A User-Centric Privacy Framework for Pervasive Environments
One distinctive feature of pervasive computing environments is the common need to gather and process context information about real persons. Unfortunately, this unavoidably affects persons’ privacy. Each time someone uses a cellular phone, a credit card, or surfs the web, he leaves a trace that is stored and processed. In a pervasive sensing environment, however, the amount of information collected is much larger than today and also might be used to reconstruct personal information with great accuracy. The question we address in this paper is how to control dissemination and flow of personal data across organizational, and personal boundaries, i.e., to potential addressees of privacy relevant information. This paper presents the User-Centric Privacy Framework (UCPF). It aims at protecting a user’s privacy based on the enforcement of privacy preferences. They are expressed as a set of constraints over some set of context information. To achieve the goal of cross-boundary control, we introduce two novel abstractions, namely Transformations and Foreign Constraints, in order to extend the possibilities of a user to describe privacy protection criteria beyond the expressiveness usually found today. Transformations are understood as any process that the user may define over a specific piece of context. This is a main building block for obfuscating – or even plainly lying about – the context in question. Foreign Constraints are an important complementing extension because they allow for modeling conditions defined on external users that are not the tracked individual, but may influence disclosure of personal data to third parties. We are confident that these two easy-to-use abstractions together with the general privacy framework presented in this paper constitute a strong contribution to the protection of the personal privacy in pervasive computing environments.
KeywordsContext Information Policy Language Policy Decision Point Privacy Preference Policy Enforcement Point
Unable to display preview. Download preview PDF.
- 2.Cranor, L., Langheinrich, M., Marchiori, M., Reagle, J.: The platform for privacy preferences 1.0 (P3P1.0) specification. W3C Recommendation (April 2002)Google Scholar
- 4.Damianou, N., Dulay, N., Lupu, E., Sloman, M.: Ponder: A language for specifying security and management policies for distributed systems (2000)Google Scholar
- 6.Gruteser, M., Grunwald, D.: Anonymous Usage of Location-Based Services Through Spatial and Temporal Cloaking. In: Proceedings of the First International Conference on Mobile Systems, Applications, and Services (May 2003)Google Scholar
- 8.Kagal, L.: Rei ontology specifications, version 2.0 (July 2004) http://ebiquity.umbc.edu/resource/html/id/34/Rei-Specifications
- 9.Kagal, L., Finin, T., Joshi, A.: A policy language for a pervasive computing environment. In: Proceedings of the 4th International Workshop on Policies for Distributed Systems and Networks (September 2003)Google Scholar
- 12.Langheinrich, M., Cranor, L., Marchiori, M.: Appel: A P3P Preference Exchange Language. W3C Working Draft (April 2002)Google Scholar
- 14.Pfitzmann, A., Köhntopp, M.: Anonymity, unobservability, and pseudonymity - A proposal for terminology. In: Federrath, H. (ed.) Proceedings of the International Workshop on Design Issues in Anonymity and Unobservability, Berkeley, CA, USA, Springer, Heidelberg (2001)Google Scholar
- 15.Schulzrinne, H., Tschofenig, H., Morris, J., Cuellar, J., Polk, J.: A document format for expressing privacy preferences for location information (February 2006), http://www.ietf.org/html.charters/geopriv-charter.html
- 19.The OWL Services Coalition. OWL-S: Semantic markup for web services (November 2004), http://www.daml.org/services/owl-s/1.0/owl-s.html
- 20.Weiser, M.: The computer for the twenty-first century. Scientific American, 94–104 (September 1991)Google Scholar
- 21.Yavatkar, R., Pendarakis, D., Guerin, R.: RFC2753 - A framework for policy-based admission control (January 2000)Google Scholar