TY - JOUR A1 - Fabian, Benjamin A1 - Kunz, Steffen A1 - Müller, Sebastian A1 - Günther, Oliver T1 - Secure federation of semantic information services JF - Decision support systems : DSS ; the international journal N2 - fundamental challenge for product-lifecycle management in collaborative value networks is to utilize the vast amount of product information available from heterogeneous sources in order to improve business analytics, decision support, and processes. This becomes even more challenging if those sources are distributed across multiple organizations. Federations of semantic information services, combining service-orientation and semantic technologies, provide a promising solution for this problem. However, without proper measures to establish information security, companies will be reluctant to join an information federation, which could lead to serious adoption barriers. Following the design science paradigm, this paper presents general objectives and a process for designing a secure federation of semantic information services. Furthermore, new as well as established security measures are discussed. Here, our contributions include an access-control enforcement system for semantic information services and a process for modeling access-control policies across organizations. In addition, a comprehensive security architecture is presented. An implementation of the architecture in the context of an application scenario and several performance experiments demonstrate the practical viability of our approach. KW - Information federation KW - Service orientation KW - Semantic web KW - Information security Y1 - 2013 U6 - https://doi.org/10.1016/j.dss.2012.05.049 SN - 0167-9236 VL - 55 IS - 1 SP - 385 EP - 398 PB - Elsevier CY - Amsterdam ER - TY - JOUR A1 - Haupt, Johannes A1 - Bender, Benedict A1 - Fabian, Benjamin A1 - Lessmann, Stefan T1 - Robust identification of email tracking BT - a machine learning approach JF - European Journal of Operational Research N2 - Email tracking allows email senders to collect fine-grained behavior and location data on email recipients, who are uniquely identifiable via their email address. Such tracking invades user privacy in that email tracking techniques gather data without user consent or awareness. Striving to increase privacy in email communication, this paper develops a detection engine to be the core of a selective tracking blocking mechanism in the form of three contributions. First, a large collection of email newsletters is analyzed to show the wide usage of tracking over different countries, industries and time. Second, we propose a set of features geared towards the identification of tracking images under real-world conditions. Novel features are devised to be computationally feasible and efficient, generalizable and resilient towards changes in tracking infrastructure. Third, we test the predictive power of these features in a benchmarking experiment using a selection of state-of-the-art classifiers to clarify the effectiveness of model-based tracking identification. We evaluate the expected accuracy of the approach on out-of-sample data, over increasing periods of time, and when faced with unknown senders. (C) 2018 Elsevier B.V. All rights reserved. KW - Analytics KW - Data privacy KW - Email tracking KW - Machine learning Y1 - 2018 U6 - https://doi.org/10.1016/j.ejor.2018.05.018 SN - 0377-2217 SN - 1872-6860 VL - 271 IS - 1 SP - 341 EP - 356 PB - Elsevier CY - Amsterdam ER - TY - JOUR A1 - Ermakova, Tatiana A1 - Fabian, Benjamin A1 - Zarnekow, Ruediger T1 - Improving Individual Acceptance of Health Clouds through Confidentiality Assurance JF - Applied clinical informatics N2 - Background: Cloud computing promises to essentially improve healthcare delivery performance. However, shifting sensitive medical records to third-party cloud providers could create an adoption hurdle because of security and privacy concerns. Methods: We empirically investigate our research question by a survey with over 260 full responses. For the setting with a high confidentiality assurance, we base on a recent multi-cloud architecture which provides very high confidentiality assurance through a secret-sharing mechanism: Health information is cryptographically encoded and distributed in a way that no single and no small group of cloud providers is able to decode it. KW - Cloud computing KW - cloud service KW - cloud storage KW - data security KW - privacy KW - confidentiality KW - acceptance process Y1 - 2016 U6 - https://doi.org/10.4338/ACI-2016-07-RA-0107 SN - 1869-0327 VL - 7 SP - 983 EP - 993 PB - Schattauer CY - Stuttgart ER - TY - JOUR A1 - Dombrowski, Sebastian A1 - Ermakova, Tatiana A1 - Fabian, Benjamin T1 - Graph-based analysis of cloud connectivity at the internet protocol level JF - International Journal of Communication Networks and Distributed Systems (IJCNDS) N2 - Internet connectivity of cloud services is of exceptional importance for both their providers and consumers. This article demonstrates the outlines of a method for measuring cloud-service connectivity at the internet protocol level from a client's perspective. For this, we actively collect connectivity data via traceroute measurements from PlanetLab to several major cloud services. Furthermore, we construct graph models from the collected data, and analyse the connectivity of the services based on important graph-based measures. Then, random and targeted node removal attacks are simulated, and the corresponding vulnerability of cloud services is evaluated. Our results indicate that cloud service hosts are, on average, much better connected than average hosts. However, when interconnecting nodes are removed in a targeted manner, cloud connectivity is dramatically reduced. KW - cloud computing KW - connectivity KW - availability KW - reliability KW - internet topology KW - graph analysis KW - complex networks Y1 - 2019 U6 - https://doi.org/10.1504/IJCNDS.2019.100644 SN - 1754-3916 SN - 1754-3924 VL - 23 IS - 1 SP - 117 EP - 142 PB - Inderscience Enterprises Ltd CY - Geneva ER - TY - JOUR A1 - Fabian, Benjamin A1 - Bender, Benedict A1 - Hesseldieck, Ben A1 - Haupt, Johannes A1 - Lessmann, Stefan T1 - Enterprise-grade protection against e-mail tracking JF - Information Systems N2 - E-mail tracking provides companies with fine-grained behavioral data about e-mail recipients, which can be a threat for individual privacy and enterprise security. This problem is especially severe since e-mail tracking techniques often gather data without the informed consent of the recipients. So far e-mail recipients lack a reliable protection mechanism. This article presents a novel protection framework against e-mail tracking that closes an impor- tant gap in the field of enterprise security and privacy-enhancing technologies. We conceptualize, implement and evaluate an anti-tracking mail server that is capable of identifying tracking images in e-mails via machine learning with very high accuracy, and can selectively replace them with arbitrary images containing warning messages for the recipient. Our mail protection framework implements a selective prevention strategy as enterprise-grade software using the design science research paradigm. It is flexibly extensible, highly scalable, and ready to be applied under actual production conditions. Experimental evaluations show that these goals are achieved through solid software design, adoption of recent technologies and the creation of novel flexible software components. KW - E-Mail Tracking KW - Enterprise-grade KW - Anti-Tracking Infrastructure KW - Software Prototype Y1 - 2020 U6 - https://doi.org/10.1016/j.is.2020.101702 SN - 0306-4379 IS - 97 PB - Elsevier CY - Amsterdam ER - TY - JOUR A1 - Junghanns, Philipp A1 - Fabian, Benjamin A1 - Ermakova, Tatiana T1 - Engineering of secure multi-cloud storage JF - Computers in industry : an international, application oriented research journal N2 - This article addresses security and privacy issues associated with storing data in public cloud services. It presents an architecture based on a novel secure cloud gateway that allows client systems to store sensitive data in a semi-trusted multi-cloud environment while providing confidentiality, integrity, and availability of data. This proxy system implements a space-efficient, computationally-secure threshold secret sharing scheme to store shares of a secret in several distinct cloud datastores. Moreover, the system integrates a comprehensive set of security measures and cryptographic protocols to mitigate threats induced by cloud computing. Performance in practice and code quality of the implementation are analyzed in extensive experiments and measurements. (C) 2016 Elsevier B.V. All rights reserved. KW - Cloud computing KW - Data exchange KW - Security KW - Privacy Y1 - 2016 U6 - https://doi.org/10.1016/j.compind.2016.09.001 SN - 0166-3615 SN - 1872-6194 VL - 83 SP - 108 EP - 120 PB - Elsevier CY - Amsterdam ER - TY - JOUR A1 - Fabian, Benjamin A1 - Kunz, Steffen A1 - Konnegen, Marcel A1 - Müller, Sebastian A1 - Günther, Oliver T1 - Access control for semantic data federations in industrial product-lifecycle management JF - Computers in industry : an international, application oriented research journal N2 - Information integration across company borders becomes increasingly important for the success of product lifecycle management in industry and complex supply chains. Semantic technologies are about to play a crucial role in this integrative process. However, cross-company data exchange requires mechanisms to enable fine-grained access control definition and enforcement, preventing unauthorized leakage of confidential data across company borders. Currently available semantic repositories are not sufficiently equipped to satisfy this important requirement. This paper presents an infrastructure for controlled sharing of semantic data between cooperating business partners. First, we motivate the need for access control in semantic data federations by a case study in the industrial service sector. Furthermore, we present an architecture for controlling access to semantic repositories that is based on our newly developed SemForce security service. Finally, we show the practical feasibility of this architecture by an implementation and several performance experiments. KW - Access control KW - Data federation KW - Information integration KW - Product lifecycle management KW - Semantic data Y1 - 2012 U6 - https://doi.org/10.1016/j.compind.2012.08.015 SN - 0166-3615 VL - 63 IS - 9 SP - 930 EP - 940 PB - Elsevier CY - Amsterdam ER -