research-article

A privacy preserving model bridging data provider and collector preferences

Authors:

Kambiz Ghazinour,

Ken BarkerAuthors Info & Claims

EDBT '13: Proceedings of the Joint EDBT/ICDT 2013 Workshops

Pages 174 - 178

https://doi.org/10.1145/2457317.2457346

Published: 18 March 2013 Publication History

Get Access

Abstract

With the increasing amount of data collected by service providers, privacy concerns increase for data owners who provide private data to receive services. Legislative acts require service providers to protect the privacy of customers. Privacy policy frameworks, such as P3P, assist them by describing their privacy policies to customers (e.g. publishing privacy policy on websites). Unfortunately, providing the policies alone does not guarantee that they are actually enforced because privacy is not a key feature of conventional access control models. A privacy-preserving model should consider the privacy preferences of both the data provider and collector. This paper briefly develops a Lattice-based Privacy Aware Access Control (LPAAC) Model that enforces privacy policies, facilitates customization of privacy agreements, and accommodates preferences of both data and service providers. We demonstrate our model's design and feasibility with corresponding privacy catalogues. Examples clarify the usability, and we provide the implementation of our privacy catalogues that show the efficiency and scalability of our model.

References

[1]

R. Agrawal, J. Kiernan, R. Srikant, and Y. Xu. Hippocratic databases. In VLDB '02: Proceedings of the 28th International Conference on Very Large Databases, volume 28, pages 143--154, Hong Kong, China, 2002.

Digital Library

Google Scholar

[2]

Ji-Won Byun, Ninghui Li: Purpose based access control for privacy protection in relational database systems. VLDB J. 17(4): 603--619 (2008).

Digital Library

Google Scholar

[3]

L. Cranor, Web Privacy with P3P, O'Reilly, 2002.

Digital Library

Google Scholar

[4]

D. Ferraiolo and R. Kuhn. Role-based access control. In Proceedings of the 15th Natioanl Computer Security Conference, pages 1--11, October 1992.

Google Scholar

[5]

K. Ghazinour and K. Barker: Capturing P3P semantics using an enforceable lattice-based structure. PAIS 2011: 4

Digital Library

Google Scholar

[6]

K. Ghazinour, M. Majedi, K. Barker: A Lattice-Based Privacy Aware Access Control Model. CSE (3) 2009: 154--159.

Digital Library

Google Scholar

[7]

K. Ghazinour, M. Majedi, K. Barker, "A Model for Privacy Policy Visualization," Computer Software and Applications Conference, Annual International, vol. 2, pp. 335--340, 2009.

Digital Library

Google Scholar

[8]

K. Ghazinour, S. Pun, M. Majedi, A. H. Chinaei, K. Barker: Extending SQL to Support Privacy Policies. From Sociology to Computing in Social Networks 2010: 377--393.

Google Scholar

[9]

G. Karjoth and M. Schunter. A privacy policy model for enterprises. In CSFW '02: Proceedings of the 15th IEEE workshop on Computer Security Foundations, page 271, Washington, DC, USA, 2002. IEEE Computer Society.

Digital Library

Google Scholar

[10]

Q. Ni, A. Trombetta, E. Bertino, and J. Lobo. Privacy-aware role based access control. In SACMAT '07: Proceedings of the 12th ACM symposium on Access control models and technologies, pages 41--50, France, June 2007. ACM.

Digital Library

Google Scholar

[11]

H. J. G. Oberholzer and M. Olivier, "Privacy contracts incorporated in a privacy protection framework," International Journal of Computer Systems Science, vol. 21, 2006, pp. 5--16.

Google Scholar

[12]

R. Subramanian, Computer Security, Privacy and Politics: Current Issues, Challenges and Solutions, IRM Press, 2008.

Digital Library

Google Scholar

[13]

W. van Staden and M. S. Olivier. Using purpose lattices to facilitate customisation of privacy agreements. In C. Lambrinoudakis, G. Pernul, and A. M. Tjoa, editors, TrustBus, volume 4657 of Lecture Notes in Computer Science, pages 201--209. Springer-Verlag, 2007.

Digital Library

Google Scholar

Cited By

View all

Manotipya PGhazinour K(2020)Children’s Online Privacy from Parents’ PerspectiveProcedia Computer Science10.1016/j.procs.2020.10.026177(178-185)Online publication date: 2020
https://doi.org/10.1016/j.procs.2020.10.026
Ghazinour KScarnecchia SRabideau JPecore B(2020)A Novel Approach to Social Media Privacy Education Through Simulated Role ReversalProcedia Computer Science10.1016/j.procs.2020.10.018177(112-119)Online publication date: 2020
https://doi.org/10.1016/j.procs.2020.10.018
Mohzary MTadisetty SGhazinour K(2020)A Privacy Protection Layer for Wearable DevicesFoundations and Practice of Security10.1007/978-3-030-45371-8_24(363-370)Online publication date: 17-Apr-2020
https://doi.org/10.1007/978-3-030-45371-8_24
Show More Cited By

Index Terms

A privacy preserving model bridging data provider and collector preferences

Recommendations

A Lattice-Based Privacy Aware Access Control Model
CSE '09: Proceedings of the 2009 International Conference on Computational Science and Engineering - Volume 03

As the amount of data being collected by service providers increases, privacy concerns increase for the data owners that must provide private data to get services. Legislative acts require enterprises protect the privacy of their customers and privacy ...
User privacy-preserving identity data dependencies
DIM '06: Proceedings of the second ACM workshop on Digital identity management

Identity Federation technologies have enabled users to leverage their relationships with an Identity Provider (IdP) into a Service Provider's (SP) domain. They allow user-initiated and IdP-controlled sharing of authentication information, attributes and ...
Achieving Privacy in a Federated Identity Management System
Financial Cryptography and Data Security

Federated identity management allows a user to efficiently authenticate and use identity information from data distributed across multiple domains. The sharing of data across domains blurs security boundaries and potentially creates privacy risks. We ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

EDBT '13: Proceedings of the Joint EDBT/ICDT 2013 Workshops

March 2013

423 pages

ISBN:9781450315999

DOI:10.1145/2457317

General Chair:
Giovanna Guerrini
Università di Genova, Italy

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 18 March 2013

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

EDBT/ICDT '13

EDBT/ICDT '13: Joint 2013 EDBT/ICDT Conferences

March 18 - 22, 2013

Genoa, Italy

Acceptance Rates

EDBT '13 Paper Acceptance Rate 7 of 10 submissions, 70%;

Overall Acceptance Rate 7 of 10 submissions, 70%

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

5
Total Citations
View Citations
147
Total Downloads

Downloads (Last 12 months)1
Downloads (Last 6 weeks)0

Reflects downloads up to 30 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Manotipya PGhazinour K(2020)Children’s Online Privacy from Parents’ PerspectiveProcedia Computer Science10.1016/j.procs.2020.10.026177(178-185)Online publication date: 2020
https://doi.org/10.1016/j.procs.2020.10.026
Ghazinour KScarnecchia SRabideau JPecore B(2020)A Novel Approach to Social Media Privacy Education Through Simulated Role ReversalProcedia Computer Science10.1016/j.procs.2020.10.018177(112-119)Online publication date: 2020
https://doi.org/10.1016/j.procs.2020.10.018
Mohzary MTadisetty SGhazinour K(2020)A Privacy Protection Layer for Wearable DevicesFoundations and Practice of Security10.1007/978-3-030-45371-8_24(363-370)Online publication date: 17-Apr-2020
https://doi.org/10.1007/978-3-030-45371-8_24
Ghazinour KShirima EParne VBhoomReddy A(2017)A Model to Protect Sharing Sensitive Information in Smart WatchesProcedia Computer Science10.1016/j.procs.2017.08.322113(105-112)Online publication date: 2017
https://doi.org/10.1016/j.procs.2017.08.322
Ghazinour KRazavi ABarker K(2014)A Model for Privacy Compromisation ValueProcedia Computer Science10.1016/j.procs.2014.08.02337(143-152)Online publication date: 2014
https://doi.org/10.1016/j.procs.2014.08.023

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

A Lattice-Based Privacy Aware Access Control Model

User privacy-preserving identity data dependencies

Achieving Privacy in a Federated Identity Management System