Elicitation of Privacy Requirements for the Internet of Things Using ACCESSORS

Novel smart devices are equipped with various sensors to capture context data. The Internet of Things (IoT) connects these devices with each other in order to bring together data from various domains. Due to the IoT, new application areas come up continuously. For instance, the quality of life and living can be significantly improved by installing connected and remote-controlled devices in Smart Homes. Or the treatment of chronic diseases can be made more convenient for both, patients and physicians, by using Smart Health technologies.

[1]  Jari Veijalainen,et al.  Security and privacy threats in IoT architectures , 2012, BODYNETS.

[2]  Xinwen Zhang,et al.  Apex: extending Android permission model and enforcement with user-defined runtime constraints , 2010, ASIACCS '10.

[3]  Jeffrey F. Naughton,et al.  On the complexity of privacy-preserving complex event processing , 2011, PODS.

[4]  David A. Wagner,et al.  I've got 99 problems, but vibration ain't one: a survey of smartphone users' concerns , 2012, SPSM '12.

[5]  Bernhard Mitschang,et al.  The Privacy Management Platform - An Enabler for Device Interoperability and Information Security in mHealth Applications , 2018, HEALTHINF.

[6]  Bernhard Mitschang,et al.  Privacy Management for Mobile Platforms -- A Review of Concepts and Approaches , 2013, 2013 IEEE 14th International Conference on Mobile Data Management.

[7]  Bernhard Mitschang,et al.  Design and Implementation of the Privacy Management Platform , 2014, 2014 IEEE 15th International Conference on Mobile Data Management.

[8]  Jesper Kjeldskov,et al.  The connected car: an empirical study of electric cars as mobile digital devices , 2017, MobileHCI.

[9]  Robert Harle,et al.  Bellrock: Anonymous Proximity Beacons From Personal Devices , 2018 .

[10]  Christoph Stach How to Assure Privacy on Android Phones and Devices? , 2013, 2013 IEEE 14th International Conference on Mobile Data Management.

[11]  Michael Backes,et al.  AppGuard - Fine-Grained Policy Enforcement for Untrusted Android Applications , 2013, DPM/SETOP.

[12]  E. Segal,et al.  Personalized Nutrition by Prediction of Glycemic Responses , 2015, Cell.

[13]  Divyakant Agrawal,et al.  Secure and Privacy-Preserving Data Services in the Cloud: A Data Centric View , 2012, Proc. VLDB Endow..

[14]  Hao Chen,et al.  RetroSkeleton: retrofitting android apps , 2013, MobiSys '13.

[15]  Charu C. Aggarwal,et al.  The Internet of Things: A Survey from the Data-Centric Perspective , 2013, Managing and Mining Sensor Data.

[16]  Sarmad Ullah Khan,et al.  Future Internet: The Internet of Things Architecture, Possible Applications and Key Challenges , 2012, 2012 10th International Conference on Frontiers of Information Technology.

[17]  Biplab Sikdar,et al.  Secure Data Provenance for the Internet of Things , 2017, IoTPTS@AsiaCCS.

[18]  Jason Crampton,et al.  Sleeping android: the danger of dormant permissions , 2013, SPSM '13.

[19]  Dan Siewiorek,et al.  Generation smartphone , 2012, IEEE Spectrum.

[20]  Bernhard Mitschang,et al.  The AVARE PATRON - A Holistic Privacy Approach for the Internet of Things , 2018 .

[21]  Klaus Wehrle,et al.  Privacy in the Internet of Things: threats and challenges , 2014, Secur. Commun. Networks.

[22]  Bernhard Mitschang,et al.  ACCESSORS - A Data-Centric Permission Model for the Internet of Things , 2018, ICISSP.

[23]  Joachim Posegga,et al.  Constroid: data-centric access control for android , 2012, SAC '12.

[24]  Patrick D. McDaniel,et al.  Understanding Android Security , 2009, IEEE Security & Privacy Magazine.

[25]  Paul C. van Oorschot,et al.  A methodology for empirical analysis of permission-based security models and its application to android , 2010, CCS '10.

[26]  Vyas Sekar,et al.  Measuring user confidence in smartphone security and privacy , 2012, SOUPS.

[27]  Stefan Kowalewski,et al.  A real-time extension to the Android platform , 2012, JTRES '12.

[28]  Stefan Saroiu,et al.  Home automation in the wild: challenges and opportunities , 2011, CHI.

[29]  Michael Backes,et al.  AppGuard - Enforcing User Requirements on Android Apps , 2013, TACAS.

[30]  Mahadev Satyanarayanan,et al.  Privacy Mediators: Helping IoT Cross the Chasm , 2016, HotMobile.

[31]  Kevin W. Hamlen,et al.  Aspect-oriented in-lined reference monitors , 2008, PLAS '08.

[32]  Christoph Stach,et al.  Candy Castle — A prototype for pervasive health games , 2012, 2012 IEEE International Conference on Pervasive Computing and Communications Workshops.

[33]  D. Cox,et al.  Evaluating the accuracy of continuous glucose-monitoring sensors: continuous glucose-error grid analysis illustrated by TheraSense Freestyle Navigator data. , 2004, Diabetes care.

[34]  David A. Wagner,et al.  Android permissions: user attention, comprehension, and behavior , 2012, SOUPS.

[35]  Martin Knöll “On the Top of High Towers..." Discussing Locations in a Mobile Health Game for Diabetics1 , 2011 .

[36]  Clarissa Cassales Marquezan,et al.  Future Internet Apps: The Next Wave of Adaptive Service-Oriented Systems? , 2011, ServiceWave.

[37]  Arkady B. Zaslavsky,et al.  Context Aware Computing for The Internet of Things: A Survey , 2013, IEEE Communications Surveys & Tutorials.

[38]  Bernhard Mitschang,et al.  An Integrated mHealth Solution for Enhancing Patients’ Health Online , 2015 .

[39]  Christian Schaefer,et al.  A Policy Language for Distributed Usage Control , 2007, ESORICS.

[40]  Lujo Bauer,et al.  Modeling and Enhancing Android's Permission System , 2012, ESORICS.

[41]  Sandeep Kumar Vashist,et al.  Commercial Smartphone-Based Devices and Smart Applications for Personalized Healthcare Monitoring and Management , 2014, Diagnostics.

[42]  Sudip Misra,et al.  Theoretical modelling of fog computing: a green computing paradigm to support IoT applications , 2016, IET Networks.

[43]  Christoph Stach Secure Candy Castle - A Prototype for Privacy-Aware mHealth Apps , 2016, 2016 17th IEEE International Conference on Mobile Data Management (MDM).

[44]  Indrakshi Ray,et al.  Information flow control for stream processing in clouds , 2013, SACMAT '13.

[45]  Kian-Lee Tan,et al.  ACStream: Enforcing Access Control over Data Streams , 2009, 2009 IEEE 25th International Conference on Data Engineering.

[46]  James Oberg Up, up, and away , 2012, IEEE Spectrum.

[47]  Mark Weiser The computer for the 21st century , 1991 .

[48]  Mauro Conti,et al.  CRePE: Context-Related Policy Enforcement for Android , 2010, ISC.

[49]  Martin Knöll Diabetes City: How Urban Game Design Strategies Can Help Diabetics , 2008, eHealth.

[50]  Christoph Stach,et al.  TIROL: The Extensible Interconnectivity Layer for mHealth Applications , 2017, ICIST.

[51]  Jaehong Park,et al.  The UCONABC usage control model , 2004, TSEC.

[52]  Alessandro Margara,et al.  Processing flows of information: From data stream to complex event processing , 2012, CSUR.

[53]  David M. Eyers,et al.  DEFCON: High-Performance Event Processing with Information Security , 2010, USENIX Annual Technical Conference.

[54]  Stefan Wagner,et al.  Exploratory Study of the Privacy Extension for System Theoretic Process Analysis (STPA-Priv) to Elicit Privacy Risks in eHealth , 2017 .

[55]  Anind K. Dey,et al.  Understanding and Using Context , 2001, Personal and Ubiquitous Computing.

[56]  Stefanie Betz,et al.  PRIVACY-AVARE: An approach to manage and distribute privacy settings , 2017, 2017 3rd IEEE International Conference on Computer and Communications (ICCC).

[57]  Michael I. Jordan,et al.  Machine learning: Trends, perspectives, and prospects , 2015, Science.

[58]  Eric Bodden,et al.  DroidForce: Enforcing Complex, Data-centric, System-wide Policies in Android , 2014, 2014 Ninth International Conference on Availability, Reliability and Security.

[59]  Frank Dürr,et al.  How a Pattern-based Privacy System Contributes to Improve Context Recognition , 2018, 2018 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops).

[60]  Bruno Crispo,et al.  YAASE: Yet Another Android Security Extension , 2011, 2011 IEEE Third Int'l Conference on Privacy, Security, Risk and Trust and 2011 IEEE Third Int'l Conference on Social Computing.

[61]  Paola Inverardi,et al.  User-Centric Android Flexible Permissions , 2017, 2017 IEEE/ACM 39th International Conference on Software Engineering Companion (ICSE-C).

[62]  Gail-Joon Ahn,et al.  Security and Privacy Challenges in Cloud Computing Environments , 2010, IEEE Security & Privacy.

[63]  Lakshmi Priya Sekar,et al.  Avoidance of security breach through selective permissions in android operating system , 2012, SOEN.

[64]  R. S. H. Istepanian,et al.  The potential of Internet of m-health Things “m-IoT” for non-invasive glucose level sensing , 2011, 2011 Annual International Conference of the IEEE Engineering in Medicine and Biology Society.

[65]  Michalis Faloutsos,et al.  Permission evolution in the Android ecosystem , 2012, ACSAC '12.

[66]  Luigi Alfredo Grieco,et al.  Security, privacy and trust in Internet of Things: The road ahead , 2015, Comput. Networks.