Is privacy supportive for adaptive ICT systems?

ACM International Conference Proceeding Series

Volumn 04-06-December-2014, Issue , 2014, Pages 559-570

  Wohlgemuth, Sven ^a  

^a Center for Advanced Security Research   (Germany)

Author keywords

Adaptive ICT system; Game theory; Identity management; IT risk management; Multilateral IT security; Privacy; Resilience; Security

Indexed keywords

DATA PRIVACY; GAME THEORY; INFORMATION ANALYSIS; INFORMATION MANAGEMENT; INFORMATION RETRIEVAL; REAL TIME SYSTEMS; RISK MANAGEMENT; SECURITY OF DATA; TIME SHARING SYSTEMS; TRANSPARENCY; WEB SERVICES; WEBSITES; WORLD WIDE WEB;

ICT SYSTEMS; IDENTITY MANAGEMENT; IT RISK MANAGEMENTS; IT SECURITY; RESILIENCE; SECURITY;

ADAPTIVE CONTROL SYSTEMS;

EID: 84985905858     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2684200.2684363     Document Type: Conference Paper

References (76)

1. acatech - National Academy of Science and Engineering. 2011. Cyber-Physical Systems Driving force for innovation in mobility, health, energy and production. acatech POSITION PAPER, Springer.
2. Accorsi, R. 2013. A secure log architecture to support remote auditing. MATH COMPUT MODEL, 57, 7-8 (April 2013). 1578-1591. DOI=http://dx.doi.org/10.1016/j.mcm.2012.06.035.
3. Accorsi, R., Lowis, L., and Sato, Y. 2011. Automated Certification for Compliant Cloud-based Business Processes. BISE, 3, 3 (June 2011), 145-154. DOI=http://dx.doi.org/10.1007/s12599-011-0155-7.
4. Accorsi, R., Sato, Y., and Kai, S. 2008. Compliance Monitor for Early Warning Risk Determination. WIRTSCHAFTSINFORMATIK, 50, 5 (October 2008), 375-382. DOI=http://dx.doi.org/10.1007/s11576-008-0079-0.
5. Asokan, N., Ekberg, J.-E., Kostiainen, K., Rajan, A., Rozas, C., Sadeghi, A.-R., Schulz, S., and Wachsmann, C. 2014. Mobile Trusted Computing. PROC IEEE, 102, 8 (August 2014), 1189-1206. DOI=http://dx.doi.org/10.1109/JPROC.2014.2332007.
6. Avizienis, A., Laprie, J.-C., Randell, B., and Landwehr, C. 2004. Basic Concepts and Taxonomy of Dependable and Secure Computing. IEEE T DEPEND SECURE, 1, 1 (January 2004), 11-33. DOI=http://dx.doi.org/10.1109/TDSC.2004.2.
7. th ACM conf. on Computer and Communications Security (Chicago, IL, USA, November 9-13, 2009). CCS'09. ACM, 600-610. DOI=http://dx.doi.org/10.1145/1653662.1653734.
8. th Int. Conf. on Machine Learning, (Edinburgh, Scotland, June 26-July 1, 2012). ICML 2012. Omnipress, 1807-1814.
9. Blaze, M., Feigenbaum, J., and Lacy, J.O. 1996. Decentralized Trust Management. In Proc. of IEEE Symp. on Security and Privacy (Oakland, CA, USA, May 6-8, 1996). IEEE SSP 1996. IEEE, 164-173. DOI=http://dx.doi.org/10.1109/SECPRI.1996.502679.
10. st Bio-Inspired Models of Network, Information and Computing Systems, 2006 (Madonna di Campiglio, Italy, December 11-13, 2006), IEEE, 1-6. DOI=http://dx.doi.org/10.1109/BIMNICS.2006.361817.
11. British Standards Institution. 2006. BS 25999-1:2006 Business continuity management, Code of practice.
12. Bundesministerium des Innern. 2014. Entwurf eines Gesetzes zur Erhöhung der Sicherheit informationstechnier Systeme (IT-Sicherheitsgesetz). Referentenentwurf.
13. th Int. Conf. Database Theory (London, UK, January 4-6, 2001). ICDT 2001. Springer, 316-330. DOI=http://dx.doi.org/10.1007/3-540-44503-X-20.
14. Camenisch, J. and Lysyanskaya, A. 2001. An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation. In Proc. of Int. Conf. on the Theory and Application of Cryptographic Techniques Advances in Cryptology (Innsbruck, Austria, May 6-10, 2011). EUROCRYPT 2001. Springer, 93-118. DOI=http://dx.doi.org/10.1007/3-540-44987-6-7.
15. nd Annual Int. Cryptology Conf. Advances in Cryptology (Santa Barbara, CA, USA, August 18-22, 2002). CRYPTO 2002. Springer, 61-76. DOI=http://dx.doi.org/10.1007/3-540-45708-9-5.
16. Chaum, D. 1985. Security Without Identification: Transaction Systems to Make Big Brother Obsolete. COMMUN ACM, 28, 10, 1030-1044. DOI=http://dx.doi.org/10.1145/4372.4373.
17. st IEEE Computer Security Foundations Symp. (Pittsburgh, PA, USA, June 23-25, 2008). CSF '08. IEEE, 51-64. DOI=http://dx.doi.org/10.1109/CSF.2008.7.
18. Court of Justice of the European Union. 2014. Judgment of the Court (Grand Chamber) of 13 May 2014 (request for a preliminary ruling from the Audiencia Nacional - Spain) - Google Spain SL, Google Inc. v Agencia Espanola de Proteccion de Datos (AEPD), Mario Costeja Gonzalez (Case C-131/12).
19. Dehling, T. and Sunyaev, A. 2014. Secure provision of patient-centered health information technology services in public networks - leveraging security and privacy features provided by the German nationwide health information technology infrastructure. ELECTRONIC MARKETS, 24, 2 (June 2014), 89-99. DOI=http://dx.doi.org/10.1007/s12525-013-0150-6.
20. Dekker, M., Karsberg, C., and Lakka, M. 2013. Annual Incident Reports 2012 - Analysis of Article 13a Incident Reports. Technical Report. European Union Agency for Network and Information Security (ENISA).
21. DIVSI Deutsches Institut für Vertrauen und Sicherheit im Internet. 2012. DIVSI Milieu Study on Trust and Security on the Internet - Condensed version, DIVSI.
22. Dolev, D. and Yao, A.C. 1983. On the Security of Public Key Protocols. IEEE T INFORM THEORY, 29, 2 (March 1983), 198-208. DOI=http://dx.doi.org/10.1109/TIT.1983.1056650.
23. European Commission. 2009. Directive 2009/140/EC of the European Parliament and of the Council of 25 November 2009 amending Directives 2002/21/EC on a common regulatory framework for electronic communications networks and services. Official Journal of the European Communities, L 337, 37-69.
24. European Commission. 2010. Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions. A Digital Agenda for Europe. COM(2010)245 final. European Commission.
25. European Commission. 2013. REGULATION (EU) No 575/2013 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 26 June 2013 on prudential requirements for credit institutions and investment forms and amending Regulation (EU) No 648/2012. Official Journal of the European Union, L 176/1-337.
26. European Commission. 2013. DIRECTIVE 2013/36/EU OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 26 June 2013 on access to the activity of credit institutions and the prudential supervision of credit institutions and investment firms, amending Directive 2002/87/EC and repealing Directives 2006/48/EC and 2006/49/EC. Official Journal of the European Union, L 176/338-436.
27. Executive Office of the President. 2014. Big Data: Seizing Opportunities, Preserving Values. The White House.
28. th IEEE Int. Conf. on E-Commerce Technology (Munich, Germany, July 19-22, 2005). CEC'05. IEEE, 266-273. DOI=http://dx.doi.org/10.1109/ICECT.2005.21.
29. Fischer, M.J., Lynch, N.A., and Paterson, M.S. 1985. Impossibility of distributed consensus with one faulty process. J ACM, 32, 2 (April 1985), 374-382. DOI=http://dx.doi.org/10.1145/3149.214121.
30. th Int. Conf. on Practice and Theory in Public-Key Cryptography (Nara, Japan, February 26-March 1, 2013). PKC 2013. Springer, 254-271. DOI=http://dx.doi.org/10.1007/978-3-642-36362-7-17.
31. Girtelschmid, S., Steinbauer, M., Kumar, V., Fensel, A., and Kotsis, G. 2013. Big Data in Large Scale Intelligent Smart City Installation. In Proc. of Int. Conf. on Information Integration and Web-based Applications & Services (Vienna, Austria, December 2-4, 2013). iiWAS '13. ACM, 428-432. DOI=http://dx.doi.org/10.1145/2539150.2539224.
32. Gogoulos, F.I., Antonakopoulou, A., Lioudakis, G.V., Mousas, A.S., Kaklamani, D.I., and Venieris, I.S. 2014. On the design of a privacy aware authorization engine for collaborative environments. ELECTRONIC MARKETS, 24, 2 (June 2014), 101-112. DOI=http://dx.doi.org/10.1007/s12525-014-0155-9.
33. th Int. Conf. on Mathematical Methods, Models, and Architectures for Computer Network Security (St. Petersburg, Russia, September 13-15, 2007). MMM-ACNS 2007. Springer, 187-196. DOI=http://dx.doi.org/10.1007/978-3-540-73986-9-16.
34. th Annual Hawaii International Conference on System Sciences 7(7) (Hawaii, USA, January 7-10, 2002). HICCS'02. IEEE, 185-193. DOI=http://dx.doi.org/10.1109/HICSS.2002.994177.
35. Hamlen, K.W., Morrisett, G., and Schneider, F.B. 2006. Computability Classes for Enforcement Mechanisms. ACM T PROG LANG SYS, 28, 1 (January 2006), 175-205. DOI=http://dx.doi.org/10.1145/1111596.1111601.
36. Holling, C.S. 2001. Understanding the Complexity of Economic, Ecological, and Social Systems. ECOSYSTEMS, 4, 5, 390-405. DOI=http://dx.doi.org/10.1007/s10021-001-0101-5.
37. th ACM Workshop on Security and Artificial Intelligence (Chicago, Illinois, USA, October 17-21, 2011). AISec'11. ACM, 43-58. DOI=http://dx.doi.org/10.1145/2046684.2046692.
38. th IFIP WG 6.11 Conf. on e-Business, e-Services, and e-Society (Athens, Greece, April 25-26, 2013). I3E 2013. Springer, 25-37. DOI=http://dx.doi.org/10.1007/978-3-642-37437-1-3.
39. ISO/IEC. 2004. ISO/IEC 13335-1:2004 Information technology - Security techniques - Management of information and communications technology security - Part 1: Concepts and models for information and communications technology security management.
40. th Annual Computer Security Applications Conf. (New Orleans, LA, USA, December 11-15, 2000). ACSAC'00. IEEE, 344-353. DOI=http://dx.doi.org/10.1109/ACSAC.2000.898889.
41. Kerschbaum, F. 2011. Secure and Sustainable Benchmarking in Clouds. BISE, 3, 3 (June 2011), 135-143. DOI=http://dx.doi.org/10.1007/s12599-011-0153-9.
42. Kieseberg, P., Schrittwieser, S., Mulazzani, M., Echizen, I., and Weippl, E. 2014. An algorithm for collusion-resistant anonymization and fingerprinting of sensitive microdata. ELECTRONIC MARKETS, 24, 2 (June 2014), 113-124. DOI=http://dx.doi.org/10.1007/s12525-014-0154-x.
43. Lotz, V., Pigout, E., Fischer, P.M., Kossmann, D., Massacci, F., and Pretschner, A. Towards Systematic Achievement of Compliance in Service-Oriented Architectures: The MASTER Approach. WIRTSCHAFTSINFORMATIK, 50, 5 (October 2008), 383-391. DOI=http://dx.doi.org/10.1007/s11576-008-0086-1.
44. nd European PKI Workshop: Research and Applications (Canterbury, UK, June 30-July 1, 2005). EuroPKI 2005. Springer, 118-134. DOI=http://dx.doi.org/10.1007/11533733-8.
45. Margraf, M. 2011. The New German ID Card. In Proc. of Information Security Solutions Europe 2010 Securing Electronic Business Processes (Berlin, Germany, October 5-7, 2010). ISSE 2010. Vieweg+Teubner, 367-373. DOI=http://dx.doi.org/10.1007/978-3-8348-9788-6-35.
46. th European Symposium on Research in Computer Science (Rome, Italy, September 25-27, 1996). ESORICS 96. Springer, 325-350. DOI=http://dx.doi.org/10.1007/3-540-61770-1-45.
47. McAfee, A. and Brynjolfsson, E. 2008. Investing in the IT That Makes a Competitive Difference. HARVARD BUS REV (July 2008).
48. th ACM Workshop on Privacy in the Electronic Society (Alexandria, VA, USA, October 27-31, 2008). WPES '08. ACM, 95-104. DOI=http://dx.doi.org/10.1145/1456403.1456419.
49. Morgner, F. and Oepen, D. 2010. "Die gesamte Technik ist sicher" Besitz und Wissen: Relay-Angriffe auf den neuen Personalausweis. Technical Report, Humbold-Universität zu Berlin.
50. th Birthday. Springer, 240-254. DOI=http://dx.doi.org/10.1007/978-3-642-42001-6-17.
51. Müller, G. and Wohlgemuth, S. 2007. D14.2: Study on Privacy in Business Processes by Identity Management. Technical Report. Future of Identity in the Information Society (FIDIS) NoE Consortium - EC Contract No. 507512.
52. Nash, J. 1950. The Bargaining Problem. ECONOMETRICA, 18, 2 (April 1950), 155-162. DOI=http://dx.doi.org/10.2307/1907266.
53. Nash, J. 1951. Non-Cooperative Games. ANN MATH, 54, 2 (September 1951), 286-295. DOI=http://dx.doi.org/10.2307/1969529.
54. Nash, J. 1953. Two-Person Cooperative Games. ECONOMETRICA, 21, 1 (January 1953), 128-140. DOI=http://dx.doi.org/10.2307/1906951.
55. National Institute of Standards and Technology. 2014. Framework for Improving Critical Infrastructure Cybersecurity. Version 1.0 (February 12, 2014). NIST.
56. th Int. Conf. on Web Information Systems Engineering (Roma, Italy, December 10-12, 2003). WISE'03. IEEE, 3-12. DOI=http://dx.doi.org/10.1109/WISE.2003.1254461.
57. Partridge, K.G. and Young, L.R. 2011. CERT Resilience Management Model (RMM) v1.1: Code Practice Crosswalk Commercial Version 1.1. Technical Note CMU/SEI-2011-TN-012, Software Engineering Institute, 34 Mellon.
58. Pease, M., Shostak, R., and Lamport, L. 1980. Reaching Agreement in the Presence of Faults. J ACM, 27, 2 (April 1980), 228-234. DOI=http://dx.doi.org/10.1145/322186.322188.
59. th Annual Symp. on Theoretical Aspects of Computer Science (Cachan, France, February 13-15, 1992). STACS '92. Springer, 339-350. DOI=http://dx.doi.org/10.1007/3-540-55210-3-195.
60. Pretschner, A., Hilty, M., and Basin, D. 2006. Distributed usage control. COMMUN ACM, 49, 9 (September 2006). 39-44. DOI=http://dx.doi.org/10.1145/1151030.1151053.
61. Prime Minister of Japan and His Cabinet. 2013. Declaration to be the World's Most Advanced IT Nation. Technical Report. Strategic Headquarters for the Promotion of an Advanced Information and Telecommunications Network Society.
62. Rannenberg, K., Pfitzmann, A., and Müller, G. 1999. IT Security and Multilateral Security. In Multilateral Security in Communications - Technology, Infrastructure, Economy. Addison-Wesley-Longman, 21-29.
63. Raub, D. and Steinwandt, R. 2006. An Algebra for Enterprise Privacy Policies Closed Under Composition and Conjunction. In Proc. of the Int. Conf. on Emerging Trends in Information and Communication Security (Freiburg, Germany, June 6-9, 2006). ETRICS 2006. Springer, 130-144. DOI=http://dx.doi.org/10.1007/11766155-10.
64. Rechert, K., von Suchodoletz, D., Valizada, I., Latocha, J., Cardena, T.J., and Kulzhabayev, A. 2014. Take care of your belongings today - securing accessibility to complex electronic business processes. ELECTRONIC MARKETS, 24, 2 (June 2014), 125-134. DOI=http://dx.doi.org/10.1007/s12525-013-0151-5.
65. th ACM conf. on Computer and Communications Security (Chicago, IL, USA; November 9-13, 2009). CCS'09. ACM, 199-212. DOI=http://dx.doi.org/10.1145/1653662.1653687.
66. Sackmann, S. and Kähmer, M. 2008. ExPDT: Ein Policy-basierter Ansatz zur Automatisierung von Compliance. WIRTSCHAFTSINFORMATIK, 50, 5 (October 2008). 366-374. DOI=http://dx.doi.org/10.1007/s11576-008-0078-1.
67. Saltzer, J.H. 1974. Protection and the control of information sharing in mutics. COMMUN ACM 17, 7 (July 1974), 388-402. DOI=http://dx.doi.org/10.1145/361011.361067.
68. Samarati, P. and de Capitani di Vimercati, S. 2000. Access Control: Policies, Models, and Mechanisms. In Foundations of Security Analysis and Design. FOSAD 2000. Springer, 134-196. DOI=http://dx.doi.org/10.1007/3-540-45608-2-3.
69. Senate and House of Representatives of the United States of America in Congress assembled. 2002. An Act to protect investors by improving the accuracy and reliability of corporate disclosures made pursuant to the securities laws, and for other purposes (Sarbanes-Oxley Act of 2002). Pub. L. No. 107-204, 116 Stat. 745, H.R. 3763-66.
70. Sonehara, N., Echizen, I., and Wohlgemuth, S. 2011. Isolation in Cloud Computing and Privacy-Enhancing Technologies - Suitability of Privacy-Enhancing Technologies for Separating Data Usage in Business Processes. BISE, 3, 3 (June 2011), 155-162. DOI=http://dx.doi.org/10.1007/s12599-011-0160-x.
71. Sterbenz, J.P.G., Hutchison, D., Cetinkaya, E.K., Jabbar, A., Rohrer, J.P., Schöller, M., and Smith, P. 2010. Resilience and survivability in communication networks: Strategies, principles, and survey of disciplines, COMPUT NETW, 54, 8 (June 2010), 1245-1265. DOI=http://dx.doi.org/10.1016/j.comnet.2010.03.005.
72. United Nations. 2008. UN-HABITAT Report State of the World's Cities 2008/9.
73. th IEEE CS Security & Privacy Workshop on Data Usage Management (DUMA) (San Jose, CA, USA, May 18-21, 2014), IEEE CS SPW. IEEE, 31-38.
74. th Int. Workshop on Security and Cognitive Informatics for Homeland Defense (Fribourg, Switzerland, September 8-12, 2014), CD-ARES 2014. SeCIHD 2014. Springer, 91-109. DOI=http://dx.doi.org/10.1007/978-3-319-10975-6-7.
75. th IFIP TC 11 Int. Information Security Conf. Security and Privacy - Silver Linings in the Cloud (Brisbane, Australia, September 20-23, 2010). SEC 2010, Springer, 241-252. DOI=http://dx.doi.org/10.1007/978-3-642-15257-3-22.
76. Wohlgemuth, S. and Müller, G. 2006. Privacy with Delegation of Rights by Identity Management. In Proc. of the Int. Conf. on Emerging Trends in Information and Communication Security (Freiburg, Germany, June 6-9, 2006). ETRICS 2006. Springer, 175-190. DOI=http://dx.doi.org/10.1007/11766155-13.