Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Privacy Impact Assessment Template for Provenance
Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science. Karlstad University. (PriSec)ORCID iD: 0000-0001-9535-6621
Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science. Karlstad University. (PriSec)
Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science. Karlstad University. (PriSec)
University of Southampton.
Show others and affiliations
2016 (English)In: The 11th International Conference on Availability, Reliability and Security (ARES 2016), August 31 – September 2, 2016, Salzburg, IEEE Press, 2016Conference paper, Published paper (Refereed)
Place, publisher, year, edition, pages
IEEE Press, 2016.
National Category
Computer and Information Science
Identifiers
URN: urn:nbn:se:kau:diva-43020ISI: 000391214400081OAI: oai:DiVA.org:kau-43020DiVA: diva2:937561
Conference
ARES ISPM 2016 Workshop
Projects
Smart Society
Available from: 2016-06-15 Created: 2016-06-15 Last updated: 2017-09-06
In thesis
1. Privacy-aware Use of Accountability Evidence
Open this publication in new window or tab >>Privacy-aware Use of Accountability Evidence
2017 (English)Licentiate thesis, comprehensive summary (Other academic)
Abstract [en]

This thesis deals with the evidence that enable accountability, the privacy risks involved in using them and a privacy-aware solution to the problem of unauthorized evidence disclosure. 

Legal means to protect privacy of an individual is anchored on the data protection perspective i.e., on the responsible collection and use of personal data. Accountability plays a crucial role in such legal privacy frameworks for assuring an individual’s privacy. In the European context, accountability principle is pervasive in the measures that are mandated by the General Data Protection Regulation. In general, these measures are technically achieved through automated privacy audits. System traces that record the system activities are the essential inputs to those automated audits. Nevertheless, the traces that enable accountability are themselves subject to privacy risks, because in most cases, they inform about processing of the personal data. Therefore, ensuring the privacy of the accountability traces is equally important as ensuring the privacy of the personal data. However, by and large, research involving accountability traces is concerned with storage, interoperability and analytics challenges rather than on the privacy implications involved in processing them.

This dissertation focuses on both the application of accountability evidence such as in the automated privacy audits and the privacy aware use of them. The overall aim of the thesis is to provide a conceptual understanding of the privacy compliance research domain and to contribute to the solutions that promote privacy-aware use of the traces that enable accountability. To address the first part of the objective, a systematic study of existing body of knowledge on automated privacy compliance is conducted. As a result, the state-of-the-art is conceptualized as taxonomies. The second part of the objective is accomplished through two results; first, a systematic understanding of the privacy challenges involved in processing of the system traces is obtained, second, a model for privacy aware access restrictions are proposed and formalized in order to prevent illegitimate access to the system traces. Access to accountability traces such as provenance are required for automatic fulfillment of accountability obligations, but they themselves contain personally identifiable information, hence in this thesis we provide a solution to prevent unauthorized access to the provenance traces.

Abstract [en]

This thesis deals with the evidence that enables accountability, the privacy risks involved in using it and proposes a privacy-aware solution for preventing unauthorized evidence disclosure.

Accountability plays a crucial role in the legal privacy frameworks for assuring individuals’ privacy.  In the European context, accountability principle is pervasive in the measures that are mandated by the General Data Protection Regulation. In general, these measures are technically achieved through automated privacy audits. Traces that record the system activities are the essential inputs to those audits. Nevertheless, such traces that enable accountability are themselves subject to privacy risks, because in most cases, they inform about the processing of the personal data. Therefore, ensuring the privacy of the traces is equally important as ensuring the privacy of the personal data. The aim of the thesis is to provide a conceptual understanding of the automated privacy compliance research and to contribute to the solutions that promote privacy-aware use of the accountability traces. This is achieved in this dissertation through a systematic study of the existing body of knowledge in automated privacy compliance, a systematic analysis of the privacy challenges involved in processing the traces and a proposal of a privacy-aware access control model for preventing illegitimate access to the traces.

Place, publisher, year, edition, pages
Karlstads universitet, 2017. 79 p.
Series
Karlstad University Studies, ISSN 1403-8099 ; 2017:24
Keyword
Privacy, accountability, audit, evidence, system traces, provenance, access control, privacy compliance, security
National Category
Computer Systems
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-48550 (URN)978-91-7063-788-9 (ISBN)978-91-7063-789-6 (ISBN)
Presentation
2017-06-12, 21A342, Eva Eriksson salen, Universitetsgatan 2, Karlstad, 13:15 (English)
Opponent
Supervisors
Available from: 2017-05-22 Created: 2017-05-10 Last updated: 2017-06-01Bibliographically approved

Open Access in DiVA

fulltext(360 kB)16 downloads
File information
File name FULLTEXT01.pdfFile size 360 kBChecksum SHA-512
b9102e66ce5ae9844bc69228bafa450736fa8e02c63a58f88fb0ca823a9b0cb7bc6d61c028711d1a0860ad102b34834c1fb838ca36fae45d97b4b404aeff40d1
Type fulltextMimetype application/pdf

Search in DiVA

By author/editor
Reuben, JenniMartucci, Leonardo AFischer-Hübner, SimoneHedbom, Hans
By organisation
Department of Mathematics and Computer Science
Computer and Information Science

Search outside of DiVA

GoogleGoogle Scholar
Total: 16 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 332 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf