{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,27]],"date-time":"2025-03-27T01:57:35Z","timestamp":1743040655931,"version":"3.40.3"},"publisher-location":"Cham","reference-count":19,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030954833"},{"type":"electronic","value":"9783030954840"}],"license":[{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2022,2,8]],"date-time":"2022-02-08T00:00:00Z","timestamp":1644278400000},"content-version":"vor","delay-in-days":38,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2022]]},"abstract":"<jats:title>Abstract<\/jats:title><jats:p>Due to the increasing number of complaints alleging privacy violations against companies to data protection authorities, the translation of business goals to system design goals and the subsequent consequences for customers\u2019 privacy poses a challenge for many companies. For this reason, there is a need to bridge the economics of privacy and threats to privacy. To this end, our work relies on the concept of privacy as contextual integrity. This framework defines privacy as appropriate information flows subjected to social norms within particular social contexts or spheres. In this paper, we introduce a preliminary version of a semantic model which aims to relate and provide understanding on how well-established business goals may affect their customers\u2019 privacy by designing IoT devices with permission access, data acquired by sensors, among other factors. Finally, we provide a use case application showing how to use the semantic model. The model aims to be an educational tool for professionals in business informatics during the modeling and designing process of a product which may gather sensitive data or may infer sensitive information, giving an understanding of the interaction of the product and its footprint with diverse actors (humans or machines). In the future, a further complete model of the presented may also target other groups, such as law enforcement bodies, as part of their educational training in such systems.<\/jats:p>","DOI":"10.1007\/978-3-030-95484-0_24","type":"book-chapter","created":{"date-parts":[[2022,2,7]],"date-time":"2022-02-07T10:05:46Z","timestamp":1644228346000},"page":"413-423","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["A Semantic Model for\u00a0Embracing Privacy as\u00a0Contextual Integrity in\u00a0the\u00a0Internet of\u00a0Things (Short Paper)"],"prefix":"10.1007","author":[{"given":"Salatiel","family":"Ezennaya-Gomez","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Claus","family":"Vielhauer","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jana","family":"Dittmann","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2022,2,8]]},"reference":[{"key":"24_CR1","unstructured":"A definition of the mitre att&ck framework. https:\/\/attack.mitre.org\/matrices\/enterprise\/. Accessed 12 July 2021"},{"key":"24_CR2","unstructured":"GDPR Fines Tracker & Statistics (2021), https:\/\/www.privacyaffairs.com\/gdpr-fines\/. Accessed 12 July 2021"},{"key":"24_CR3","unstructured":"Model process for addressing ethical concerns during system design (2021). https:\/\/ethicsinaction.ieee.org\/p7000\/. Accessed 16 Sept 2021"},{"key":"24_CR4","doi-asserted-by":"crossref","unstructured":"Abdi, N., Zhan, X., Ramokapane, K.M., Such, J.: Privacy norms for smart home personal assistants. In: Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems (2021)","DOI":"10.1145\/3411764.3445122"},{"key":"24_CR5","doi-asserted-by":"crossref","unstructured":"Badillo-Urquiola, K., Page, X., Wisniewski, P.: Literature review: Examining Contextual Integrity Within Human-Computer Interaction. SSRN 3309331 (2018)","DOI":"10.2139\/ssrn.3309331"},{"key":"24_CR6","doi-asserted-by":"crossref","unstructured":"Benthall, S.: Situated information flow theory. In: Proceedings of the 6th Annual Symposium on Hot Topics in the Science of Security. HotSoS 2019, Association for Computing Machinery, New York (2019)","DOI":"10.1145\/3314058.3314066"},{"key":"24_CR7","doi-asserted-by":"crossref","unstructured":"Benthall, S., G\u00fcrses, S., Nissenbaum, H.: Contextual integrity through the lens of computer science. found. Trends\u00ae Priv. Secur. 2(1), 1\u201369 (2017)","DOI":"10.1561\/3300000016"},{"key":"24_CR8","unstructured":"Ezennaya-Gomez, S.: Rethinking and privacy-knowledge and modeling-about and uncovering accepted and data collection and business and practices as privacy and risks. Technical Report FIN-03-2020, Otto-von-Guericke University Magdeburg, Germany (2020)"},{"key":"24_CR9","doi-asserted-by":"publisher","unstructured":"Ezennaya-Gomez, S., Kiltz, S., Kraetzer, C., Dittmann, J.: A semi-automated http traffic analysis for online payments for empowering security, forensics and privacy analysis. In: The 16th International Conference on Availability, Reliability and Security. ARES 2021, Association for Computing Machinery, New York (2021). https:\/\/doi.org\/10.1145\/3465481.3470114","DOI":"10.1145\/3465481.3470114"},{"key":"24_CR10","doi-asserted-by":"publisher","unstructured":"Gharib, M., Giorgini, P., Mylopoulos, J.: Towards an ontology for privacy requirements via a systematic literature review. In: Conceptual Modeling, pp. 193\u2013208. Springer International Publishing, Berlin (2017). https:\/\/doi.org\/10.1007\/978-3-642-34002-4","DOI":"10.1007\/978-3-642-34002-4"},{"key":"24_CR11","unstructured":"Halpin, H.: Semantic insecurity: security and the semantic web. In: PrivOn 2017 - Workshop Society, Privacy and the Semantic Web - Policy and Technology. vol. 1951, pp. 1\u201310. Vienna, Austria, October 2017"},{"issue":"4","key":"24_CR12","doi-asserted-by":"publisher","first-page":"1","DOI":"10.4018\/jisp.2007100101","volume":"1","author":"A Herzog","year":"2007","unstructured":"Herzog, A., Shahmehri, N., Duma, C.: An ontology of information security. Int. J. Inform. Secur. Privacy 1(4), 1\u201323 (2007)","journal-title":"Int. J. Inform. Secur. Privacy"},{"key":"24_CR13","unstructured":"National Telecommunication Information Association, U.S.D.o.C.: Software bill of material (2021), https:\/\/www.ntia.gov\/SBOM. Accessed 12 July 2021"},{"key":"24_CR14","unstructured":"Nissenbaum, H.: A contextual approach to privacy online. In: Digital Enlightenment Yearbook 2012, vol. 140, pp. 219\u2013234 (2012)"},{"issue":"3","key":"24_CR15","doi-asserted-by":"publisher","first-page":"831","DOI":"10.1007\/s11948-015-9674-9","volume":"24","author":"H Nissenbaum","year":"2015","unstructured":"Nissenbaum, H.: Respecting context to protect privacy: why meaning matters. Sci. Eng. Ethics 24(3), 831\u2013852 (2015). https:\/\/doi.org\/10.1007\/s11948-015-9674-9","journal-title":"Sci. Eng. Ethics"},{"key":"24_CR16","unstructured":"Noy, N.F., McGuinness, D.L.: Ontology Development 101: A Guide to Creating Your First Ontology: Knowledge Systems Laboratory. Stanford University. Tech. rep, Stanford University (2001)"},{"key":"24_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"270","DOI":"10.1007\/978-3-030-21348-0_18","volume-title":"The Semantic Web","author":"HJ Pandit","year":"2019","unstructured":"Pandit, H.J., Debruyne, C., O\u2019Sullivan, D., Lewis, D.: GConsent - a consent ontology based on the GDPR. In: Hitzler, P., Fern\u00e1ndez, M., Janowicz, K., Zaveri, A., Gray, A.J.G., Lopez, V., Haller, A., Hammar, K. (eds.) ESWC 2019. LNCS, vol. 11503, pp. 270\u2013282. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-21348-0_18"},{"key":"24_CR18","unstructured":"Rehak, R.: What does data protection actually protect? Why data protectionists must stop talking about individual privacy (2018). https:\/\/media.ccc.de\/v\/35c3-9733-was_schutzt_eigentlich_der_datenschutz. Accessed 12 July 2021"},{"key":"24_CR19","doi-asserted-by":"crossref","unstructured":"A requirement analysis for privacy preserving biometrics in view of universal human rights and data protection regulation. In: 2018 26th European Signal Processing Conference (EUSIPCO), pp. 548\u2013552 (2018)","DOI":"10.23919\/EUSIPCO.2018.8553045"}],"container-title":["Lecture Notes in Computer Science","Computer Security. ESORICS 2021 International Workshops"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-95484-0_24","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,9,18]],"date-time":"2024-09-18T00:48:09Z","timestamp":1726620489000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-95484-0_24"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022]]},"ISBN":["9783030954833","9783030954840"],"references-count":19,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-95484-0_24","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2022]]},"assertion":[{"value":"8 February 2022","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ESORICS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"European Symposium on Research in Computer Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Darmstadt","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Germany","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2021","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"4 October 2021","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"8 October 2021","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"26","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"esorics2021","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/esorics2021.athene-center.de\/index.php","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"351","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"71","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"20% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3.07","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"6.06","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"The conference was held virtually due to the COVID-19 pandemic.","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}