471 |
Eingriff in die Privatsphäre der Endanwender durch Augmented Reality AnwendungenNeges, Matthias, Siewert, Jan Luca 06 January 2020 (has links)
Augmented Reality (AR) Anwendungen finden zunehmend den Weg auf Smartphones und Tablets und etablieren sich stetig weiter in unseren Alltag. Bislang waren spezielle Drittanbieter-Entwicklungsumgebungen (SDKs) wie Vuforia für die Entwicklung von AR Anwendungen notwendig, um die teils komplexe Erkennung von Objekten und Umgebungen für eine positionsgetreue Darstellung von Texten und virtuellen 3D-Modellen zu ermöglichen. Heutet bieten die Hersteller der mobilen Betriebssysteme eigene SDKs, wie z.B. Google mit ARCore für eine Reihe von Smartphones und Tablets auf Android-Basis, an. Apple kaufte 2015 die Firma metaio, welche bis dato eines der leistungsstärksten AR-SDKs angeboten hat. Seit 2017 ist das SDK vollständig in das Betriebssystem integriert und lässt sich von jedem Entwickler wie jede andere Standardfunktionalität des Betriebssystems nutzen [...] Ermöglicht wird die virtuelle Positionierung über die visuell-inertiale Odometrie (VIO), bei den markanten Punkten in jedem einzelnen Kamerabild des Videostreams der Smartphone Kamera verglichen und zusätzlich mit den detektierten Bewegungen über die integrierte Bewegungs-und Beschleunigungssensoren des Smartphones abgleichen werden. Durch dieses Verfahren lassen sich digitale, dreidimensionale Abbilder der Umgebung erzeugen, ohne spezielle Kameras mit Tiefensensoren oder Stereokameras nutzen zu müssen. Die Nutzung von AR erfreut sich unter den Anwendern immer größerer Beliebtheit. Dabei ist den Anwendern häufig nicht klar, dass die anfallenden Daten, welche durch die VIO generiert werde, auch Auswertungen ermöglichen, die einen erheblichen Eingriff in die Privatsphäre bedeuten. [... aus der Einleitung]
|
472 |
Opportunities and challenges with the GDPR implementation : A study of how the GDPR has affected business processes in SwedenAl Abassi, Baraa, Aladellie, Sara January 2020 (has links)
The General Data Protection Regulation is a relatively new law that is applied to all companies within the member states of the European Union. The law is established to protect individual’s personal rights and privacy from being misused. The purpose of this qualitative study is to investigate how businesses based in Sweden have complied with their internal and external processes in alignment with the GDPR. The gap that was found was that limited research has been made regarding how businesses have complied in alignment with the law after the implementation. To investigate this problem area, semi-instructed interviews were conducted with five large companies in Sweden. The results that were found was that the General Data Protection Regulation has contributed to different challenges for businesses as well as opportunities. Nevertheless, a major finding from the empirical presentation together with previous research was that the businesses need to standardise their processes to align with the standards of the General Data Protection Regulation.
|
473 |
Protection des données personnelles côté utilisateur dans le e-commerce / Personal user data protection in the e-commerceDari Bekara, Kheira 18 December 2012 (has links)
L’informatique et Internet en particulier favorisent grandement la collecte de données à l'insu de l'utilisateur, leur divulgation à des tiers et le croisement des données. La densité des activités humaines dans le monde numérique constitue donc un terrain fertile pour de potentielles atteintes à la vie privée des utilisateurs. Les présents travaux examinent d'abord le contexte légal de la protection de la vie privée, ainsi que les divers moyens informatiques destinés à la protection des données personnelles. Il en ressort un besoin de solutions centrées utilisateur, lui donnant davantage de contrôle sur ses données personnelles. Dans cette perspective, nous analysons le cadre légal français et européen pour en tirer des axes de protection. Nous spécifions ensuite les contraintes tirées de ces axes, en proposant de les introduire dans les modèles de politiques de sécurité existants. Ainsi, nous suggérons l’application d’un seul modèle pour le contrôle d’accès et la protection de la vie privée. Le modèle de contrôle d’accès doit être étendu par de nouvelles conditions et paramètres d’accès. Pour cela, nous définissons le langage XPACML (eXtensible Privacy aware Access Control Markup Language) conçu sur la base d’extensions apportées au modèle de contrôle d’accès XACML. Placés dans un contexte E-Commerce, nous avons défini un modèle sémantique permettant de représenter les contextes liés aux différentes transactions électroniques. Ainsi nous avons pu effectuer une génération dynamique des politiques XPACML en fonction du contexte en cours. A la quête d’une protection étendue des données personnelles, nous avons consacré la dernière partie de nos travaux aux négociations possibles qui peuvent être effectuées entre un utilisateur et un fournisseur de service. Ainsi nous avons proposé deux protocoles. Le premier porte sur la négociation des termes et conditions des politiques de protection des données, alors que le deuxième porte sur la négociation des données à dévoiler elles mêmes / Informatics and Internet in particular favor largely the collection of data without user permission, their disclosure to third parties and their cross-analysis. The density of the human activities in the digital world thus constitutes a fertile ground for potential invasions of privacy of the users. Our works examine first the legal context of privacy protection, as well as the diverse computing means intended for the protection of personal data. A need for user centered solutions emerges, giving him/her more control over his/her personal data. In this perspective, we analyze European and French privacy legislation to extract data protection axis. Then we specify the constraints related to these axes, and we introduce them in existing security policy models. Thus we suggest the application of one model for both access control and privacy protection. The access control model should be extended by new privacy related conditions and parameters. To do so, we define the language XPACML (eXtensible Privacy aware Access Control Markup Language) based on XACML and new privacy extensions. Placed in an E-commerce context, we define a semantic model allowing to represent various electronic transactions contexts, and leading to a dynamic generation of context- aware XPACML policies. Looking for a vast protection of the personal data, we dedicate the last part of our works to the possible negotiations which can be made between a user and a service provider. Two protocols are proposed. The first one permits the negotiation of the terms and the conditions of data protection policies, while the second permits the negotiation of the requested data themselves
|
474 |
Personal data protection in context of cyberwarfareTovkun, Yulia January 2023 (has links)
This thesis highlights the importance of a comprehensive approach to personal data protection in the context of cyber warfare. By combining legislative analysis, analysis of cyber incidents, threat modeling, and risk assessment, a robust framework can be developed to identify and mitigate security and privacy threats effectively. This study serves as a foundation for future research in the field of personal data protection and cybersecurity.
|
475 |
[pt] A COMPREENSÃO DA CONFIANÇA, PRIVACIDADE E LEGISLAÇÃO DE QUEM PROJETA E CONSOME PRODUTOS E SERVIÇOS DIGITAIS / [en] UNDERSTANDING THE TRUST, PRIVACY AND LEGISLATION OF THOSE WHO DESIGN AND CONSUME DIGITAL PRODUCTS AND SERVICESCARLOS EDUARDO C NASCIMENTO JR 13 October 2020 (has links)
[pt] Graças aos avanços tecnológicos e à grande difusão da internet, o mundo assiste ao crescente interesse público e privado no tratamento e manipulação de dados pessoais. Com isto, a necessidade de se criar instrumentos jurídicos que regulem este processo se tornou um grande foco de discussão nas principais democracias do mundo. Com a proximidade da entrada em vigor da nova legislação brasileira de proteção de dados, este estudo se propõe a um maior entendimento sobre a compreensão de confiança e privacidade, assim como suas relações com a nova Lei Geral de Proteção de Dados (LGPD), do ponto de vista de quem projeta e de quem consome serviços e produtos digitais. Através da revisão bibliográfica exploratória em torno destes conceitos, estudos recentes e legislações que envolvem confiança e privacidade, foi formada uma base teórica para que entrevistas exploratórias, dinâmicas participativas e um questionário digital pudessem ser aplicados. Através da análise do conteúdo coletado foi possível descrever que: projetistas e usuários veem a confiança como base de um relacionamento de troca, e que a privacidade é um dos principais geradores desta confiança. Também, é perceptível uma dificuldade na separação entre os conceitos de privacidade e segurança de dados, e em visualizar a materialização da legislação em meio digital. Neste cenário observamos um vasto campo para pesquisas futuras que possam (1) auxiliar o desenvolvimento de ferramentas e processos para projetar a privacidade em meio digital, com foco na confiança; e (2) contribuir para a elaboração de instrumentos jurídicos voltados à implementação da legislação em ambiente digital. / [en] Due to the technological development and huge infiltration of the internet, there is an increasing global interest - public and private context - in dealing and manipulating personal data. Thus, the need of developing legal instruments to regulate this process has become the central target of the most relevant democracies of the world. Due to the new coming Brazilian Law of General Data Protection (LGPD), this study aims the perception of trust, privacy and their connections with the new LGPD, regarding designers and users of digital products/services point of view. A consistent bibliographic review upon recent studies, concepts and legislations related to trust and privacy was used to develop and sustain theoretical basis to apply exploratory interviews, interactive groupworks and digital forms.
Through the analysis of the collected data was possible to acknowledge that designers and users considered that a reciprocal relationship is based on trust and privacy is one of the main trust builders. Also, the boundaries between both concepts, trust and privacy, are not easily perceived, as well as the materialization of laws related to the digital environment. This is the scenario of a large field for future researches to promote the creation of tools and processes that will insert privacy into the digital world, increasing the trust perception, and to create law instruments for the implementation of the LGPD in the digital context.
|
476 |
Implementing a Zero Trust Environmentfor an Existing On-premises Cloud Solution / Implementering av en Zero Trust miljö för en existerande påplats molnlösningPero, Victor, Ekman, Linus January 2023 (has links)
This thesis project aimed to design and implement a secure system for handling and safeguarding personal data. The purpose of the work is to prevent unauthorized actors from gaining access to systems and data. The proposed solution is a Zero Trust architecture which emphasizes strong security measures by design and strict access controls. The system must provide minimal access for users and should be integrated with the existing cloud-based infrastructure. The result is a system that leverages Keycloak for identity management and authentication services, GitLab to provide a code hosting solution, GPG for commit signing, and OpenVPN for network access. Through the utilization of Gitlab, Keycloak and OpenVPN the system achieved a comprehensive design for data protection, user authentication and network security. This report also highlights alternative methods, future enhancements and potential improvements to the completed system. / Målet med denna rapport är att designa och implementera ett säkert system för hantering och skydd av personlig data. Syftet med arbetet är att förhindra obehöriga att få tillgång till system och data. Den föreslagna lösningen är en Zero Trustarkitektur som betonar skärpta säkerhetsåtgärder genom design och strikta åtkomstkontroller. Systemet måste ge minimal åtkomst för användare som brukar det och integreras med den befintliga molnbaserade infrastrukturen. Resultatet är ett system som använder Keycloak för hantering av identiteter och autentisering, GitLab för att tillhandahålla ett kodarkiv där användare kan ladda upp sin kod, GPG för att signera commits, och OpenVPN för nätverksåtkomst. Genom användning av GitLab, Keycloak och OpenVPN uppnådde systemet en omfattande design för dataskydd, användarautentisering och nätverkssäkerhet. Denna rapport nämner också alternativa metoder, framtida och potentiella förbättringar av det färdiga systemet.
|
477 |
Experience with users about the various GDPR provisions available through the servicesAlid, Hani January 2023 (has links)
This thesis discusses the General Data Protection Regulation (GDPR) and its impact on individuals since the GDPR became effective in May 2018. The regulation has had significant implications for companies and organizations that handle user data as it provides fines if they are non-compliance. However, the GDPR was created to protect individuals' privacy and personal data in the European Union (EU), which has added many complexities to companies and individuals. This study aims to provide an experiment with individuals in Sweden to document their knowledge of the regulations and their ability to exercise the rights granted and to know their opinions through interviews with 19 samples of individuals. The research deals with the third chapter more than other chapters of the GDPR. The results revealed a lack of awareness among the participants, with only a small percentage having prior knowledge of the GDPR and lacking a clear understanding of the implications and practical implementation of these rights, despite the participants' enthusiasm when explaining the rights to them. Participants acknowledged the importance of their data and assessed the provisions of the GDPR. They emphasized rights such as access, rectification, and erasure as necessary to protect privacy. After obtaining nearly complete knowledge, the participants could exercise and find the GDPR rights entirely on Swedish sites, except those who were able to find the rights with only a little knowledge. The study highlights the need to enhance individuals' awareness of the GDPR and improve transparency and accessibility of privacy policies.
|
478 |
Seed and Grow: An Attack Against Anonymized Social NetworksPeng, Wei 07 August 2012 (has links)
Indiana University-Purdue University Indianapolis (IUPUI) / Digital traces left by a user of an on-line social networking service can be abused by a malicious party to compromise the person’s privacy. This is exacerbated by the increasing overlap in user-bases among various services.
To demonstrate the feasibility of abuse and raise public awareness of this issue,
I propose an algorithm, Seed and Grow, to identify users from an anonymized social
graph based solely on graph structure. The algorithm first identifies a seed sub-graph either planted by an attacker or divulged by collusion of a small group of users, and then grows the seed larger based on the attacker’s existing knowledge of the users’ social relations.
This work identifies and relaxes implicit assumptions taken by previous works,
eliminates arbitrary parameters, and improves identification effectiveness and accuracy. Experiment results on real-world collected datasets further corroborate my expectation and claim.
|
479 |
The EU General Data Protection Regulations and their consequences on computer system design / EUs allmänna dataskyddsförordning och dess konsekvenser för programsystemteknikMagnusson, Wilhelm January 2017 (has links)
As of writing this thesis, the EU’s new data protection laws (GDPR) will start to apply within one year. The new regulations are poorly understood by many and rumours of varying accuracy are circling the IT industry. This thesis takes a look at the parts of the GDPR concerning system design and architecture, clarifying what they mean and their consequences for system design. The new regulations are compared to the old data protection laws (Directive 95/46/EC), showing how companies must alter their computer systems in order to adapt. Using evaluations of the old data protection laws predictions are made for how the GDPR will affect the IT industry going forward. One of the more important questions are what tools are available for companies when adapting to privacy protection regulations and threats. This thesis aims to identify the most common processes for this kind of system modification and compare their effectiveness in relation to the GDPR. / Vid framställningen av denna avhandling är det mindre än ett år innan EUs nya dataskyddsförordning (GDPR) träder i kraft. Många har bristande förståelse av de nya förordningarna och rykten av varierande korrekthet cirkulerar inom IT industrin. Denna avhandling utför en kritisk undersökning utav de delar inom GDPR som berör system design och arkitektur och beskriver dess innebörd för system design. De nya lagarna jämförs med de föregående dataskyddslagarna (Direktiv 95/46/EC) för att påvisa de modifikationer som kommer krävas för att anpassa datorsystem till de nya förordningarna. Genom att undersöka de äldre dataskyddslagarnas effekt på industrin görs även förutsägelser kring hur GDPR kommer påverka IT industrin inom den närmaste framtiden. Än av de intressantare frågorna är vilka metoder som finns tillgängliga för att underlätta systemanpassningar relaterade till dataskyddsförordningar. Denna avhandling syftar att identifiera de mest etablerade av dessa typer av processer och jämföra deras lämplighet i förhållande till GDPR.
|
480 |
Обработка клиентских запросов с использованием облачных технологий в банковской сфере : магистерская диссертация / Processing of client requests using cloud technologies in the banking sphereЧупракова, Т. С., Chuprakova, T. S. January 2018 (has links)
Тема магистерской диссертации: «Обработка клиентских запросов с использованием облачных технологий в банковской сфере»
Магистерская диссертация выполнена на 98 страницах, содержит 3 таблицы, 18 рисунков, 60 использованных источников.
Актуальность использования облачных технологий в банках возросла в связи с переходом России на «цифровую» экономику, что подразумевает под собой перевод значительной части капитальных вложений в ИТ, а не в операционные расходы, сокращение затрат и ускорение цикла создания и вывода на рынок новых продуктов.
Целью работы является внедрение и обеспечение безопасности облачных технологий для обработки клиентских запросов в банковской сфере.
Задачи работы:
изучение теоретических основ облачных технологий и защиты информации;
анализ обработки запросов и выявление текущих проблем;
разработка методологии внедрения облачных технологий при обработке внешних запросов.
Объект исследования является региональный̆ банк АО «ВУЗ-банк».
Предмет исследования - обработка клиентских запросов.
В первой главе был проведен обзор облачных технологий, характерных при развитии цифровой экономики, а также вопросы безопасности их применения в банковской сфере. Кроме того, были рассмотрены крупнейшие провайдеры и способы подбора лучшего из них для каждого конкретного предприятия.
Во второй главе описывается методология внедрения облачных технологий при обработке внешних запросов клиента, подробно рассматривается политика информационной безопасности банка и принципы обучения сотрудников.
Третья глава посвящена изучению характеристики предприятия АО «ВУЗ-банк», анализу обработки внешних запросов в компании и описанию основных проблем в ходе обработки данных при использовании облачных технологий.
Результаты работы: внедрение и обеспечение безопасности облачных технологий для обработки клиентских запросов в банковской сфере была успешно доказана. / Theme of the master's thesis is: "Processing of client requests using cloud technologies in the banking sphere"
The master's thesis is executed on 98 pages, contains 3 tables, 18 figures, 60 sources used.
The urgency of using cloud technologies in banks has increased in connection with the transition of Russia to a "digital" economy, which implies the transfer of a significant part of capital investments in IT, rather than in operating expenses, reducing costs and accelerating the cycle of creating and launching new products.
The goal of the work is to implement and provide security for cloud technologies for processing client requests in the banking sector.
Objectives of work:
studying the theoretical foundations of cloud technologies and information protection;
analysis of query processing and identification of current problems;
development of a methodology for implementing cloud technologies for processing external requests.
The object of the study is a regional bank of VUZ-Bank JSC.
The subject of the research is the processing of client requests.
In the first chapter, a review was made of cloud technologies, characteristic for the development of the digital economy, as well as the safety of their application in the banking sector. In addition, the largest providers and ways of selecting the best of them for each particular enterprise were considered.
The second chapter describes the methodology for implementing cloud technologies when processing external customer requests, details the Bank's information security policy and the principles of employee training.
The third chapter is devoted to the study of the characteristics of the enterprise JSC VUZ-Bank, the analysis of processing external requests in the company and a description of the main problems in the processing of data using cloud technologies.
The results of the work: the introduction and security of cloud technologies for the processing of client requests in the banking sector has been successfully proven.
|
Page generated in 0.1067 seconds