Search Results (11)

With the recent increase in phishing attacks and other kinds of malicious activities, increasing the awareness of security and privacy awareness is arguably one of the best proven ways of preventing these kinds of threats. The main challenge in security and privacy awareness is the end user’s awareness of aspects of privacy and security they give up when using the Internet. Thus, this study focuses on identifying and discussing the growing threats of Internet usage and the lack of privacy and security knowledge of the everyday person. This study presents the results of a survey conducted to determine discrepancies between what rights users think they sign away when they agree to terms of service versus what rights they actually give away. It is hypothesized that people are genuinely unaware of what rights they are giving up, especially since they are signing the terms of service without reading the fine print. In this study, the terms of service were presented to respondents, and they answered questions on what they thought they were giving up, but once they answered the questions, they were explicitly told whether they truly knew what rights they signed away. The experimental results of this study examine how much knowledge the everyday person lacks with respect to the privacy policies they sign. All of this is ultimately used to examine possible flaws in the system. The experimental results illustrate the results of the survey. Based on the total surveys completed, the average score was 62%. This means that out of 10 clauses described in a given terms of service document or privacy policy, people are truly unaware of at least 4 of these statements. Full article

Privacy policies are the main method for informing Internet users of how their data are collected and shared. This study aims to analyze the deficiencies of privacy policies in terms of readability, vague statements, and the use of pacifying phrases concerning privacy. This represents the undertaking of a step forward in the literature on this topic through a comprehensive analysis encompassing both time and website coverage. It characterizes trends across website categories, top-level domains, and popularity ranks. Furthermore, studying the development in the context of the General Data Protection Regulation (GDPR) offers insights into the impact of regulations on policy comprehensibility. The findings reveal a concerning trend: privacy policies have grown longer and more ambiguous, making it challenging for users to comprehend them. Notably, there is an increased proportion of vague statements, while clear statements have seen a decrease. Despite this, the study highlights a steady rise in the inclusion of reassuring statements aimed at alleviating readers’ privacy concerns. Full article

Access Control Policies (ACPs) are essential for ensuring secure and authorized access to resources in IoT networks. Recognizing these policies involves identifying relevant statements within project documents expressed in natural language. While current research focuses on improving recognition accuracy through algorithm enhancements, the challenge of limited labeled data from individual clients is often overlooked, which impedes the training of highly accurate models. To address this issue and harness the potential of IoT networks, this paper presents FL-Bert-BiLSTM, a novel model that combines federated learning and pre-trained word embedding techniques for access control policy recognition. By leveraging the capabilities of IoT networks, the proposed model enables real-time and distributed training on IoT devices, effectively mitigating the scarcity of labeled data and enhancing accessibility for IoT applications. Additionally, the model incorporates pre-trained word embeddings to leverage the semantic information embedded in textual data, resulting in improved accuracy for access control policy recognition. Experimental results substantiate that the proposed model not only enhances accuracy and generalization capability but also preserves data privacy, making it well-suited for secure and efficient access control in IoT networks. Full article

Access to resources can take many forms: digital access via an onsite network, through an external site, website, etc., or physical access to labs, machines, information repositories, etc. Whether access to resources is digital or physical, it must be allowed, denied, revoked, or disabled using robust and coherent access control (AC) models. What makes the process of AC more complicated is the emergence of digital transformation technologies and pervasive systems such as the internet of things (IoT) and industry 4.0 systems, especially with the growing demand for transparency in users’ interaction with various applications and services. Controlling access and ensuring security and cybersecurity in IoT and industry 4.0 environments is a challenging task. This is due to the increasing distribution of resources and the massive presence of cyber-threats and cyber-attacks. To ensure the security and privacy of users in industry sectors, we need an advanced AC metamodel that defines all the required components and attributes to derive various instances of AC models and follow the new and increasing demand for AC requirements due to continuous technology upgrades. Due to the several limitations in the existing metamodels and their inability to answer the current AC requirements, we have developed a Hierarchical, Extensible, Advanced, Dynamic (HEAD) AC metamodel with significant features that overcome the existing metamodels’ limitations. In this paper, the HEAD metamodel is employed to specify the needed AC policies for two case studies inspired by the computing environment of Institut Technologique de Maintenance Industrielle (ITMI)-Sept-Îles, QC, Canada; the first is for ITMI’s local (non-IoT) environment and the second for ITMI’s IoT environment. For each case study, the required AC model is derived using the domain-specific language (DSL) of HEAD metamodel, then Xtend notation (an expressive dialect of Java) is utilized to generate the needed Java code which represents the concrete instance of the derived AC model. At the system level, to get the needed AC rules, Cypher statements are generated and then injected into the Neo4j database to represent the Next Generation Access Control (NGAC) policy as a graph. NGAC framework is used as an enforcement point for the rules generated by each case study. The results show that the HEAD metamodel can be adapted and integrated into various local and distributed environments. It can serve as a unified framework, answer current AC requirements and follow policy upgrades. To demonstrate that the HEAD metamodel can be implemented on other platforms, we implement an administrator panel using VB.NET and SQL. Full article

Digital communities have gained increasing popularity in the past decade. However, they have put users at security risks, especially when they neglect to pay attention to the privacy statement and privacy settings. Therefore, digital community platforms must provide clear privacy statements and usable privacy settings. This research aims to evaluate the usability of privacy on WhatsApp and Telegram from the perspective of young Saudis. A total of 51 young Saudis participated in remote usability testing, followed by questionnaires and interviews. The results showed some privacy concerns in the two apps. Specifically, there are differences in the youths’ evaluation of the perceived privacy of the participants, with females seeing WhatsApp as more secure than the Telegram App. In the end, some recommendations for improving the privacy policy and settings for each app are discussed to ensure the safety and confidentiality of users’ information. Full article

The rapid growth of urban populations and the need for sustainable urban planning and development has made Unmanned Aerial Vehicles (UAVs) a valuable tool for data collection, mapping, and monitoring. This article reviews the applications of UAV technology in sustainable urban development, particularly in Malaysia. It explores the potential of UAVs to transform infrastructure projects and enhance urban systems, underscoring the importance of advanced applications in Southeast Asia and developing nations worldwide. Following the PRISMA 2020 statement, this article adopts a systematic review process and identifies 98 relevant studies out of 591 records, specifically examining the use of UAVs in urban planning. The emergence of the UAV-as-a-service sector has led to specialized companies offering UAV operations for site inspections, 3D modeling of structures and terrain, boundary assessment, area estimation, master plan formulation, green space analysis, environmental monitoring, and archaeological monument mapping. UAVs have proven to be versatile tools with applications across multiple fields, including precision agriculture, forestry, construction, surveying, disaster response, security, and education. They offer advantages such as high-resolution imagery, accessibility, and operational safety. Varying policies and regulations concerning UAV usage across countries present challenges for commercial and research UAVs. In Malaysia, UAVs have become essential in addressing challenges associated with urbanization, including traffic congestion, urban sprawl, pollution, and inadequate social facilities. However, several obstacles need to be overcome before UAVs can be effectively deployed, including regulatory barriers, limited flight time and range, restricted awareness, lack of skilled personnel, and concerns regarding security and privacy. Successful implementation requires coordination among public bodies, industry stakeholders, and the public. Future research in Malaysia should prioritize 3D modeling and building identification, using the results of this study to propel advancements in other ASEAN countries. Full article

In the United States, there are laws and standards guiding how people should be informed about the use of their private data. However, the challenge of communicating these guidelines to the naïve user is still at its peak. Research has shown that the willingness to read privacy statements is influenced by attitudes toward privacy risks and privacy benefits. Many websites publish privacy policies somewhere on their web pages, and it can be difficult to navigate to them. In the healthcare field, research has found that health information websites’ key information is presented poorly and inconsistently. For the policies to be legally binding, a person must be able to find them. In the healthcare industry, where sensitive data are being collected, research on how a user navigates to privacy policies for different size hospital websites is limited. Studies exist about privacy policies or website design and not both. This descriptive study involved ascertaining commonalities and differences among different-sized hospitals’ website designs for supporting privacy policies. A foundation framework was created using Web Content Accessibility Guidelines (WGAC) principles and the literature review findings for evaluating practices for website publishing of privacy policies. The results demonstrated a very low variance in the website design concepts employed by hospitals to publish their privacy policy. Full article

The purpose of this paper was to investigate technologies, methods, and approaches that can be used to effectively manage smart city risks in the context of the COVID-19 pandemic. The paper was based on a review of specialized literature sources and expert statements on smart cities in times of crisis, specifically during COVID-19. A systematic literature review served as the research’s methodological foundation; this was supplemented by conceptual data analysis techniques and a modeling method. Our initial search yielded 234 research articles, 38 of which met our inclusion criteria and were included in the review. A further 32 studies fell outside of the criteria for supporting smart cities’ crisis management. The main findings showed that technologies can respond quickly to pandemic crisis risks while also ensuring the availability of urban functionality and that there are numerous risks in implementing technologies to achieve effective management. The main risks were privacy concerns, social inclusion, political bias, misinformation and fake news, and technical difficulties with education and distance employment. The practical significance of the paper lay in proposing a model based on specific technologies and policies aimed at effective risk management in the days of COVID-19. Full article

With the growing popularity of online social networks, one common desire of people is to use of social networking services for establishing social relations with others. The boom of social networking has transformed common users into content (data) contributors. People highly rely on social sites to share their ideas and interests and express opinions. Social network sites store all such activities in a data form and exploit the data for various purposes, e.g., marketing, advertisements, product delivery, product research, and even sentiment analysis, etc. Privacy policies primarily defined in Natural Language (NL) specify storage, usage, and sharing of the user’s data and describe authorization, obligation, or denial of specific actions under specific contextual conditions. Although these policies expressed in Natural Language (NL) allow users to read and understand the allowed (or obliged or denied) operations on their data, the described policies cannot undergo automatic control of the actual use of the data by the entities that operate on them. This paper proposes an approach to systematically translate privacy statements related to data from NL into a controlled natural one, i.e., CNL4DSA to improve the machine processing. The methodology discussed in this work is based on a combination of standard Natural Language Processing (NLP) techniques, logic programming, and ontologies. The proposed technique is demonstrated with a prototype implementation and tested with policy examples. The system is tested with a number of data privacy policies from five different social network service providers. Predominantly, this work primarily takes into account two key aspects: (i) The translation of social networks’ data privacy policy and (ii) the effectiveness and efficiency of the developed system. It is concluded that the proposed system can successfully and efficiently translate any common data policy based on an empirical analysis performed of the obtained results. Full article

The article deals with the topic of attention paid to online privacy policy statements by university students. Privacy policy statements were originally intended to mitigate the users’ privacy con-cerns and support trust, but users disregard them. The article uses the theory of planned behav-iour combined with privacy calculus to find and verify determinants of reading privacy policy statements. We used the survey method and evaluated the results with partial least square struc-tural equation modelling. We concluded that the attitude towards reading privacy policy state-ments is influenced by privacy risks and privacy benefits. The intention to read privacy policy statements is influenced by social norms, understanding the privacy policy and mainly by the willingness to spend time and effort reading the statements. The effect of attitude was also signif-icant, but its size was smaller. Finally, wider conclusions are drawn, as the confusion around pri-vacy policy statements is a symptom of a wider social change in the information society. Full article

Privacy compliance of the Middle East’s financial sector has been relatively unexplored. This paper evaluates the privacy compliance and readability of privacy statements for top banks and mobile money services in the Middle East. Our analysis shows that, overall, Middle Eastern banks have better privacy policy availability and language distribution, and are more privacy compliant compared to mobile money services. However, both the banks and mobile money services need to improve (1) compliance with the principles of children/adolescent’s data protection, accountability and enforcement, and data minimization/retention, and (2) privacy statement texts to be comprehensible for a reader with ~8 years of education or less. Full article