kau.se
EnglishSvenskaNorsk
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • apa.csl
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Go the Extra Mile for Accountability: Privacy Protection Measures for Emerging Information Management Systems
Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013).ORCID iD: 0000-0001-9535-6621
2020 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

The thesis considers a systematic approach to design and develop techniques for preventing personal data exposure in next generation information management systems with the aim of ensuring accountability of data controllers (entities that process personal data).

With a rapid growth in the communication technologies, heterogenous computing environments that offer cost-effective data processing alternatives are emerging. Thus, the information-flow of personal data spans beyond the information processing practices of data controllers thereby involving other parties that process personal data. Moreover, in order to enable interoperability, data in such environments is given well-defined structure and meaning by means of graph-based data models. Graphs, inherently emphasize connections between things, and when graphs are used to model personal data records, the connections and the network structure may reveal intimate details about our inter-connected society.

In the European context, the General Data Protection Regulation (GDPR) provides a legal framework for personal data processing. The GDPR stipulates specific consequences for non-compliance to the data protection principles, in the view of ensuring accountability of data controllers in their personal data processing practices. Widely recognized approaches to implement the Privacy by Design (PbD) principle in the software application development process, are broader in scope. Hence, processes to implement personal data protection techniques for specific systems are not the central aspect of the aforementioned approaches.

In order to influence the implementation of techniques for preventing personal data misuse associated with sharing of data represented as graphs, a conceptual mechanism for building privacy techniques is developed. The conceptual mechanism consists of three elements, namely, a risk analysis for Semantic Web information management systems using Privacy Impact Assessment (PIA) approach, two privacy protection techniques for graphs enriched with semantics and a model to approach evaluation of adherence to the goals resulted from the risk analysis. The privacy protection techniques include an access control model that embodies purpose limitation principle—an essential aspect of GDPR—and adaptations of the differential privacy model for graphs with edge labels. The access control model takes into account the semantics of the graph elements for authorizing access to the graph data. In our differential privacy adaptations, we define and study through experiments, four different approaches to adapt the differential privacy model to edge-labeled graph datasets.
Abstract [en]

The thesis considers a systematic approach to design and develop techniques for preventing personal data exposure in next generation information management systems with the aim of ensuring accountability of data controllers (entities that process personal data).

With a rapid growth in the communication technologies, heterogenous computing environments that offer cost-effective data processing alternatives are emerging. Thus, the information-flow of personal data spans beyond the information processing practices of data controllers thereby involving other parties that process personal data. Moreover, in order to enable interoperability, data in such environments is given well-defined structure and meaning by means of graph-based data models. Graphs, inherently emphasize connections between things, and when graphs are used to model personal data records, the connections and the network structure may reveal intimate details about our inter-connected society.

The GDPR stipulates specific consequences for non-compliance to the data protection principles, in the view of ensuring accountability of data controllers in their personal data processing practices. Widely recognized approaches to implement the Privacy by Design (PbD) principle in the software application development process, are broader in scope. Hence, processes to implement privacy techniques for specific systems are not the central aspect of the aforementioned approaches.

In order to influence the implementation of techniques for preventing personal data misuse associated with sharing of data represented as graphs, a conceptual mechanism for building privacy techniques is developed. The conceptual mechanism consists of three elements, namely, a risk analysis for Semantic Web information management systems using Privacy Impact Assessment (PIA) approach, two privacy protection techniques for graphs enriched with semantics and a model to approach evaluation of adherence to the goals resulted from the risk analysis.
Place, publisher, year, edition, pages
Karlstad: Karlstads universitet, 2020. , p. 30
Series
Karlstad University Studies, ISSN 1403-8099 ; 2020:32
Keywords [en]
accountability, Privacy By Design (PdD), privacy risks, Privacy Impact Assessment (PIA), audits, privacy compliance, access control, differential privacy, graphs, edge-labeled graphs, Semantic Web
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
URN: urn:nbn:se:kau:diva-80531ISBN: 978-91-7867-153-3 (print)ISBN: 978-91-7867-157-1 (print)OAI: oai:DiVA.org:kau-80531DiVA, id: diva2:1471254
Public defence
2020-10-30, Frödingsalen, 1B364, Karlstads Universitet, Karlstad, 09:00 (English)
Opponent
Supervisors
Note

Article 5 part of thesis as manuscript, now published.

Available from: 2020-10-13 Created: 2020-09-28 Last updated: 2021-03-19Bibliographically approved
List of papers
1. Privacy Impact Assessment Template for Provenance
Open this publication in new window or tab >>Privacy Impact Assessment Template for Provenance
Show others...
2016 (English)In: Proceedings of 2016 11th International Conference on Availability, Reliability and Security, (Ares 2016), IEEE, 2016, p. 653-660Conference paper, Published paper (Refereed)
Place, publisher, year, edition, pages
IEEE, 2016
National Category
Computer and Information Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-43020 (URN)10.1109/ARES.2016.95 (DOI)000391214400081 ()978-1-5090-0990-9 (ISBN)
Conference
11th International Conference on Availability, Reliability and Security (ARES). Salzburg, Austria. Aug 31-sep 02, 2016.
Projects
Smart Society
Available from: 2016-06-15 Created: 2016-06-15 Last updated: 2022-11-25Bibliographically approved
2. An Authorization Model for Data Modeled using Semantic Web Technologies
Open this publication in new window or tab >>An Authorization Model for Data Modeled using Semantic Web Technologies
2017 (English)In: The 9th International Conference on Advances in Databases, Knowledge, and Data Applications, International Academy, Research and Industry Association (IARIA), 2017, p. 1-9Conference paper, Published paper (Refereed)
Abstract [en]

Origin of digital artifacts is asserted by digital provenance information. Provenance information is queried for proof statement validations, failure analysis, as well as replication and attribution validations. The history of data that specifies dependency among different data items that produce the data is better captured using semantic web technologies. However, such provenance information contains sensitive information such as personally identifiable information. Further, in the context of Semantic Web knowledge representation, the interrelationships among different provenance elements imply additional knowledge. In this paper, we propose an authorization model that enforces the purpose limitation principle for such semantically related information. We present the formalization of the security policy, however the policy does not reflect the direct implementation of the desired authorization. Therefore, security properties for important relationships such as sub set, set union and set intersection are defined in order to ensure consistency of the security policy. Finally, a use case scenario demonstrating the defined security policy and the properties is presented to indicate the applicability of the proposed model
Place, publisher, year, edition, pages
International Academy, Research and Industry Association (IARIA), 2017
National Category
Computer Systems
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-48549 (URN)
Conference
The Ninth International Conference on Advances in Databases, Knowledge, and Data Applications, Barcelona, Spain
Available from: 2017-05-10 Created: 2017-05-10 Last updated: 2020-09-28Bibliographically approved
3. Towards a Differential Privacy Theory for Edge-Labeled Directed Graphs
Open this publication in new window or tab >>Towards a Differential Privacy Theory for Edge-Labeled Directed Graphs
2018 (English)In: SICHERHEIT 2018 / [ed] Hanno Langweg, Michael Meier, Bernhard Witt & Delphine Reinhardt, Gesellschaft für Informatik, 2018, p. 273-278Conference paper, Published paper (Other academic)
Abstract [en]

Increasingly, more and more information is represented as graphs such as social network data, financial transactions and semantic assertions in Semantic Web context. Mining such data about people for useful insights has enormous social and commercial benefits. However, the privacy of the individuals in datasets is a major concern. Hence, the challenge is to enable analyses over a dataset while preserving the privacy of the individuals in the dataset. Differential privacy is a privacy model that offers a rigorous definition of privacy, which says that from the released results of an analysis it is ’difficult’ to determine if an individual contributes to the results or not. The differential privacy model is extensively studied in the context of relational databases. Nevertheless, there has been growing interest in the adaptation of differential privacy to graph data. Previous research in applying differential privacy model to graphs focuses on unlabeled graphs. However, in many applications graphs consist of labeled edges, and the analyses can be more expressive, which now takes into account the labels. Thus, it would be of interest to study the adaptation of differential privacy to edge-labeled directed graphs. In this paper, we present our foundational work towards that aim. First we present three variant notions of an individual’s information being/not being in the analyzed graph, which is the basis for formalizing the differential privacy guarantee. Next, we present our plan to study particular graph statistics using the differential privacy model, given the choice of the notion that represent the individual’s information being/not being in the analyzed graph.
Place, publisher, year, edition, pages
Gesellschaft für Informatik, 2018
National Category
Computer Systems
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-80365 (URN)10.18420/sicherheit2018_24 (DOI)
Conference
SICHERHEIT 2018
Available from: 2020-09-24 Created: 2020-09-24 Last updated: 2020-12-21Bibliographically approved
4. An Analysis of Different Notions of Differential Privacy for Edge-labeled Knowledge Graphs
Open this publication in new window or tab >>An Analysis of Different Notions of Differential Privacy for Edge-labeled Knowledge Graphs
(English)Manuscript (preprint) (Other academic)
National Category
Computer Systems
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-79162 (URN)
Available from: 2023-07-27 Created: 2020-07-27 Last updated: 2020-11-05Bibliographically approved
5. SoK: Chasing Accuracy and Privacy, and Catching Both in Differentially Private Histogram Publication
Open this publication in new window or tab >>SoK: Chasing Accuracy and Privacy, and Catching Both in Differentially Private Histogram Publication
2020 (English)In: Transactions on Data Privacy, ISSN 1888-5063, E-ISSN 2013-1631, Vol. 13, no 3, p. 201-245Article in journal (Refereed) Published
Abstract [en]

Histograms and synthetic data are of key importance in data analysis. However, researchers have shown that even aggregated data such as histograms, containing no obvious sensitive attributes, can result in privacy leakage. To enable data analysis, a strong notion of privacy is required to avoid risking unintended privacy violations. Such a strong notion of privacy is differential privacy, a statistical notion of privacy that makes privacy leakage quantifiable. The caveat regarding differential privacy is that while it has strong guarantees for privacy, privacy comes at a cost of accuracy. Despite this trade-off being a central and important issue in the adoption of differential privacy, there exists a gap in the literature regarding providing an understanding of the trade-off and how to address it appropriately. Through a systematic literature review (SLR), we investigate the state-of-the-art within accuracy improving differentially private algorithms for histogram and synthetic data publishing. Our contribution is two-fold: 1) we identify trends and connections in the contributions to the field of differential privacy for histograms and synthetic data and 2) we provide an understanding of the privacy/accuracy trade-off challenge by crystallizing different dimensions to accuracy improvement. Accordingly, we position and visualize the ideas in relation to each other and external work, and deconstruct each algorithm to examine the building blocks separately with the aim of pinpointing which dimension of accuracy improvement each technique/approach is targeting. Hence, this systematization of knowledge (SoK) provides an understanding of in which dimensions and how accuracy improvement can be pursued without sacrificing privacy.
Place, publisher, year, edition, pages
INST ESTUDIOS DOCUMENTALES CIENCIA & TECNOLOGIA-IEDCYT, 2020
Keywords
accuracy improvement, boosting accuracy, data privacy, differential privacy, dimensionality reduction, error reduction, histogram, histograms, noise reduction, sensitivity reduction, synthetic data, SLR, SoK, systematic literature review, systematization of knowledge, taxonomy, utility improvement
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-82876 (URN)000604621000002 ()2-s2.0-85100178720 (Scopus ID)
Funder
Swedish Research CouncilSwedish Foundation for Strategic Research
Available from: 2021-02-18 Created: 2021-02-18 Last updated: 2021-03-19Bibliographically approved
6. Automated Log Audits for Privacy Compliance Validation: A Literature Survey
Open this publication in new window or tab >>Automated Log Audits for Privacy Compliance Validation: A Literature Survey
2016 (English)In: Privacy and Identity Management. Time for a Revolution?: 10th IFIP WG 9.2, 9.5, 9.6/11.7, 11.4, 11.6/SIG 9.2.2 International Summer School, Edinburgh, UK, August 16-21, 2015, Revised Selected Papers, Springer, 2016, Vol. 476, p. 13p. 312-326Conference paper, Published paper (Refereed)
Abstract [en]

Log audits are the technical means to retrospectively reconstruct and analyze system activities for determining if the system events are in accordance with the rules. In the case of privacy compliance, compliance by detection approaches are promoted for achieving data protection obligations such as accountability and transparency. However significant challenges remain to fulfill privacy requirements through these approaches. This paper presents a systematic literature review that reveals the theoretical foundations of the state-of-art detective approaches for privacy compliance. We developed a taxonomy based on the technical design describing the contextual relationships of the existing solutions. The technical designs of the existing privacy detection solutions are primarily classified into privacy misuse detection and privacy anomaly detection. However, the design principles of these solutions are, to validate need-to-know and access control obligations hence the state-of-art privacy compliance validation mechanisms focus on usage limitations and accountability. The privacy compliance guarantee they provide is subtle when compared to the requirements arising from privacy regulations and data protection obligations.
Place, publisher, year, edition, pages
Springer, 2016. p. 13
Series
IFIP Advances in Information and Communication Technology, ISSN 1868-4238 ; 476
Keywords
Log audit, privacy violation detection, privacy compliance, accountability, transparency
National Category
Computer and Information Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-38920 (URN)10.1007/978-3-319-41763-9_21 (DOI)978-3-319-41762-2 (ISBN)978-3-319-41763-9 (ISBN)
Conference
The IFIP Summer School 2015, Edinburgh, 16-21 August 2015.
Funder
EU, FP7, Seventh Framework Programme, FP7-ICT-2011-8-317550-A4CLOUD
Note

The school has a two-phase review process for submitted papers. In the first phase submitted papers (short versions) are reviewed and selected for presentation at the school. After the school, these papers can be revised (so that they can benefit from the discussion that occurred at the school) and are then reviewed again for inclusion in the school’s proceedings which will be published by Springer.

Available from: 2015-12-18 Created: 2015-12-18 Last updated: 2020-09-28Bibliographically approved

Open Access in DiVA

fulltext(1269 kB)350 downloads
File information
File name FULLTEXT02.pdfFile size 1269 kBChecksum SHA-512
cd56cec7564661f8d351801ec2a5a0f6b81d23379bc49af77a9c8a15e93d7a2aecf8dce2cb7ba55549f5980510fe8924fbff11492fbbcaaa463240b2634042e2
Type fulltextMimetype application/pdf

Authority records

Reuben, Jenni

Search in DiVA

By author/editor
Reuben, Jenni
By organisation
Department of Mathematics and Computer Science (from 2013)
Computer Sciences

Search outside of DiVA

GoogleGoogle Scholar
Total: 350 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

isbn
urn-nbn

Altmetric score

isbn
urn-nbn
Total: 1222 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • apa.csl
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
v. 2.46.0
|
WCAG
|
Karlstad University
|
University Library
|
Researchers support