research-article

Supporting privacy preferences in credential-based interactions

Authors:

Claudio A. Ardagna,

Sabrina De Capitani di Vimercati,

Stefano Paraboschi,

Pierangela SamaratiAuthors Info & Claims

WPES '10: Proceedings of the 9th annual ACM workshop on Privacy in the electronic society

Pages 83 - 92

https://doi.org/10.1145/1866919.1866931

Published: 04 October 2010 Publication History

Abstract

Users can today enjoy the many benefits brought by the development and widespread adoption of Internet and related services conveniently accessing digital resources. Servers offering such resources typically require users to release information about them, which servers can then use for enforcing possible access policies on the offered services. A major problem in this context relates to providing users with the ability of determining which information to release to satisfy the server requests during their electronic interactions.

In this paper, we provide an approach for empowering the user in the release of her digital portfolio based on simple sensitivity labels expressing how much the user values different properties, credentials or combinations thereof, as well as on additional constraints that the user might impose on information disclosure. We provide a generic modeling of the problem and illustrate its translation in terms of a Weighted MaxSat problem, which can be conveniently and efficiently managed by off the shelf SAT solvers, thus resulting efficient and scalable.

References

[1]

}}A. Anderson and H. Lockhart. SAML 2.0 profile of XACML. OASIS, September 2004.

[2]

}}C. A. Ardagna, S. De Capitani di Vimercati, S. Foresti, S. Paraboschi, and P. Samarati. Minimizing disclosure of private information in credential-based interactions: A graph-based approach. In Proc. of the 2nd IEEE International Conference on Information Privacy, Security, Risk and Trust (PASSAT 2010), Minneapolis, MN, USA, August 2010.

Digital Library

[3]

}}C. A. Ardagna, S. De Capitani di Vimercati, S. Paraboschi, E. Pedrini, P. Samarati, and M. Verdicchio. Expressive and deployable access control in open Web service applications. IEEE Transactions on Service Computing (TSC), 2010. (to appear).

Digital Library

[4]

}}D. Bauer, D. Blough, and D. Cash. Minimal information disclosure with efficiently verifiable credentials. In Proc. of the 4th ACM Workshop on Digital Identity Management (DIM 2008), Alexandria, Virginia, USA, October 2008.

Digital Library

[5]

}}P. Bonatti and P. Samarati. A uniform framework for regulating service access and information release on the Web. Journal of Computer Security (JCS), 10(3):241--272, 2002.

Digital Library

[6]

}}S. Brands. Rethinking public key infrastructure and digital certificates - building in privacy. MIT Press, 2000.

Digital Library

[7]

}}J. Camenisch and A. Lysyanskaya. An efficient system for non-transferable anonymous credentials with optional anonymity revocation. In Proc. of the International Conference on the Theory and Application of Cryptographic Techniques (EUROCRYPT 2001), Innsbruck, Austria, May 2001.

Digital Library

[8]

}}W. Chen, L. Clarke, J. Kurose, and D. Towsley. Optimizing cost-sensitive trust-negotiation protocols. In Proc. of the 24th Annual Joint Conference of the IEEE Computer and Communications Societies (INFOCOM 2005), Miami, FL, USA, March 2005.

[9]

}}D. Hardt, J. Bufu, and J. Hoyt. OpenID attribute exchange 1.0, 2007. http://openid.net/developers/specs/.

[10]

}}F. Heras, J. Larrosa, and A. Oliveras. MiniMaxSAT: a new weighted Max-SAT solver. In Proc. of the 10th International Conference on Theory and Applications of Satisfiability Testing (SAT 2007), Lisbon, Portugal, May 2007.

Digital Library

[11]

}}K. Irwin and T. Yu. Preventing attribute information leakage in automated trust negotiation. In Proc. of the 12th ACM Conference on Computer and Communications Security (CCS 2005), Alexandria, VA, USA, November 2005.

Digital Library

[12]

}}P. Kärger, D. Olmedilla, and W.-T. Balke. Exploiting preferences for minimal credential disclosure in policy-driven trust negotiations. In Proc. of the 5th VLDB Workshop on Secure Data Management (SDM 2008), Auckland, New Zealand, August 2008.

Digital Library

[13]

}}A. Lee and M. Winslett. Towards an efficient and language-agnostic compliance checker for trust negotiation systems. In Proc. of the 2008 ACM Symposium on InformAtion, Computer and Communications Security (ASIACCS 2008), March.

Digital Library

[14]

}}A. Lee, M. Winslett, J. Basney, and V. Welch. The Traust authorization service. ACM Transactions on Information and System Security (TISSEC), 11(1):1--33, February 2008.

Digital Library

[15]

}}F. Paci, D. Bauer, E. Bertino, D. Blough, A. Squicciarini, and A. Gupta. Minimal credential disclosure in trust negotiations. Identity in the Information Society, 2(3):221--239, December 2009.

[16]

}}T. Ryutov, L. Zhou, C. Neuman, T. Leithead, and K. Seamons. Adaptive trust negotiation and access control. In Proc. of the 10th Symposium on Access control Models and Technologies (SACMAT 2005), Stockholm, Sweden, June 2005.

Digital Library

[17]

}}B. Smith, K. Seamons, and M. Jones. Responding to policies at runtime in trust builder. In Proc. of the 5th IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY 2004), Yorktown Heights, NY, USA, June 2004.

Digital Library

[18]

}}D. Yao, K. Frikken, M. Atallah, and R. Tamassia. Private information: To reveal or not to reveal. ACM Transactions on Information and System Security (TISSEC), 12(1):1--27, October 2008.

Digital Library

[19]

}}T. Yu, M. Winslett, and K. Seamons. Supporting structured credentials and sensitive policies trough interoperable strategies for automated trust. ACM Transactions on Information and System Security (TISSEC), 6(1):1--42, February 2003.

Digital Library

Cited By

Ardagnaa CBena NBennani NGhedira-Guegan CGrecchi NVargas-Solar G(2024)Revisiting Trust Management in the Data Economy: A Road MapIEEE Internet Computing10.1109/MIC.2024.339840328:4(21-29)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1109/MIC.2024.3398403
Foresti SSamarati P(2013)Supporting User Privacy Preferences in Digital InteractionsComputer and Information Security Handbook10.1016/B978-0-12-394397-2.00046-5(813-834)Online publication date: 2013
https://doi.org/10.1016/B978-0-12-394397-2.00046-5
di Vimercati SForesti SSamarati P(2013)Selective and Fine-Grained Access to Data in the CloudSecure Cloud Computing10.1007/978-1-4614-9278-8_6(123-148)Online publication date: 7-Dec-2013
https://doi.org/10.1007/978-1-4614-9278-8_6
Show More Cited By

Index Terms

Supporting privacy preferences in credential-based interactions
1. Security and privacy
  1. Human and societal aspects of security and privacy
2. Social and professional topics
  1. Computing / technology policy

Recommendations

An enhanced approach to supporting controlled access to EPRs with three levels of identity privacy preservations
USAB'11: Proceedings of the 7th conference on Workgroup Human-Computer Interaction and Usability Engineering of the Austrian Computer Society: information Quality in e-Health

The emergence of e-health has put an enormous amount of sensitive data in the hands of service providers or other third parties, where privacy risks might exist when accessing sensitive data stored in electronic patient records (EPRs). EPRs support ...
Linking Privacy and User Preferences in the Identity Management for a Pervasive System
WI-IAT '08: Proceedings of the 2008 IEEE/WIC/ACM International Conference on Web Intelligence and Intelligent Agent Technology - Volume 01

Two important concepts in developing ubiquitous or pervasive computing technologies that are acceptable to the end user are personalization and privacy. On the one hand it is essential to take account of user needs and preferences to personalize ...
Protecting the privacy of user's QoS preferences for multimedia applications
WMuNeP '06: Proceedings of the 2nd ACM international workshop on Wireless multimedia networking and performance modeling

Privacy violation is a serious and pressing problem for Internet users that requires immediate solution. This problem is very serious for applications that require the user's identity and QoS preferences like IP-telephony and videoconference ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

WPES '10: Proceedings of the 9th annual ACM workshop on Privacy in the electronic society

October 2010

136 pages

ISBN:9781450300964

DOI:10.1145/1866919

General Chair:
Ehab Al-Shaer
University of North Carolina, Charlotte, USA
,
Program Chair:
Keith Frikken
Miami University, USA

Copyright © 2010 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 04 October 2010

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS '10

Sponsor:

SIGSAC

CCS '10: 17th ACM Conference on Computer and Communications Security 2010

October 4, 2010

Illinois, Chicago, USA

Acceptance Rates

Overall Acceptance Rate 106 of 355 submissions, 30%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

9
Total Citations
View Citations
150
Total Downloads

Downloads (Last 12 months)3
Downloads (Last 6 weeks)1

Reflects downloads up to 20 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Ardagnaa CBena NBennani NGhedira-Guegan CGrecchi NVargas-Solar G(2024)Revisiting Trust Management in the Data Economy: A Road MapIEEE Internet Computing10.1109/MIC.2024.339840328:4(21-29)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1109/MIC.2024.3398403
Foresti SSamarati P(2013)Supporting User Privacy Preferences in Digital InteractionsComputer and Information Security Handbook10.1016/B978-0-12-394397-2.00046-5(813-834)Online publication date: 2013
https://doi.org/10.1016/B978-0-12-394397-2.00046-5
di Vimercati SForesti SSamarati P(2013)Selective and Fine-Grained Access to Data in the CloudSecure Cloud Computing10.1007/978-1-4614-9278-8_6(123-148)Online publication date: 7-Dec-2013
https://doi.org/10.1007/978-1-4614-9278-8_6
Foresti S(2012)Managing and accessing data in the cloudProceedings of the 2012 7th International Conference on Risks and Security of Internet and Systems (CRiSIS)10.1109/CRISIS.2012.6378956(1-9)Online publication date: 10-Oct-2012
https://dl.acm.org/doi/10.1109/CRISIS.2012.6378956
Kontaxis GPolychronakis MMarkatos E(2012)Minimizing information disclosure to third parties in social login platformsInternational Journal of Information Security10.1007/s10207-012-0173-611:5(321-332)Online publication date: 1-Oct-2012
https://dl.acm.org/doi/10.1007/s10207-012-0173-6
Kontaxis GPolychronakis MMarkatos E(2011)SudoWebProceedings of the 14th international conference on Information security10.5555/2051002.2051022(197-212)Online publication date: 26-Oct-2011
https://dl.acm.org/doi/10.5555/2051002.2051022
Kontaxis GPolychronakis MMarkatos E(2011)SudoWeb: Minimizing Information Disclosure to Third Parties in Single Sign-on PlatformsInformation Security10.1007/978-3-642-24861-0_14(197-212)Online publication date: 2011
https://doi.org/10.1007/978-3-642-24861-0_14
Ardagna CDe Capitani di Vimercati SForesti SNeven GParaboschi SPreiss FSamarati PVerdicchio M(2010)Fine-grained disclosure of access policiesProceedings of the 12th international conference on Information and communications security10.5555/1948352.1948356(16-30)Online publication date: 15-Dec-2010
https://dl.acm.org/doi/10.5555/1948352.1948356
Ardagna CDe Capitani di Vimercati SForesti SNeven GParaboschi SPreiss FSamarati PVerdicchio M(2010)Fine-Grained Disclosure of Access PoliciesInformation and Communications Security10.1007/978-3-642-17650-0_3(16-30)Online publication date: 2010
https://doi.org/10.1007/978-3-642-17650-0_3

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents