Abstract
In this paper, we introduce a new architecture for personalized services. The architecture separates access control using a user own privacy policy from data storage for private information, and it supports privacy policy management by users. We design a core module, the Privacy Policy Manager (PPM). The module includes several functionalities: ID management, privacy policy management, control of information flows, and recording the flows.
Chapter PDF
References
Acquisti, A., Grossklags, J.: Privacy and rationality in individual decision making. IEEE Security Privacy 3(1), 26–33 (2005)
Altmann, J., Sampath, R.: Unique: A user-centric framework for network identity management. In: 10th IEEE/IFIP Network Operations and Management Symposium, NOMS 2006, pp. 495–506 (2006)
Ardagna, C.A., Cremonini, M., De Capitani di Vimercati, S., Samarati, P.: An obfuscation-based approach for protecting location privacy. IEEE Transactions on Dependable and Secure Computing 8(1), 13–27 (2011)
Backes, M., Karjoth, G., Bagga, W., Schunter, M.: Efficient comparison of enterprise privacy policies. In: Proceedings of the 2004 ACM Symposium on Applied Computing, SAC 2004, pp. 375–382 (2004)
Bamba, B., Liu, L., Pesti, P., Wang, T.: Supporting anonymous location queries in mobile environments with privacygrid. In: Proc. of 17th International World Wide Web Conference (WWW 2008), pp. 237–246 (2008)
Bekara, K., Ben Mustapha, Y., Laurent, M.: Xpacml extensible privacy access control markup language. In: 2010 Second International Conference on Communications and Networking (ComNet), pp. 1–5 (2010)
Biswas, D.: Privacy policies change management for smartphones. In: 2012 IEEE International Conference on Pervasive Computing and Communications Workshops (PERCOM Workshops), pp. 70–75 (2012)
Bylund, M., Karlgren, J., Olsson, F., Sanches, P., Arvidsson, C.-H.: Mirroring your web presence. In: Proceedings of the 2008 ACM Workshop on Search in Social Media, SSM 2008, pp. 87–90 (2008)
Chadwick, D.W.: Federated identity management. In: Foundations of Security Analysis and Design V, pp. 96–120 (2009)
Cranor, L.F.: P3p: making privacy policies more useful. IEEE Security Privacy 1(6), 50–55 (2003)
Cranor, L.F., Arjula, M., Guduru, P.: Use of a p3p user agent by early adopters. In: Proceedings of the 2002 ACM Workshop on Privacy in the Electronic Society, WPES 2002, pp. 1–10 (2002)
Cranor, L.F., Guduru, P., Arjula, M.: User interfaces for privacy agents. ACM Trans. Comput.-Hum. Interact. 13(2), 135–178 (2006)
Danube, P.: Danube, identity and communication for political and social innovation. Project Danube Web Page (2010), http://projectdanube.org/
Dehghantanha, A., Udzir, N.I., Mahmod, R.: Towards a pervasive formal privacy language. In: 2010 IEEE 24th International Conference on Advanced Information Networking and Applications Workshops (WAINA), pp. 1085–1091 (2010)
Deuker, A.: Addressing the privacy paradox by expanded privacy awareness - the example of context-aware services. Privacy and Identity Management for Life 320, 275–283 (2010)
Dierks, T., Rescorla, E.: The transport layer security (TLS) protocol version 1.2. Internet Engineering Task Force (IETF), RFC5246 (2008)
Dwork, C., McSherry, F., Nissim, K., Smith, A.: Calibrating noise to sensitivity in private data analysis. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 265–284. Springer, Heidelberg (2006)
Eap, T., Hatala, M., Gasevic, D.: Enabling user control with personal identity management. In: IEEE International Conference on Services Computing, SCC 2007, pp. 60–67 (2007)
Estrin, D.: Participatory sensing: applications and architecture [internet predictions]. IEEE Internet Computing 14(1), 12–42 (2010)
Fienberg, S.E., McIntyre, J.: Data swapping: Variations on a theme by dalenius and reiss. In: Domingo-Ferrer, J., Torra, V. (eds.) PSD 2004. LNCS, vol. 3050, pp. 14–29. Springer, Heidelberg (2004)
The Eclipse Foundation. Higgins, personal data service. Higgins Home (2009), http://www.eclipse.org/higgins/
Fredrikson, M., Livshits, B.: RePriv - re-envisioning in-browser privacy. Microsoft Research Technical Report, MSR-TR-2010-116 (2010)
Gedik, M., Liu, L.: A customizable k-anonymity model for protecting location privacy. In: Proc. of the 25th International Conference on Distributed Computing Systems (ICDCS 2005), pp. 620–629 (2005)
Ghinita, G., Kalnis, P., Skiadopoulos, S.: PRIVÉ: Anonymous location-based queries in distributed mobile systems. In: Proc. of 16th International World Wide Web Conference (WWW 2007), pp. 371–380 (2007)
Gruteser, M., Grunwald, D.: Anonymous usage of location-based services through spatial and temporal cloaking. In: Proc. of the 1st International Conference on Mobile Systems, Applications, and Services (MobiSys 2003), pp. 163–168 (2003)
Guha, S., Cheng, B., Francis, P.: Challenges in measuring online advertising systems. In: Proceedings of the 10th ACM SIGCOMM Conference on Internet Measurement, IMC 2010, pp. 81–87 (2010)
Guha, S., Reznichenko, A., Tang, K., Haddadi, H., Francis, P.: Serving ads from localhost for performance, privacy, and profit. In: Proc. of the 8th ACM Workshop on Hot Topics in Networks (HotNets-VIII), HOTNETS 2009 (2009)
Hardt, M., Nath, S.: Privacy-aware personalization for mobile advertising. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, CCS 2012, pp. 662–673 (2012)
Hong, J.I., Landay, J.A.: An architecture for privacy-sensitive ubiquitous computing. In: Proc. of the 2nd International Conference on Mobile Systems, Applications, and Services (MobiSys 2004), pp. 177–189 (2004)
Jensen, C., Potts, C., Jensen, C.: Privacy practices of internet users: self-reports versus observed behavior. Int. J. Hum.-Comput. Stud. 63(1-2), 203–227 (2005)
Kelley, P.G., Drielsma, P.H., Sadeh, N., Cranor, L.F.: User-controllable learning of security and privacy policies. In: Proc. of the 1st ACM Workshop on AISec, AISec 2008, pp. 11–18 (2008)
Kido, H., Yanagisawa, Y., Satoh, T.: An anonymous communication technique using dummies for location-based services. In: Proc. of IEEE International Conference on Pervasive Services 2005 (ICPS 2005), pp. 88–97 (2005)
Kolter, J., Pernul, G.: Generating user-understandable privacy preferences. In: International Conference on Availability, Reliability and Security, ARES 2009., pp. 299–306 (2009)
Korolova, A.: Privacy violations using microtargeted ads: A case study. In: Proceedings of the 2010 IEEE International Conference on Data Mining Workshops, ICDMW 2010, pp. 474–482 (2010)
Lin, J., Xiang, G., Hong, J.I., Sadeh, N.: Modeling people’s place naming preferences in location sharing. In: Proceedings of the 12th ACM International Conference on Ubiquitous Computing, Ubicomp 2010, pp. 75–84 (2010)
Mascetti, S., Bettini, C.: A comparison of spatial generalization algorithms for lbs privacy preservation. In: Proc. of the 1st International Workshop on Privacy-Aware Location-Based Mobile Services (PALMS 2007), pp. 258–262 (2007)
Mokbel, M.F.: Towards privacy-aware location-based database servers. In: Proc. of the 22nd Internationl Conference on Sata Engineering Workshops (ICDEW 2006), pp. 93–102 (2006)
Mokbel, M.F., Chow, C.Y., Aref, W.G.: The new casper: Query processing for location services without compromising privacy. In: Proc. of the 32nd International Conference on Very Large Data Bases (VLDB 2006), pp. 763–774 (2006)
Narayanan, A., Thiagarajan, N., Lakhani, M., Hamburg, M., Boneh, D.: Location privacy via private proximity testing. In: Proc. of the Network and Distributed System Security Symposium, NDSS 2011 (2011)
Pedersen, A.: P3 - problems, progress, potential. Privacy Laws & Business International Newsletter 2, 20–21 (2003)
Pollach, I.: What’s wrong with online privacy policies? Commun. ACM 50(9), 103–108 (2007)
Searls, D.: Project vrm - vendor relationship management. Project of the Berkman Center for Internet Society at Harvard University (2013)
Solove, D.J.: Privacy self-management and the consent paradox. Harvard Law Review 126 (2013)
W3C. The platform for privacy preferences 1.0 (P3P1.0) specification. Platform for Privacy Preferences (P3P) Project (2002)
Winkler, W.E.: Masking and re-identification methods for public-use microdata: Overview and research problems. In: Domingo-Ferrer, J., Torra, V. (eds.) PSD 2004. LNCS, vol. 3050, pp. 231–246. Springer, Heidelberg (2004)
Wishart, R., Corapi, D., Madhavapeddy, A., Sloman, M.: Privacy butler: A personal privacy rights manager for online presence. In: 2010 8th IEEE International Conference on Pervasive Computing and Communications Workshops (PERCOM Workshops), pp. 672–677 (2010)
Yee, G.O.M.: An automatic privacy policy agreement checker for e-services. In: International Conference on Availability, Reliability and Security, ARES 2009, pp. 307–315 (2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 IFIP International Federation for Information Processing
About this paper
Cite this paper
Kiyomoto, S., Nakamura, T., Takasaki, H., Watanabe, R., Miyake, Y. (2013). PPM: Privacy Policy Manager for Personalized Services. In: Cuzzocrea, A., Kittl, C., Simos, D.E., Weippl, E., Xu, L. (eds) Security Engineering and Intelligence Informatics. CD-ARES 2013. Lecture Notes in Computer Science, vol 8128. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-40588-4_26
Download citation
DOI: https://doi.org/10.1007/978-3-642-40588-4_26
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-40587-7
Online ISBN: 978-3-642-40588-4
eBook Packages: Computer ScienceComputer Science (R0)