Linked e-resources
Details
Table of Contents
Intro
Preface
Organization
Towards Privacy-Preserving and Trustworthy AI (Abstract of Keynote Talk)
Contents
Trust Evaluation
Monitoring Access Reviews by Crowd Labelling
1 Introduction
2 Theoretical Background
2.1 Research Method
3 Problem Formulation
3.1 Practice-Inspired Research
3.2 Defining Access Review Decision Quality as an Instance of a Class of Problems
4 Theory-Ingrained Artifact
4.1 Designing the Initial Artifact
4.2 Applying Crowd Sourcing Theories to Access Reviews
5 Building, Intervention and Evaluation
5.1 Mutually Influenced Roles
5.2 Access Review Campaign Data
5.3 Reciprocal Shaping
5.4 Evaluation
6 Conclusion
References
Automating the Evaluation of Trustworthiness
1 Introduction
2 The TE Framework
2.1 Defining Trustworthiness
2.2 Requirements
2.3 Framework Participants
2.4 Data Model
2.5 Rulebooks
2.6 Trustworthiness Evaluation
2.7 Instance Data
3 Implementation
4 Related Work
5 Conclusions and Future Work
References
Security Risks
At Your Service 24/7 or Not? Denial of Service on ESInet Systems
1 Introduction
2 Preliminaries and Adversarial Model
3 Evaluation
3.1 Test-Bed Setup and Attack Scenarios
3.2 Results
4 Detection and Remedies
5 Related Work
6 Conclusions and Future Directions
References
Impact of False Positives and False Negatives on Security Risks in Transactions Under Threat
1 Introduction
2 Importance of False Positives and False Negatives
3 Security Countermeasures and Risks in Transactions
3.1 Applying Security Countermeasures and Decision Making
3.2 Risk Assessment Based on Optimal Strategy for Counteracting
4 Measuring False Positives and False Negatives
5 Impact of False Positives/Negatives on Security Risks.
5.1 Dependence of the Security Risks from Detection Precision
5.2 Dynamics of the Security Risks Along the Transactions
5.3 Dependency of the Cost from the Moment of Counteracting
6 Discussion and Future Development
References
Web Security
Launching Adversarial Label Contamination Attacks Against Malicious URL Detection
1 Introduction
2 Background and Related Work
2.1 Machine Learning and Attacks Against It
2.2 Related Work
3 Methodology and Experimental Design
3.1 Dataset Overview
3.2 Experimental Design
4 Results
5 Discussion
6 Conclusions and Future Work
References
Neither Good nor Bad: A Large-Scale Empirical Analysis of HTTP Security Response Headers
1 Introduction
2 Background
3 Related Work
4 Experimental Evaluation
4.1 Testbed
4.2 Results
5 Discussion
6 Conclusions
References
Data Protection and Privacy Controls
Components and Architecture for the Implementation of Technology-Driven Employee Data Protection
1 Introduction
2 Components of Employee Data Protection
2.1 A
Information
2.2 B
Self-determination
2.3 C
Enforcement
2.4 D
Data Query and Access
2.5 E
Communication
2.6 F
Support
3 Legal Review of the Components
3.1 Storage Limitation, Integrity, and Confidentiality
3.2 Transparency
3.3 Consent and Direct Implementations of Laws
4 Implementation and Integration Concept
4.1 Architecture
4.2 Integration Concept
5 Related Work
6 Conclusion and Discussion
References
Towards an Information Privacy and Personal Data Protection Competency Model for Citizens
1 Introduction
2 Theoretical Background
2.1 The Concept of Competency
2.2 Competency Models
2.3 Competency Models in Information Systems Literature
3 A RoadMap for Developing the Competency Model.
3.1 Activities Involved in the Development of Competency Models
3.2 The Proposed RoadMap
4 Preliminary Results
4.1 Existing Information Privacy Competency Models for Citizens
4.2 Information Privacy Competencies Implied in the Literature
4.3 Information Privacy Competencies for Citizens: Initial Results
5 Conclusions
References
A Category-Based Framework for Privacy-Aware Collaborative Access Control
1 Introduction
2 Background
2.1 Classical Access Control Models
2.2 Collaborative and Concurrent Access Models
3 Our Solution for Privacy-Aware Access Control
3.1 Framework Architecture
3.2 Shared-CBAC Model
4 BYOD Use Case
5 Evaluation
5.1 Model Design
5.2 Analysis
6 Conclusion
References
Privacy and Users
Car Drivers' Privacy Concerns and Trust Perceptions
1 Introduction
2 Related Work
3 Research Method
4 Results
4.1 Correlations
5 Conclusions
References
AuthGuide: Analyzing Security, Privacy and Usability Trade-Offs in Multi-factor Authentication
1 Introduction
2 Related Work
3 AuthGuide: Design and Implementation
3.1 Modeling the Configuration Space of Authentication Factors
3.2 Registration and Replacement of Authentication Factors
3.3 AuthGuide Implementation
4 Evaluation
4.1 Performance Evaluation
4.2 Configuration Support for the Security Administrator
4.3 Analysis of Security, Privacy and Usability Trade-Off
5 Conclusion
References
Author Index.
Preface
Organization
Towards Privacy-Preserving and Trustworthy AI (Abstract of Keynote Talk)
Contents
Trust Evaluation
Monitoring Access Reviews by Crowd Labelling
1 Introduction
2 Theoretical Background
2.1 Research Method
3 Problem Formulation
3.1 Practice-Inspired Research
3.2 Defining Access Review Decision Quality as an Instance of a Class of Problems
4 Theory-Ingrained Artifact
4.1 Designing the Initial Artifact
4.2 Applying Crowd Sourcing Theories to Access Reviews
5 Building, Intervention and Evaluation
5.1 Mutually Influenced Roles
5.2 Access Review Campaign Data
5.3 Reciprocal Shaping
5.4 Evaluation
6 Conclusion
References
Automating the Evaluation of Trustworthiness
1 Introduction
2 The TE Framework
2.1 Defining Trustworthiness
2.2 Requirements
2.3 Framework Participants
2.4 Data Model
2.5 Rulebooks
2.6 Trustworthiness Evaluation
2.7 Instance Data
3 Implementation
4 Related Work
5 Conclusions and Future Work
References
Security Risks
At Your Service 24/7 or Not? Denial of Service on ESInet Systems
1 Introduction
2 Preliminaries and Adversarial Model
3 Evaluation
3.1 Test-Bed Setup and Attack Scenarios
3.2 Results
4 Detection and Remedies
5 Related Work
6 Conclusions and Future Directions
References
Impact of False Positives and False Negatives on Security Risks in Transactions Under Threat
1 Introduction
2 Importance of False Positives and False Negatives
3 Security Countermeasures and Risks in Transactions
3.1 Applying Security Countermeasures and Decision Making
3.2 Risk Assessment Based on Optimal Strategy for Counteracting
4 Measuring False Positives and False Negatives
5 Impact of False Positives/Negatives on Security Risks.
5.1 Dependence of the Security Risks from Detection Precision
5.2 Dynamics of the Security Risks Along the Transactions
5.3 Dependency of the Cost from the Moment of Counteracting
6 Discussion and Future Development
References
Web Security
Launching Adversarial Label Contamination Attacks Against Malicious URL Detection
1 Introduction
2 Background and Related Work
2.1 Machine Learning and Attacks Against It
2.2 Related Work
3 Methodology and Experimental Design
3.1 Dataset Overview
3.2 Experimental Design
4 Results
5 Discussion
6 Conclusions and Future Work
References
Neither Good nor Bad: A Large-Scale Empirical Analysis of HTTP Security Response Headers
1 Introduction
2 Background
3 Related Work
4 Experimental Evaluation
4.1 Testbed
4.2 Results
5 Discussion
6 Conclusions
References
Data Protection and Privacy Controls
Components and Architecture for the Implementation of Technology-Driven Employee Data Protection
1 Introduction
2 Components of Employee Data Protection
2.1 A
Information
2.2 B
Self-determination
2.3 C
Enforcement
2.4 D
Data Query and Access
2.5 E
Communication
2.6 F
Support
3 Legal Review of the Components
3.1 Storage Limitation, Integrity, and Confidentiality
3.2 Transparency
3.3 Consent and Direct Implementations of Laws
4 Implementation and Integration Concept
4.1 Architecture
4.2 Integration Concept
5 Related Work
6 Conclusion and Discussion
References
Towards an Information Privacy and Personal Data Protection Competency Model for Citizens
1 Introduction
2 Theoretical Background
2.1 The Concept of Competency
2.2 Competency Models
2.3 Competency Models in Information Systems Literature
3 A RoadMap for Developing the Competency Model.
3.1 Activities Involved in the Development of Competency Models
3.2 The Proposed RoadMap
4 Preliminary Results
4.1 Existing Information Privacy Competency Models for Citizens
4.2 Information Privacy Competencies Implied in the Literature
4.3 Information Privacy Competencies for Citizens: Initial Results
5 Conclusions
References
A Category-Based Framework for Privacy-Aware Collaborative Access Control
1 Introduction
2 Background
2.1 Classical Access Control Models
2.2 Collaborative and Concurrent Access Models
3 Our Solution for Privacy-Aware Access Control
3.1 Framework Architecture
3.2 Shared-CBAC Model
4 BYOD Use Case
5 Evaluation
5.1 Model Design
5.2 Analysis
6 Conclusion
References
Privacy and Users
Car Drivers' Privacy Concerns and Trust Perceptions
1 Introduction
2 Related Work
3 Research Method
4 Results
4.1 Correlations
5 Conclusions
References
AuthGuide: Analyzing Security, Privacy and Usability Trade-Offs in Multi-factor Authentication
1 Introduction
2 Related Work
3 AuthGuide: Design and Implementation
3.1 Modeling the Configuration Space of Authentication Factors
3.2 Registration and Replacement of Authentication Factors
3.3 AuthGuide Implementation
4 Evaluation
4.1 Performance Evaluation
4.2 Configuration Support for the Security Administrator
4.3 Analysis of Security, Privacy and Usability Trade-Off
5 Conclusion
References
Author Index.