Towards privacy taxonomy-based attack tree analysis for the protection of consumer information privacy

Proceedings - 6th Annual Conference on Privacy, Security and Trust, PST 2008

Volumn , Issue , 2008, Pages 56-64

  Reddy, Kamil ^a   Venter, H S ^a   Olivier, Martin ^a   Currie, Iain ^b  

^a UNIVERSITY OF PRETORIA   (South Africa)

^b University of the Witwatersrand   (South Africa)

Author keywords

[No Author keywords available]

Indexed keywords

ATTACK TREE; ATTACK-TREE ANALYSIS; CONSUMER INFORMATION; INFORMATION PRIVACY; PRACTICAL IMPLEMENTATION; PRIVACY VIOLATION; PROTECTIVE MEASURES;

TAXONOMIES;

EID: 67650080222     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/PST.2008.18     Document Type: Conference Paper

References (28)

1. A. Aijaz, B. Bochow, F. Dotzer, A. Festag, M. Gerlach, R. Kroh, T. Leinmuller, "Attacks on Inter Vehicle Communication Systems - an Analysis", in Proc 3rd International Workshop on Intelligent Transportation, Hamburg, Germany (2006)
2. A.I. Antón, J.B. Earp, A. Reese, "Analyzing Website Privacy Requirements Using a Privacy Goal Taxonomy", in Proc 10th Anniversary IEEE Joint International Conference on Requirements Engineering, pp.23--31 (2002)
3. H. Burkert, "Privacy-enhancing technologies: typology, critique, vision", in Technology and Privacy: The New Landscape, P.B. Agre, M. Rotenberg (eds) pp. 125, The MIT Press (1998)
4. S. Byers, L.F. Cranor, D. Kormann, P. McDaniel, "Searching for Privacy: Design and Implementation of a P3P-Enabled Search Engine", in Proc. 4th Workshop on Privacy Enhancing Technologies (PET2004), Toronto, Canada (2004)
5. Cambridge Advanced Learner's Dictionary, 2nd Edition, Cambridge University Press (2005)
6. R. Clarke, "Introduction to Dataveillance and Information Privacy, and Definitions of Terms", Department of Computer Science, Australian National University (2006), Available at http://www.anu.edu.au/people/Roger. Clarke/DV/Intro.html
7. A. Daniel Oliver-Lalana, "Consent as a Threat. A Critical Approach to Privacy Negotiation in e-Commerce Practices", in Lecture Notes in Computer Science, TrustBus 2004, vol. 3184, pp. 110-119, S. Katsikas, J. Lopez, G. Pernel (eds.), Springer, Heidelberg (2004)
8. Directive 95/46/EC of The European Parliament and of the Council of 24 October 1995, European Parliament And The Council Of The European Union, Brussels, Belgium (1995)
9. K. Edge, G.C. Dalton, R.A. Raines, R.F. Mills, "Using Attack and Protection Trees to Analyze Threats and Defenses to Homeland Security", in Proc Military Communications Conference 2006, Washington D.C., USA (2006)
10. K. Edge, R. Raines, M. Grimaila, R. Baldwin, R. Bennington, C. Reuter, "The Use of Attack and Protection Trees to Analyze Security for an Online Banking System", in Proc. 40th Hawaii International Conference on System Sciences, Hawaii, USA (2007)
11. Financial Intelligence Centre Act (FICA), Act 38 of 2001, Republic of South Africa
12. S. Fischer-Hübner, A. Ott, "From a formal privacy model to its implementation", in Proc. 21st National Information Systems Security Conference, Arlington, VA, USA (1998)
13. B.A. Garner (ed), Black's Law Dictionary, 7th Edition, West Publishing Company (1999)
14. R. Gellman, "Does Privacy Law Work?" in Technology and Privacy: The New Landscape, P.B. Agre, M. Rotenberg, (eds) pp. 194, The MIT Press (1998)
15. C. Kalloniatis, E. Kavakli, S. Gritzalis, "Using Privacy Process Patterns for Incorporating Privacy Requirements into the System Design Process", in Proc 2nd International Conference on Availability, Reliability and Security, Vienna, Austria (2007)
16. G. Karjoth, M. Schunter, "A Privacy Policy Model for Enterprises", in Proc 15th IEEE Computer Security Foundations Workshop, Toronto, Canada (2002)
17. S. Lau, "Good Privacy Practices and Good Corporate Governance - Hong Kong Experience", in Proc 23rd International Conference of Data Protection Commissioners, Paris, France (2001)
18. E. A. Martin, J. Law (eds), Oxford Dictionary of Law, 6th Edition, Oxford University Press (2006)
19. S. Mauw, M. Oostdijk, "Foundations of Attack Trees", in Lecture Notes in Computer Science, ICISC 2005, vol 3935, pp. 186-198, D. Won, S. Kim (eds.), Springer, Heidelberg (2006)
20. G.R. Milne, "The Effectiveness of Self-Regulated Privacy Protection", in Handbook of Marketing and Society, P.N. Bloom, G.T. Gundlach (eds), pp. 465, Sage Publications Inc. (2001)
21. OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data, Organization for Economic Cooperation and Development, Paris, France (1980)
22. Privacy Online: Fair Information Practices in the Electronic Marketplace - A Report to Congress, Federal Trade Commission, pp. 19, Washington D.C, USA (2000). Available at http://www.ftc.gov/reports/privacy2000/ privacy2000.pdf
23. K. Reddy, H.S. Venter, "Privacy Capability Maturity Models within Telecommunications Organisations", in Proc of the Southern African Telecommunication Networks and Applications Conference 2007, Sugar Beach, Mauritius, published electronically (2007)
24. B. Schneier, "Attack trees: Modeling security threats", Dr. Dobb's Journal, December (1999). Available at: http://www.schneier.com/ paper-attacktrees-ddj-ft.html
25. D.J. Solove, "A Taxonomy of Privacy", University of Pennsylvania Law Review, vol.154, no.3 (2006)
26. Privacy and Data Protection, Discussion Paper 109, Project 124, South African Law Reform Commission, pp.373, 376, Pretoria (2005), Available at http://www.doj.gov.za/salrc/dpapers.htm
27. J. Steffan, M. Schumacher, "Collaborative attack modelling", in Proc 2002 ACM symposium on Applied Computing, Madrid, Spain (2002)
28. Universal Declaration of Human Rights, United Nations, Article 12, New York, USA, (1948), Available at http://www.un.org/Overview/rights.html