Privacy threats in a mobile enterprise social network

Authors:
Allan Tomlinson;Po-Wah Yau;John A. MacDonald
Affiliations:
Information Security Group, Royal Holloway, University of London, Egham, England TW20 0EX, UK;Information Security Group, Royal Holloway, University of London, Egham, England TW20 0EX, UK;Information Security Group, Royal Holloway, University of London, Egham, England TW20 0EX, UK
Venue:
Information Security Tech. Report
Year:
2010

Citing 4
Cited 0

Writing Effective Use Cases

Writing Effective Use Cases
Eliciting security requirements with misuse cases

Requirements Engineering
MOQARE: misuse-oriented quality requirements engineering

Requirements Engineering
Enhanced misuse case model: a security requirement analysis and specification model

ICCSA'06 Proceedings of the 2006 international conference on Computational Science and Its Applications - Volume Part V

Quantified Score

Hi-index	0.00

Visualization

Abstract

The 'Instant Knowledge' system is an enterprise based social network that aims to introduce employees of the enterprise to contacts within the organization who may have skills relevant to particular tasks. The skills database is maintained through context-aware devices, and mobile devices in particular. The aim is to populate the database automatically based on user context data and to provide automatic introductions, again based on context data. This paper examines the security and privacy implications of this system and shows that while threat modelling on its own provides a solid base from which to secure the system, this is not enough to ensure that all privacy issues are considered. This is demonstrated by applying a mis-use case analysis that shows how personal identifying information can be inadvertantly leaked to malicious parties.