Michael Netter

Integrating Security Patterns into the Electronic Invoicing Process

The increasing automation of business processes is one of the main benefits of the ongoing technological evolution. Regarding e-invoices this automation process is still not optimally supported despite the fact that recent studies indicate a high potential to save costs. Within this paper we identify the main obstacles and propose a multi-stage solution. Therein we classify the e-invoicing process using common security objectives and, since the process includes many security related elements, propose an initial solution based on security patterns. The approach takes advantage of the main benefits of security patterns to provide a domain-independent solution which is built upon expert knowledge.

An Analysis of Implemented and Desirable Settings for Identity Management on Social Networking Sites

To address privacy threats stemming from interacting with other users on Social Networking Sites (SNS), effective Social Identity Management (SIdM) is a key requirement. SIdM refers to the deliberate and targeted disclosure of personal attribute values to a subset of ones contacts on SNS. While a variety of privacy-enhancing approaches have been proposed, these are often isolated solutions that lack integration into a reference framework that states the requirements for successfully managing ones identity. In this paper, a reference framework of existing and desired SIdM settings is derived from identity theory, literature analysis, and existing SNS. Based thereupon, we examine the SIdM capabilities of prevalent SNS and highlight possible improvements.

Analyzing Privacy in Social Networks--An Interdisciplinary Approach

The rise of the social web has traditionally been accompanied by privacy concerns. Research on social web privacy has been conducted from various directions including law, social and computer sciences contributing to the body of literature. In this paper, we argue for an interdisciplinary approach to capture the multidimensional concept of privacy. For this purpose, we propose a three-layered framework to systematically analyze the privacy impact of various research directions. Subsequently, we conduct an interdisciplinary literature analysis, highlighting areas for improvement as well dependencies between different research directions.

Attacking Image Recognition Captchas

The landscape of the World Wide Web today consists of a vast amount of services. While most of them are offered for free, the service providers prohibit their malicious usage by automated scripts. To enforce this policy, CAPTCHAS have emerged as a reliable method to setup a Turing test to distinguish between human and computers. Image recognition CAPTCHAS as one type of CAPTCHAS promise high human success rates. In this paper however, we develop an successful approach to attack this type of Captcha. To evaluate our attack we implemented a publicly available tool, which delivers promising results for the HumanAuth Captcha and others. Based upon our findings we propose several techniques for improving future versions of image recognition CAPTCHAS.

Analyzing settings for social identity management on Social Networking Sites: Classification, current state, and proposed developments

The rising prevalence of Social Networking Sites (SNS) and their usage in multiple contexts poses new privacy challenges and increasingly prompts users to manage their online identity. To address privacy threats stemming from interacting with other users on SNS, effective Social Identity Management (SIdM) is a key requirement. It refers to the deliberate and targeted disclosure of personal attribute values to a subset of ones contacts or other users on the SNS. Protection against other entities such as the site operator itself or advertisers and application programmers is not covered by SIdM, but could be incorporated in further refinement steps. Features and settings to perform SIdM have been proposed and subsequently implemented partly by some SNS. Yet, these are often isolated solutions that lack integration into a reference framework that states the requirements for successfully managing ones identity. In this article, such a reference framework of existing and desired SIdM settings is derived from identity theory, literature analysis, and existing SNS. Based thereupon, we examine the SIdM capabilities of prevalent SNS and highlight possible improvements. Lastly, we reason about developing a metric to objectively compare the capability of SNS in regards to their support for SIdM.

Taxonomy for Social Network Data Types from the Viewpoint of Privacy and User Control

The growing relevance and usage intensity of Online Social Networks (OSNs) along with the accumulation of a large amount of user data has led to privacy concerns among researchers and end users. Despite a large body of research addressing OSN privacy issues, little differentiation of data types on social network sites is made and a generally accepted classification and terminology for such data is missing, hence leading to confusion in related discussions. This paper proposes a taxonomy for data types on OSNs based on a thorough literature analysis and a conceptualization of typical OSN user activities. It aims at clarifying discussions among researchers, benefiting comparisons of data types within and across OSNs and at educating the end user about characteristics and implications of OSN data types. The taxonomy is evaluated by applying it to four major OSNs.

Analyzing quality criteria in role-based identity and access management

Roles have turned into the de facto standard for access control in enterprise identity management systems. However, as roles evolve over time, companies struggle to develop and maintain a consistent role model. Up to now, the core challenge of measuring the current quality of a role model and selecting criteria for its optimization remains unsolved. In this paper, we conduct a survey of existing role mining techniques and identify quality criteria inherently used by these approaches. This guides organizations during the selection of a role mining technique that matches their company-specific quality preferences. Moreover, our analysis aims to stimulate the research community to integrate quality metrics in future role mining approaches.

How to Discover High-Quality Roles? A Survey and Dependency Analysis of Quality Criteria in Role Mining

Roles have evolved into the de facto standard for access control in Enterprise Identity Management. However, companies struggle to develop and maintain a role-based access control state. For the initial role deployment, role mining is widely used. Due to the high number and complexity of available role mining algorithms, companies fail to perceive which is selected best according to their needs. Furthermore, requirements on the composition of roles such as reduction of administration cost are to be taken into account in role development. In order to give them guidance, in this paper we aggregate existing role mining approaches and classify them. For consideration of individual prerequisites we extract quality criteria that should be met. Later on, we discuss interdependencies between the criteria to help role developers avoid unwanted side-effects and produce RBAC states that are tailored to their preferences.

An Autonomous Social Web Privacy Infrastructure with Context-Aware Access Control

The rise of online social networks (OSNs) has traditionally been accompanied by privacy concerns. These typically stem from facts: First, OSN service providers’ access to large databases with millions of user profiles and their exploitation. Second, the user’s inability to create and manage different identity facets and enforce access to the self as in the real world. In this paper, we argue in favor of a new paradigm, decoupling the management of social identities in OSNs from other social network services and providing access controls that take social contexts into consideration. For this purpose, we first propose Priamos, an architecture for privacy-preserving autonomous management of social identities and subsequently present one of its core components to realize context-aware access control. We have implemented a prototype to evaluate the feasibility of the proposed approach.

Interdisciplinary Impact Analysis of Privacy in Social Networks

The rise of the social web has traditionally been accompanied by privacy concerns. Research on social web privacy has been conducted from various viewpoints including legal, social, and the computer sciences. In this chapter, we propose an interdisciplinary approach to capture the multidimensional concept of privacy. For this purpose, we developed a three-layered framework to systemati- cally analyze the privacy impact of various research directions. In addition, we conducted an interdisciplinary literature analysis, highlighting areas for improve- ment as well dependencies between different research directions.