Abstract
There are a variety of well-known models for access control developed for purposes like formally modeling the access rights on files, databases, and web resources. However, the existing models provide an inadequate representation of a number of concepts that are important when modeling privacy rights in distributed systems. We present an analog of the access control matrix designed to model such concepts. Our formalism, which we call a privacy system, empashizes the management of data and actions that affect the privacy of subjects. We motivate privacy systems, describe them mathematically, and illustrate their value in an architecture based on Personal Digital Rights Management (PDRM), which uses DRM concepts as a foundation for the specification and negotiation of privacy rights. This illustration is carried out throuh a case study of a privacy-respecting system for location based services. Our prototype, which we call AdLoc, manages advertising interupts on PDAs based on their location as determined by WiFi sightings in accordance with contracts written in the DRM language XrML.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
HR 122. Wireless telephone spam protection act
HR 71. The wireless privacy protection act
Blaze, M., Feigenbaum, J., Lacy, J.: Decentralized trust management. In: Proceedings on IEEE Symposium on Security and Privacy (1996)
Electronic Privacy Information Center and Junkbusters. Pretty poor privacy: An assessment of P3P and internet privacy (2000), http://www.epic.org/reports/prettypoorprivacy.html
Clarke, R.: Platform for Privacy Preferences: A critique (1998), http://www.anu.edu.au/people/Roger.Clarke/DV/P3PCrit.html
US Dept of Health and Human Services. Standards for privacy of individually identiable health information (2002), www.hhs.gov/ocr/hipaa/nalreg.html
Fahlman, S.E.: Selling interrupt rights: a way to control unwanted e-mail and telephone calls. IBM Systems Journal 41(4), 759–766 (2002)
Graham, G.S., Denning, P.J.: Protection: Principles and Practices. In: Proceedings of the AFIPS Spring Joint Computer Conference, pp. 417–429 (1972)
Harrison, M.H., Ruzzo, W.L., Ullman, J.D.: Protection in operating systems. Communications of the ACM 19(8), 461–471 (1976)
Lampson, B.W.: Protection. In: 5th Princeton Symposium on Information Science and Systems (1971); Reprinted in ACM Operating Systems Review 8(1), 18-24 (1974)
Li, N., Mitchell, J.C., Winsborough, W.H.: Design of a role-based trust management framework. In: Proc. IEEE Symposium on Security and Privacy, Oakland (May 2002)
Park, J., Sandhu, R.: Towards usage control models: beyond traditional access control. In: Proceedings of the seventh ACM symposium on Access control models and technologies, pp. 57–64. ACM Press, New York (2002)
Schulzrinne, H., Morris, J., Tschofenig, H., Cuellar, J., Polk, J.: Policy rules for disclosure and modification of geographic information - draft-ietf-geopriv-policy-00.txt. Work in progress (2003)
Snekkenes, E.: Concepts for personal location privacy policies. In: Proceedings of the 3rd ACM conference on Electronic Commerce, pp. 48–57. ACM Press, New York (2001)
Thibadeau, R.: A critique of P3P: Privacy on the Web (2000), http://dollar.ecom.cmu.edu/p3pcritique/
Titkov, L., Poslad, S., Tan, J.J.: Enforcing privacy via brokering within nomadic environment. In: AT2AI-4 (2004)
W3C. The Platform for Privacy Preferences 1.0 (P3P1.0) (2001), http://www.w3c.org/P3P
Warren, S.D., Brandeis, L.D.: The right to privacy. IV(5) (December 1890)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Gunter, C.A., May, M.J., Stubblebine, S.G. (2005). A Formal Privacy System and Its Application to Location Based Services. In: Martin, D., Serjantov, A. (eds) Privacy Enhancing Technologies. PET 2004. Lecture Notes in Computer Science, vol 3424. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11423409_17
Download citation
DOI: https://doi.org/10.1007/11423409_17
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-26203-9
Online ISBN: 978-3-540-31960-3
eBook Packages: Computer ScienceComputer Science (R0)