Towards a risk-driven methodology for privacy metrics development

Proceedings - SocialCom 2010: 2nd IEEE International Conference on Social Computing, PASSAT 2010: 2nd IEEE International Conference on Privacy, Security, Risk and Trust

Volumn , Issue , 2010, Pages 1086-1092

  Savola, Reijo M ^a  

^a VTT TECHNICAL RESEARCH CENTRE OF FINLAND   (Finland)

Author keywords

Cloud services; Privacy; Privacy metrics

Indexed keywords

CLOUD COMPUTING; CLOUD SERVICES; CRITICAL DATA; PRIVACY; PRIVACY METRICS; PRIVACY REQUIREMENTS; SYSTEM REQUIREMENTS; THREAT ANALYSIS;

EID: 78649305413     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/SocialCom.2010.161     Document Type: Conference Paper

References (28)

1. R. Savola and H. Abie, "Development of measurable security for a distributed messaging system," International Journal on Advances in Security, Vol. 2, No. 4, 2009, pp. 358-380 (Published in March 2010).
2. European Privacy Seal, "EuroPriSe criteria," Version 1.0. Available: www.european-privacy-seal.eu. [July 4, 2010].
3. R. Savola, "A security metrics taxonomization model for software-intensive systems," Journal of Information Processing Systems, Vol. 5, No. 4, Dec. 2009, pp. 197-206.
4. W. Jansen, "Directions in security metrics research," U.S. National Institute of Standards and Technology, NISTIR 7564, Apr. 2009, 21 p.
5. Information Technology Security Evaluation Criteria (ITSEC), Version 1.2, Commission for the European Communities, 1991.
6. R. Savola, "On the feasibility of utilizing security metrics in software-intensive systems," International Journal of Computer Science and Network Security, Vol. 10, No. 1, Jan. 2010, pp. 230-239.
7. R. Böhme and R. Reussner, "Validation of predictions with measurements," in I. Eusgeld, F. C. Freiling and R. Reussner (Eds.): Dependability Metrics, LNCS 4909, Springer-Verlag, 2008, pp. 14-18.
8. th National Information Systems Security Conference, Baltimore, MD, Oct. 1997, pp. 522-533.
9. P. Mell and T. Grance, "The NIST definition of cloud computing," U.S. National Institute of Standards and Technology, Information Technology Laboratory. Version 15, 7 Oct. 2009.
10. R. Gellman, "Privacy in the clouds: risks to privacy and confidentiality from cloud computing," World Privacy Forum (WPF) Report, Feb. 23, 2009.
11. T.L. Saaty, "A scaling method for priorities in hierarchical structures," Journal of Mathematical Psychology, 15, 234-281.
12. A. I. Antón, J. B. Earp, and A. Reese, "Analyzing website privacy requirements using a privacy goal taxonomy," IEEE Joint Int. Requirements Engineering Conference, 2002.
13. Cloud Security Alliance (CSA), "Security guidance for critical areas of focus in cloud computing," Version 2.1, Dec. 2009. Available: www.cloudsecurityalliance.org. [July 4, 2010].
14. R. Savola and P. Heinonen, "Security-measurability enhancing mechanisms for a distributed adaptive security monitoring system," SECURWARE '09, Venice, Italy, July 18-25, 2010, 10 p.
15. P. Samarati and L. Sweeney, "Protecting privacy when disclosing information: k-anonymity and its enforcement through generalization and suppression," Technical Report, CMU, SRI, 1998.
16. P. Samarati, "Protecting respondents' identity in microdata release," IEEE Tr. on Knowledge and Data Engineering, 13 (6), 2001.
17. nd IEEE Int. Conf. on Data Engineering, 2006.
18. D. Chaum, "Untraceable electronic mail, return addresses and digital pseudonyms," Communications of the ACM, 24(2):84-88, 1981.
19. D. Chaum, "The dining cryptographers problem: unconditional sender and recipient untraceability," Journal of Cryptology, 1(1):65-75, 1988.
20. A. Pfitzmann and M. Kohntopp, "Anonymity, unobservability and pseudonymity - a proposal for terminology," Proc. of Int. Workshop on the Design Issues in Anonymity and Observability, LNCS 2009, 2000.
21. C. Diaz, S. Seys, J. Claessens, and B. Preneel, "Towards measuring anonymity," Workshop on Privacy Enhancing Technologies, LNCS 2482, 2002.
22. nd Int. Workshop on Privacy Enhancing Technologies, LNCS 2482, 2003.
23. M. Edman, F. Sivrikaya, and B. Yener, "A combinatorial approach to measuring anonymity," IEEE Intelligence and Security Informatics, 2007.
24. M. Bezzi, "Expressing privacy metrics as one-symbol information," Privacy and Anonymity in the Information Society (PAIS), Proc. of the 2010 EDBT Workshops, 2010.
25. R. Shokri, J. Freudiger, M. Jadliwala, and J.-P. Hubaux, "A distortion-based metric for location privacy," ACM Workshop on Privacy in the Electronic Society, 2009.
26. J. Reagle and L. F. Cranor, "The platform for privacy preferences," Communications of the ACM, 42(2), pp. 48-55, Feb. 1997.
27. L.-F. Pau, "Privacy metrics and boundaries," Research Paper ERS-2005-013-LIS, Erasmus Research Institute of Management (ERIM).
28. D. S. Herrmann, "Complete guide to security and privacy metrics - measuring regulatory compliance, operational resilience and ROI," Auerbach Publications, 2007, 824 p.