The Library
Enhancing user's privacy : developing a model for managing and testing the lifecycle of consent and revocation
Tools
Agrafiotis, Ioannis (2012) Enhancing user's privacy : developing a model for managing and testing the lifecycle of consent and revocation. PhD thesis, University of Warwick.
|
Text
WRAP_THESIS_Agrafiotis_2013.pdf - Submitted Version Download (3405Kb) | Preview |
Official URL: http://webcat.warwick.ac.uk/record=b2691066~S1
Abstract
Increasingly, people turn to the Internet for access to services, which often require
disclosure of a significant amount of personal data. Networked technologies have
enabled an explosive growth in the collection, storage and processing of personal
information with notable commercial potential. However, there are asymmetries in
relation to how people are able to control their own information when handled by
enterprises. This raises significant privacy concerns and increases the risk of privacy
breaches, thus creating an imperative need for mechanisms offering information
control functionalities.
To address the lack of controls in online environments, this thesis focuses on
consent and revocation mechanisms to introduce a novel approach for controlling
the collection, usage and dissemination of personal data and managing privacy ex-
pectations. Drawing on an extensive multidisciplinary review on privacy and on
empirical data from focus groups, this research presents a mathematical logic as the
foundation for the management of consent and revocation controls in technological
systems.
More specifically, this work proposes a comprehensive conceptual model for con-
sent and revocation and introduces the notion of 'informed revocation'. Based on
this model, a Hoare-style logic is developed to capture the effects of expressing indi-
viduals' consent and revocation preferences. The logic is designed to support certain
desirable properties, defined as healthiness conditions. Proofs that these conditions
hold are provided with the use of Maude software. This mathematical logic is
then verified in three real-world case study applications with different consent and
revocation requirements for the management of employee data in a business envi-
ronment, medical data in a biobank and identity assurance in government services.
The results confirm the richness and the expressiveness of the logic. In addition, a
novel testing strategy underpinned by this logic is presented. This strategy is able
to generate testing suites for systems offering consent and revocation controls, such
as the EnCoRe system, where testing was carried out successfully and resulted in
identifying faults in the EnCoRe implementation.
Item Type: | Thesis (PhD) | ||||
---|---|---|---|---|---|
Subjects: | T Technology > T Technology (General) | ||||
Library of Congress Subject Headings (LCSH): | Data protection, Hoare logic, Internet -- Security measures -- Testing, Computer networks -- Security measures -- Testing, Computer security | ||||
Official Date: | 2012 | ||||
Dates: |
|
||||
Institution: | University of Warwick | ||||
Theses Department: | School of Engineering | ||||
Thesis Type: | PhD | ||||
Publication Status: | Unpublished | ||||
Supervisor(s)/Advisor: | Creese, Sadie; Goldsmith, M. (Michael) | ||||
Sponsors: | Engineering and Physical Sciences Research Council (EPSRC) | ||||
Extent: | v, 239 pages : illustrations. | ||||
Language: | eng |
Request changes or add full text files to a record
Repository staff actions (login required)
View Item |
Downloads
Downloads per month over past year