Abstract
In this paper, we introduce a new architecture for personalized services. The architecture separates access control using a user own privacy policy from data storage for private information, and it supports privacy policy management by users. We design a core module, the Privacy Policy Manager (PPM). The module includes several functionalities: ID management, privacy policy management, control of information flows, and recording the flows.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Acquisti, A., Grossklags, J.: Privacy and rationality in individual decision making. IEEE Security Privacy 3(1), 26–33 (2005)
Altmann, J., Sampath, R.: Unique: A user-centric framework for network identity management. In: 10th IEEE/IFIP Network Operations and Management Symposium, NOMS 2006, pp. 495–506 (2006)
Ardagna, C.A., Cremonini, M., De Capitani di Vimercati, S., Samarati, P.: An obfuscation-based approach for protecting location privacy. IEEE Transactions on Dependable and Secure Computing 8(1), 13–27 (2011)
Backes, M., Karjoth, G., Bagga, W., Schunter, M.: Efficient comparison of enterprise privacy policies. In: Proceedings of the 2004 ACM Symposium on Applied Computing, SAC 2004, pp. 375–382 (2004)
Bamba, B., Liu, L., Pesti, P., Wang, T.: Supporting anonymous location queries in mobile environments with privacygrid. In: Proc. of 17th International World Wide Web Conference (WWW 2008), pp. 237–246 (2008)
Bekara, K., Ben Mustapha, Y., Laurent, M.: Xpacml extensible privacy access control markup language. In: 2010 Second International Conference on Communications and Networking (ComNet), pp. 1–5 (2010)
Biswas, D.: Privacy policies change management for smartphones. In: 2012 IEEE International Conference on Pervasive Computing and Communications Workshops (PERCOM Workshops), pp. 70–75 (2012)
Bylund, M., Karlgren, J., Olsson, F., Sanches, P., Arvidsson, C.-H.: Mirroring your web presence. In: Proceedings of the 2008 ACM Workshop on Search in Social Media, SSM 2008, pp. 87–90 (2008)
Chadwick, D.W.: Federated identity management. In: Foundations of Security Analysis and Design V, pp. 96–120 (2009)
Cranor, L.F.: P3p: making privacy policies more useful. IEEE Security Privacy 1(6), 50–55 (2003)
Cranor, L.F., Arjula, M., Guduru, P.: Use of a p3p user agent by early adopters. In: Proceedings of the 2002 ACM Workshop on Privacy in the Electronic Society, WPES 2002, pp. 1–10 (2002)
Cranor, L.F., Guduru, P., Arjula, M.: User interfaces for privacy agents. ACM Trans. Comput.-Hum. Interact. 13(2), 135–178 (2006)
Danube, P.: Danube, identity and communication for political and social innovation. Project Danube Web Page (2010), http://projectdanube.org/
Dehghantanha, A., Udzir, N.I., Mahmod, R.: Towards a pervasive formal privacy language. In: 2010 IEEE 24th International Conference on Advanced Information Networking and Applications Workshops (WAINA), pp. 1085–1091 (2010)
Deuker, A.: Addressing the privacy paradox by expanded privacy awareness - the example of context-aware services. Privacy and Identity Management for Life 320, 275–283 (2010)
Dierks, T., Rescorla, E.: The transport layer security (TLS) protocol version 1.2. Internet Engineering Task Force (IETF), RFC5246 (2008)
Dwork, C., McSherry, F., Nissim, K., Smith, A.: Calibrating noise to sensitivity in private data analysis. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 265–284. Springer, Heidelberg (2006)
Eap, T., Hatala, M., Gasevic, D.: Enabling user control with personal identity management. In: IEEE International Conference on Services Computing, SCC 2007, pp. 60–67 (2007)
Estrin, D.: Participatory sensing: applications and architecture [internet predictions]. IEEE Internet Computing 14(1), 12–42 (2010)
Fienberg, S.E., McIntyre, J.: Data swapping: Variations on a theme by dalenius and reiss. In: Domingo-Ferrer, J., Torra, V. (eds.) PSD 2004. LNCS, vol. 3050, pp. 14–29. Springer, Heidelberg (2004)
The Eclipse Foundation. Higgins, personal data service. Higgins Home (2009), http://www.eclipse.org/higgins/
Fredrikson, M., Livshits, B.: RePriv - re-envisioning in-browser privacy. Microsoft Research Technical Report, MSR-TR-2010-116 (2010)
Gedik, M., Liu, L.: A customizable k-anonymity model for protecting location privacy. In: Proc. of the 25th International Conference on Distributed Computing Systems (ICDCS 2005), pp. 620–629 (2005)
Ghinita, G., Kalnis, P., Skiadopoulos, S.: PRIVÉ: Anonymous location-based queries in distributed mobile systems. In: Proc. of 16th International World Wide Web Conference (WWW 2007), pp. 371–380 (2007)
Gruteser, M., Grunwald, D.: Anonymous usage of location-based services through spatial and temporal cloaking. In: Proc. of the 1st International Conference on Mobile Systems, Applications, and Services (MobiSys 2003), pp. 163–168 (2003)
Guha, S., Cheng, B., Francis, P.: Challenges in measuring online advertising systems. In: Proceedings of the 10th ACM SIGCOMM Conference on Internet Measurement, IMC 2010, pp. 81–87 (2010)
Guha, S., Reznichenko, A., Tang, K., Haddadi, H., Francis, P.: Serving ads from localhost for performance, privacy, and profit. In: Proc. of the 8th ACM Workshop on Hot Topics in Networks (HotNets-VIII), HOTNETS 2009 (2009)
Hardt, M., Nath, S.: Privacy-aware personalization for mobile advertising. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, CCS 2012, pp. 662–673 (2012)
Hong, J.I., Landay, J.A.: An architecture for privacy-sensitive ubiquitous computing. In: Proc. of the 2nd International Conference on Mobile Systems, Applications, and Services (MobiSys 2004), pp. 177–189 (2004)
Jensen, C., Potts, C., Jensen, C.: Privacy practices of internet users: self-reports versus observed behavior. Int. J. Hum.-Comput. Stud. 63(1-2), 203–227 (2005)
Kelley, P.G., Drielsma, P.H., Sadeh, N., Cranor, L.F.: User-controllable learning of security and privacy policies. In: Proc. of the 1st ACM Workshop on AISec, AISec 2008, pp. 11–18 (2008)
Kido, H., Yanagisawa, Y., Satoh, T.: An anonymous communication technique using dummies for location-based services. In: Proc. of IEEE International Conference on Pervasive Services 2005 (ICPS 2005), pp. 88–97 (2005)
Kolter, J., Pernul, G.: Generating user-understandable privacy preferences. In: International Conference on Availability, Reliability and Security, ARES 2009., pp. 299–306 (2009)
Korolova, A.: Privacy violations using microtargeted ads: A case study. In: Proceedings of the 2010 IEEE International Conference on Data Mining Workshops, ICDMW 2010, pp. 474–482 (2010)
Lin, J., Xiang, G., Hong, J.I., Sadeh, N.: Modeling people’s place naming preferences in location sharing. In: Proceedings of the 12th ACM International Conference on Ubiquitous Computing, Ubicomp 2010, pp. 75–84 (2010)
Mascetti, S., Bettini, C.: A comparison of spatial generalization algorithms for lbs privacy preservation. In: Proc. of the 1st International Workshop on Privacy-Aware Location-Based Mobile Services (PALMS 2007), pp. 258–262 (2007)
Mokbel, M.F.: Towards privacy-aware location-based database servers. In: Proc. of the 22nd Internationl Conference on Sata Engineering Workshops (ICDEW 2006), pp. 93–102 (2006)
Mokbel, M.F., Chow, C.Y., Aref, W.G.: The new casper: Query processing for location services without compromising privacy. In: Proc. of the 32nd International Conference on Very Large Data Bases (VLDB 2006), pp. 763–774 (2006)
Narayanan, A., Thiagarajan, N., Lakhani, M., Hamburg, M., Boneh, D.: Location privacy via private proximity testing. In: Proc. of the Network and Distributed System Security Symposium, NDSS 2011 (2011)
Pedersen, A.: P3 - problems, progress, potential. Privacy Laws & Business International Newsletter 2, 20–21 (2003)
Pollach, I.: What’s wrong with online privacy policies? Commun. ACM 50(9), 103–108 (2007)
Searls, D.: Project vrm - vendor relationship management. Project of the Berkman Center for Internet Society at Harvard University (2013)
Solove, D.J.: Privacy self-management and the consent paradox. Harvard Law Review 126 (2013)
W3C. The platform for privacy preferences 1.0 (P3P1.0) specification. Platform for Privacy Preferences (P3P) Project (2002)
Winkler, W.E.: Masking and re-identification methods for public-use microdata: Overview and research problems. In: Domingo-Ferrer, J., Torra, V. (eds.) PSD 2004. LNCS, vol. 3050, pp. 231–246. Springer, Heidelberg (2004)
Wishart, R., Corapi, D., Madhavapeddy, A., Sloman, M.: Privacy butler: A personal privacy rights manager for online presence. In: 2010 8th IEEE International Conference on Pervasive Computing and Communications Workshops (PERCOM Workshops), pp. 672–677 (2010)
Yee, G.O.M.: An automatic privacy policy agreement checker for e-services. In: International Conference on Availability, Reliability and Security, ARES 2009, pp. 307–315 (2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 IFIP International Federation for Information Processing
About this paper
Cite this paper
Kiyomoto, S., Nakamura, T., Takasaki, H., Watanabe, R., Miyake, Y. (2013). PPM: Privacy Policy Manager for Personalized Services. In: Cuzzocrea, A., Kittl, C., Simos, D.E., Weippl, E., Xu, L. (eds) Security Engineering and Intelligence Informatics. CD-ARES 2013. Lecture Notes in Computer Science, vol 8128. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-40588-4_26
Download citation
DOI: https://doi.org/10.1007/978-3-642-40588-4_26
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-40587-7
Online ISBN: 978-3-642-40588-4
eBook Packages: Computer ScienceComputer Science (R0)