Security and privacy in business networking

Business networking relies on application-specific quantity and quality of information in order to support social infrastructures in, e.g., energy allocation coordinated by smart grids, healthcare services with electronic health records, traffic management with personal sensors, RFID in retail and logistics, or integration of individuals’ social network information into good, services, and rescue operations. Due to the increasing reliance of networking applications on sharing ICT services, dependencies threaten privacy, security, and reliability of information and, thus, innovative business applications in smart societies. Resilience is becoming a new security approach, since it takes dependencies into account and aims at achieving equilibriums in case of opposite requirements. This special issue on 'Security and Privacy in Business Networking' contributes to the journal 'Electronic Markets' by introducing a different view on achieving acceptable secure business networking applications in spite of threats due to covert channels. This view is on adapting resilience to enforcement of IT security in business networking applications. Our analysis shows that privacy is an evidence to measure and improve trustworthy relationships and reliable interactions between participants of business processes and their IT systems. The articles of this special issue, which have been accepted after a double-blind peer review, contribute to this view on interdisciplinary security engineering in regard to the stages of security and privacy requirements analysis, enforcement of resulting security requirements for an information exchange, testing with a privacy-preserving detection of policy violations, and knowledge management for the purpose of keeping business processes resilient.

[1]  James A. Hendler,et al.  Information accountability , 2008, CACM.

[2]  Vashek Matyas,et al.  Privacy and Identity , 2009, The Future of Identity in the Information Society.

[3]  Alexander Pretschner,et al.  On Obligations , 2005, ESORICS.

[4]  J. Doug Tygar,et al.  Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0 , 1999, USENIX Security Symposium.

[5]  A. Pfitzmann,et al.  Anonymity, Unlinkability, Unobservability, Pseudonymity, and Identity Management – A Consolidated Proposal for Terminology , 2002 .

[6]  Jan Camenisch,et al.  An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation , 2001, IACR Cryptol. ePrint Arch..

[7]  David Chaum,et al.  Security without identification: transaction systems to make big brother obsolete , 1985, CACM.

[8]  Vinod Vaikuntanathan,et al.  Can homomorphic encryption be practical? , 2011, CCSW '11.

[9]  Wolfgang Wahlster,et al.  Placing Humans in the Feedback Loop of Social Infrastructures , 2013, Informatik-Spektrum.

[10]  Rafael Accorsi,et al.  BBox: A Distributed Secure Log Architecture , 2010, EuroPKI.

[11]  Wil M. P. van der Aalst Process mining , 2012, CACM.

[12]  Felix C. Freiling,et al.  Fundamentals of Fault-Tolerant Distributed Computing in Asynchronous Environments , 1999, ACM Comput. Surv..

[13]  Kenneth G. Paterson,et al.  Non-Interactive Key Exchange , 2012, IACR Cryptol. ePrint Arch..

[14]  Elizabeth L. Etnier,et al.  Society for Risk Analysis , 2006 .

[15]  Alexander Pretschner,et al.  Distributed usage control , 2006, CACM.

[16]  V. Vianu,et al.  Edinburgh Why and Where: A Characterization of Data Provenance , 2017 .

[17]  Douglas R. Vogel,et al.  eCollaboration: On the nature and emergence of communication and collaboration technologies , 2009, Electron. Mark..

[18]  Michael Waidner,et al.  Platform for Enterprise Privacy Practices: Privacy-Enabled Management of Customer Data , 2002, Privacy Enhancing Technologies.

[19]  Birgit Pfitzmann,et al.  Unconditional Byzantine Agreement for any Number of Faulty Processors , 1992, STACS.

[20]  E. G. Furubotn,et al.  Institutions and Economic Theory: The Contribution of the New Institutional Economics , 2005 .

[21]  Javier Huerta Bravo,et al.  DIGITAL AGENDA FOR EUROPE , 2011 .

[22]  Yacov Y Haimes,et al.  On the Definition of Resilience in Systems , 2009, Risk analysis : an official publication of the Society for Risk Analysis.

[23]  Felix C. Gärtner,et al.  Fundamentals of fault-tolerant distributed computing in asynchronous environments , 1999, CSUR.

[24]  Noboru Sonehara,et al.  Tagging Disclosures of Personal Data to Third Parties to Preserve Privacy , 2010, SEC.

[25]  Nancy A. Lynch,et al.  Impossibility of distributed consensus with one faulty process , 1985, JACM.

[26]  Noboru Sonehara,et al.  Isolation in Cloud Computing and Privacy-Enhancing Technologies , 2011, Bus. Inf. Syst. Eng..

[27]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[28]  Sabrina De Capitani di Vimercati,et al.  Access Control Policies, Models, and Mechanisms , 2011, Encyclopedia of Cryptography and Security.

[29]  Rafael Accorsi,et al.  Personalization in privacy-aware highly dynamic systems , 2006, CACM.

[30]  Pedro M. Domingos A few useful things to know about machine learning , 2012, Commun. ACM.

[31]  Hovav Shacham,et al.  Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds , 2009, CCS.

[32]  C. S. Holling Understanding the Complexity of Economic, Ecological, and Social Systems , 2001, Ecosystems.

[33]  Helen Gill,et al.  Cyber-Physical Systems , 2019, 2019 IEEE International Conference on Mechatronics (ICM).

[34]  Blaine Nelson,et al.  Poisoning Attacks against Support Vector Machines , 2012, ICML.

[35]  Günter Müller,et al.  Privacy with Delegation of Rights by Identity Management , 2006, ETRICS.

[36]  Shiguang Ju,et al.  The Dilemma of Covert Channels Searching , 2005, ICISC.

[37]  Carl E. Landwehr,et al.  Basic concepts and taxonomy of dependable and secure computing , 2004, IEEE Transactions on Dependable and Secure Computing.

[38]  Ho Geun Lee,et al.  Banking in the Internet and mobile era , 2012, Electronic Markets.

[39]  Blaine Nelson,et al.  Adversarial machine learning , 2019, AISec '11.