论文信息 - Privacy Requirements in Toy Computing

Privacy Requirements in Toy Computing

This chapter outlines the privacy requirements for a toy computing environment. The unique architecture of toy computing requires consideration of several different factors. In this chapter we investigate the privacy requirements through formal threat modeling techniques to help the reader to get more comfortable with the toy computing architecture and how it maps to privacy threats. Next, we identify privacy requirements at legislative level, identifying privacy laws and regulations which apply to this context. The toy industry has also issued regulations for toy safety; however these regulations have no mention of privacy. While parents aim to protect the privacy of their children, we investigate the unique requirements of end users. Lastly, a demo is presented as an interface for parents to configure privacy settings for their children using mobile toy computing apps.

[1] Ninghui Li,et al. Using probabilistic generative models for ranking risks of Android apps , 2012, CCS.

[2] Mani B. Srivastava,et al. A framework for context-aware privacy of sensor data on mobile systems , 2013, HotMobile '13.

[3] Sonia Livingstone,et al. Risks and safety on the internet: the perspective of European children: full findings and policy implications from the EU Kids Online survey of 9-16 year olds and their parents in 25 countries , 2011 .

[4] Scott Dick,et al. A large-scale empirical study of P3P privacy policies: Stated actions vs. legal obligations , 2009, TWEB.

[5] Vyas Sekar,et al. Measuring user confidence in smartphone security and privacy , 2012, SOUPS.

[6] John Leubsdorf,et al. Privacy and Freedom , 1968 .

[7] Wouter Joosen,et al. A privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirements , 2011, Requirements Engineering.

[8] David A. Wagner,et al. Android permissions: user attention, comprehension, and behavior , 2012, SOUPS.

[9] David Salomon. Privacy and Trust , 2010 .

[10] A. Pfitzmann,et al. A terminology for talking about privacy by data minimization: Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity, and Identity Management , 2010 .