mHealth and the need of evaluation processes

Eschricht, Johannes

January 2018

There are currently a great deal of available health applications available on various app-stores around the globe and more is being added each day. With that vast amount of available options, which health applications are trustworthy and offers the functionality that the users are looking for? With the current regulations and classification processes, it is difficult to know if mHealth services offers the high standards that it should. This thesis investigates the need for mHealth services tobe subject of an evaluation process, by a health organization or a government agency, to ensure that quality standards are high. We discover the current “state-of-the-art” of mHealth and the privacy-and usability aspects of mHealth, we find outif evaluated and approved mHealth applications are believed to be more attractive to use than the non-evaluated counterparts, and lastly, we identify what aspects is important to evaluate of mHealth applications. To provide answers to the thesis, we perform a literature review and distribute a survey to a small group of potential users of mHealth services. The literature review provides information about the current state of mHealth around the globe. Moreover, the literature review also reveals that both usability, but especially privacy, is of major importance when creating mHealth services. We also discover that there are voices from field experts that suggests mHealth services to be subject of an evaluation process, similar to what we suggest in this thesis. With the survey, we identify the respondents’ current utilization of mHealth services. We also find out what aspects they believe is important and if their trust and utilization of an evaluated and approved mHealth service would be affected compared to a non-evaluated counterpart. The respondents of the survey is parents of young children, a group that is likely in need of medical attention in one way or another and still has the technical experience that is required to answer the survey.

mHealth

evaluation process

privacy

usability

Software Engineering

Programvaruteknik

Family Educational Rights and Privacy Act (FERPA) Safety and Health Exceptions and Employee Privacy Training

January 2010

abstract: Sparked by the Virginia Tech Shooting of 2007 and the resultant changes to the Family Educational Rights and Privacy Act, a review was conducted of FERPA's impact on university policies regarding student privacy and safety. A single, private university's policies were reviewed and a survey was distributed to 500 campus employees who had recently completed the university's FERPA training to determine if the university's current training was effective in training employees to understand FERPA's health and safety exceptions clause. The results showed that while the university's training was effective in training employees how to safeguard students' academic records, employees did not have a clear understanding of which information they could or should share in response to a threat to health and safety or to which university entity they should route safety concerns. The survey suggests that the university's FERPA training should be expanded to include training on FERPA's health and safety exceptions, including the communication of clear reporting lines for possible threats to campus safety and security. / Dissertation/Thesis / M.S.Tech Technology 2010

Higher Education

Education Policy

Employee

Exceptions

FERPA

Privacy

Safety

Training

Privacy Preserving Service Discovery and Ranking For Multiple User QoS Requirements in Service-Based Software Systems

January 2011

abstract: Service based software (SBS) systems are software systems consisting of services based on the service oriented architecture (SOA). Each service in SBS systems provides partial functionalities and collaborates with other services as workflows to provide the functionalities required by the systems. These services may be developed and/or owned by different entities and physically distributed across the Internet. Compared with traditional software system components which are usually specifically designed for the target systems and bound tightly, the interfaces of services and their communication protocols are standardized, which allow SBS systems to support late binding, provide better interoperability, better flexibility in dynamic business logics, and higher fault tolerance. The development process of SBS systems can be divided to three major phases: 1) SBS specification, 2) service discovery and matching, and 3) service composition and workflow execution. This dissertation focuses on the second phase, and presents a privacy preserving service discovery and ranking approach for multiple user QoS requirements. This approach helps service providers to register services and service users to search services through public, but untrusted service directories with the protection of their privacy against the service directories. The service directories can match the registered services with service requests, but do not learn any information about them. Our approach also enforces access control on services during the matching process, which prevents unauthorized users from discovering services. After the service directories match a set of services that satisfy the service users' functionality requirements, the service discovery approach presented in this dissertation further considers service users' QoS requirements in two steps. First, this approach optimizes services' QoS by making tradeoff among various QoS aspects with users' QoS requirements and preferences. Second, this approach ranks services based on how well they satisfy users' QoS requirements to help service users select the most suitable service to develop their SBSs. / Dissertation/Thesis / Ph.D. Computer Science 2011

Computer Science

Nonfunctional Requirement

Privacy Preserving

QoS

Ranking

Service Discovery

On Efficient and Scalable Attribute Based Security Systems

January 2011

abstract: This dissertation is focused on building scalable Attribute Based Security Systems (ABSS), including efficient and privacy-preserving attribute based encryption schemes and applications to group communications and cloud computing. First of all, a Constant Ciphertext Policy Attribute Based Encryption (CCP-ABE) is proposed. Existing Attribute Based Encryption (ABE) schemes usually incur large, linearly increasing ciphertext. The proposed CCP-ABE dramatically reduces the ciphertext to small, constant size. This is the first existing ABE scheme that achieves constant ciphertext size. Also, the proposed CCP-ABE scheme is fully collusion-resistant such that users can not combine their attributes to elevate their decryption capacity. Next step, efficient ABE schemes are applied to construct optimal group communication schemes and broadcast encryption schemes. An attribute based Optimal Group Key (OGK) management scheme that attains communication-storage optimality without collusion vulnerability is presented. Then, a novel broadcast encryption model: Attribute Based Broadcast Encryption (ABBE) is introduced, which exploits the many-to-many nature of attributes to dramatically reduce the storage complexity from linear to logarithm and enable expressive attribute based access policies. The privacy issues are also considered and addressed in ABSS. Firstly, a hidden policy based ABE schemes is proposed to protect receivers' privacy by hiding the access policy. Secondly,a new concept: Gradual Identity Exposure (GIE) is introduced to address the restrictions of hidden policy based ABE schemes. GIE's approach is to reveal the receivers' information gradually by allowing ciphertext recipients to decrypt the message using their possessed attributes one-by-one. If the receiver does not possess one attribute in this procedure, the rest of attributes are still hidden. Compared to hidden-policy based solutions, GIE provides significant performance improvement in terms of reducing both computation and communication overhead. Last but not least, ABSS are incorporated into the mobile cloud computing scenarios. In the proposed secure mobile cloud data management framework, the light weight mobile devices can securely outsource expensive ABE operations and data storage to untrusted cloud service providers. The reported scheme includes two components: (1) a Cloud-Assisted Attribute-Based Encryption/Decryption (CA-ABE) scheme and (2) An Attribute-Based Data Storage (ABDS) scheme that achieves information theoretical optimality. / Dissertation/Thesis / Ph.D. Computer Science 2011

Computer Science

Attribute

Cloud Computing

Group Communication

Privacy

Security

UbiPri : middleware para controle e gerenciamento de privacidade em ambientes ubíquos / UBiPri : middleware control and privacy management in ubiquitous environments

Leithardt, Valderi Reis Quietinho

January 2015

Atualmente em vários países já existem mais dispositivos e meios de comunicações que habitantes e a medida que a tecnologia avança a troca de informação tende a aumentar exponencialmente. Com isso, ganha destaque a área denominada computação ubíqua, que visa o desenvolvimento de aplicativos para automatizar processos, antes manuais, a fim de proporcionar conforto, rapidez e conexão aos usuários com seus dispositivos. Nos estudos realizados decorrer desta tese identificou–se a necessidade de desenvolver e controlar informações privadas fundamentadas no local, aqui denominado ambiente ubíquo. O problema de pesquisa identificado foi a grande heterogeneidade de dispositivos e comunicações nestes sistemas, tornando-os vulneráveis e expondo os dados de seus usuários. Assim, observou-se a necessidade de um modelo taxonômico de privacidade que engloba características necessárias para controlar e gerenciar a privacidade de dados em ambientes ubíquos. A partir dessa taxonomia desenvolveu–se um protótipo com base em um middleware estruturado em camadas necessárias para prover os controles e gerenciamentos necessários nestes ambientes. Os primeiros testes e resultados se mostraram promissores, tendo seus resultados publicados em conferências internacionais da área que nortearam os estudos para uma melhoria do tratamento e filtragem de dados. Também foi possível a ampliação dos controles e gerenciamento de parâmetros automáticos com aumento e redução de definição do tipo de perfil do usuário em adição são apresentados os resultados obtidos em diferentes cenários de uso e aplicação. Para tanto, o protótipo desenvolvido permite selecionar opções de variáveis atribuídas individualmente a cada ambiente de acordo com suas necessidades, com isso, a solução proposta visa ser empregada no gerenciamento de privacidade em ambientes ubíquos. Os resultados obtidos nos testes realizados comprovam a viabilidade e contribuição cientifica do modelo desenvolvido. O aplicativo UbiPri foi disponibilizado para utilização no google play store, podendo ser instalado e configurado na plataforma android. / Currently in many countries there are already more devices and communication means inhabitants and as technology advances the exchange of information tends to increase exponentially. As a result, stands out the area called ubiquitous computing, which aims to develop applications to automate processes before hand in order to provide comfort, speed and connecting users with their devices. In studies carried out throughout this thesis it identified the need to develop and control private information based on location, here called ubiquitous environment. The identified research problem was the great heterogeneity of devices and communications in these systems, making them vulnerable and exposing the data of its users. Thus, there was the need for a taxonomic model of privacy that encompasses features needed to control and manage data privacy in ubiquitous environments. From this taxonomy developed a prototype based on a middleware structured in layers to provide the necessary controls and managements required in these environments. The first tests and results were promising, with the results published in international conferences in the area that guided the studies for improved treatment and filtering of data. It was also possible the expansion of controls and management parameters with automatic increase and decrease setting in the user profile type in addition the results obtained are presented in different usage scenarios and application. Thus, the prototype allows you to select options variables individually assigned to each environment according to their needs, with it, the proposed solution is intended to be used in the privacy management in ubiquitous environments. The results obtained in the tests prove the feasibility and scientific contribution of the developed model. The UbiPri application was made available for use in the google play store and can be installed and configured on android platform.

Computação pervasiva

Taxonomia

Ubiquitous computing

Middleware

Taxonomy

Privacy

A strategic framework for e-government security : the case in Nigeria

Deekue, Sam Neekpoa

January 2016

Countries across the globe are striving towards full-scale implementation of e-government. One of the issues arising with the efforts to this realization is the assurance of secure transactions while upholding high privacy standards. In order to engage citizens in the process, there must be transparency and confidence that the e-government systems they are using are reliable and will deliver the services with integrity, confidentiality and accountability. Different systems require different levels of security according to the services they provide to their users. This research presents an investigation into reasons why e-government security frameworks developed by researchers with the claim that it is one-size-fits-all issue may not hold true, particularly in the case of Nigeria, based on certain identified realities. The claim of a generalized framework appears very challenging because there seem to be much diversity across different governments. Countries differ in one or more of the following characteristics: political systems, legal systems, economic situation, available technological infrastructure, Internet and PC penetration, availability of skills and human resources, literacy levels, computer literacy levels, level of poverty, leadership, and ethnic diversities in terms of norms, languages, and expertise. Security measures implemented in e-government projects in some developed countries, beginning with more established e-government systems around the world, were evaluated and a strategic framework for e-government security proposed which considers both technical and non-technical factors that involve people, processes and technologies. The framework is proposed to advance the rapid adoption of practices that will guarantee e-government security. It seeks to provide a flexible, repeatable and cost-effective approach to implementing e-government security. This research examines the issues of enclosure in the implementation of e-government from the perspective of security and ultimately survivability.

Children's understanding of online data privacy : a study on Scottish Primary 6 and Primary 7 pupils

Alias, Amelia

January 2018

There is growing concern over online privacy in today’s digital worlds, in part due to the nature of social media, which encourages the disclosure of personal information. Such concerns have resulted in a significant amount of research, so far focused on adults’ and teenagers’ perceptions of privacy and privacy management. This study aims to explore how children perceive online privacy. It addresses three research questions: RQ 1: What are children’s views of online privacy? RQ 2: What are parents’ views of online privacy? Do their views on privacy influence how they deal with their children’s privacy? RQ 3: What are the benefits and disadvantages of different Internet parental mediation strategies for children’s online privacy? Twenty-six semi-structured one-to-one interviews and ten focus group sessions were conducted with fifty-seven pupils aged 9 to 11 years old (Primary 6 and Primary 7), from one school in Scotland. Additionally, 8 parents were interviewed to understand how their perceptions of privacy influenced their Internet parenting strategies. This study has three overarching findings. The first overarching finding is related to children’s and parents’ views about the Internet as an unsafe place, occasionally leading parents to deploy restrictive and monitoring Internet parental mediation strategies. Second, children view privacy as more difficult to achieve online than offline for two main reasons: (1) the Internet is a ‘bigger space’ populated by a massive number of ‘people’, most of whom they do not know nor have they ever seen (‘strangers’), and (2) there are certain difficulties in managing the privacy settings of social networking sites. The third finding is that trust, autonomy and privacy are interrelated. Trust reduce privacy concerns, encouraged for two-way information sharing between children and parents, with an expectation that parents will be able to help identify potential and also unexpected online issues, and necessary advice and safety precautions can be taught to children. As a result, children will potentially be able to manage their online activities in an increasingly autonomous way. Trust is important not only in interpersonal relationships, but also for building confidence for contexts in which we do not have any prior knowledge, such as with strangers or with the providers of online platforms.

Une démarche de conception et d'implémentation de la protection de la vie privée basée sur le contrôle d'accès appliquée aux compositions de services / Design and Implementation of privacy in service compositions

Faravelon, Aurélien

02 December 2013

La vie privée et sa protection sont aujourd'hui largement discutées. Membres de la société civile, juristes ou encore techniciens, nous sommes tous appelés à nous emparer d'une notion que l'on nous présente à la fois comme menacée, désuète ou appartenant à nos libertés fondamentales. Aujourd'hui, les controverses autour de la protection de la vie privée ont pour origine des usages techniques. L'informatisation des fichiers étatiques et les possibilités accrues de surveillance issues des innovations en informatique et, plus récemment, les « usages sociaux » des outils numériques comme les « réseaux sociaux », provoquent de vives réactions. Pourtant, le recours à cette notion, notamment pour protéger les libertés individuelles, est-il complètement satisfaisant alors que, d'une part, les outils à l'origine de sa mise en question suscitent un large engouement, et que, d'autre part, ses contours sont mal définis? Nous adoptons, pour répondre à cette question, une position interdisciplinaire. D'une part, nous enquêtons d'un point de vue philosophique sur la « condition numérique » contemporaine afin d'en saisir les enjeux. Ce faisant, nous établissons que les outils numériques remettent en cause la notion de « frontiére ». Nous montrons simultanément que la possibilité d'une existence séparée est nécessaire pour constituer une subjectivité propre. Se pose alors la question de la mise en pratique d'une telle existence. Nous nous éloignons des approches déontologiques et utilitaristes qui guident actuellement la conception et l'évaluation des outils numériques pour leur préférer une approche fondée sur « l'éthique du souci de soi ». Cette approche nous conduit à établir que le code informatique constitue la structure de la condition numérique et qu'il s'agit de prendre en compte, dés la conception d'une application un ensemble de propriétés, comme la protection de la vie privée. Nous cherchons dans un second temps à aider les concepteurs d'applications à concevoir au mieux et à réaliser des applications qui permettent de protéger la vie privée des utilisateurs et des possesseurs des données. Notre domaine d'application est l'approche orientée services qui est aujourd'hui un largement utilisée. Nous nous concentrons sur son utilisation pour la réalisation d'applications à partir de compositions de services dynamiques et hétérogènes. Nous cherchons à protéger la vie privée à l'aide du contrôle d'accès. Pour ce faire, nous proposons de configurer les propriétés de contrôle d'accès des services au moyen d'une démarche dirigée par les modèles divisée en deux étapes. Au niveau conception, la composition et la politique de contrôle d'accès à un niveau abstrait sont spécifiées par des experts dédiés. Nous estimons que le contrôle d'accès doit être pris en compte dés la conception de l'application afin d'éviter le recours à la programmation manuelle. En rester à un niveau abstrait permet de s'adapter à l'état de la composition et à l'hétérogénéité et au dynamisme des services. Au niveau exécution, notre architecture permet de configurer les services concrets au moyen de proxies responsables de l'exécution du contrôle d'accès. Des transformations de modèles vers textes automatisées permettent de passer d'un niveau à l'autre afin de s'abstraire de la programmation manuelle et de garantir la protection des services concrets par les proxies. Notre approche a été validée par la réalisation d'un prototype et son utilisation sur un cas d'application. / Privacy is hot topic. Lawyers, technicians and plain people are all concerned by this notion. Nowadays, most discussions focus on the effects of digital tools, such as social media or surveillance software. However, privacy is still ill-defined. Moreover, digital tools which endanger privacy are widely used. Should not we leave privacy aside and accept that we are, maybe more than ever, visible ?In this doctoral thesis, I address this question from a twofold viewpoint. I first inquire into the nature of our digital condition from a philosophical standpoint. I claim that digital artifacts rework the implementation of our frontiers, be them geographical or social. However, I contend that such frontiers are necessary. As I show that code defines the structure and the effects of digital tools, I point out that properties such as privacy management should be addressed right from the conception of software applications.Helping out designers to address such properties is the second issue I tackle. I focus on Service-Oriented Computing as it is a widely used paradigm. Most speci- fically, I deal with the composition of heterogenous and dynamic services. I define access control as an efficient mechanism to protect privacy and I propose a twofold generative approach to secure services compositions. The composition and its access control policies are separately defined at an abstract level. An expert is responsible for each of them. As we promote an abstract description of the application, we free the designer from technical complexity. At runtime, we propose an architecture which selects and protects the actual services by hiding them behind proxies which run the access control policy. Automated model transformations permit to generate the application from its specification. We thus bypass manual programming. We have implemented a modeling and execution environment and applied our approach to a use case in order to validate our work.

SOC

SOA

Vie privée

SOC

SOA

Privacy

004

Secure Sharing of Electronic Medical Records in Cloud Computing

January 2012

abstract: In modern healthcare environments, there is a strong need to create an infrastructure that reduces time-consuming efforts and costly operations to obtain a patient's complete medical record and uniformly integrates this heterogeneous collection of medical data to deliver it to the healthcare professionals. As a result, healthcare providers are more willing to shift their electronic medical record (EMR) systems to clouds that can remove the geographical distance barriers among providers and patient. Even though cloud-based EMRs have received considerable attention since it would help achieve lower operational cost and better interoperability with other healthcare providers, the adoption of security-aware cloud systems has become an extremely important prerequisite for bringing interoperability and efficient management to the healthcare industry. Since a shared electronic health record (EHR) essentially represents a virtualized aggregation of distributed clinical records from multiple healthcare providers, sharing of such integrated EHRs may comply with various authorization policies from these data providers. In this work, we focus on the authorized and selective sharing of EHRs among several parties with different duties and objectives that satisfies access control and compliance issues in healthcare cloud computing environments. We present a secure medical data sharing framework to support selective sharing of composite EHRs aggregated from various healthcare providers and compliance of HIPAA regulations. Our approach also ensures that privacy concerns need to be accommodated for processing access requests to patients' healthcare information. To realize our proposed approach, we design and implement a cloud-based EHRs sharing system. In addition, we describe case studies and evaluation results to demonstrate the effectiveness and efficiency of our approach. / Dissertation/Thesis / M.S. Computer Science 2012

Computer science

Cloud Computing

EHR

Healthcare

HIPAA

Privacy

Security

Vi ger bort vår personliga integritet för att få veta vilken M & M vi är : En kvalitativ intervjustudie med individer med kunskap om hacking

Bengtsson, Clara, Leikas, Nette

January 2018

The digital environment is facing changes and threats from different factors. Digitalisation seeks to exceed all boundaries at the expense of something we used to value high. Privacy today is a subject that garners a lot of attention due to its deterioration. This study aims to assess this dilemma from different angles and find easier ways to understand it. It considers components like updating legislation, companies’ business models and lack of available information. All this is done from the perspective of hackers and cyber security professionals by researchers without further IT background. Thus, the methodology of the study consists of qualitative interviews with persons who possess a great knowledge of the digital world. After the interviews the study has found a connection between an individual’s privacy and his choices, level of knowledge and society’s structures. The results indicate that information has become so highly valued that it can be used as a currency. This creates for example the possibility for big companies to exploit their power in order to affect opinions and consumer behaviour. However, individuals donate their privacy voluntarily in exchange for free services. Therefore, they should be offered clear information by those who recognise the threats. The study also proposes some suggestions from the professionals for better privacy.

privacy

cyber security

digitalisation

GDPR

Media and Communications

Medie- och kommunikationsvetenskap