Visible to the public Biblio

Filters: Keyword is privacy principles  [Clear All Filters]
2020-03-09
Fhom, Hervais Simo, Bayarou, Kpatcha M..  2011.  Towards a Holistic Privacy Engineering Approach for Smart Grid Systems. 2011IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications. :234–241.

Protecting energy consumers's data and privacy is a key factor for the further adoption and diffusion of smart grid technologies and applications. However, current smart grid initiatives and implementations around the globe tend to either focus on the need for technical security to the detriment of privacy or consider privacy as a feature to add after system design. This paper aims to contribute towards filling the gap between this fact and the accepted wisdom that privacy concerns should be addressed as early as possible (preferably when modeling system's requirements). We present a methodological framework for tackling privacy concerns throughout all phases of the smart grid system development process. We describe methods and guiding principles to help smart grid engineers to elicit and analyze privacy threats and requirements from the outset of the system development, and derive the best suitable countermeasures, i.e. privacy enhancing technologies (PETs), accordingly. The paper also provides a summary of modern PETs, and discusses their context of use and contributions with respect to the underlying privacy engineering challenges and the smart grid setting being considered.

2017-02-23
Fisk, G., Ardi, C., Pickett, N., Heidemann, J., Fisk, M., Papadopoulos, C..  2015.  Privacy Principles for Sharing Cyber Security Data. 2015 IEEE Security and Privacy Workshops. :193–197.

Sharing cyber security data across organizational boundaries brings both privacy risks in the exposure of personal information and data, and organizational risk in disclosing internal information. These risks occur as information leaks in network traffic or logs, and also in queries made across organizations. They are also complicated by the trade-offs in privacy preservation and utility present in anonymization to manage disclosure. In this paper, we define three principles that guide sharing security information across organizations: Least Disclosure, Qualitative Evaluation, and Forward Progress. We then discuss engineering approaches that apply these principles to a distributed security system. Application of these principles can reduce the risk of data exposure and help manage trust requirements for data sharing, helping to meet our goal of balancing privacy, organizational risk, and the ability to better respond to security with shared information.