Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style COPS: Community-Oriented Privacy System The Email Prototype.

Slides:

Advertisements

Similar presentations

The Internet and the Web

Advertisements

1 SANS Technology Institute - Candidate for Master of Science Degree 1 Assessing Privacy Risks of Flash Cookies Kevin Fuller and Stacy Jordan February.

Using the Self Service BMC Helpdesk

Business Development Suit Presented by Thomas Mathews.

Our Digital World Second Edition

1 Secure Interaction Design Kami Vaniea. 2 Overview Designing secure interfaces  Design principles Firefox extensions  Cookies  Phishing  Tracking.

Identity Theft: How to Protect Yourself. Identity Theft Identity theft defined:  the crime of obtaining the personal or financial information of another.

Packet Analyzers, a Threat to Network Security. Agenda Introduction The background of packet analyzers LAN technologies & network protocols Communication.

Netiquette Rules.

Business Plug-In B7 Ethics.

P REVENTING D ATA L EAKAGE VIA E MAIL Rostislav Pinski Dmitry Kaganov Eli Shtein Alexander Gorohovski.

1 The Engineer as a Professional Privacy. 2 After reading the articles please answer the following questions. 1) Is privacy a concern that engineers have.

User studies. Why user studies? How do we know security and privacy solutions are really usable? Have to observe users! –you may be surprised by what.

Administrivia Turn in ranking sheets, we’ll have group assignments to you as soon as possible Homeworks Programming Assignment 1 due next Tuesday Group.

What Google Privacy issues?. Concerns with Google & Privacy Google Street View It turns out that Google was obtaining a large amount of data from Wi-Fi.

Creating Collaborative Partnerships

Tracking, Privacy, You & The 21 st Century When you talk online the internet listens.

August 15 click! 1 Basics Kitsap Regional Library.

A Guide to Getting Started

A Product of Corporate Instant Messenger Enterprise Communication and Collaboration with Secure Instant Messaging Copyright © ANGLER.

Audumbar Chormale Advisor: Dr. Anupam Joshi M.S. Thesis Defense

Android Security Enforcement and Refinement. Android Applications --- Example Example of location-sensitive social networking application for mobile phones.

Privacy and Encryption The threat of privacy due to the sale of sensitive personal information on the internet Definition of anonymity and how it is abused.

July 25, 2005 PEP Workshop, UM A Single Sign-On Identity Management System Without a Trusted Third Party Brian Richardson and Jim Greer ARIES Lab.

HIPAA Privacy & Security EVMS Health Services 2004 Training.

Final Year Project Presentation E-PM: A N O NLINE P ROJECT M ANAGER By: Pankaj Goel.

Security Liaisons Information Presentation. Introduction  What’s the big deal with computer security? Don’t we have an IT security department to take.

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Privacy Preferences Edgardo Vega Usable Security – CS 6204 – Fall, 2009 – Dennis.

MASTERS THESIS DEFENSE QBANK A Web-Based Dynamic Problem Authoring Tool BY ANN PAUL ADVISOR: PROFESSOR CLIFF SHAFFER JUNE 2013 Computer Science Department.

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style COPS Community Studies Presented by Sherley Codio Community-Oriented.

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Design Extensions to Google+ CS6204 Privacy and Security.

LBTO IssueTrak User’s Manual Norm Cushing version 1.3 August 8th, 2007.

Welcome t o the Internet and World Wide Web. What is the Internet and World Wide Web? The Internet is a worldwide network of computers that use common.

 Prototype for Course on Web Security ETEC 550.  Huge topic covering both system/network architecture and programming techniques.  Identified lack.

A Chief Technical Officer, or CTO, is the head of the technology group. The CTO sorts through new ideas and products to identify those that are most relevant.

Computing Essentials 2014 Privacy, Security and Ethics © 2014 by McGraw-Hill Education. This proprietary material solely for authorized instructor use.

Waseda Univ Nakajima Lab Interaction Group Computer-supported knowledge sharing in co-located environments Yasufumi Hirakawa, Harumi Mase, Eiji Tokunaga.

Use of Electronic and Internet advertising options Standard 3.4.

FITT Fostering Interregional Exchange in ICT Technology Transfer Communication & Collaboration Tools.

ETHICAL ISSUES SURROUND ELECTRONIC COMMUNICATIONS Unit 3.

A technical writer’s role in software quality – an experiment Asha Mokashi, SCT Software Solutions, Bangalore.

CSCE 201 Web Browser Security Fall CSCE Farkas2 Web Evolution Web Evolution Past: Human usage – HTTP – Static Web pages (HTML) Current: Human.

Protecting Students on the School Computer Network Enfield High School.

D R E W P A R K E R Building Web 2.0 Enterprises: A study of small and medium enterprises in the United States by Kim et al. Case 1.

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Designing for Privacy Human factors and system’s engineering Usable Security – CS.

Customer Interface for wuw.com 1.Context. Customer Interface for wuw.com 2. Content Our web-site can be classified as an service-dominant website. 3.

PUBLIC RELATIONS AND THE INTERNET Chapter Nineteen.

McGraw-Hill/Irwin © 2006 The McGraw-Hill Companies, Inc. All rights reserved. 2-1 BUSINESS DRIVEN TECHNOLOGY Business Plug-In B2 Ethics.

Improving the Social Nature of OnLine Learning Tap into what students are already doing Tap into what students are already doing Educause SWRC07 Copyright.

Chapter 12: How Private are Web Interactions?. Why we care? How much of your personal info was released to the Internet each time you view a Web page?

Organisations and Data Management 1 Data Collection: Why organisations & individuals acquire data & supply data via websites 2Techniques used by organisations.

Secure . is a means of exchanging digital messages from an author to one or more recipients – it is instant with no delay or postal costs.

Facebook for Beginners One Session Class. What will you learn today? What can you do on Facebook? Creating a profile Privacy Connecting with friends Sending.

DATA ACCURACY- one of the issues of computer ethics. Providing inaccurate data input results in erroneous information & decision making. Information on.

Task Analysis Lecture # 8 Gabriel Spitz 1. Key Points  Task Analysis is a critical element of UI Design  It specifies what functions the user will need.

Click to edit Master title style Click to edit Master text styles –Second level Third level –Fourth level »Fifth level 1 CustomerSoft ESP Contact Operations.

McGraw-Hill/Irwin © 2008 The McGraw-Hill Companies, All Rights Reserved Chapter 15 Creating Collaborative Partnerships.

1 Targets and Waste Social Profiling and Your Role as the Consumer.

Internet Privacy Define PRIVACY? How important is internet privacy to you? What privacy settings do you utilize for your social media sites?

Tech Tuesday: Facebook 101 People’s Resource Center January 26, 2016.

Top Ten Ways to Protect Privacy Online -Abdul M. Look for privacy policies on Web Sites  Web sites can collect a lot of information about your visit.

Kundan Singh Venkatesh Oct 2013

DigiDay 2016 Darren Trofimczuk

Use of Electronic and Internet advertising options

Health Care: Privacy in a Digital Age

Being Aware of What You Share

Understanding Android Security

General Data Protection Regulation Q & A Session

Anna Adams Martina Angela Sasse

Presentation transcript:

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style COPS: Community-Oriented Privacy System The Prototype

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Fall, Privacy&Security - Virginia Tech – Computer Science  Introduction  Motivation  Prototype  Future work 2 COPS

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Fall, Privacy&Security - Virginia Tech – Computer Science  What is privacy?  The quality or state of being apart from company or observation  How do we protect privacy?  Doors, locks, alarms, fences/gates  Passwords, encryption, information flow  Whose privacy is being protected?  The individual 3 Individual Privacy

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Fall, Privacy&Security - Virginia Tech – Computer Science  What is a ‘group’?  Collaborative, Cooperative, Collective  What is privacy?  A boundary regulation process that is context dependent  How is privacy protected?  A dynamic process driven by a group of users 4 Group Privacy

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Fall, Privacy&Security - Virginia Tech – Computer Science  How do groups of people share information?  In person  Postal mail  Telephone  /Fax  Social networking  Cloud 5 Communication

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Fall, Privacy&Security - Virginia Tech – Computer Science  Facebook  News Feed (2006) Facebook made privacy changes that made status updates, images, and other user-created content public by default, which motivated more than a third of Facebook users to alter their privacy settings.  Beacon ( ) Beacon was a part of Facebook's advertisement system that sent data from external websites to Facebook, for the purpose of allowing targeted advertisements and allowing users to share their activities with their friends.  Cookies (Oct. 2011) Facebook sued for “tracking, collecting, and storing its users’ wire or electronic communications, including but not limited to portions of their internet browsing history even when the users were not logged-in to Facebook.” 6 Motivation

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Fall, Privacy&Security - Virginia Tech – Computer Science  Cloud privacy concerns  Amazon’s cloud browser "All of your web surfing habits will transit Amazon's cloud. If you think that Google AdWords and Facebook are watching you, this service is guaranteed to have a record of everything you do on the Web.“ -Chester Wisniewski, a senior security adviser at British computer security firm Sophos  Dropbox “Insecure by design” –Derek Newton of Information Security Insights Will turn your files over to the Government if asked 7 Motivation

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Fall, Privacy&Security - Virginia Tech – Computer Science  Have you ever sent an to the wrong person accidentally?  “One of Eli Lilly & Co.'s sub-contracted lawyers at Philadelphia based Pepper Hamilton had mistakenly ed confidential Eli Lilly's discussions to Times reporter Alex Berenson (instead of Bradford Berenson, her co-counsel), costing Eli Lilly nearly $1 billion.” (Zilberman 2010)  Other issues: Huge recipient lists, similar/duplicate names 8 Motivation

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Fall, Privacy&Security - Virginia Tech – Computer Science  Are there any solutions out there to stop this from happening?  Gmail undo:  Complex privacy policies (Leon 2011) “Online opt-out tools were challenging for users to understand and configure” 9 Leakage

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Fall, Privacy&Security - Virginia Tech – Computer Science  Community-Oriented Privacy System (COPS)  Privacy boundaries are defined through "community tags“  Regulation of privacy is provided through mechanisms for setting, changing, and making exceptions to the community tags.  Sense of community is realized through mechanisms for notification (making actions of individuals visible to the group) and consensus (allowing the group to vote on changes and exceptions) 10 COPS

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Fall, Privacy&Security - Virginia Tech – Computer Science  Why take a community-based approach?  Shared expertise - privacy-enhancing features like rules and settings are underutilized by the individual. Shared expertise will lead to better utilization of the privacy mechanisms and better awareness of the privacy requirements and privacy threats.  Shared responsibility - social pressure from the group encourages the individual to pay better attention to neglected privacy tasks due to a sense of responsibility to the community. 11 COPS

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Fall, Privacy&Security - Virginia Tech – Computer Science  Community Tag  Protect privacy by requiring group consensus required for tag creation/modification and exceptions  Tag usage is enforced by the users 12 COPS

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Fall, Privacy&Security - Virginia Tech – Computer Science  Threat model - In computer security the term threat modeling is used to describe a set of issues that the designer of the system is interested in. In order to achieve a feeling of privacy we must cover four areas in particular:  Accidental disclosure  Lack of awareness  Inability to understand the privacy rules or system interfaces  Inability of the system to guarantee desired privacy 13 COPS

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Fall, Privacy&Security - Virginia Tech – Computer Science  Accidental disclosure - when a user accidentally sends an to the wrong recipient or incorrectly forwards an to someone that should not have seen it. We anticipate that most privacy breaches are the result of accidental disclosure and we've seen that accidental disclosure can have significant ramifications 14 COPS

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Fall, Privacy&Security - Virginia Tech – Computer Science  Lack of awareness - Related to accidental disclosure but mostly caused by the lack of knowledge rather than being a mere mistake. Lack of awareness privacy breaches most likely occur as a result of forwarding and long recipient lists. Tracking an 's forwarding history can be a daunting task and trying to read through an 's recipient list of more than a dozen people is an exercise of frustration 15 COPS

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Fall, Privacy&Security - Virginia Tech – Computer Science  Inability to understand the privacy rules or system interfaces - As the designers of this system, we're responsible for providing an interface that's easy to use and understand. Our research should look into the metaphors and current practices that people use when protecting privacy and leverage these practices 16 COPS

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Fall, Privacy&Security - Virginia Tech – Computer Science  Inability of the system to guarantee desired privacy - Our research much span across various different domains -- from academia to the business world and from small informal groups to large group communication. Different domains have different requirements and enforce privacy in different ways. We must take into account these different practices and design a system that can translate easily from one domain to another 17 COPS

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Fall, Privacy&Security - Virginia Tech – Computer Science  Prototype  Proof of concept  Mockups  High fidelity prototype 18 COPS

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Fall, Privacy&Security - Virginia Tech – Computer Science 19 COPS

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Fall, Privacy&Security - Virginia Tech – Computer Science 20

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Fall, Privacy&Security - Virginia Tech – Computer Science 21 COPS

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Fall, Privacy&Security - Virginia Tech – Computer Science 22 COPS

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Fall, Privacy&Security - Virginia Tech – Computer Science 23 COPS

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Fall, Privacy&Security - Virginia Tech – Computer Science 24 COPS

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Fall, Privacy&Security - Virginia Tech – Computer Science  High fidelity prototype 25 COPS

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Fall, Privacy&Security - Virginia Tech – Computer Science  Usability Studies  Single user observations  Interactive task-based experiment  In the experiment the user will take the role of an employee working in the Human Resources department at a fictitious company.  Tasks will start out easy and straightforward and will ramp up in difficulty as the participant works through the problems. 26 COPS

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Fall, Privacy&Security - Virginia Tech – Computer Science  Evaluation  Gather data from intro/exit questionnaires, post- experiment interviews, observation, system monitoring  Measure performance through ease of use, task completion time, error rate, and user satisfaction  Most importantly, do users understand the new privacy features and do they find them useful in the context of an application? 27 COPS

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Fall, Privacy&Security - Virginia Tech – Computer Science  Future work  Group of users interacting with the system at once  Writing a plug-in for existing applications  File system/cloud implementation 28 COPS