{"title":"Privacy threats in a mobile enterprise social network","authors":"Allan Tomlinson, Po-Wah Yau, John A. MacDonald","doi":"10.1016/j.istr.2010.10.004","DOIUrl":null,"url":null,"abstract":"<div><p>The ‘Instant Knowledge’ system is an enterprise based social network that aims to introduce employees of the enterprise to contacts within the organization who may have skills relevant to particular tasks. The skills database is maintained through context-aware devices, and mobile devices in particular. The aim is to populate the database automatically based on user context data and to provide automatic introductions, again based on context data. This paper examines the security and privacy implications of this system and shows that while threat modelling on its own provides a solid base from which to secure the system, this is not enough to ensure that all privacy issues are considered. This is demonstrated by applying a mis-use case analysis that shows how personal identifying information can be inadvertantly leaked to malicious parties.</p></div>","PeriodicalId":100669,"journal":{"name":"Information Security Technical Report","volume":"15 2","pages":"Pages 57-66"},"PeriodicalIF":0.0000,"publicationDate":"2010-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1016/j.istr.2010.10.004","citationCount":"11","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Information Security Technical Report","FirstCategoryId":"1085","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1363412710000294","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 11
Abstract
The ‘Instant Knowledge’ system is an enterprise based social network that aims to introduce employees of the enterprise to contacts within the organization who may have skills relevant to particular tasks. The skills database is maintained through context-aware devices, and mobile devices in particular. The aim is to populate the database automatically based on user context data and to provide automatic introductions, again based on context data. This paper examines the security and privacy implications of this system and shows that while threat modelling on its own provides a solid base from which to secure the system, this is not enough to ensure that all privacy issues are considered. This is demonstrated by applying a mis-use case analysis that shows how personal identifying information can be inadvertantly leaked to malicious parties.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
