research-article

Privacy analysis using ontologies

Authors:

Johann Christoph FreytagAuthors Info & Claims

CODASPY '12: Proceedings of the second ACM conference on Data and Application Security and Privacy

Pages 205 - 216

https://doi.org/10.1145/2133601.2133627

Published: 07 February 2012 Publication History

Abstract

As information systems extensively exchange information between participants, privacy concerns may arise from potential misuse. Existing design approaches consider non-technical privacy requirements of different stakeholders during the design and the implementation of a system. However, a technical approach for privacy analysis is largely missing.

This paper introduces a formal approach for technically evaluating an information system with respect to its designed or implemented privacy protection. In particular, we introduce a system model that describes various system aspects such as its information flow. We define the semantics of this system model by using ontologies. Based on the system model together with a given privacy ontology, and given privacy requirements we analyze the modeled system to detect privacy leakages and to calculate privacy indicators. The proposed method provides a technical approach to check whether a system conforms to the privacy requirements of the stakeholders or not.

References

[1]

Carnegie mellon cylab - project nudging users towards privacy. http://www.cylab.cmu.edu/index.html.

[2]

DESWAP (Development Environment for Semantic Web APplications) project., 2007.

[3]

PRECIOSA (Privacy Enabled Capability in Co-operative Systems and Safety Applications) FP7 project., 2010.

[4]

A. Cavoukian (Information & Privacy Commissioner Ontario, Canada). Privacy-by-design. http://www.privacybydesign.ca/.

[5]

R. Agrawal, J. Kiernan, R. Srikant, and Y. Xu. Hippocratic databases. In 28th VLB Conference, Hong Kong, China, 2002.

Digital Library

[6]

A. Aijaz, B. Bochow, F. Dötzer, A. Festag, M. Gerlach, R. Kroh, and T. Leinmüller. Attacks on inter-vehicle communication systems - an analysis. In 3rd Int. Workshop on Intelligent Transportation (WIT 2006), March 2006.

[7]

Y. Asnar, P. Giorgini, and J. Mylopoulos. Goal-driven risk assessment in requirements engineering. Requirements Engineering, 2010.

Digital Library

[8]

E. M. Clarke and E. A. Emerson. Synthesis of synchronization skeletons for branching time temporal logic. In In Logic of Programs: Workshop. Springer-Verlag, 1981.

Digital Library

[9]

D.Gasevic, N.Kaviani, and M.Milanovic. Ontologies and software engineering. In S. Staab and R. Studer, editors, Handbook on Ontologies. Springer Publishing Company, 2009.

[10]

S. F. Gürses, C. Troncoso, and C. Diaz. Engineering privacy by design. In Computers, Privacy & Data Protection, 2011.

[11]

O. Hartig, M. Kost, and J.-C. Freytag. Automatic component selection with semantic technologies. Proc.s of the 4th Int. Workshop on Semantic Web Enabled Software Engineering (SWESE) at ISWC, 2008.

[12]

Q. He and A. I. Anton. A framework for modeling privacy requirements in role engineering. Proc.s of the 9th Int. Workshop on Requirements Engineering: Foundation for Software Quality (REFSQ'03), 2003.

[13]

M. Hecker and T. Dillon. Privacy support and evaluation on an ontological basis. In Proc. of the IEEE 23rd Internat. Conf. on Data Engineering Works., Washington, DC, USA, 2007. IEEE Computer Society.

Digital Library

[14]

ISO TC 204/SC/WG 1. Intelligent transport systems -- system architecture -- privacy aspects in its standards and systems. Technical report, ISO, 2008.

[15]

F. Kargl, F. Schaub, and S. Dietzel. Mandatory Enforcement of Privacy Policies using Trusted Computing Principles. In Intelligent Information Privacy Maangement Symposium, AAAI Spring Symposium Series, Stanford, 2010. AAAI.

[16]

E. Kavakli. Goal oriented requirements engineering: a unifying framework. Requirements Engineering Journal, Springer-Verlag London, 6, 2002.

[17]

M. Kost, B. Wiedersheim, S. Dietzel, F. Schaub, and T. Bachmor. PRECIOSA PeRA: Practical enforcement of privacy policies in intelligent transportation systems. In Proc. of the Demo. Session at the Fourth ACM Conf. on Wireless Network Security, 2011.

Digital Library

[18]

A. Kung, J.C.Freytag, and F.Kargl. Privacy-by-design in its applications. In 2nd Int. Workshop on Data Security and PrivAcy in wireless Networks, Lucca, 2011.

[19]

S. W. Lee and R. A. Gandhi. Ontology-based active requirements engineering framework. Asia-Pacific Software Engineering Conf., 0, 2005.

Digital Library

[20]

I. Linden Consulting. Privacy impact assessment. http://www.ico.gov.uk/for_organisations/data_protection/topic_guides/privacy_impact_assessment.aspx, 2007.

[21]

S. Mauw and M. Oostdijk. Foundations of attack trees. In D. Won and S. Kim, editors, ICISC, volume 3935 of Lecture Notes in Computer Science. Springer, 2005.

Digital Library

[22]

E. C. Michael Hecker, Tharam S. Dillon. Privacy ontology support for e-commerce. IEEE Internet Computing, 12, 2008.

Digital Library

[23]

E. Parliament and of the Council of 24 October 1995. Directive 95/46/ec of the european parliament and of the council of 24 october 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, online (access july 31, 2009), 1995.

[24]

T. E. PARLIAMENT and T. C. O. T. E. UNION. Directive 2010/40/eu of the european parliament and of the council. Official Journal of the European Union, L 207/1, 2010.

[25]

M. Schumacher. Security engineering with patterns: Toward a security core ontology. Springer-Verlag, LNCS 2754, 2003.

Digital Library

[26]

S. Spiekermann and L. Cranor. Privacy engineering. IEEE Transactions on Software Engineering, 35(1), January/February 2009.

Digital Library

[27]

C. Troncoso, G. Danezis, E. Kosta, and B. Preneel. Pripayd: privacy friendly pay-as-you-drive insurance. In WPES '07: Proc.s of the 2007 ACM workshop on Privacy in electronic society, New York, NY, USA, 2007. ACM.

Digital Library

[28]

M. Tschantz and J. Wing. Formal methods for privacy. In A. Cavalcanti and D. Dams, editors, FM 2009: Formal Methods, volume 5850 of Lecture Notes in Computer Science. Springer Berlin / Heidelberg, 2009.

Digital Library

Cited By

Kuznetsov MNovikova EKotenko I(2024)Modelling user notification scenarios in privacy policiesCybersecurity10.1186/s42400-024-00234-87:1Online publication date: 4-Sep-2024
https://doi.org/10.1186/s42400-024-00234-8
Hahn DMunir ABehzadan V(2021)Security and Privacy Issues in Intelligent Transportation Systems: Classification and ChallengesIEEE Intelligent Transportation Systems Magazine10.1109/MITS.2019.289897313:1(181-196)Online publication date: Sep-2022
https://doi.org/10.1109/MITS.2019.2898973
Kyriazanos DThanos KThomopoulos S(2019)Automated Decision Making in Airport Checkpoints: Bias Detection Toward Smarter Security and FairnessIEEE Security & Privacy10.1109/MSEC.2018.288877717:2(8-16)Online publication date: Mar-2019
https://doi.org/10.1109/MSEC.2018.2888777
Show More Cited By

Index Terms

Privacy analysis using ontologies
1. Computing methodologies
  1. Modeling and simulation
    1. Model development and analysis
      1. Model verification and validation

Recommendations

Toward sensitive document release with privacy guarantees

Privacy has become a serious concern for modern Information Societies. The sensitive nature of much of the data that are daily exchanged or released to untrusted parties requires that responsible organizations undertake appropriate privacy protection ...
Privacy Ontology Support for E-Commerce

Privacy is becoming increasingly important due to the advent of e-commerce. E-commerce applications frequently require customers to divulge many personal details about themselves that must be protected carefully in accordance with privacy principles and ...
Privacy Verification Using Ontologies
ARES '11: Proceedings of the 2011 Sixth International Conference on Availability, Reliability and Security

As information systems extensively exchange information between participants, privacy concerns may arise from its potential misuse. A Privacy by Design (PbD) approach considers privacy requirements of different stakeholders during the design and the ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CODASPY '12: Proceedings of the second ACM conference on Data and Application Security and Privacy

February 2012

338 pages

ISBN:9781450310918

DOI:10.1145/2133601

General Chair:
Elisa Bertino
Purdue University, USA
,
Program Chair:
Ravi Sandhu
University of Texas at San Antonio, USA

Copyright © 2012 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 07 February 2012

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CODASPY'12

Sponsor:

SIGSAC

CODASPY'12: Second ACM Conference on Data and Application Security and Privacy

February 7 - 9, 2012

Texas, San Antonio, USA

Acceptance Rates

CODASPY '12 Paper Acceptance Rate 21 of 113 submissions, 19%;

Overall Acceptance Rate 149 of 789 submissions, 19%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

9
Total Citations
View Citations
402
Total Downloads

Downloads (Last 12 months)18
Downloads (Last 6 weeks)0

Reflects downloads up to 13 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Kuznetsov MNovikova EKotenko I(2024)Modelling user notification scenarios in privacy policiesCybersecurity10.1186/s42400-024-00234-87:1Online publication date: 4-Sep-2024
https://doi.org/10.1186/s42400-024-00234-8
Hahn DMunir ABehzadan V(2021)Security and Privacy Issues in Intelligent Transportation Systems: Classification and ChallengesIEEE Intelligent Transportation Systems Magazine10.1109/MITS.2019.289897313:1(181-196)Online publication date: Sep-2022
https://doi.org/10.1109/MITS.2019.2898973
Kyriazanos DThanos KThomopoulos S(2019)Automated Decision Making in Airport Checkpoints: Bias Detection Toward Smarter Security and FairnessIEEE Security & Privacy10.1109/MSEC.2018.288877717:2(8-16)Online publication date: Mar-2019
https://doi.org/10.1109/MSEC.2018.2888777
Kaur LMishra A(2017)Software component and the semantic WebJournal of Systems and Software10.1016/j.jss.2016.11.028125:C(152-169)Online publication date: 1-Mar-2017
https://dl.acm.org/doi/10.1016/j.jss.2016.11.028
Perera CLiu CRanjan RWang LZomaya A(2016)Privacy-Knowledge Modeling for the Internet of ThingsComputer10.1109/MC.2016.36649:12(60-68)Online publication date: 1-Dec-2016
https://dl.acm.org/doi/10.1109/MC.2016.366
Knirsch FEngel DNeureiter CFrincu MPrasanna V(2016)Privacy Assessment of Data Flow Graphs for an Advanced Recommender System in the Smart GridInformation Systems Security and Privacy10.1007/978-3-319-27668-7_6(89-106)Online publication date: 1-Jan-2016
https://doi.org/10.1007/978-3-319-27668-7_6
Arguedas VIzquierdo EChandramouli K(2013)Surveillance ontology for legal, ethical and privacy protection based on SKOS2013 18th International Conference on Digital Signal Processing (DSP)10.1109/ICDSP.2013.6622811(1-5)Online publication date: Jul-2013
https://doi.org/10.1109/ICDSP.2013.6622811
Chandramouli KArguedas VIzquierdo E(2013)Knowledge modeling for privacy-by-design in smart surveillance solution2013 10th IEEE International Conference on Advanced Video and Signal Based Surveillance10.1109/AVSS.2013.6636635(171-176)Online publication date: Aug-2013
https://doi.org/10.1109/AVSS.2013.6636635
Dietzel SKost MSchaub FKargl F(2012)CANE: A Controlled Application Environment for privacy protection in ITS2012 12th International Conference on ITS Telecommunications10.1109/ITST.2012.6458663(71-76)Online publication date: Nov-2012
https://doi.org/10.1109/ITST.2012.6458663

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents