research-article

Open access

Towards a Model of User-centered Privacy Preservation

Authors:

Mike SurridgeAuthors Info & Claims

ARES '17: Proceedings of the 12th International Conference on Availability, Reliability and Security

Article No.: 91, Pages 1 - 8

https://doi.org/10.1145/3098954.3104054

Published: 29 August 2017 Publication History

Abstract

The growth in cloud-based services tailored for users means more and more personal data is being exploited, and with this comes the need to better handle user privacy. Software technologies concentrating on privacy preservation typically present a one-size fits all solution. However, users have different viewpoints of what privacy means to them and therefore, configurable and dynamic privacy preserving solutions have the potential to create useful and tailored services without breaching any user's privacy. In this paper, we present a model of user-centered privacy that can be used to analyse a service's behaviour against user preferences, such that a user can be informed of the privacy implications of that service and what fine-grained actions they can take to maintain their privacy. We show through study that the user-based privacy model can: i) provide customizable privacy aligned with user needs; and ii) identify potential privacy breaches.

References

[1]

J Bradshaw, Andrzej Uszok, Renia Jeffers, Niranjan Suri, and others. 2003. Representation and reasoning for DAML-based policy and domain services in KAoS and Nomads. In Proceedings of the second international joint conference on Autonomous agents and multiagent systems. ACM, 835--842.

Digital Library

[2]

Lisa Catanzaro, Luigi Clivati, and Brian Pickering. 2016. D8.3 -Definition and planning of healthcare trials. Technical Report. H2020 Operando Project.

[3]

David W Chadwick and Kaniz Fatema. 2012. A privacy preserving authorisation system for the cloud. J. Comput. System Sci. 78, 5 (2012), 1359--1373.

Digital Library

[4]

Michele Chinosi, Alberto Trombetta, and others. 2009. Integrating privacy policies into business processes. Journal of Research and Practice in Information Technology 41, 2 (2009), 155.

[5]

L Cranor, M Langheinrich, and M Marchiori. 2002. A P3P Preference Exchange Language. (2002).

[6]

Lorrie Faith Cranor. 2012. Necessary but not sufficient: Standardized mechanisms for privacy notice and choice. J. on Telecomm. & High Tech. L. 10 (2012), 273.

[7]

Lorrie Faith Cranor, Praveen Guduru, and Manjula Arjula. 2006. User interfaces for privacy agents. ACM Transactions on Computer-Human Interaction (TOCHI) 13, 2 (2006), 135--178.

Digital Library

[8]

Nicodemos Damianou, Naranker Dulay, and others. 2001. The ponder policy specification language. In Policies for Distributed Systems and Networks. Springer, 18--38.

Digital Library

[9]

Roger Dingledine, Nick Mathewson, and Paul Syverson. 2004. Tor: The second-generation onion router. Technical Report. DTIC Document.

Digital Library

[10]

Johnson Iyilade and Julita Vassileva. 2014. P2u: A privacy policy specification language for secondary data sharing and usage. In Security and Privacy Workshops (SPW), 2014 IEEE. IEEE, 18--22.

Digital Library

[11]

Lalana Kagal, Tim Finin, and Anupam Joshi. 2003. A policy based approach to security for the semantic web. In International Semantic Web Conference. Springer, 402--418.

Digital Library

[12]

Patrick Gage Kelley, Joanna Bresee, Lorrie Faith Cranor, and Robert W Reeder. 2009. A nutrition label for privacy. In Proceedings of the 5th Symposium on Usable Privacy and Security. ACM, 4.

Digital Library

[13]

Pranam Kolari, Li Ding, and others. 2005. Enhancing web privacy protection through declarative policies. In Policies for Distributed Systems and Networks, 2005. Sixth IEEE International Workshop on. IEEE, 57--66.

Digital Library

[14]

Tracy Ann Kosa. 2015. Towards measuring privacy. Ph.D. Dissertation. University of Ontario Institute of Technology.

[15]

Ponnurangam Kumaraguru and Lorrie Faith Cranor. 2005. Privacy indexes: a survey of Westin's studies. (2005).

[16]

Thomas Leonard, Martin Hall-May, and Michael Surridge. 2013. Modelling Access Propagation in Dynamic Systems. ACM Transactions on Information and System Security (TISSEC) 16, 2 (2013), 5.

Digital Library

[17]

Yin Hua Li, Hye-Young Paik, and Boualem Benatallah. 2006. Formal consistency verification between BPEL process and privacy policy. In Proceedings of the 2006 International Conference on Privacy, Security and Trust. ACM, 26.

Digital Library

[18]

Richard J Lipton and Lawrence Snyder. 1977. A linear time algorithm for deciding subject security. Journal of the ACM (JACM) 24, 3 (1977), 455--464.

Digital Library

[19]

Jiajun Lu, Zhiqiu Huang, and Changbo Ke. 2014. Verification of Behavior-aware Privacy Requirements in Web Services Composition. JSW 9, 4 (2014), 944--951.

[20]

Alessandra Mazzia, Kristen LeFevre, and Eytan Adar. 2012. The PViz comprehension tool for social network privacy settings. In Proceedings of the Eighth Symposium on Usable Privacy and Security. ACM, 13.

Digital Library

[21]

Aleecia M McDonald and Lorrie Faith Cranor. 2008. The cost of reading privacy policies. ISJLP 4 (2008), 543.

[22]

Toby Murray and Gavin Lowe. 2009. Analysing the information flow properties of object-capability patterns. In International Workshop on Formal Aspects in Security and Trust. Springer, 81--95.

Digital Library

[23]

Norman Sadeh, Ro Acquisti, Travis D Breaux, and others. 2013. The usable privacy policy project. (2013).

[24]

Percy Pari Salas and Padmanabhan Krishnan. 2008. Testing privacy policies using models. In Software Engineering and Formal Methods, 2008. SEFM'08. Sixth IEEE International Conference on. IEEE, 117--126.

Digital Library

[25]

Stuart Short and Samuel Paul Kaluvuri. 2011. A data-centric approach for privacy-aware business process enablement. In International IFIP Working Conference on Enterprise Interoperability. Springer, 191--203.

[26]

Fred Spiessens, Jerry den Hartog, and Sandro Etalle. 2009. Know What You Trust. Springer Berlin Heidelberg, Berlin, Heidelberg, 129--142.

Digital Library

[27]

Latanya Sweeney. 2002. k-anonymity: A model for protecting privacy. International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems 10, 05 (2002), 557--570.

Digital Library

[28]

Yang Wang, Pedro Giovanni Leon, Kevin Scott, Xiaoxuan Chen, and others. 2013. Privacy nudges for social media: an exploratory Facebook study. In Proceedings of the 22nd International Conference on World Wide Web. ACM, 763--770.

Digital Library

Cited By

Kansal AMittal N(2024)Nostalgia Hub Using MERN Stack: User-Centric Design and Privacy Preservation2024 11th International Conference on Reliability, Infocom Technologies and Optimization (Trends and Future Directions) (ICRITO)10.1109/ICRITO61523.2024.10522320(1-5)Online publication date: 14-Mar-2024
https://doi.org/10.1109/ICRITO61523.2024.10522320
Bedogni LFranceschini CMontori F(2023)A Joint Evaluation Methodology for Service Quality and User Privacy in Location Based SystemsProceedings of the 2023 ACM Conference on Information Technology for Social Good10.1145/3582515.3609524(110-116)Online publication date: 6-Sep-2023
https://dl.acm.org/doi/10.1145/3582515.3609524
Rivadeneira JSá Silva JColomo-Palacios RRodrigues ABoavida F(2023)User-centric privacy preserving models for a new era of the Internet of ThingsJournal of Network and Computer Applications10.1016/j.jnca.2023.103695217:COnline publication date: 1-Aug-2023
https://dl.acm.org/doi/10.1016/j.jnca.2023.103695
Show More Cited By

Index Terms

Towards a Model of User-centered Privacy Preservation

Recommendations

Privacy-preserving data sharing in cloud computing

Storing and sharing databases in the cloud of computers raise serious concern of individual privacy. We consider two kinds of privacy risk: presence leakage, by which the attackers can explicitly identify individuals in (or not in) the database, and ...
Privacy Preservation through Uniformity
WiSec '18: Proceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks

Inter-vehicle communications disclose rich information about vehicle whereabouts. Pseudonymous authentication secures communication while enhancing user privacy thanks to a set of anonymized certificates, termed pseudonyms. Vehicles switch the ...
User interfaces for privacy agents

Most people do not often read privacy policies because they tend to be long and difficult to understand. The Platform for Privacy Preferences (P3P) addresses this problem by providing a standard machine-readable format for website privacy policies. P3P ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

ARES '17: Proceedings of the 12th International Conference on Availability, Reliability and Security

August 2017

853 pages

ISBN:9781450352574

DOI:10.1145/3098954

Copyright © 2017 Owner/Author.

This work is licensed under a Creative Commons Attribution-ShareAlike International 4.0 License.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 29 August 2017

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Funding Sources

Horizon 2020 Framework Programme

Conference

ARES '17

ARES '17: International Conference on Availability, Reliability and Security

August 29 - September 1, 2017

Reggio Calabria, Italy

Acceptance Rates

ARES '17 Paper Acceptance Rate 100 of 191 submissions, 52%;

Overall Acceptance Rate 228 of 451 submissions, 51%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

11
Total Citations
View Citations
520
Total Downloads

Downloads (Last 12 months)132
Downloads (Last 6 weeks)35

Reflects downloads up to 25 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Kansal AMittal N(2024)Nostalgia Hub Using MERN Stack: User-Centric Design and Privacy Preservation2024 11th International Conference on Reliability, Infocom Technologies and Optimization (Trends and Future Directions) (ICRITO)10.1109/ICRITO61523.2024.10522320(1-5)Online publication date: 14-Mar-2024
https://doi.org/10.1109/ICRITO61523.2024.10522320
Bedogni LFranceschini CMontori F(2023)A Joint Evaluation Methodology for Service Quality and User Privacy in Location Based SystemsProceedings of the 2023 ACM Conference on Information Technology for Social Good10.1145/3582515.3609524(110-116)Online publication date: 6-Sep-2023
https://dl.acm.org/doi/10.1145/3582515.3609524
Rivadeneira JSá Silva JColomo-Palacios RRodrigues ABoavida F(2023)User-centric privacy preserving models for a new era of the Internet of ThingsJournal of Network and Computer Applications10.1016/j.jnca.2023.103695217:COnline publication date: 1-Aug-2023
https://dl.acm.org/doi/10.1016/j.jnca.2023.103695
Shrestha SIrby EThapa RDas S(2022)SoK: A Systematic Literature Review of Bluetooth Security Threats and Mitigation MeasuresEmerging Information Security and Applications10.1007/978-3-030-93956-4_7(108-127)Online publication date: 12-Jan-2022
https://doi.org/10.1007/978-3-030-93956-4_7
Mehdy AMehrpouyan H(2021)Modeling of Personalized Privacy Disclosure Behavior: A Formal Method ApproachProceedings of the 16th International Conference on Availability, Reliability and Security10.1145/3465481.3470102(1-13)Online publication date: 17-Aug-2021
https://dl.acm.org/doi/10.1145/3465481.3470102
Joshaghani RBlack SSherman EMehrpouyan HDesai BAnagnostopoulos DManolopoulos YNikolaidou M(2019)Formal specification and verification of user-centric privacy policies for ubiquitous systemsProceedings of the 23rd International Database Applications & Engineering Symposium10.1145/3331076.3331105(1-10)Online publication date: 10-Jun-2019
https://dl.acm.org/doi/10.1145/3331076.3331105
Islam TBecker IPosner REkblom PMcGuire MBorrion HLi S(2019)A Socio-Technical and Co-evolutionary Framework for Reducing Human-Related Risks in Cyber Security and Cybercrime EcosystemsDependability in Sensor, Cloud, and Big Data Systems and Applications10.1007/978-981-15-1304-6_22(277-293)Online publication date: 5-Nov-2019
https://doi.org/10.1007/978-981-15-1304-6_22
Michael JKoschmider AMannhardt FBaracaldo NRumpe B(2019)User-Centered and Privacy-Driven Process Mining System Design for IoTInformation Systems Engineering in Responsible Information Systems10.1007/978-3-030-21297-1_17(194-206)Online publication date: 23-May-2019
https://doi.org/10.1007/978-3-030-21297-1_17
Rooney VFoley SCarvalho MBishop MSomayaji APieters WMannan M(2018)An Online Consent Maturity ModelProceedings of the New Security Paradigms Workshop10.1145/3285002.3285003(64-79)Online publication date: 28-Aug-2018
https://dl.acm.org/doi/10.1145/3285002.3285003
Grace PBurns DNeumann GPickering BMelas PSurridge M(2018)Identifying Privacy Risks in Distributed Data Services: A Model-Driven Approach2018 IEEE 38th International Conference on Distributed Computing Systems (ICDCS)10.1109/ICDCS.2018.00157(1513-1518)Online publication date: Jul-2018
https://doi.org/10.1109/ICDCS.2018.00157
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents