Aus Aifbportal
Wechseln zu:Navigation, Suche

Governance of Personal Information Flows: A Story of Humans, Computers, and Policies

Informationen zur Arbeit

Abschlussarbeitstyp: Bachelor, Master
Betreuer: Jan Bartsch
Forschungsgruppe: Critical Information Infrastructures

Archivierungsnummer: 4642
Abschlussarbeitsstatus: Offen
Beginn: 07. Mai 2021
Abgabe: unbekannt

Weitere Informationen

There was a time where administrators manually configured all the allowed actions subjects can perform with IT system objects (for instance, access rights for user X to document Y). With the increase in complexity and amount of elements in modern IT systems this approach became to error-prone and time-consuming. In policy driven system management a human specifies a policy in a machine-readable language, a policy language. This machine-policy is then used to guide the elements of a IT system to a desired behavior by mapping the specifications to enforceable operations (for instance, allowing all KIT students access to the Ilias platform). Many of those policy languages are too complicated thus making it hard for non-expert users to formulate and write a policy in it. Therefore the preferences of the non-expert users must be entered via an easy-to-use interface into the computer. For instance, they could state their preferences in collection and sharing of their personal data.

Relevant topics concerning the creation of machine-readable policies by non-expert users include, but are not limited to:

  • The investigation what tools exist that eases the process of configuring the users preferences, help users to trace their data, .… For instance, Privacy Bird was designed as browser add-on, that helped users to compare their privacy preferences against the privacy policy of a website and to decide if they want to interact with the website (Cranor et al., 2006).
  • The skill non-expert users have in configuring their preferences; their willingness to invest time and effort to find settings that fit their desires; their behavior in choosing personalized settings... For instance, finding the right balance between allowing users a lot of freedom in setting their preferences without overburden them (Zhou et al., 2019).

This is an umbrella topic. Feel free to contact me if you are interested in one of the proposed topics or have a related idea. We will narrow down the topic and objectives of your thesis in a first call/meeting.

Introductory literature:

  • Angulo, J., Fischer-Hübner, S., Pulls, T., & König, U. (2011). HCI for Policy Display and Administration. In J. Camenisch, S. Fischer-Hübner, & K. Rannenberg (Hrsg.), Privacy and Identity Management for Life (S. 261–277). Springer.
  • Cranor, L. F., Guduru, P., & Arjula, M. (2006). User interfaces for privacy agents. ACM Transactions on Computer-Human Interaction (TOCHI), 13(2), 135–178.
  • Drozd, O., & Kirrane, S. (2019). I Agree: Customize your Personal Data Processing with the CoRe User Interface. International Conference on Trust and Privacy in Digital Business, 17–32.
  • Habib, H., Pearman, S., Wang, J., Zou, Y., Acquisti, A., Cranor, L. F., Sadeh, N., & Schaub, F. (2020). "It’s a scavenger hunt": Usability of Websites’ Opt-Out and Data Deletion Choices. Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems, 1–12.
  • Madejski, M., Johnson, M. L., & Bellovin, S. M. (2011). The failure of online social network privacy settings. Department of Computer Science, Columbia University, Columbia University Computer Science Technical Reports, CUCS-010-11.
  • Zhao, J., Binns, R., Van Kleek, M., & Shadbolt, N. (2016). Privacy Languages: Are we there yet to enable user controls? Proceedings of the 25th international conference companion on world wide web, 799–806.
  • Zhou, Y., Qi, L., Raake, A., Xu, T., Piekarska, M., & Zhang, X. (2019). User attitudes and behaviors toward personalized control of privacy settings on smartphones. Concurrency and Computation: Practice and Experience, 31(22), e4884.