Cited By
View all- Chechik MDi Ruscio D(2018)Report from the 9th Workshop on Modelling in Software Engineering(MiSE 2017)ACM SIGSOFT Software Engineering Notes10.1145/3149485.314952042:4(21-24)Online publication date: 11-Jan-2018
Model for reducing risks to private or sensitive data
Pages 19 - 25
Abstract
Software systems can be found in almost every aspect of our lives, as can be seen in social media, online banking and shopping, as well as electronic health monitoring. This widespread involvement in our lives has led to the need to protect privacy, as the use of the software often requires us to input our personal information. Software systems can also hold sensitive data (e.g., a trade secret) that is vulnerable to theft. The key to protecting private or sensitive data in software systems is the knowledge of where the data resides in the system. This paper proposes a new model for visualizing a software system that focuses on the location of private or sensitive data, in order to gain insight into the attendant risks to attacks on the data. The model can then be modified to suggest ways of reducing these risks in the software system.
References
[1]
V. S. Iyengar, "Transforming Data to Satisfy Privacy Constraints", Proceedings of the 8th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (KDD'02), Edmonton, Alberta, pp. 279--288, 2002.
[2]
R. Song, L. Korba, and G. Yee, "Pseudonym Technology for E-Services", chapter in Privacy Protection for E-Services, edited by G. Yee, Idea Group, Inc., 2006.
[3]
C. Adams and K. Barbieri, "Privacy Enforcement in E-Services Environments", chapter in Privacy Protection for E-Services, edited by G. Yee, Idea Group, Inc., 2006.
[4]
I. Goldberg, D. Wagner, and E. Brewer, "Privacy-Enhancing Technologies for the Internet", IEEE COMPCON'97, pp. 103--109, 1997.
[5]
CIPP Guide, "CSA Model Code", available as of Feb. 22, 2017 from: https://www.cippguide.org/2010/06/29/csa-model-code/
[6]
G. Yee, L. Korba, and R. Song, "Legislative Bases for Personal Privacy Policy Specification", chapter in Privacy Protection for E-Services, edited by G. Yee, Idea Group, Inc., 2006.
[7]
J. I. Hong, J. D. Ng, S. Lederer, and J. A. Landay, "Privacy Risk Models for Designing Privacy-Sensitive Ubiquitous Computing Systems", Proceedings, 2004 Conference on Designing Interactive Systems: Processes, Practices, Methods, and Techniques, Cambridge, MA, USA, pp. 91--100, 2004.
[8]
Treasury Board of Canada Secretariat, "Directive on Privacy Impact Assessment", available as of March 27, 2016 from: http://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=18308
[9]
J. Biega, I. Mele, and G. Weikum, "Probabilistic Prediction of Privacy Risks in User Search Histories", Proceedings of the 1st International Workshop on Privacy and Security of Big Data, pp. 29--36, Nov. 2014.
[10]
E. Paintsil, "A Model for Privacy and Security Risks Analysis", Proceedings of the 5th International Conference on New Technologies, Mobility and Security (NTMS), pp. 1--8, May 2012.
[11]
G. Das and N. Zhang, "Privacy Risks in Health Databases From Aggregate Disclosure", Proceedings of the 2nd ACM International Conference on Pervasive Technologies Related to Assistive Environments (PETRA'09), article no. 74, June 2009.
[12]
A. Nematzadeh and L. J. Camp, "Threat Analysis of Online Health Information System", Proceedings of the 3rd International Conference on Pervasive Technologies Related to Assistive Environments (PETRA'10), article no. 31, June 2010.
[13]
G. Yee, "Visualization for Privacy Compliance", Proceedings of the 3rd International Workshop on Visualization for Computer Security (VizSEC'06), pp. 117--122, Nov. 2006.
[14]
G. Yee, "Visual Analysis of Privacy Risks in Web Services", Proceedings of the IEEE International Conference on Web Services (ICWS 2007), pp. 671--678, July 2007.
[15]
G. Yee, "Visualization of Privacy Risks in Software Systems", Proceedings of the Tenth International Conference on Emerging Security Information, Systems and Technologies (SECURWARE 2016), pp. 289--294, 2016.
[16]
A. Nanthaamornphong, K. Morris, and S. Filippone, "Extracting UML Class Diagrams from Object-Oriented Fortran: ForUML", Proceedings of the 1st International Workshop on Software Engineering for High Performance Computing in Computational Science and Engineering (SEHPCCSE'13), pp. 9--16, 2013.
Recommendations
Modeling and reducing the attack surface in software systems
MiSE '19: Proceedings of the 11th International Workshop on Modelling in Software EngineeringsIn today's world, software is ubiquitous and relied upon to perform many important and critical functions. Unfortunately, software is riddled with security vulnerabilities that invite exploitation. Attackers are particularly attracted to software ...
Non-technical keys to keeping your personally identifiable information PII risk mitigation project on track
SIGUCCS '09: Proceedings of the 37th annual ACM SIGUCCS fall conference: communication and collaborationTo avoid prohibitively expensive remediation costs associated with the exposure of personally identifiable information (PII), scans of systems can be run proactively to help find and remove sensitive data. System disks can also be encrypted to obfuscate ...
Protecting 'privacy' through control of 'personal' data processing: A flawed approach
LAW SHAPING TECHNOLOGY; TECHNOLOGY SHAPING THE LAWThe development of a frontier-free internal market and of the so-called 'information society' have resulted in an increase in the flow of personal data between EU member states. To remove potential obstacles to such transfers, data protection ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
Sponsors
- SIGSOFT: ACM Special Interest Group on Software Engineering
- IEEE-CS: Computer Society
- SADIO: SADIO
Publisher
IEEE Press
Publication History
Published: 20 May 2017
Check for updates
Author Tags
Qualifiers
- Research-article
Conference
ICSE '17
Sponsor:
- SIGSOFT
- IEEE-CS
- SADIO
ICSE '17: 39th International Conference on Software Engineering
May 20 - 28, 2017
Buenos Aires, Argentina
Acceptance Rates
Overall Acceptance Rate 13 of 30 submissions, 43%
Upcoming Conference
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- View Citations1Total Citations
- 79Total Downloads
- Downloads (Last 12 months)8
- Downloads (Last 6 weeks)0
Reflects downloads up to 22 Dec 2024
Other Metrics
Citations
Cited By
View all- Chechik MDi Ruscio D(2018)Report from the 9th Workshop on Modelling in Software Engineering(MiSE 2017)ACM SIGSOFT Software Engineering Notes10.1145/3149485.314952042:4(21-24)Online publication date: 11-Jan-2018
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in