Presentation is loading. Please wait.

Presentation is loading. Please wait.

Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style COPS: Community-Oriented Privacy System The Email Prototype.

Published byMarian Sims Modified over 9 years ago

Similar presentations

Presentation on theme: "Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style COPS: Community-Oriented Privacy System The Email Prototype."— Presentation transcript:

1 Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style COPS: Community-Oriented Privacy System The Email Prototype

2 Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science  Introduction  Motivation  Email Prototype  Future work 2 COPS

3 Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science  What is privacy?  The quality or state of being apart from company or observation  How do we protect privacy?  Doors, locks, alarms, fences/gates  Passwords, encryption, information flow  Whose privacy is being protected?  The individual 3 Individual Privacy

4 Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science  What is a ‘group’?  Collaborative, Cooperative, Collective  What is privacy?  A boundary regulation process that is context dependent  How is privacy protected?  A dynamic process driven by a group of users 4 Group Privacy

5 Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science  How do groups of people share information?  In person  Postal mail  Telephone  Email/Fax  Social networking  Cloud 5 Communication

6 Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science  Facebook  News Feed (2006) Facebook made privacy changes that made status updates, images, and other user-created content public by default, which motivated more than a third of Facebook users to alter their privacy settings.  Beacon (2007-2009) Beacon was a part of Facebook's advertisement system that sent data from external websites to Facebook, for the purpose of allowing targeted advertisements and allowing users to share their activities with their friends.  Cookies (Oct. 2011) Facebook sued for “tracking, collecting, and storing its users’ wire or electronic communications, including but not limited to portions of their internet browsing history even when the users were not logged-in to Facebook.” 6 Motivation

7 Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science  Cloud privacy concerns  Amazon’s cloud browser "All of your web surfing habits will transit Amazon's cloud. If you think that Google AdWords and Facebook are watching you, this service is guaranteed to have a record of everything you do on the Web.“ -Chester Wisniewski, a senior security adviser at British computer security firm Sophos  Dropbox “Insecure by design” –Derek Newton of Information Security Insights Will turn your files over to the Government if asked 7 Motivation

8 Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science  Have you ever sent an email to the wrong person accidentally?  “One of Eli Lilly & Co.'s sub-contracted lawyers at Philadelphia based Pepper Hamilton had mistakenly emailed confidential Eli Lilly's discussions to Times reporter Alex Berenson (instead of Bradford Berenson, her co-counsel), costing Eli Lilly nearly $1 billion.” (Zilberman 2010)  Other issues: Huge recipient lists, similar/duplicate names 8 Motivation

9 Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science  Are there any solutions out there to stop this from happening?  Gmail undo:  Complex privacy policies (Leon 2011) “Online opt-out tools were challenging for users to understand and configure” 9 Email Leakage

10 Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science  Community-Oriented Privacy System (COPS)  Privacy boundaries are defined through "community tags“  Regulation of privacy is provided through mechanisms for setting, changing, and making exceptions to the community tags.  Sense of community is realized through mechanisms for notification (making actions of individuals visible to the group) and consensus (allowing the group to vote on changes and exceptions) 10 COPS

11 Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science  Why take a community-based approach?  Shared expertise - privacy-enhancing features like rules and settings are underutilized by the individual. Shared expertise will lead to better utilization of the privacy mechanisms and better awareness of the privacy requirements and privacy threats.  Shared responsibility - social pressure from the group encourages the individual to pay better attention to neglected privacy tasks due to a sense of responsibility to the community. 11 COPS

12 Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science  Community Tag  Protect privacy by requiring group consensus required for tag creation/modification and exceptions  Tag usage is enforced by the users 12 COPS

13 Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science  Threat model - In computer security the term threat modeling is used to describe a set of issues that the designer of the system is interested in. In order to achieve a feeling of privacy we must cover four areas in particular:  Accidental disclosure  Lack of awareness  Inability to understand the privacy rules or system interfaces  Inability of the system to guarantee desired privacy 13 COPS

14 Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science  Accidental disclosure - when a user accidentally sends an email to the wrong recipient or incorrectly forwards an email to someone that should not have seen it. We anticipate that most privacy breaches are the result of accidental disclosure and we've seen that accidental disclosure can have significant ramifications 14 COPS

15 Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science  Lack of awareness - Related to accidental disclosure but mostly caused by the lack of knowledge rather than being a mere mistake. Lack of awareness privacy breaches most likely occur as a result of email forwarding and long recipient lists. Tracking an email's forwarding history can be a daunting task and trying to read through an email's recipient list of more than a dozen people is an exercise of frustration 15 COPS

16 Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science  Inability to understand the privacy rules or system interfaces - As the designers of this system, we're responsible for providing an interface that's easy to use and understand. Our research should look into the metaphors and current practices that people use when protecting privacy and leverage these practices 16 COPS

17 Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science  Inability of the system to guarantee desired privacy - Our research much span across various different domains -- from academia to the business world and from small informal groups to large group communication. Different domains have different requirements and enforce privacy in different ways. We must take into account these different practices and design a system that can translate easily from one domain to another 17 COPS

18 Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science  Email Prototype  Proof of concept  Mockups  High fidelity prototype 18 COPS

19 Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science 19 COPS

20 Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science 20

21 Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science 21 COPS

22 Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science 22 COPS

23 Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science 23 COPS

24 Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science 24 COPS

25 Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science  High fidelity prototype 25 COPS

26 Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science  Usability Studies  Single user observations  Interactive task-based experiment  In the experiment the user will take the role of an employee working in the Human Resources department at a fictitious company.  Tasks will start out easy and straightforward and will ramp up in difficulty as the participant works through the problems. 26 COPS

27 Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science  Evaluation  Gather data from intro/exit questionnaires, post- experiment interviews, observation, system monitoring  Measure performance through ease of use, task completion time, error rate, and user satisfaction  Most importantly, do users understand the new privacy features and do they find them useful in the context of an Email application? 27 COPS

28 Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science  Future work  Group of users interacting with the system at once  Writing a plug-in for existing Email applications  File system/cloud implementation 28 COPS

Download ppt "Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style COPS: Community-Oriented Privacy System The Email Prototype."

Similar presentations

The Internet and the Web

The Internet and the Web
1 SANS Technology Institute - Candidate for Master of Science Degree 1 Assessing Privacy Risks of Flash Cookies Kevin Fuller and Stacy Jordan February.

1 SANS Technology Institute - Candidate for Master of Science Degree 1 Assessing Privacy Risks of Flash Cookies Kevin Fuller and Stacy Jordan February.
Using the Self Service BMC Helpdesk

Using the Self Service BMC Helpdesk
Business Development Suit Presented by Thomas Mathews.

Business Development Suit Presented by Thomas Mathews.
Our Digital World Second Edition

Our Digital World Second Edition
1 Secure Interaction Design Kami Vaniea. 2 Overview Designing secure interfaces  Design principles Firefox extensions  Cookies  Phishing  Tracking.

1 Secure Interaction Design Kami Vaniea. 2 Overview Designing secure interfaces  Design principles Firefox extensions  Cookies  Phishing  Tracking.
Identity Theft: How to Protect Yourself. Identity Theft Identity theft defined:  the crime of obtaining the personal or financial information of another.

Identity Theft: How to Protect Yourself. Identity Theft Identity theft defined:  the crime of obtaining the personal or financial information of another.
Packet Analyzers, a Threat to Network Security. Agenda Introduction The background of packet analyzers LAN technologies & network protocols Communication.

Packet Analyzers, a Threat to Network Security. Agenda Introduction The background of packet analyzers LAN technologies & network protocols Communication.
Netiquette Rules.

Netiquette Rules.
Business Plug-In B7 Ethics.

Business Plug-In B7 Ethics.
P REVENTING D ATA L EAKAGE VIA E MAIL Rostislav Pinski Dmitry Kaganov Eli Shtein Alexander Gorohovski.

P REVENTING D ATA L EAKAGE VIA E MAIL Rostislav Pinski Dmitry Kaganov Eli Shtein Alexander Gorohovski.
1 The Engineer as a Professional Privacy. 2 After reading the articles please answer the following questions. 1) Is privacy a concern that engineers have.

1 The Engineer as a Professional Privacy. 2 After reading the articles please answer the following questions. 1) Is privacy a concern that engineers have.
User studies. Why user studies? How do we know security and privacy solutions are really usable? Have to observe users! –you may be surprised by what.

User studies. Why user studies? How do we know security and privacy solutions are really usable? Have to observe users! –you may be surprised by what.
Administrivia Turn in ranking sheets, we’ll have group assignments to you as soon as possible Homeworks Programming Assignment 1 due next Tuesday Group.

Administrivia Turn in ranking sheets, we’ll have group assignments to you as soon as possible Homeworks Programming Assignment 1 due next Tuesday Group.
What Google Privacy issues?. Concerns with Google & Privacy Google Street View It turns out that Google was obtaining a large amount of data from Wi-Fi.

What Google Privacy issues?. Concerns with Google & Privacy Google Street View It turns out that Google was obtaining a large amount of data from Wi-Fi.
Creating Collaborative Partnerships

Creating Collaborative Partnerships
Tracking, Privacy, You & The 21 st Century When you talk online the internet listens.

Tracking, Privacy, You & The 21 st Century When you talk online the internet listens.
August 15 click! 1 Email Basics Kitsap Regional Library.

August 15 click! 1 Basics Kitsap Regional Library.
A Guide to Getting Started

A Guide to Getting Started
A Product of Corporate Instant Messenger www.c-cubemessenger.com Enterprise Communication and Collaboration with Secure Instant Messaging Copyright © ANGLER.

A Product of Corporate Instant Messenger Enterprise Communication and Collaboration with Secure Instant Messaging Copyright © ANGLER.

Similar presentations

Ads by Google