{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,8]],"date-time":"2024-09-08T04:31:10Z","timestamp":1725769870842},"publisher-location":"Berlin, Heidelberg","reference-count":56,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642540684"},{"type":"electronic","value":"9783642540691"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2014]]},"DOI":"10.1007\/978-3-642-54069-1_2","type":"book-chapter","created":{"date-parts":[[2014,1,15]],"date-time":"2014-01-15T08:09:15Z","timestamp":1389773355000},"page":"17-40","source":"Crossref","is-referenced-by-count":0,"title":["Conceptual Framework and Architecture for Privacy Audit"],"prefix":"10.1007","author":[{"given":"Ksenya","family":"Kveler","sequence":"first","affiliation":[]},{"given":"Kirsten","family":"Bock","sequence":"additional","affiliation":[]},{"given":"Pietro","family":"Colombo","sequence":"additional","affiliation":[]},{"given":"Tamar","family":"Domany","sequence":"additional","affiliation":[]},{"given":"Elena","family":"Ferrari","sequence":"additional","affiliation":[]},{"given":"Alan","family":"Hartman","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"unstructured":"Unabhaengiges Landeszentrum fuer Datenschutz (ULD). Juristische Fragen im Bereich Altersgerechter Assistenzsysteme, pre-study on behalf of VDI\/VDE-IT, funded by the German Bundesministerium fuer Bildung und Forschung, \n \n https:\/\/www.datenschutzzentrum.de\/projekte\/aal\/","key":"2_CR1"},{"unstructured":"Acunetix Web Vulnerability Scanner, \n \n http:\/\/www.acunetix.com\/vulnerability-scanner\/","key":"2_CR2"},{"unstructured":"IBM Rational AppScan, \n \n http:\/\/www-01.ibm.com\/software\/awdtools\/appscan\/","key":"2_CR3"},{"unstructured":"The Article 29 Data Protection Working Party was set up under Article 29 of Directive 95\/46\/EC, \n \n http:\/\/ec.europa.eu\/justice\/policies\/privacy\/index_en.htm","key":"2_CR4"},{"doi-asserted-by":"crossref","unstructured":"Bezzi, M.: Expressing privacy metrics as one-symbol information. In: Proc. of the 2010 EDBT\/ICDT Workshops (2010)","key":"2_CR5","DOI":"10.1145\/1754239.1754272"},{"issue":"4","key":"2_CR6","doi-asserted-by":"publisher","first-page":"603","DOI":"10.1007\/s00778-006-0023-0","volume":"17","author":"J.-W. Byun","year":"2008","unstructured":"Byun, J.-W., Li, N.: Purpose based access control for privacy protection in relational database systems. VLDB J.\u00a017(4), 603\u2013619 (2008)","journal-title":"VLDB J."},{"issue":"6","key":"2_CR7","doi-asserted-by":"publisher","first-page":"425","DOI":"10.1007\/s11623-012-0152-0","volume":"36","author":"K. Bock","year":"2012","unstructured":"Bock, K., Meissner, S.: Datenschutz-Schutzziele im Recht. DuD \u2013 Datenschutz und Datensicherheit\u00a036(6), 425\u2013431 (2012)","journal-title":"DuD \u2013 Datenschutz und Datensicherheit"},{"unstructured":"German Federal Office for Information Security, \n \n http:\/\/www.bsi.bund.de","key":"2_CR8"},{"doi-asserted-by":"crossref","unstructured":"Xiao, X., Wang, G., Gehrke, J.: Interactive Anonymization of Sensitive Data. In: SIGMOD 2009 (2009)","key":"2_CR9","DOI":"10.1145\/1559845.1559979"},{"unstructured":"ISACA: COBIT Framework for IT Governance and Control, \n \n http:\/\/www.isaca.org\/Knowledge-Center\/COBIT\/Pages\/Overview.aspx","key":"2_CR10"},{"unstructured":"The Compliance Meter, \n \n http:\/\/www.compliancehelper.com\/compliance-meter\/","key":"2_CR11"},{"doi-asserted-by":"crossref","unstructured":"Colombo, P., Ferrari, E.: Towards a modeling and analysis framework for privacy aware systems. Technical report, University of Insubria (2012) (submitted for publication)","key":"2_CR12","DOI":"10.1109\/SocialCom-PASSAT.2012.12"},{"doi-asserted-by":"crossref","unstructured":"Datta, A., et al.: Understanding and Protecting Privacy: Formal Semantics and Principled Audit Mechanisms. In: Proc. of the International Conference on Information Systems Security (2011)","key":"2_CR13","DOI":"10.1007\/978-3-642-25560-1_1"},{"doi-asserted-by":"crossref","unstructured":"Datta, A., Franklin, J., Garg, D., Kaynar, D.K.: A Logic of Secure Systems and its Application to Trusted Computing. In: Proc. of the IEEE Symposium on Security and Privacy (2009)","key":"2_CR14","DOI":"10.1109\/SP.2009.16"},{"doi-asserted-by":"crossref","unstructured":"DeYoung, H., Garg, D., Jia, L., Kaynar, D., Datta, A.: Experiences in the Logical Specification of the HIPAA and GLBA Privacy Laws. In: Proc. of 9th ACM Workshop on Privacy in the Electronic Society (October 2010)","key":"2_CR15","DOI":"10.1145\/1866919.1866930"},{"unstructured":"Ein modernes Datenschutzrecht fuer das 21. Jahrhundert, Eckpunkte; Konferenz der Datenschutzbeauftragten des Bundes und der Laender, \n \n http:\/\/www.lfd.m-v.de\/dschutz\/beschlue\/Eckpunkte.pdf\n \n \n (presented on March 18, 2010)","key":"2_CR16"},{"key":"2_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-540-79228-4_1","volume-title":"Theory and Applications of Models of Computation","author":"C. Dwork","year":"2008","unstructured":"Dwork, C.: Differential Privacy: A Survey of Results. In: Agrawal, M., Du, D.-Z., Duan, Z., Li, A. (eds.) TAMC 2008. LNCS, vol.\u00a04978, pp. 1\u201319. Springer, Heidelberg (2008)"},{"unstructured":"Evesti, A., Ovaska, E., Savola, R.: From Security Modelling to Run-time Security Monitoring. In: Proc. of the Fifth European Conference on Model-driven Architecture Foundations and Applications, Enchede, The Netherlands (June 2009)","key":"2_CR18"},{"unstructured":"EuroPriSe, the European Privacy Seal for IT Products and IT-Based Services, \n \n http:\/\/www.european-privacy-seal.eu","key":"2_CR19"},{"doi-asserted-by":"crossref","unstructured":"Geisberger, E., Broy, M. (eds.): AgendaCPS, Integrierte Forschungsagenda Cyber-Physical Systems, acatech Studie, Deutsche Akademie der Technikwissenschaften (2012)","key":"2_CR20","DOI":"10.1007\/978-3-642-29099-2"},{"unstructured":"IBM Hippocratic Database (HDB) Technology Projects, \n \n http:\/\/www.almaden.ibm.com\/cs\/projects\/iis\/hdb\/hdb_projects.shtml","key":"2_CR21"},{"doi-asserted-by":"crossref","unstructured":"Herrmann, D.S.: Complete guide to security and privacy metrics \u2013 measuring regulatory compliance, operational resilience and ROI. Auerbach Publications (2007)","key":"2_CR22","DOI":"10.1201\/9781420013283"},{"doi-asserted-by":"crossref","unstructured":"Heyman, T., Scandariato, R., Huygens, C., Joosen, W.: Using security patterns to combine security metrics. In: Proc. of the 3rd Int. Conf. on Availability, Reliability and Security (ARES) (2008)","key":"2_CR23","DOI":"10.1109\/ARES.2008.54"},{"unstructured":"The Privacy Management Toolkit, \n \n http:\/\/www.informationshield.com\/privacy_main.html","key":"2_CR24"},{"unstructured":"Arraj, V.: ITIL - IT Infrastructure Library, The Basics, White Paper, \n \n http:\/\/www.itil-officialsite.com\/AboutITIL\/WhatisITIL.aspx\n \n \n (downloaded January 1, 2012)","key":"2_CR25"},{"unstructured":"Jaquith, A.: Security metrics: replacing fear, uncertainty and doubt. Addison-Wesley (2007)","key":"2_CR26"},{"doi-asserted-by":"crossref","unstructured":"Jouault, F., Allilaire, F., B\u00e9zivin, J., Kurtev, I.: Atl: A model transformation tool. Science of Computer Programming\u00a072(1-2) (2008)","key":"2_CR27","DOI":"10.1016\/j.scico.2007.08.002"},{"unstructured":"Schleswig-Holstein Act on the Protection of Personal Information of February 9, 2000 last amended by Article 1 of the Act to amend the State Data Protection Act (January 11, 2012) (GVOBl. Schl.-H. p. 78)","key":"2_CR28"},{"doi-asserted-by":"crossref","unstructured":"Li, N., Li, T., Venkatasubramanian, S.: t-closeness: Privacy beyond k-anonymity and l-diversity. In: Proc. of the 23rd IEEE International Conference on Data Engineering (ICDE 2007). IEEE Computer Society (April 2007)","key":"2_CR29","DOI":"10.1109\/ICDE.2007.367856"},{"doi-asserted-by":"crossref","unstructured":"Martin, E.: Testing and Analysis of Access Control Policies. In: ICSE 2007 (2007)","key":"2_CR30","DOI":"10.1109\/ICSECOMPANION.2007.73"},{"unstructured":"Managing Assurance, Security and Trust for Services, European research project, \n \n http:\/\/cordis.europa.eu\/fetch?CALLER=PROJ_ICT&ACTION=D&CAT=PROJ&RCN=85559","key":"2_CR31"},{"doi-asserted-by":"crossref","unstructured":"Machanavajjhala, A., Gehrke, J., Kifer, D., Venkitasubramaniam, M.: l-diversity: Privacy beyond k-anonymity. In: Proc. of the 22nd IEEE International Conference on Data Engineering (ICDE 2006). IEEE Computer Society, Washington, DC (2006)","key":"2_CR32","DOI":"10.1109\/ICDE.2006.1"},{"unstructured":"OMG, Object Constraint Language (OCL) (2012), \n \n http:\/\/www.omg.org\/spec\/OCL\/2.3.1","key":"2_CR33"},{"unstructured":"PARAT, \n \n http:\/\/www.privacyanalytics.ca\/products.asp","key":"2_CR34"},{"unstructured":"European Commission (EC): The Privacy Impact Assessment Framework for RFID Applications: PIA Framework (January 2011), \n \n http:\/\/ec.europa.eu\/information_society\/policy\/rfid\/pia\/index_en.htm","key":"2_CR35"},{"unstructured":"Privacy and Identity Management for Community Services, European research project, \n \n http:\/\/cordis.europa.eu\/fetch?CALLER=PROJ_ICT&ACTION=D&CAT=PROJ&RCN=85533","key":"2_CR36"},{"doi-asserted-by":"crossref","unstructured":"Ni, Q., Bertino, E., Lobo, J., Brodie, C., Karat, C.-M., Karat, J., Trombeta, A.: Privacy-aware role-based access control. ACM Trans. Inf. Syst. Secur.\u00a013(3), Article 24 (July 2010)","key":"2_CR37","DOI":"10.1145\/1805974.1805980"},{"doi-asserted-by":"crossref","unstructured":"Generische Schutzmassnahmen f\u00fcr Datenschutz-Schutzziele. DuD \u2013 Datenschutz und Datensicherheit\u00a036(6), 439\u2013444 (2012), \n \n https:\/\/www.european-privac-seal.eu\/results\/articles\/201206-DuD-Probst.pdf","key":"2_CR38","DOI":"10.1007\/s11623-012-0154-y"},{"unstructured":"OMG, Meta Object Facility (MOF) 2.0 Query\/View\/Transformation (QVT) (2011), \n \n http:\/\/www.omg.org\/spec\/QVT\/1.1","key":"2_CR39"},{"unstructured":"Rebollo-Monedero, D., Forne, J., Domingo-Ferrer, J.: From t-closeness-like privacy to postrandomization via information theory. IEEE Transactions on Knowledge and Data Engineering\u00a099(1) (2009)","key":"2_CR40"},{"issue":"6","key":"2_CR41","doi-asserted-by":"publisher","first-page":"353","DOI":"10.1007\/s11623-009-0072-9","volume":"33","author":"M. Rost","year":"2009","unstructured":"Rost, M., Pfitzmann, A.: Datenschutz-Schutzziele \u2013 revisited. DuD \u2013 Datenschutz und Datensicherheit\u00a033(6), 353\u2013358 (2009)","journal-title":"DuD \u2013 Datenschutz und Datensicherheit"},{"issue":"5","key":"2_CR42","doi-asserted-by":"publisher","first-page":"351","DOI":"10.1007\/s11623-011-0085-z","volume":"35","author":"M. Rost","year":"2011","unstructured":"Rost, M.: Datenschutz in 3D. DuD \u2013 Datenschutz und Datensicherheit\u00a035(5), 351\u2013353 (2011)","journal-title":"DuD \u2013 Datenschutz und Datensicherheit"},{"issue":"1","key":"2_CR43","doi-asserted-by":"publisher","first-page":"30","DOI":"10.1007\/s11623-011-0009-y","volume":"35","author":"M. Rost","year":"2011","unstructured":"Rost, M., Bock, K.: Privacy by Design und die neuen Schutzziele. DuD \u2013 Datenschutz und Datensicherheit\u00a035(1), 30\u201335 (2011)","journal-title":"DuD \u2013 Datenschutz und Datensicherheit"},{"unstructured":"Savola, R., Abie, H.: Development of Measurable Security for a Distributed Messaging System. International Journal on Advances in Security\u00a02(4), 358\u2013380 (2010) ISSN 1942-2636","key":"2_CR44"},{"key":"2_CR45","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"48","DOI":"10.1007\/11908739_4","volume-title":"Advances in Information and Computer Security","author":"R. Savola","year":"2006","unstructured":"Savola, R.: A Requirement Centric Framework for Information Security Evaluation. In: Yoshiura, H., Sakurai, K., Rannenberg, K., Murayama, Y., Kawamura, S.-i. (eds.) IWSEC 2006. LNCS, vol.\u00a04266, pp. 48\u201359. Springer, Heidelberg (2006)"},{"doi-asserted-by":"crossref","unstructured":"Savola, R.: Towards a Risk-Driven Methodology for Privacy Metrics Development. In: Proc. of the Symposium on Privacy and Security Applications (PSA 2010) (August 2010)","key":"2_CR46","DOI":"10.1109\/SocialCom.2010.161"},{"doi-asserted-by":"crossref","unstructured":"Schmidt, D.C.: Model-Driven Engineering. IEEE Computer\u00a039(2) (2006)","key":"2_CR47","DOI":"10.1109\/MC.2006.58"},{"unstructured":"Seddigh, N., Pieda, P., Matrawy, A., Nandy, B., Lambadaris, J., Hatfield, A.: Current trends and advances in information assurance metrics. In: Proc. of the 2nd Annual Conference on Privacy Security and Trust (2004)","key":"2_CR48"},{"issue":"5","key":"2_CR49","doi-asserted-by":"publisher","first-page":"557","DOI":"10.1142\/S0218488502001648","volume":"10","author":"L. Sweeney","year":"2002","unstructured":"Sweeney, L.: k-anonymity: a model for protecting privacy. International Journal on Uncertainty, Fuzziness and Knowledge-based Systems\u00a010(5), 557\u2013570 (2002)","journal-title":"International Journal on Uncertainty, Fuzziness and Knowledge-based Systems"},{"unstructured":"TRUSTe, \n \n http:\/\/www.truste.com\/privacy_seals_and_services\/enterprise_privacy\/web_privacy_seal","key":"2_CR50"},{"unstructured":"OMG, Unified Modeling Language, v2.4.1 (2011), \n \n http:\/\/www.omg.org\/spec\/UML\/2.4.1\/","key":"2_CR51"},{"unstructured":"UTD Anonymization ToolBox, \n \n http:\/\/cs.utdallas.edu\/dspl\/cgi-bin\/toolbox\/index.php","key":"2_CR52"},{"unstructured":"Vaniea, K., Ni, Q., Cranor, L., Bertino, E.: Access control policy analysis and visualization tools for security professionals. In: USM 2008: Workshop on Usable IT Security Management (2008)","key":"2_CR53"},{"unstructured":"OASIS eXtensible Access Control Markup Language (XACML), \n \n http:\/\/www.oasis-open.org\/committees\/xacml\/","key":"2_CR54"},{"unstructured":"Zwingelberg, H., Hansen, M.: Privacy Protection Goals and Their Implications for eID Systems. In: Camenisch, J., Crispo, B., Fischer-H\u00fcbner, S., Leenes, R., Russello, G. (eds.) Privacy and Identity Management for Life - 7th IFIP WG 9.2, 9.6\/11.7, 11.4, 11.6 International Summer School Trento, Italy (September 2011)","key":"#cr-split#-2_CR55.1"},{"unstructured":"Revised Selected Papers. Springer, Boston (2012) (to appear)","key":"#cr-split#-2_CR55.2"}],"container-title":["Lecture Notes in Computer Science","Privacy Technologies and Policy"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-54069-1_2","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,26]],"date-time":"2019-05-26T03:03:54Z","timestamp":1558839834000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-54069-1_2"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2014]]},"ISBN":["9783642540684","9783642540691"],"references-count":56,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-54069-1_2","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2014]]}}}