In practice, consent is often conceptualized as a coarse-grained procedural necessity, implemented as a once-off act. This can result in a misalignment between the consent given by an individual, and the desired data access. Consent should form part of the security process. We are developing techniques to help better understand and manage consent, and thereby provide assurance to the data processor that consent is adequately addressed in any data access or other data activity.
- M.I. Kahn, B. O. S., S.N. Foley. (2019). PriDe: A Quantitative Measure of Privacy- Loss in Interactive Querying Settings. In 10th IFIP International Conference on New Technologies, Mobility and Security.
- Kahn, I. M., Foley, S. N., & O’Sullivan, B. (2019). Computing the Identification Capability of SQL Queries for Privacy Comparison. In Proceedings 5th ACM International Workshop on Security and Privacy Analytics (IWSPA@CODASPY 2019). ACM press.
- Rooney, V. M., & Foley, S. N. (2018). On online consent maturity model: moving from acceptable use towards ethical practice. In New Security Paradigms Workshop (NSPW 2018). ACM press. Retrieved from http://simonfoley.org/pubs/nspw2018.pdf [link]
- Foley, S. N., & Rooney, V. M. (2018). A Grounded Theory approach to security policy elicitation. Information and Computer Security Journal, 26(4), 454–471. https://doi.org/10.1108/ICS-12-2017-0086 [link]
- Rooney, V. M., & Foley, S. N. (2017). What users want: adapting qualitative research methods to security policy requirements elicitation. In Proceedings of the International Workshop on Security and Privacy Requirements Engineering, SECPRE 2017. Retrieved from http://simonfoley.org/pubs/secpre2017.pdf [link]
- Kahn, M. I., O’Sullivan, B., & Foley, S. N. (2017). A semantic approach to frequency based anomaly detection of insider access in database management systems. In International Conference on Risks and Security of Internet and Systems.
- Kahn, M. I., Foley, S. N., & O’Sullivan, B. (2017). On database intrusion detection: Query analytics based model of normative behavior to detect insider attacks. In 7th International Conference on Communication and Network Security.
- Kahn, M. I., & Foley, S. N. (2016). Detecting anomalous behavior in DBMS logs. In International Conference on Risks and Security of Internet and Systems (CRiSIS2016).