Sergio Donizetti Zorzo

Patterns to Support the Development of Privacy Policies

This paper presents patterns for privacy policies to be used in web sites, in particular e-commerce and e-business sites. Because of their financial aspects, the users accesing those sites need to provide personal information, and expect integrity, security, and privacy. The patterns are derived from a study of the 33 most accessed e-commerce sites in Brazil, where it was possible to observe that they do not use a systematic approach to develop privacy policies which are clear, friendly, and with relevant contents.

Privacy Mechanism for Applications in Cloud Computing

Applications stored in the cloud enable users to access and perform tasks in real time, reducing costs in the acquisition of computer resources. Although there are benefits, this paradigm also brings security and privacy risks to users, such as theft of information or identity. This paper proposes a mechanism able to provide privacy protection for users to use applications that address issues of identity, confidentiality and user preferences.

An access control mechanism to ensure privacy in named data networking using attribute-based encryption with immediate revocation of privileges

For future Internet, information-centric networking (ICN) is considered a potential solution to many of its current problems. However, concern regarding the protection of user data persists. This paper presents an access control mechanism that will allow users to set fine-grained access policies for applications in named data networking (NDN), a popular ICN architecture. Using an attribute-based encryption scheme with an immediate revocation of privileges, data security is guaranteed. The mechanism inserts a proxy server to mediate the access to the protected data and to inspect for revocation. As an optional feature, the NDN router can add proxy server functions. According to the experiments, the proposed security mechanism proved functional in terms of processing time, memory usage, and file size, which influence both storage and transmission and demonstrate efficiency in manipulating dozens of attributes in an access policy.

Using scrum to teach software engineering: A case study

The diffusion of agile methodologies in software development makes them more mature for corporative environment. However, teaching agile methodologies on the academic environment poses many difficulties and limitations. This paper describes a case study where an innovative approach for teaching software development technologies was adopted. In this approach, the entire course was designed to fit Scrums principles, so that the students could apply them as they were learning it. Also, the courses main project was to be developed in sprints, as proposed in Scrum. After almost two years using this approach, in this paper we describe our experience and perform a critical analysis. We observed some positive points, such as the practical nature of learning by example, and a better preparation of the students regarding agile methodologies. As negative points, we highlight the impossibility of delivering complete products in earlier sprints, and some interaction and collaboration difficulties. The main conclusion of this study is that, for the approach to work in our academic scenario, a modified version of the Scrum methodology was necessary.

IP2 Model - Content Recommendation in Web-Based Educational Systems Using User's Interests and Preferences and Resources' Popularity

Content recommendation in Web based educational systems aims to provide references to didactic and educational resources, attending the individual necessities of the students. This paper presents an approach for content recommendation based on three metrics, the interest a user has on resources, her or his preferences over the resources and the popularity of resources. The interest is get implicitly taking into account the users navigation through the system. The preference is declared explicitly by the user using a classification mechanism. The popularity is a measure that considers the history of the resources access by the users as a whole. With these three kinds of measures, the approach provides user profiles which are then considered for content recommendation.

A personalized TV guide system compliant with Ginga

In this paper we present a personalized recommendation system, the RecommenderTV consistent with the reference implementation of the middleware Ginga. The implementation of the system RecommenderTV demanded the inclusion of new features to the middleware Ginga-NCL none exists in the implementation of reference. The service providers (in the analog system, broadcasters) and its importance to the system RecommenderTV are discussed in this work. The results obtained with three different mining algorithms running in a set-top box using real data provide by IBOPE Midia are presented. Finally, we are reported the results obtained from the experiments with the system of recommendation implemented.

ProGrid: a proxy-based architecture for grid operation and management

We introduce the ProGrid system, an architecture for computational grids, whose communication and resource management infrastructure is used transparently by the applications. Unlike other grid approaches, either application-centric or system-centric, the model relies on the use of proxy servers to perform additional communications and authentication procedures on behalf of client applications. The purpose of this mechanism is to enable parallel applications to be executed in geographically distributed environments interlinked by an open communication network, such as the Internet, meeting the security requisites desirable for computational grids. Among the common services of a grid, we focus on safe communication and the controlled sharing of available resources. To identify the resources, standards under development are considered for the specification of objects in grids. We also discuss an extension of the functionality of proxy servers to include support for the standardized management of the grid and of the available objects.

PUPDroid - Personalized user privacy mechanism for android

The technological progress of mobile devices, the low cost of this device and the facility of use are increasing the usability of mobile devices. Since these devices provide access to network, its owner has access to almost limitless amount of data and can store more information than in his personal computer (like phone call record, list of contact and calendar). A point of attention is that these devices have some resources that, if misused, can be dangerous to the owner. The major number of existing mobile devices Operational System does not allow the owner to manage how the installed application installed is using hardware device and personal information. In this paper we will present a mechanism to transfer the control of access permission to the owners device with personalized roles. The idea behind the mechanism is to provide to the device owner a way to control the access permission by installed applications providing flexibility to personalize the application privacy. Since the platform does not allow the user to change the application permission after it is installed, Android was chosen to develop the proof of concept of the mechanism because it is an open source mobile operational system. The results show that the mechanism will allow Android user to improve his device privacy and control how it is used since the roles of access for each application can be personalized. The mechanism will also provide a way for enterprises to build an application to manage the employees device privacy.

Interactive Service Provider Architecture for Interactive Digital Television systems

The Interactive Digital TV systems allow a new range of services around broadcasted television content. Thus, interactive programs can be broadcasted allowing user interaction. The interaction implicates in a new way to produce and think about television content. This paper aims at presenting Interactive Service Provider architecture for Interactive Digital TV systems, based on service-oriented architecture, ensuring a standardized communication between client applications and its interactive services. The diversity of broadcasted applications and usage of an Interactive Channel as external communication in Brazilian context, leads to a case-study with the objective to consider the social inclusion intention specified in Brazilian Presidential Decree No. 4901.

Evaluating capstone project through flexible and collaborative use of Scrum framework

Scrum framework disseminates principles that guarantee a dynamic and adaptable Software development process. Supporting the software engineering teaching using agile methodologies and Scrum framework with some proper adaptations is the challenge of Federal University of São Carlos in the Software Engineering specialization course for graduated students. The article presents an evaluation of Scrum adaptations performed to evaluate the capstone project. In this case study, the adoption of Scrum to manage the capstone project represents a direct and objective approach in order to have an environment similar to the real one. Moreover, the inexperience of the teams, the partial dedication in the projects and the distributed teams showed the necessity of self-management of the teams among other lessons learned to teach Software Engineering in this setting. Finally, evaluating a capstone project using Scrum framework in a flexible and collaborative way made it possible to realize the difficulties faced by the teams and the need for technical improvements, thanks to Scrum framework functions.