Auflistung nach Autor:in "Gruschka, Nils"
1 - 7 von 7
Treffer pro Seite
Sortieroptionen
- KonferenzbeitragAligning user consent management and service process modeling(Informatik 2014, 2014) Gruschka, Nils; Jensen, MeikoWith evolving functionality of Internet services, the management of user consents becomes a complex challenge. As consents are a common means for establishing a legal basis for processing privacy-relevant user data, a sound consent management approach is required. In this paper, we outline an approach for semi-automated generation of letter of consent documents, based on existing service implementation documentation. We illustrate the challenges of consent management in relation to service evolution, and we outline an integration of consent management into model-based process development systems.
- KonferenzbeitragData Protection Impact Assessment in Identity Control Management with a Focus on Biometrics(Open Identity Summit 2020, 2020) Bisztray, Tamas; Gruschka, Nils; Mavroeidis, Vasileios; Fritsch, LotharPrivacy issues concerning biometric identification are becoming increasingly relevant due to their proliferation in various fields, including identity and access control management (IAM). The General Data Protection Regulation (GDPR) requires the implementation of a data protection impact assessment for privacy critical systems. In this paper, we analyse the usefulness of two different privacy impact assessment frameworks in the context of biometric data protection. We use experiences from the SWAN project that processes four different biometric characteristics for authentication purposes. The results of this comparison elucidate how useful these frameworks are in identifying sector-specific privacy risks related to IAM and biometric identification.
- KonferenzbeitragDatenschutz im Fahrzeug der Zukunft: Vernetzt, Autonom, Elektrisch(Informatik 2016, 2016) Jensen, Meiko; Gruschka, Nils; Lüssem, Jens
- KonferenzbeitragEmerging biometric modalities and their use: Loopholes in the terminology of the GDPR and resulting privacy risks(BIOSIG 2021 - Proceedings of the 20th International Conference of the Biometrics Special Interest Group, 2021) Bisztray, Tamás; Gruschka, Nils; Bourlai, Thirimachos; Fritsch, LotharTechnological advancements allow biometric applications to be more omnipresent than in any other time before. This paper argues that in the current EU data protection regulation, classification applications using biometric data receive less protection compared to biometric recognition. We analyse preconditions in the regulatory language and explore how this has the potential to be the source of unique privacy risks for processing operations classifying individuals based on soft traits like emotions. This can have high impact on personal freedoms and human rights and, therefore, should be subject to data protection impact assessment.
- KonferenzbeitragExtraction and Accumulation of Identity Attributes from the Internet of Things(Open Identity Summit 2021, 2021) Fritsch, Lothar; Gruschka, NilsInternet of Things (IoT) devices with wireless communication provide person-relateable information usable as attributes in digital identities. By scanning and profiling these signals against location and time, identity attributes can be generated and accumulated. This article introduces the concept of harvesting identifiable information from IoT. It summarizes ongoing work that aims at assessing the amount of person-relatable attributes that can get extracted from public IoT signals. We present our experimental data collection in Oslo/Norway and discuss systematic harvesting, our preliminary results, and their implications.
- KonferenzbeitragFlooding Attack Issues of Web Services and Service-Oriented Architectures(INFORMATIK 2008. Beherrschbare Systeme – dank Informatik. Band 1, 2008) Jensen, Meiko; Gruschka, NilsThe service-oriented architecture paradigm slowly matures towards some kind of “Web Service Internet” where basically everybody may use the services others provide. Though this evolution enables lots of opportunities for electronic business, it also induces many new security issues to consider. One important security threat to SOA consists in request floodings, which—being intentional or accidental—may rapidly lead to Denial-of-Service and other kinds of malfunctions. In this paper, we will reconsider some of the known flooding attacks on Web Ser- vices, advance to flooding issues of basic service compositions, and finally derive some conclusions for security considerations of service-oriented architectures in general.
- KonferenzbeitragWasch mich, aber mach mich nicht nass – Anonymisierungsverfahren als Schlüssel zur datenschutzkonformen E-Mail-Filterung(INFORMATIK 2013 – Informatik angepasst an Mensch, Organisation und Umwelt, 2013) Gruschka, Nils; Jensen, MeikoDie rechtskonforme Verarbeitung personenbezogener Daten erweist sich in heutigen Anwendungssystemen häufig als schwer zu realisierende Anforderung. Beispielsweise liegt in der Filterung von Spam-Nachrichten aus E-Mail-Strömen eine der größten diesbezüglichen Herausforderungen für die heutigen E-Mail-Systeme, da hier der Personenbezug besonders evident ist. Ein oft angestrebter Ansatz beruht auf der zentralen Sammlung von Informationen über möglichst viele versandte E-Mails, um in diesen Datenbergen Spam-Wellen zu erkennen. Dies erfordert aber meist die Weitergabe von Informationen aus E-Mail-Daten an Dritte, die in zentraler Position aus diesen Daten Signaturen für Spam-Nachrichten errechnen. Das grundlegende Problem hierbei besteht darin, dass diese zentralen Analyseund Erkennungssysteme nicht in den Besitz personenbezogener Daten, welche in E-Mail enthalten sind, gelangen dürfen. In diesem Artikel analysieren wir die bestehenden rechtlichen und technischen Problemfelder rund um die zentralisierte Detektion von Spam-Nachrichten. Basierend auf dem Konzept der zielgerichteten Anonymisierung elaborieren wir eine mögliche Verarbeitungsmethodik für E-Mails, die eine zentrale Verarbeitung in datenschutzkonformer Art und Weise ermöglichen kann. Durch die Art der von uns vorgeschlagenen Anonymisierung wird der Personenbezug weitgehend aus den einzelnen E-Mails herausgelöst, dennoch bleibt die anonymisierte E-Mail hinreichend geeignet zur Identifikation und Extraktion spezifischer Charakteristika von Spam-Nachrichten.