José Bernardi S. Nunes
ABSTRACT
Ensuring privacy and confidentiality often implies in tailoring a solution to a specific application. We currently lack a common framework to compare and assess different solutions in terms of privacy and confidentiality. All of this makes it harder to establish whether we can reapply strategies to new applications and problems. From the point of view of an application’s stakeholders, the lack of this common framework makes it harder to navigate and search for the correct alternative, significantly if one cannot easily place the application in a context of privacy and confidentiality vulnerabilities. We believe that a taxonomy centered on applications’ privacy and confidentiality vulnerabilities would provide this framework. We then provide a taxonomy on privacy and confidentiality we employed to successfully classify nineteen applications, showcasing the generality of our taxonomy. We have further validated our taxonomy through an orthogonality demonstration and a utility demonstration and its utility by applying it to an intelligent infection analysis system part of a smart campus initiative.
- [n. d.]. LGPD ruling. http://www.planalto.gov.br/ccivil_03/_ato2015-2018/2018/lei/L13709.htm. Accessed: 12-11-2021.Google Scholar
- Ittai Anati, Shay Gueron, Simon Johnson, and Vincent Scarlata. 2013. Innovative technology for CPU based attestation and sealing. In Proceedings of the 2nd international workshop on hardware and architectural support for security and privacy, Vol. 13. ACM New York, NY, USA, 7.Google Scholar
- Sergei Arnautov, Bohdan Trach, Franz Gregor, Thomas Knauth, Andre Martin, Christian Priebe, Joshua Lind, Divya Muthukumaran, Dan O’Keeffe, Mark L. Stillwell, David Goltzsche, Dave Eyers, Rüdiger Kapitza, Peter Pietzuch, and Christof Fetzer. 2016. SCONE: Secure Linux Containers with Intel SGX. In 12th USENIX Symposium on Operating Systems Design and Implementation (OSDI 16). USENIX Association, Savannah, GA, 689–703.Google ScholarDigital Library
- Paul Breitbarth. 2019. The impact of GDPR one year on. Network Security 2019, 7 (2019), 11–13. https://doi.org/10.1016/S1353-4858(19)30084-4Google ScholarDigital Library
- Josep Domingo-Ferrer, Oriol Farràs, Jordi Ribes-González, and David Sánchez. 2019. Privacy-preserving cloud computing on sensitive data: A survey of methods, products and challenges. Computer Communications 140-141 (2019), 38–60. https://doi.org/10.1016/j.comcom.2019.04.011Google ScholarDigital Library
- Cynthia Dwork, Aaron Roth, 2014. The algorithmic foundations of differential privacy.Found. Trends Theor. Comput. Sci. 9, 3-4 (2014), 211–407.Google Scholar
- D. Eckhoff and I. Wagner. 2018. Privacy in the Smart City—Applications, Technologies, Challenges, and Solutions. IEEE Communications Surveys Tutorials 20, 1 (2018), 489–516. https://doi.org/10.1109/COMST.2017.2748998Google ScholarCross Ref
- Linda Erlenhov, Francisco Gomes de Oliveira Neto, Riccardo Scandariato, and Philipp Leitner. 2019. Current and Future Bots in Software Development. In 2019 IEEE/ACM 1st International Workshop on Bots in Software Engineering (BotSE). 7–11. https://doi.org/10.1109/BotSE.2019.00009Google ScholarDigital Library
- Daniel Feldman, Emily Fox, Evan Gilman, Ian Haken, Frederick Kautz, Umair Khan, Max Lambrecht, Brandon Lum, Agustín Martínez Fayó, Eli Nesterov, and et al.2020. Solving the Bottom Turtle — a SPIFFE Way to Establish Trust in Your Infrastructure via Universal Identity(1 ed.). This book presents the SPIFFE standard for service identity, and SPIRE, the reference implementation for SPIFFE. https://spiffe.io/book/..Google Scholar
- Rachel L. Finn, D. Wright, and M. Friedewald. 2013. Seven Types of Privacy. In European Data Protection.Google Scholar
- Franz Gregor, Wojciech Ozga, Sébastien Vaucher, Rafael Pires, Do Le Quoc, Sergei Arnautov, André Martin, Valerio Schiavoni, Pascal Felber, and Christof Fetzer. 2020. Trust Management as a Service: Enabling Trusted Execution in the Face of Byzantine Stakeholders. In 2020 50th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). 502–514. https://doi.org/10.1109/DSN48063.2020.00063Google ScholarCross Ref
- Robert C Nickerson, Upkar Varshney, and Jan Muntermann. 2013. A method for taxonomy development and its application in information systems. European Journal of Information Systems 22, 3 (2013), 336–359. https://doi.org/10.1057/ejis.2012.26 arXiv:https://doi.org/10.1057/ejis.2012.26Google ScholarCross Ref
- Helen Nissenbaum. 2004. Privacy as contextual integrity. Washington Law Review 79, 1 (Feb. 2004), 119–157.Google Scholar
- JOSÉ BENARDI DE SOUZA NUNES. 2022. AN EXTENSIBLE TAXONOMY ON PRIVACY AND CONFIDENTIALITY. Master’s thesis. Dissertação (Mestrado) - UFCG/PPGCC.Google Scholar
- Muhammad Usman, Ricardo Britto, Jürgen Börstler, and Emilia Mendes. 2017. Taxonomies in software engineering: A Systematic mapping study and a revised taxonomy development method. Information and Software Technology 85 (2017), 43–59. https://doi.org/10.1016/j.infsof.2017.01.006Google ScholarDigital Library
- Z. Xiao and Y. Xiao. 2013. Security and Privacy in Cloud Computing. IEEE Communications Surveys Tutorials 15, 2 (2013), 843–859. https://doi.org/10.1109/SURV.2012.060912.00182Google ScholarCross Ref
Index Terms
- A taxonomy on privacy and confidentiality
Recommendations
RFID system with fairness within the framework of security and privacy
ESAS'05: Proceedings of the Second European conference on Security and Privacy in Ad-Hoc and Sensor NetworksRadio Frequency Identification (RFID) systems are expected to be widely deployed in automated identification and supply-chain applications. Although RFID systems have several advantages, the technology may also create new threats to user privacy. In ...
Impossibility results for RFID privacy notions
Transactions on computational science XIRFID systems have become increasingly popular and are already used in many real-life applications. Although very useful, RFIDs introduce privacy risks since they carry identifying information that can be traced. Hence, several RFID privacy models have ...
A Comparative Study of Privacy Mechanisms and a Novel Privacy Mechanism [Short Paper]
Information and Communications SecurityAbstractPrivacy of PII(Personally Identifiable Information) on the Internet is a major concern of a netizen. On the Internet different service providers are supposed to publish their own privacy policies but understanding of these policies is a major ...
Comments