37
Ervik, Sara. "Privacy by Design applied in Practice and the Consequences for System Developers." Thesis, KTH, Skolan för elektroteknik och datavetenskap (EECS), 2019. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-251672.
Full textAbstract:
Providing privacy for users is an important matter, data is processed to an increasing extent including sensitive personal information. It is a liability for organizations to take responsibility for the privacy of their users. Organizations are required by law to handle personal information in accordance to General Data Protection Regulation (GDPR). But there is a gap between the legal requirements and the technical solutions. The framework Privacy by Design (PbD) presents guidelines to include privacy in a system but lacks concrete implementations. This paper investigates how PbD can be applied to a system and how it impacts the system development. The study adopts the approach of Colesky, Hoepman and Hillen to apply Privacy by Design in Practice. This was used to develop a system model with consideration of the privacy of users as well as functional requirements and the needs of system developers. The evaluation showed a positive attitude among system developers towards the proposed system model implementing PbD. The system developers estimated that the proposed system model would introduce a slight decrease in productivity but believed the positive aspects of applying privacy would outweigh the disadvantages.Användares integritet har blivit allt viktigare i takt med att mer data hanteras, inklusive känslig personlig information. Organisationer är skyldiga att ta ansvar för sina användares integritet. Det är obligatoriskt enligt lag för organisationer att hantera personlig information i enlighet med kraven definierade i direktivet Allmän Dataskyddsförordning eller General Data Protection Regulation(GDPR) på engelska. Men det kvarstår en klyfta mellan de juridiska kraven och tekniska lösningar. Inbyggd integritet eller Privacy by Design(PbD) på engelska består av principer för att utforma system med hänsyn till integritet, men metoden saknar konkreta implementationer. Denna studie undersöker hur PbD kan appliceras i ett system och hur det påverkar systemutvecklingen. Studien använder Colesky, Hoepman och Hillens tillvägagångssätt för att applicera PbD i praktiken. Med denna metod utvecklades en modell av ett system som tar hänsyn till användarnas integritet likväl systemutvecklarnas behov och systemkrav. Utvärderingen visade att systemutvecklarna var positiva till den föreslagna systemmodellen implementerad med PbD. Systemutvecklarna estimerade att den föreslagna systemmodellen skulle medföra en lätt minskning i produktiviteten men förmodade att de positiva effekterna av inbyggd integritet skulle väga upp nackdelarna.
38
Vasanta, Harikrishna. "Secure, privacy assured mechanisms for heterogeneous contextual environments." Thesis, Queensland University of Technology, 2006. https://eprints.qut.edu.au/16177/1/Harikrishna_Vasanta_Thesis.pdf.
Full textAbstract:
Location information is used to provide a diverse range of services to users such as emergency, navigation, billing, security, information and advertising services. This information is derived from a broad range of indoor and outdoor technologies. The location information thus derived is of different granularity, different co-ordination system and is controlled by numerous service providers. In addition to this, broad selections of devices are used for providing these services.
Having a diverse range of applications requiring location information at different levels of granularity, the need to export location information across multiple devices and the existence of different location determination technologies necessitates the need for heterogeneous location network. These networks derive location information from multiple sources and provides various location-based services to users irrespective of the medium, device or technology used. Security, user privacy and management of location information are some of the important issues that need to be addressed.
The main contribution of this thesis is the design of a secure and privacy assured heterogeneous location architecture. A formal methodology was chosen to design the heterogeneous location architecture. The design of the architecture resulted in a novel key distribution protocol and a model for information flow that can be easily encapsulated into applications or architectures having similar requirements.
The research also resulted in the enhancement of a proposed location framework for securing critical infrastructures using context-aware self-defending objects. The proposed enhanced framework helps to negate the security vulnerabilities introduced through the use of general-purpose computer systems in critical infrastructures.
39
Vasanta, Harikrishna. "Secure, privacy assured mechanisms for heterogeneous contextual environments." Queensland University of Technology, 2006. http://eprints.qut.edu.au/16177/.
Full textAbstract:
Location information is used to provide a diverse range of services to users such as emergency, navigation, billing, security, information and advertising services. This information is derived from a broad range of indoor and outdoor technologies. The location information thus derived is of different granularity, different co-ordination system and is controlled by numerous service providers. In addition to this, broad selections of devices are used for providing these services. Having a diverse range of applications requiring location information at different levels of granularity, the need to export location information across multiple devices and the existence of different location determination technologies necessitates the need for heterogeneous location network. These networks derive location information from multiple sources and provides various location-based services to users irrespective of the medium, device or technology used. Security, user privacy and management of location information are some of the important issues that need to be addressed. The main contribution of this thesis is the design of a secure and privacy assured heterogeneous location architecture. A formal methodology was chosen to design the heterogeneous location architecture. The design of the architecture resulted in a novel key distribution protocol and a model for information flow that can be easily encapsulated into applications or architectures having similar requirements. The research also resulted in the enhancement of a proposed location framework for securing critical infrastructures using context-aware self-defending objects. The proposed enhanced framework helps to negate the security vulnerabilities introduced through the use of general-purpose computer systems in critical infrastructures.
40
Maaser, Michael [Verfasser]. "Design and Realization of Privacy Guaranteeing Means for Context-sensitive Systems / Michael Maaser." Aachen : Shaker, 2010. http://d-nb.info/1081886250/34.
Full text
41
Bednar, Kathrin, Sarah Spiekermann-Hoff, and Marc Langheinrich. "Engineering Privacy by Design: Are engineers ready to live up to the challenge?" WU Vienna University of Economics and Business, 2018. http://epub.wu.ac.at/6338/1/Working_Paper_Qual_Are_engineers_ready.pdf.
Full textAbstract:
Organizations struggle to comply with legal requirements as well as customers' calls for
better data protection. Yet, information privacy depends on system engineers putting
effort into the matter. We interviewed six seniors in system engineering, who work for
globally leading IT corporations and research institutions in order to investigate their
motivation and ability to comply with privacy expectations. The results of our in-depth
interview study point to a lack of perceived responsibility, control and autonomy and to a
struggle with the legal world. The information society may be facing the dilemma of asking engineers to live up to a challenge they are currently not ready to embrace.
42
Bednar, Kathrin, Sarah Spiekermann, and Marc Langheinrich. "Engineering Privacy by Design: Are engineers ready to live up to the challenge?" Taylor & Francis Group, 2019. http://epub.wu.ac.at/6695/1/01972243.2019.pdf.
Full textAbstract:
Organizations struggle to comply with legal requirements as well as customers'
calls for better
data protection. On the implementation level, incorporation of privacy protections in products
and services depends on the commitment of the engineers who design them. We interviewed six
senior engineers, who work for globally leading IT corporations and research institutions, to inves-
tigate their motivation and ability to comply with privacy regulations. Our findings point to a lack
of perceived responsibility, control, autonomy, and frustrations with interactions with the legal
world. While we increasingly call on engineers to go beyond functional requirements and be
responsive to human values in our increasingly technological society, we may be facing the
dilemma of asking engineers to live up to a challenge they are currently not ready to embrace.
43
Kim, Hojung. "Human centred design of software agent in social network service against privacy concerns." Thesis, Brunel University, 2016. http://bura.brunel.ac.uk/handle/2438/12165.
Full textAbstract:
The rapid growth and influence of social network services has led many scholars to focus on privacy issues. However, the research described in this thesis was motivated by the small number of design studies that have focused on practical approaches to identifying tacit information from users’ instant non-verbal responses to privacy issues. The research therefore aimed to propose persona models as a design solution for software agent development based on the analysis of users’ emotional and behavioural responses, so as to address privacy issues in social network services. In the definition phase, 21 stakeholders belonging to three key stakeholder groups were recruited for unstandardised semistructured email interviews. Three main considerations for the design of software agents in social network services emerged from the interviews, which were classified into the following categories: comprehensive understanding of users’ perceptions of privacy; user type recognition algorithm for software agent development; and existing software agent enhancement. In the development phase, 50 participants were recruited for the Facebook case study, which included three research strategies: perceptions of privacy questionnaire for user typology; emotional response measurement using Geneva Emotion Wheel; and behavioural response observation using a contextual inquiry method. The participants were classified into four user types by means of cluster analysis: uninformed, trustful, suspicious and neglectful. Each user type’s key emotional responses were identified using Kruskal-Wallis test and Mann-Whitney U test, and key behavioural responses using affinity diagrams. This generated persona models of each user type that reflected the correlations between users’ perceptions of privacy, key emotional responses and key behavioural responses. Two fundamental features of the software agent were also proposed based on the persona models: confirmation and guidance. In the validation phase, software agent prototypes were created based on the proposed persona models. A total of 206 participants completed the online survey which included two sections: perceptions of privacy questionnaire for user typology replication, and key emotional responses measurement before and after the intervention of the software agent prototypes. Cluster analysis replication validated the proposed user typology, and Wilcoxon signed-rank test of key emotional responses validated the proposed persona models. By implementing the research outcomes, the software agent described in this thesis would be able to provide users with appropriate services based on their user types, to reduce the number of those who are still unaware of privacy practice and those who neglect their accounts, and to expand the size of a user group pursuing sound relationships.
44
Erkanar, Mehmet. "Design And Implementation Of A Privacy Framework For Web Services In The Travel Domain." Master's thesis, METU, 2005. http://etd.lib.metu.edu.tr/upload/12606737/index.pdf.
Full textAbstract:
A web service is a collection of functions that are packaged as a single entity and published to the network for use by other programs. Web services are building blocks for creating open distributed systems, and allow companies and individuals to quickly and cheaply make their digital assets available worldwide. With considerable interoperability, privacy management becomes an inevitable concern of the web services. Companies and individuals should be able to restrict the information available about themselves and specify the use of that information in order to protect their confidentiality.
In the thesis, a privacy framework has been designed and implemented in order to prepare and match privacy documents for web services. Privacy documents are prepared based upon message ontologies which describe the input data of web services. Service requestors and providers prepare their own privacy documents which are going to be checked before the web service transaction begins. Privacy content has been derived from the World Wide Web Consortium&rsquos Platform for Privacy Preferences specification.
45
Kelley, Patrick Gage. "Designing Privacy Notices| Supporting User Understanding and Control." Thesis, Carnegie Mellon University, 2013. http://pqdtopen.proquest.com/#viewpdf?dispub=3573455.
Full textAbstract:
Users are increasingly expected to manage complex privacy settings in their normal online interactions. From shopping to social networks, users make decisions about sharing their personal information with corporations and contacts, frequently with little assistance. Current solutions require consumers to read long documents or go out of their way to manage complex settings buried deep in management interfaces, all of which lead to little or no actual control.
The goal of this work is to help people cope with the shifting privacy landscape. While our work looks at many aspects of how users make decisions regarding their privacy, this dissertation focuses on two specific areas: the current state of web privacy policies and mobile phone application permissions. We explored consumers' current understandings of privacy in these domains, and then used that knowledge to iteratively design and test more comprehensible information displays.
These prototyped information displays should not be seen as final commercially-ready solutions, but as examples of privacy notices that can help users think about, cope with, and make decisions regarding their data privacy. We conclude with a series of design suggestions motivated by our findings.
Keywords: privacy, notice, usability, user interfaces, security, mobile, policy, P3P, HCI, information design.
46
Rännare, Angelica. "Nya Dataskyddsförordningens påverkan på en organisation : En fallstudie med fokus på privacy by design." Thesis, Högskolan i Skövde, Institutionen för informationsteknologi, 2017. http://urn.kb.se/resolve?urn=urn:nbn:se:his:diva-13718.
Full textAbstract:
Detta arbete har till syfte att studera den nya dataskyddsförordningen General Data Protection Regulation´s (GDPR) utmaningar och påverkan på både organisation samt system. Fokus i arbetet har varit på det specifika kravet privacy by design som är en del av GDPR. GDPR-förordningen kommer träda i kraft den 25 maj 2018. Eftersom GDPR är en ny förordning så har det inte skett forskning i större utsträckning i ämnet ännu. Den forskning som har skett inom området har mestadels varit inom juridiken. Detta resulterar i att ämnet är högaktuellt att undersökas eftersom ny kunskap kommer tillkomma genom detta arbete. Arbetet syftar till att undersöka hur GDPR genom sina krav påverkar en organisation och hur hänsyn tas till det specifika kravet privacy by design. Det kommer också undersökas vilka krav som ställs på teknik och funktioner. Genom att göra detta kommer kunskap tas fram om och hur en organisation förbereder sig och vad som krävs för att uppfylla kraven med GDPR. Privacy by design är en filosofi på hur inbyggd integritet kan användas för att skydda och bygga in den personliga integriteten i system. Den baseras på sju principer som skall användas för att förstå hur integritet kan skyddas. Men likt alla lösningar finns det utmaningar. Det är dessa utmaningar som arbetet skall undersöka och för att utifrån resultatet ge rekommendationer som förhoppningsvis kan användas för att få en överblick hur en organisation ligger i fas med privacy by design, som är en del av GDPR. Baserat på organisationens svar kommer rekommendationer ges för hur organisationen skulle kunna förbättra sitt arbete ytterligare. Metoden som använts till stöd för detta arbete är en fallstudie av kvalitativ art, och innefattar intervjuer med personer från en organisation inom säkerhetsbranschen som utvecklar metoder samt mjukvara för informationssäkerhetsarbete. Organisationen som har undersökts befinner sig i startgroparna för säkerställandet av GDPR och har gjort en inledande analys av läget. Fyra intervjuer har legat till grund för studien och på dessa har en innehållsanalys genomförts. Med hjälp av analysen så framträder en tydlig bild av hur arbetet kan se ut, i samband med lagförändringen ur privacy by design-perspektivet. För att ta reda på detta har en organisation som arbetar med informationssäkerhet och mjukvaruutveckling undersökts. Till arbetet utvecklades en frågeguide och en sammanfattning av principer, som är relaterade till privacy by design. Det har visat sig att organisationen som undersöktes till stora delar arbetar med privacy by design, men har ytterligare utmaningar att bemöta. Analys och diskussion av intervjuerna har resulterat i rekommendationer till organisationen angående hur de kan stärka upp sitt informationssäkerhetsarbete ytterligare. Dessutom har en frågeguide, som återfinns i bilagorna, tagits fram och denna kan användas av andra organisationer som önskar undersöka hur de ligger till i sitt arbete med GDPR:s krav på privacy by design.The purpose of this work is to study the General Data Protection Regulation (GDPR) and what challenges and impact this regulation can have on both organization and systems. The focus of the work will be on the specific requirement “privacy by design” that is one part of GDPR. The GDPR will come into force on May 25, 2018. Since the GDPR is a new regulation, there has been little research on the subject yet. The research that has taken place in the field has mostly been in the field of law. This results in the subject being highly relevant for further studies, since this work will unravel new information. The purpose of the work is to investigate how GDPR, through its requirements, affects an organization and how to take into account the specific requirement of privacy by design. It will also be investigated which demands are made of technology and functions. By doing this, knowledge will come about if and how an organization prepares and what it takes to meet the requirements of the GDPR. Privacy by design is a philosophy of how built-in integrity can be used to protect and integrate the personal integrity of systems. It is based on seven principles that will be used to understand how integrity can be protected. But like all solutions there are challenges. These are the challenges that the work will investigate, and as a result give recommendations that hopefully can be used to get an overview of how an organization, is in phase with privacy by design, which is part of GDPR. Based on the organization's response, recommendations will be given for how the organization could further improve its work. The method used to support this work is of a qualitative nature and includes interviews with persons from an organization in the security industry that develop methods and software for information security work. The organization that has been investigated is in the pitfalls for ensuring GDPR and has conducted an initial analysis of the situation. The foundation of this study relies on four interviews, on which a content analysis was made. Through this analysis, a clear picture emerges of how the work with upcoming challenges can present itself, with the changes regarding the new law concerning privacy by design. In order to investigate this, an organisation that works with information security and software development has been scrutinized. As a part of the study, a questionnaire and a summary of the principles relevant to privacy by design, was developed. The conclusion was that the scrutinized organisation generally does work with privacy by design, but still has some challenges to face. The analysis and discussion of the interviews resulted in recommendations for the organization on how to further strengthen their work with information security. Furthermore, a questionnaire, which can be found in the appendix, has been developed, and can be used by other organizations wishing to examine their progress on the work with implementing the GDPR requirements regarding privacy by design.
47
Zhu, Hui. "Design of Optimal Energy Flow Control with Privacy-Cost Trade-Off in Smart Grids." Thesis, KTH, Kommunikationsteori, 2016. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-183003.
Full textAbstract:
As a promising field, the development of smart grid has drawn more and more attention from many countries. A smart meter plays a significant role in a smart grid. It replaces the traditional electricity meter with the ability to frequently transmit instantaneous energy consumptions of the consumer to theenergy provider of the smart grid. From the view of electricity suppliers, it isbeneficial for planning, controlling and billing. However, from consumers’ perspective, the high-resolution energy record may lead to privacy problem, which means the consumers’ behaviour can be revealed by analysing the smart meter readings. In this thesis project, we will focus on the privacy leakage problem of the smart meter. We study the problem of optimal privacy-cost trade-off in a smart grid equipped with an energy provider, an alternative energy source, a smart meter,and an energy control unit. The privacy leakage is modelled as unauthorized detections of the consumer’s behaviours based on the smart meter readings of energy supplies from the energy provider. The control strategy is designed to manage the energy inflows to satisfy the instantaneous energy demands of the consumer and also to optimally trade off the privacy risk and energy cost. To evaluate the privacy risk, we use a Bayesian detection-operational privacy metric. Different scenarios are considered for which we show that their optimization problems can be reduced to linear programmings. Therefore, based on this observation, we propose optimal control strategy design algorithms to solve the optimization problems efficiently.Inom ett potentiellt område, har utvecklingen av smarta elnät dragit mer och mer uppmärksamhet från många länder. En smart elmätare spelar en signifikant roll i ett smart elnät. Den ersätter den traditionella elmätaren med förmågan att ofta överföra den momentana energiförbrukning som konsumenten mottar av energileverantören av smarta elnät. Från elleverantörens sida, är det fördelaktigt för planering, styrning och fakturering. Men från konsumenternas perspektiv kan den högupplösta energiförbrukningen leda till integritetsproblem, vilket innebär att konsumenternas beteende kan avslöjas genom att analysera de smarta mätaravläsningarna. I detta projekt kommer vi fokusera på integritetsproblemen som dessa mätare ger upphov till. Vi studerar problemet med att balansera integritetsproblemeti ett smart elnät bestående av en energileverantör, en alternativ energikälla, ensmart mätare, och en energistyrenhet. Den personliga integriteten äventyras dåen obehörig kan få tillgång till konsumentens beteende baserat på de smartamätvärdena av energiförbrukningen från energileverantören. Kontrollstrateginär utformad för att hantera energiinflödet för att tillfredsställa de momentanaenergibehov konsumenten har, och även för att optimalt avväga privatlivs riskoch energikostnader. För att utvärdera den personliga integriteten risk, an-vänder vi en Bayesiansk upptäckt dvs. operativ integritets uträkning. Olikascenarier beaktas och deras optimeringsproblem kan reduceras till linjära pro-grammeringar. Baserat på observationen är motsvarande kontrollstrategi meddesignade algoritmer att föredra.
48
Fabbri, Elena. "Privacy By Design e Data Protection Officer: aspetti normativi e buone prassi nel trattamento dei dati personali." Bachelor's thesis, Alma Mater Studiorum - Università di Bologna, 2015. http://amslaurea.unibo.it/8248/.
Full textAbstract:
La Tesi tratta i concetti di Privacy e Protezione dei Dati personali, contestualizzandone il quadro normativo e tecnologico con particolare riferimento ai contesti emergenti rappresentati – per un verso – dalla proposta di nuovo Regolamento generale sulla protezione dei dati personali (redatto dal Parlamento Europeo e dal Consiglio dell’Unione Europea), – per un altro – dalla metodologia di progettazione del Privacy by Design e – per entrambi – dalla previsione di un nuovo attore: il responsabile per la protezione dei dati personali (Privacy Officer).
L’elaborato si articola su tre parti oltre introduzione, conclusioni e riferimenti bibliografici.
La prima parte descrive il concetto di privacy e le relative minacce e contromisure (tradizionali ed emergenti) con riferimento ai contesti di gestione (aziendale e Big Data) e al quadro normativo vigente.
La seconda Parte illustra in dettaglio i principi e le prassi del Privacy by Design e la figura del Privacy Officer formalmente riconosciuta dal novellato giuridico.
La terza parte illustra il caso di studio nel quale vengono analizzate tramite una tabella comparativa minacce e contromisure rilevabili in un contesto aziendale.
49
Xu, Lingyu. "Design and implementation of a credible blockchain-based e-health records platform." University of Western Cape, 2020. http://hdl.handle.net/11394/7883.
Full textAbstract:
>Magister Scientiae - MScWith the development of information and network technologies, Electronic Health Records (EHRs) management system has gained wide spread application in managing medical records. One of the major challenges of EHRs is the independent nature of medical institutions. This non-collaborative nature puts a significant barrier between patients, doctors, medical researchers and medical data. Moreover, unlike the unique and strong anti-tampering nature of traditional paper-based records, electronic health records stored in centralization database are vulnerable to risks from network attacks, forgery and tampering. In view of the data sharing difficulties and information security problems commonly found in existing EHRs, this dissertation designs and develops a credible Blockchain-based electronic health records (CB-EHRs) management system.
50
Ahmadian, Amirshayan [Verfasser], Jan [Akademischer Betreuer] Jürjens, Jan [Gutachter] Jürjens, and Patrick [Gutachter] Delfmann. "Model-based privacy by design / Amirshayan Ahmadian ; Gutachter: Jan Jürjens, Patrick Delfmann ; Betreuer: Jan Jürjens." Koblenz, 2020. http://d-nb.info/1204427283/34.
Full text