Data Usage Control in the Future Internet Cloud

  • Michele Bezzi
  • Slim Trabelsi
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6656)

Abstract

The increasing collection of private information from individuals is becoming a very sensitive issue for citizens, organizations, and regulators. Laws and regulations are evolving and new ones are continuously cropping up in order to try to control the terms of usage of these collected data, but generally not providing a real efficient solution. Technical solutions are missing to help and support the legislator, the data owners and the data collectors to verify the compliance of the data usage conditions with the regulations. Recent studies address these issues by proposing a policy-based framework to express data handling conditions and enforce the restrictions and obligations related to the data usage. In this paper, we first review recent research findings in this area, outlining the current challenges. In the second part of the paper, we propose a new perspective on how the users can control and visualize the use of their data stored in a remote server or in the cloud. We introduce a trusted event handler and a trusted obligation engine, which monitors and informs the user on the compliance with a previously agreed privacy policy.

Keywords

Privacy Usage control Privacy Policy 

References

  1. 1.
    Ardagna, C.A., Cremonini, M., De Capitani di Vimercati, S., Samarati, P.: A privacy-aware access control system. J. Comput. Secur. 16, 369–397 (2008)Google Scholar
  2. 2.
    Ashley, P., Hada, S., Karjoth, G., Powers, C., Schunter, M.: Enterprise privacy authorization language (EPAL 1.1). IBM Research Report (2003)Google Scholar
  3. 3.
    Bonneau, J., Preibusch, S.: The privacy jungle:on the market for data protection in social networks. In: Moore, T., Pym, D., Ioannidis, C. (eds.) Economics of Information Security and Privacy, pp. 121–167. Springer, New York (2010)CrossRefGoogle Scholar
  4. 4.
    Bussard, L., Neven, G., Preiss, F.S.: Downstream usage control. In: IEEE International Workshop on Policies for Distributed Systems and Networks, pp. 22–29 (2010)Google Scholar
  5. 5.
    Karjoth, G., Schunter, M., Waidner, M.: Platform for enterprise privacy practices: Privacy-enabled management of customer data. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 69–84. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  6. 6.
    Naedele, M., Koch, T.E.: Trust and tamper-proof software delivery. In: Proceedings of the 2006 international workshop on Software engineering for secure systems. SESS ’06, New York, NY, USA, pp. 51–58. ACM Press, New York (2006), doi:10.1145/1137627.1137636CrossRefGoogle Scholar
  7. 7.
    Reagle, J., Cranor, L.F.: The platform for privacy preferences. Commun. ACM 42, 48–55 (1999), doi:10.1145/293411.293455CrossRefGoogle Scholar
  8. 8.
    Rissanen, E.: extensible access control markup language (xacml) version 3.0, extensible access control markup language (xacml) version 3.0, oasis (August 2008)Google Scholar
  9. 9.
    Shostack, A., Syverson, P.: What price privacy? In: Camp, L., Lewis, S. (eds.) Economics of Information Security, Advances in Information Security, vol. 12, pp. 129–142. Springer, New York (2004)CrossRefGoogle Scholar
  10. 10.
    Trabelsi, S., Njeh, A., Bussard, L., Neven, G.: The ppl engine: A symmetric architecture for privacy policy handling. W3C Workshop on Privacy and data usage control p. 5 (October 2010), http://www.w3.org/2010/policy-ws/
  11. 11.
    Tsai, J.Y., Egelman, S., Cranor, L., Acquisti, A.: The Effect of Online Privacy Information on Purchasing Behavior: An Experimental Study. In: ICIS 2007 Proceedings, p. 20 (2007)Google Scholar

Copyright information

© The Author(s) 2011

Authors and Affiliations

  • Michele Bezzi
    • 1
  • Slim Trabelsi
    • 1
  1. 1.SAP LabsMouginsFrance

Personalised recommendations