Article

Semantic Framework for Managing Privacy Policies in Ambient Intelligence

Authors:
To read the full-text of this research, you can request a copy directly from the author.

Abstract

This thesis aims at proposing a semantic framework that integrates a meta-model and reasoning tools allowing any ubiquitous system designer to easily implement mechanisms to manage privacy policies. The proposed framework includes a generic middleware architecture that provides components to define, manage and monitor the implementation of privacy policies. Our approach is an hybrid one based on Model-Driven Engineering and a reasoning based on ontologies and inference rules operating on the assumption of the closed world. The proposed meta-model is characterized by a high level of abstraction and expressiveness to define privacy policies management regardless of the domain application and can be adapted to different contexts. It defines, also, a conceptual framework for generic decidable modelling rules to make consistent control decisions on user privacy. These model rules are implemented using the SmartRules language that could implement an adaptive control. The latter is based on a non-monotonic reasoning and representation of instances of concepts according to the unique name assumption. We have validated the proposed semantic framework through a typical scenario that implements support ambient intelligence privacy-aware services for elderly.

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the author.

... For this reason, MOF specifications (see section 7.1) point out that MOF and other OMG standards should not have the perceived rigidness of a 4-layered meta-model architecture, since some other standards use a smaller number of layers. Moreover, while there are typically up to four meta-levels, (Mabrouki, 2015) states that some standards may have even more than 4 layers. ...
Thesis
Many users of multi-agent systems (MAS) are very commonly discouraged to model and simulate using current MAS platforms. More specifically, modeling the dynamics of a system (in particular the agent's behaviors) is very often a challenge to users of MAS. That issue is more often observed in the domain of socio-ecological systems (SES), because SES domain experts are rarely programmers. Indeed,the majority of MAS platforms were not conceived taking into consideration domain-experts that are non-programmers. Most of the current MAS tools are not dedicated to SES, or they do not possess an easily understandable formalism to represent behaviors of agents. Moreover, because it is platform-dependent, a model realized in a MAS platform cannot be properly used in another platform due to incompatibility between MAS platforms. To overcome these limitations, we propose a domain-specific language (DSL) to describe the behaviors of reactive agents, regardless of the MAS platform used for simulation. To achieve that, we applied model-driven engineering (MDE), an approach that provides tools to develop DSLs from a meta-model (abstract syntax), textual editors with syntax highlighting (for the concrete syntax) and code generation capabilities (for source-code generation of a model). As a result, we implemented a language and a textual editor that allows SES domain experts to describe behaviors in three different ways that are closed to their natural expression: as equations when they are familiar to those, as a sequence of activities close to natural language or as an activity diagram to represent decisions and a sequence of behaviors using a graphic formalism. To show the generality we also developed code generators targeting two different MAS platforms (Cormas and Netlogo). We tested the code generators by implementing two SES models with the developed DSL. The generated code was targeted for both MAS platforms (Cormas and Netlogo), and successfully simulated in one of them.We conclude that the MDE approach provides adequate tools to develop DSL and code generators to facilitate MAS modeling and simulation by non-programmers. Concerning the developed DSL, although the behavioral aspect of MAS simulation is part of the complexity of modeling in MAS, there are still other essential aspects of model and simulation of MAS that are yet to be explored, such as model's initialization and points of view on the model's simulated world
Conference Paper
Full-text available
Selecting a suitable set of available software components for a component-based software system is a laborious task, often too com-plex to perform manually. We present a novel approach to automatic component selection that respects dependencies between the required components, an issue not considered by existing approaches. Our ap-proach, which utilizes semantic technologies, is based on comprehensive semantic descriptions of software components and their functionalities.
Article
Full-text available
Cloud computing environments do not allow use of a single access control mechanism, single policy language or single policy management tool for various cloud services. Currently, users must use diverse access control solutions available for each cloud service provider to secure their data. Access control policies may be composed in incompatible ways because of diverse policy languages that are maintained separately at every cloud service provider. Heterogeneity and distribution of these policies pose problems in their administration. The semantic web technologies can provide the solution to interoperability of heterogeneous cloud service providers. In this paper, we introduce a semantic-based policy management framework that is designed to give users a unified control point for managing policies that control access to their data no matter where the data is stored. We present the framework and describe its components. Furthermore, we present a proof of concept implementation and results of performance evaluation.
Article
Full-text available
In this paper, we describe NKRL ("Narrative Knowledge Representation Language"), a language designed for representing, in a standardised way, the semantic content (the 'meaning') of complex narrative texts. After having introduced informally the four 'components' (specialised sub-languages) of NKRL, we will describe (some of) the data structures proper to each of them, trying to show that the NKRL coding retains the main informational elements of the original narrative expressions. We will then focus on an important subset of NKRL, the so-called AECS sub-language, showing, in particular, that the operators of this sub-language can be used to represent some sorts of 'plural' expressions.
Article
Full-text available
Article
Full-text available
In this work, we introduce the Privacy Manager, a user interface designed to allow non- expert users to manage privacy in the envisioned era of pervasive computing. The Privacy Manager is part of the implementation of the User-centric Privacy Framework, which was introduced as a novel mechanism to enable personal privacy for the inhabitants of the smart home. The Privacy Manager interface incorporates a set of application parts designed especially to meet the requirements of user friendliness, and privacy awareness, with the goal of making privacy management an affordable task for common users. Our first prototype allows to: i) customize permissions for the disclosure of their personal data, ii) control active and passive interactions with services, iii) define obligations to be negotiated on the usage of the data, upon transmission, iv) be aware of privacy related issues such as granted and denied permissions, v) apply alternative privacy mechanisms to access control, as white lying and obfuscation, vi) adhere to enterprise privacy policies based on a contractual relationship with an enterprise or organization. Providing people with tools to control their privacy is critical to guarantee the success of pervasive computing.
Article
Full-text available
The health, education, and other service applications for robots that assist through primarily social rather than physical interaction are rapidly growing, and so is the research into such technologies. Socially assistive robotics (SAR) aims to address critical areas and gaps in care by automating supervision, coaching, motivation, and companionship aspects of one-on-one interactions with individuals from various large and growing populations, including stroke survivors, the elderly and individuals with dementia, children with autism spectrum disorders, among many others. In this way, roboticists hope to improve the standard of care for large user groups. Naturally, SAR systems pose several ethical challenges regarding their design, implementation, and deployment. This paper examines the ethical challenges of socially assistive robotics from three points of view (user, caregiver, peer) using core principles from medical ethics (autonomy, beneficence, non-maleficence, justice) to determine how intended and unintended effects of a SAR can impact the delivery of care.
Chapter
Full-text available
Advances in sensor data collection technology, such as pervasive and embedded devices, and RFID Technology have lead to a large number of smart devices which are connected to the net and continuously transmit their data over time. It has been estimated that the number of internet connected devices has overtaken the number of humans on the planet, since 2008. The collection and processing of such data leads to unprecedented challenges in mining and processing such data. Such data needs to be processed in real-time and the processing may be highly distributed in nature. Even in cases, where the data is stored offline, the size of the data is often so large and distributed, that it requires the use of big data analytical tools for processing. In addition, such data is often sensitive, and brings a number of privacy challenges associated with it. This chapter will discuss a data analytics perspective about mining and managing data associated with this phenomenon, which is now known as the internet of things.
Article
Full-text available
Context awareness, the ability to adapt to the needs of each user, is a fundamental property of pervasive computing systems. Context information is created by tracking the actions and collecting real-time user data, such as location or body temperature. As the system collects more information about its users, the quality of its context-aware services increases, and so does a potential threat to the users' privacy if the context information is compromised. This paper surveys a wide range of existing pervasive computing systems that address this complex problem, and provides a generalized classification of privacy management techniques used by these systems. A comparative analysis of the surveyed systems and their privacy features is also presented.
Article
Full-text available
Telecommunications services are for long subject to privacy regulations. At stake are traditionally: privacy of the communication and the protection of traffic data. Privacy of the communication is legally founded. Traffic data subsume under the notion of data protection and are central in the discussion. The telecommunications environment is profoundly changing. The traditionally closed markets with closed networks change into an open market with open networks. Within these open networks more privacy sensitive data are generated and have to be exchanged between growing numbers of parties. Also telecommunications and computer networks are rapidly being integrated and thus the distinction between telephony and computing disappears. Traditional telecommunications privacy regulations are revised to cover internet applications. In this paper telecommunications issues are recalled to aid the on-going debate. Cellular mobile phones have recently be introduced. Cellular networks process a particular category of traffic data namely location data, thereby introducing the issue of territorial privacy into the telecommunications domain. Location data are bound to be used for pervasive future services. Designs for future services are discussed and evaluated for their impact on privacy protection.
Conference Paper
Full-text available
A rapidly growing elder population is placing unprecedented de- mands on health care systems around the world. Cognitive decline is one of the most taxing health problems in terms of both its relation to elders' overall func- tioning and the cost of care. The needs of elders with cognitive decline - for in- visible, intuitive support and assessment - invite a reconsideration of the as- sumptions behind and specifications for ubiquitous computing solutions. This paper describes findings and implications of ethnographic research conducted with cognitively impaired individuals and their informal care networks in 45 households in 5 U.S. regions. Key themes regarding needs and barriers to suc- cessful aging are addressed through a set of design principles which apply across the stages of cognitive decline. To convey stage-specific findings and as- sociated challenges for ubiquitous computing, case studies of four representa- tive households and example concept solutions are presented. The design prin- ciples and technology challenges outlined in this paper may generalize to other contexts for ubiquitous computing.
Conference Paper
Full-text available
Design patterns are a format for capturing and sharing design knowledge. In this paper, we look at a new domain for design patterns, namely ubiquitous computing. The overall goal of this work is to aid practice by speeding up the diffusion of new interaction techniques and evaluation results from researchers, presenting the information in a form more usable to practicing designers. Towards this end, we have developed an initial and emerging pattern language for ubiquitous computing, consisting of 45 pre-patterns describing application genres, physical-virtual spaces, interaction and systems techniques for managing privacy, and techniques for fluid interactions. We evaluated the effectiveness of our pre-patterns with 16 pairs of designers in helping them design location-enhanced applications. We observed that our pre-patterns helped new and experienced designers unfamiliar with ubiquitous computing in generating and communicating ideas, and in avoiding design problems early in the design process.
Conference Paper
Full-text available
Recent years have seen a confluence of two major trends -- the increase of mobile devices such as smart phones as the primary access point to networked information and the rise of social media platforms that connect people. Their convergence supports the emergence of a new class of context-aware geosocial networking applications. While existing systems focus mostly on location, our work centers on models for representing and reasoning about a more inclusive and higher-level notion of context, including the user's location and surroundings, the presence of other people and devices, and the inferred activities in which they are engaged. A key element of our work is the use of collaborative information sharing where devices share and integrate knowledge about their context. This introduces the need for privacy and security mechanisms. We present a framework to provide users with appropriate levels of privacy to protect the personal information their mobile devices are collecting, including the inferences that can be drawn from the information. We use Semantic Web technologies to specify high-level, declarative policies that describe user information sharing preferences. We have built a prototype system that aggregates information from a variety of sensors on the phone, online sources, and sources internal to the campus intranet, and infers the dynamic user context. We show how our policy framework can be effectively used to devise better privacy control mechanisms to control information flow between users in such dynamic mobile systems.
Conference Paper
Full-text available
As an emerging solution to the handling of complex and evolving software systems, Model Driven Engineering (MDE) is still very much in evolution. The industrial demand is quite high while the research answer for a sound set of foundation principles is still far from being stabilized. Therefore it is important to provide a current state of the art in MDE, describing what its origins are, what its present state is, and where it seems to be presently leading. One important question is how MDE relates to other contemporary technologies. This tutorial proposes the ”technical space” concept to this purpose. The two main objectives are to present first the basic MDE principles and second how these principles may be mapped onto modern platform support. Other issues that will be discussed are the applicability of these ideas, concepts, and tools to solve current practical problems. Various organizations and companies (OMG, IBM, Microsoft, etc.) are currently proposing several environments claiming to support MDE. Among these, the OMG MDATM(Model Driven Architecture) has a special place since it was historically one of the original proposals in this area. This work focuses on the identification of basic MDE principles, practical characteristics of MDE (direct representation, automation, and open standards), original MDE scenarios, and discussions of suitable tools and methods.
Conference Paper
Full-text available
In this paper, we present evidence that although current models for introduction of robotic companions stress individual encounters, a social community alternative is promising. This argument emerges from an experiment we conducted with a small interactive robot at two local nursing homes. Here we give a brief introduction to the robot and our experience at the homes. We compare the robot used to a semi-robotic toy whose use initially suggested to us the benefits of social community models in the presentation of robotics to the elderly. We find that even where individual encounters are significant, sensitivity to social dimensions improve the benefits of these encounters
Conference Paper
Full-text available
Enterprise privacy policies often reflect different legal regulations, promises made to customers, as well as more restrictive enterprise-internal practices. The notion of policy refinement is fundamental for privacy policies, as it allows one to check whether a company's policy fulfills regulations or adheres to standards set by customer organizations, to realize the "sticky policy paradigm" that addresses transferring data from one realm to another in a privacy-preserving way, and much more. Although well-established in theory, the problem of how to efficiently check whether one policy refines another has been left open in the privacy policy literature. We present a practical algorithm for this task, concentrating on those aspects that make refinement of privacy policies more difficult than, for example refinement for access control policies, such as a more sophisticated treatment of deny rules and a suitable way for dealing with obligations and conditions on context information.
Conference Paper
Full-text available
It is not well understood how privacy concern and trust influence social interactions within social networking sites. An online survey of two popular social networking sites, Facebook and MySpace, compared perceptions of trust and privacy concern, along with willingness to share information and develop new relationships. Members of both sites reported similar levels of privacy concern. Facebook members expressed significantly greater trust in both Facebook and its members, and were more willing to share identifying information. Even so, MySpace members reported significantly more experience using the site to meet new people. These results suggest that in online interaction, trust is not as necessary in the building of new relationships as it is in face to face encounters. They also show that in an online site, the existence of trust and the willingness to share information do not automatically translate into new social interaction. This study demonstrates online relationships can develop in sites where perceived trust and privacy safeguards are weak.
Conference Paper
Full-text available
The balance between privacy and security concerns is a hotly debated topic, especially as government (and private) entities are able to gather and analyze data from several disparate sources with ease. This ability to do large scale analytics of publicly accessible data leads to significant privacy concerns. In particular, for the government, there is the fear of a fishing expedition against individuals. The model in this paper describes a way to address these concerns in a multi-user and multi-database owner environment. The model provides an assurance system where database owners are able to test and audit the assurances given by users thereby increasing the trust in the system. The concept of segregating data used for processing from data needed for final end use and providing different levels of access to them through a mediator machine has been used. The audit component consisting of a justification mechanism increases the trust in the system.
Conference Paper
Full-text available
Role-based access control (RBAC) is a promising alternative to traditional discretionary access control (DAC) and mandatory access control (MAC). The central idea of RBAC is that permissions are associated with roles, and users are made members of appropriate roles thereby acquiring the roles' permissions. RBAC is policy neutral in that the precise policy being enforced is a consequence of how various components of RBAC - such as role hierarchies, constraints and administration of user-role and role-permission assignment - are configured. This raises the important question as to whether RBAC is sufficiently powerful to simulate DAC and MAC. Simulation of MAC in RBAC has been demonstrated earlier by Nyanchama and Osborn and by Sandhu. In this paper we demonstrate how to simulate several variations of DAC in RBAC, using the well-known RBAC96 model of Sandhu et al. In combination with earlier work we conclude that RBAC encompasses both MAC and DAC.
Article
Full-text available
Information systems security issues are currently being addressed using dierent techniques, such as authentication, encryption and access con- trol, through the definition of security policies, but also using monitoring techniques, in particular intrusion detection systems. We can observe that security monitoring is currently totally decorrelated from security policies, that is security requirements are not linked with the means used to control their fulfillment. Most of the time, security operators have to analyze monitoring results and manually react to provide countermea- sures to threats compromising the security policy. The response process is far from trivial, since it both relies on the relevance of the threat anal- ysis and on the adequacy of the selected countermeasures. In this paper, we present an approach aiming at connecting monitoring techniques with security policy management in order to provide response to threat. We propose an architecture allowing to dynamically and automatically deploy a generic security policy into concrete policy instances taking into account the threat level characterized thanks to intrusion detection systems. Such an approach provides means to bridge the gap between existing detection approaches and new requirements, which clearly deal with the develop- ment of intrusion prevention systems, enabling a better protection of the resources and services.
Article
Ambient intelligence, ubiquitous and networked robots, and cloud robotics are new research hot topics that have started to gain popularity among the robotics community. They enable robots to acquire richer functionalities and open the way for the composition of a variety of robotic services with three functions: semantic perception, reasoning and actuation. Ubiquitous robots (ubirobots) overcome the limitations of stand-alone robots by integrating them with web services and ambient intelligence technologies. The overlap that exists now between ubirobots and ambient intelligence makes their integration worthwhile. It targets to create a hybrid physical-digital space rich with a myriad of proactive intelligent services that enhance the quality and the way of our living and working. Furthermore, the emergence of cloud computing initiates the massive use of a new generation of ubirobots that enrich their cognitive capabilities and share their knowledge by connecting themselves to cloud infrastructures. The future of ubirobots will certainly be open to an unlimited space of applications such as physical and virtual companions assisting people in their daily living, ubirobots that are able to co-work alongside people and cooperate with them in the same environment, and physical and virtual autonomic guards that are able to protect people, monitor their security and safety, and rescue them in indoor and outdoor spaces. This paper introduces the recent challenges and future trends on these topics.
Article
In this chapter we provide definitions of security concepts and relations between them as used in this book. On the one hand these are required as many different definitions are used in security literature. A clarification of the relations between the concepts helps to get a better understanding of the overall concept “security”. On the other hand the development of such a “security ontology” enables the automated processing of security-related information. As such, we consider a security ontology as an important prerequisite for specifying security patterns and improve their applications in the security domain.
Article
A fundamental measure of progress in computing involves rendering it as an inseparable part of our everyday experience while simultaneously making it disappear [2]. Radical improvements in microprocessor cost-performance ratios have pushed this process forward while drastically reducing computing-device form factors, enabling us to embed computers in many parts of our environments. In 40 years this change has transformed the early large "computing machines" into compact devices that enable, mediate, support, and organize our daily activities.
Article
This document defines a framework for authorization policies controlling access to application-specific data. This framework combines common location- and presence-specific authorization aspects. An XML schema specifies the language in which common policy rules are represented. The common policy framework can be extended to other application domains.
Article
Gigantically comprehensive and carefully researched, Security Engineering makes it clear just how difficult it is to protect information systems from corruption, eavesdropping, unauthorized use, and general malice. Better, Ross Anderson offers a lot of thoughts on how information can be made more secure (though probably not absolutely secure, at least not forever) with the help of both technologies and management strategies. His work makes fascinating reading and will no doubt inspire considerable doubt--fear is probably a better choice of words--in anyone with information to gather, protect, or make decisions about. Be aware: This is absolutely not a book solely about computers, with yet another explanation of Alice and Bob and how they exchange public keys in order to exchange messages in secret. Anderson explores, for example, the ingenious ways in which European truck drivers defeat their vehicles' speed-logging equipment. In another section, he shows how the end of the cold war brought on a decline in defenses against radio-frequency monitoring (radio frequencies can be used to determine, at a distance, what's going on in systems--bank teller machines, say), and how similar technology can be used to reverse-engineer the calculations that go on inside smart cards. In almost 600 pages of riveting detail, Anderson warns us not to be seduced by the latest defensive technologies, never to underestimate human ingenuity, and always use common sense in defending valuables. A terrific read for security professionals and general readers alike. --David Wall Topics covered: How some people go about protecting valuable things (particularly, but not exclusively, information) and how other people go about getting it anyway. Mostly, this takes the form of essays (about, for example, how the U.S. Air Force keeps its nukes out of the wrong hands) and stories (one of which tells of an art thief who defeated the latest technology by hiding in a closet). Sections deal with technologies, policies, psychology, and legal matters.
Article
Cloud computing, privacy, design Privacy is an important issue for cloud computing, both in terms of legal compliance and user trust, and needs to be considered at every phase of design. In this paper the privacy challenges that software engineers face when targeting the cloud as their production environment to offer services are assessed, and key design principles to address these are suggested. Abstract Privacy is an important issue for cloud computing, both in terms of legal compliance and user trust, and needs to be considered at every phase of design. In this paper the privacy challenges that software engineers face when targeting the cloud as their production environment to offer services are assessed, and key design principles to address these are suggested.
Article
This paper analyzes ethical aspects of the new paradigm of Ambient Intelligence, which is a combination of Ubiquitous Computing and Intelligent User Interfaces (IUI’s). After an introduction to the approach, two key ethical dimensions will be analyzed: freedom and privacy. It is argued that Ambient Intelligence, though often designed to enhance freedom and control, has the potential to limit freedom and autonomy as well. Ambient Intelligence also harbors great privacy risks, and these are explored as well.
Article
This is a literature survey of computational location privacy, meaning computation-based privacy mechanisms that treat location data as geometric information. This definition includes privacy-preserving algorithms like anonymity and obfuscation as well as privacy-breaking algorithms that exploit the geometric nature of the data. The survey omits non-computational techniques like manually inspecting geotagged photos, and it omits techniques like encryption or access control that treat location data as general symbols. The paper reviews studies of peoples’ attitudes about location privacy, computational threats on leaked location data, and computational countermeasures for mitigating these threats.
Conference Paper
In this paper, we present a policy based infrastructure for social data access with the goal of enabling scientific research, while preserving privacy. We describe motivating application scenarios that could be enabled with the growing number of user datasets such as social networks and medical datasets. These datasets contain sensitive user information and sufficient caution must be exercised while sharing them with third parties to prevent privacy leaks. One of the goals of our framework is to allow users to control how their data is used, while at the same time enable researchers to use the aggregate data for scientific research. We extend existing access control languages to explicitly model user intent in data sharing as well as supporting additional access modes viz. Complete Access, Abstract Access and Statistical Access that go beyond the traditional allow/deny binary semantics of access control. We then describe our policy infrastructure and show how it can be used to enable the above scenarios while still guaranteeing individual privacy. We then present our initial implementation of the framework extending the SecPAL authorization language to account for new roles and operations.
Article
The success of ambient intelligence (AmI) will depend on how secure it can be made, how privacy and other rights of individuals can be protected and how individuals can come to trust the intelligent world that surrounds them and through which they move. This article addresses these issues by analysing scenarios for ambient intelligence applications that have been developed over the last few years. It elaborates the assumptions that promotors make about the likely use of the technology and possibly unwanted side effects. It concludes with a number of threats for personal privacy that become evident.
Conference Paper
Web search logs are of growing importance to researchers as they help understanding search behavior and search engine performance. However, search logs typically contain sensitive information about users and therefore considerable caution must be exercised when considering releasing the logs to the research community. Current approaches to releasing search logs focus on either protecting the privacy of users or enhancing the utility of data to researchers. In this work, we address the privacy-utility tradeoff by providing safe access to search logs, instead of releasing them. We propose a policy based safe interactive framework built on semantic policies and differential privacy to allow researchers access to search logs, while maintaining the privacy of the users. Semantic policies are used to infer the higher levels of information that can be mined from a dataset based on the fields accessed by a researcher. The accessed fields are then used to build research profile(s) that guide the amount of privacy to be enforced using differential privacy. We show the additional utility that can be obtained in our framework by two demonstrative experiments that involve access to user level information. Our results indicate that valid research can be conducted in our framework without forgoing the privacy of individuals.
Conference Paper
The extensive context information collection abilities of ubiquitous computing environments represent a significant threat to user privacy. In this paper we address this threat by introducing a context information privacy mechanism. Our approach relies on context-dependent ownership definitions and context owner-specified privacy preferences to control context disclosure to third-parties. These privacy preferences enable context owners to stipulate not only to whom their context information can be disclosed and the conditions of disclosure, but also the level of detail at which the context information can be disclosed. Context information that cannot be disclosed at its existing level of detail is obfuscated to meet detail level requirements stipulated by its owner. To achieve this obfuscation of context information we introduce a new approach based on dynamic discovery and processing of context sources. Our new approach is demonstrated in a Context Management System in which context source discovery and processing is facilitated by the SensorML sensor description standard being developed by the Open Geospatial Consortium.
Conference Paper
Many modern enterprises require methods for guaranteeing compliance with privacy legislation and announced privacy policies. IBM has proposed a formal language, the Enterprise Privacy Authorization Language (EPAL), for describing privacy policies rigorously. In this paper, we identify four desirable properties of a privacy policy language: guaranteed consistency, guaranteed safety, admitting local reasoning, and closure under combination. While EPAL achieves only one of these four goals, an extended language framework allows us to achieve three out of four, while retaining the basic EPAL framework of restricting access and imposing obligations on users of confidential information.
Conference Paper
Participation in social networking sites has dramatically increased in recent years. Services such as Friendster, Tribe, or the Facebook allow millions of individuals to create online profiles and share personal information with vast networks of friends - and, often, unknown numbers of strangers. In this paper we study patterns of information revelation in online social networks and their privacy implications. We analyze the online behavior of more than 4,000 Carnegie Mellon University students who have joined a popular social networking site catered to colleges. We evaluate the amount of information they disclose and study their usage of the site's privacy settings. We highlight potential attacks on various aspects of their privacy, and we show that only a minimal percentage of users changes the highly permeable privacy preferences.
Conference Paper
Context-aware applications can better meet users' needs when sensing agents installed in the environment automatically provide input relevant to the application. However, this non-intrusive context usage may cause privacy concerns since sensitive user data could be leaked to unauthorized parties. Therefore, data privacy protection becomes one of the major issues for context-aware applications. In this paper, in order to provide services based on various levels of privacy concerns, we extend the Platform for Privacy Preferences of W3C and define a specification for representing user privacy preferences for context-aware applications. We also propose a privacy infrastructure, which could be installed as a plug-in service for middleware supporting context-aware applications. This infrastructure enables the middleware to automatically generate a privacy policy and the user preference file according to the current context. The middleware simply matches these two files to decide whether to proceed with the application. We demonstrate the efficacy of this approach through a prototype implementation.
Conference Paper
In spite of the fact that many of the proposed context awareness frameworks allow scalability and dynamic interaction with heterogeneous devices disseminated in the environment, very often they are not able to fully profit from the semantic technology to supervise and manage the environment. Indeed, using ontologies allows us to integrate information coming from heterogeneous sources and to share it easily. The most important challenge to face in this context is how the system can understand easily the behavior and context events handled by all the actors (person, robot, actuators, sensors …etc.) to take an adequate decision. The work presented here shows how the semantic reasoning framework used in the SEMbySEM European project, based on the use of a new semantic language (a "µConcept Knowledge Representation Language") built up on top of RDF(S) and of the corresponding "µConcept Rule Language may facilitate reasoning and acting upon heterogeneous context sources, allowing their 'intelligent' monitoring and management and their dynamic visualization. For the validation of the proposed concepts and models, a concrete scenario dedicated to the monitoring of elderly people in smart home has been proposed and implemented. Keywords-component; pervasive Computing, heterogeneity, Complex systems, Semantic techniques, Ontologies, Reasoning,, Smart home.
Conference Paper
We show how UML (the industry standard in object-oriented modelling) can be used to express security requirements during system development. Using the extension mechanisms provided by UML, we incorporate standard concepts from formal methods regarding multi-level secure systems and security protocols. These definitions evaluate diagrams of various kinds and indicate possible vulnerabilities.On the theoretical side, this work exemplifies use of the extension mechanisms of UML and of a (simplified) formal semantics for it. A more practical aim is to enable developers (that may not be security specialists) to make use of established knowledge on security engineering through the means of a widely used notation.
Conference Paper
1.INTRODUCTION Publishing personal content on the web is gaining increased popularity with dramatic growth in social networking web-sites, and availability of cheap personal domain names and hosting services. Although the Internet enables easy pub-lishing of any content intended to be generally accessible, restricting personal content to a selected group of contacts is more di cult. Social networking websites partially enable users to restrict access to a selected group of users of the same network by explicitly creating a "friends'list. " While this limited restriction supports users'privacy on those (few) selected websites, personal websites must still largely be pro-tected manually by sharing passwords or obscure links. Our focus is the general problem of privacy-enabled web con-tent sharing from any user-chosen web server. By leverag-ing the existing "circle of trust" in popular Instant Messag-ing (IM) networks, we propose a scheme called IM-based Privacy-Enhanced Content Sharing (IMPECS) for personal web content sharing. IMPECS enables a publishing user's personal data to be accessible only to her IM contacts. A user can put her personal web page on any web server she wants (vs. being restricted to a specific social networking website), and maintain privacy of her content without re-quiring site-specific passwords. Our prototype of IMPECS required only minor modifications to an IM server, and PHP scripts on a web server. The general idea behind IMPECS extends beyond IM and IM circles of trust; any equiva-lent scheme, (ideally) containing pre-arranged groups, could similarly be leveraged.
Conference Paper
In this paper general mechanisms and syntactic restrictions are explored in order to specify and merge rule bases in the Semantic Web. Rule bases are expressed by extended logic programs having two forms of negation, namely strong (or explicit) and weak (also known as default negation or negation-as-failure). The proposed mechanisms are deflned by very simple modular program transformations, and integrate both open and closed world reasoning. These program transformations are shown to be appropriate for the two major semantics for extended logic programs: answer set semantics and well-founded semantics with explicit negation. Moreover, the results obtained by both semantics are compared.
Conference Paper
We present a modeling language for the model-driven development of secure, distributed systems based on the Unified Modeling Language (UML). Our approach is based on role-based access control with additional support for specifying authorization constraints. We show how UMLcan be used to specify information related to access control in the overall design of an application and how this information can be used to automatically generate complete access control infrastructures. Our approach can be used to improve productivity during the development of secure distributed systems and the quality of the resulting systems.