research-article

Dynamic inference control in privacy preference enforcement

Authors:

Dawn Jutla, and

Nick CerconeAuthors Info & Claims

PST '06: Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services

October 2006

Article No.: 24, Pages 1 - 10

https://doi.org/10.1145/1501434.1501464

Published: 30 October 2006 Publication History

Abstract

In pervasive (ubiquitous) environments, context-aware agents are used to obtain, understand, and share local contexts with each other so that the environments could be integrated seamlessly. Context sharing among agents should be made privacy-conscious. Privacy preferences are generally specified to regulate the exchange of the contexts, where who have rights under what conditions to have what contexts are designated. However, released contexts could be used to infer those unreleased. In particular, different contexts released could endanger the security of different contexts unreleased. The existing privacy preference specification platforms do not have a mechanism to prevent inference. To date, there have been very few inference control mechanisms specifically tailored to context management in pervasive (ubiquitous) environments. A Bayesian network based mechanism has been proposed to prevent privacy-sensitive contexts from being inferred from those to be released. Nevertheless, contexts in pervasive (ubiquitous) environments could change from time to time and are history dependent. In this paper, we propose to use dynamic Bayesian networks to track the most updated beliefs of the adversaries about the dynamic domains in order to evaluate which contexts in the domains could be released safely in various situations.

References

[1]

R. Agrawal, J. Kieman, R. Srikant, and Y. Xu. An XPath-based preference language for P3P. In Proceedings of the 12th International WWW Conference (WWW'03), Budapest, Hungary, May 2003.

Digital Library

[2]

X. An, D. Jutla, and N. Cercone. Auditing and inference control in ubiquitous environments. Technical report, Faculty of Computer Science, Dalhousie University, Halifax, NS, Canada, 2006.

[3]

L. Ardissono, P. Brna, and A. Mitrovic, editors. A comparison of HMMs and dynamic Bayesian networks for recognizing office activities, volume 3538 of Lecture Notes in Computer Science (LNCS), Edinburgh, Scotland, UK, July 24--29 2005. Springer.

[4]

L. L. Beck. A security mechanism for statistical databases. ACM Transactions on Database Systems, 5(3):316--338, 1980.

Digital Library

[5]

J. Biskup. For unknown secrecies refusal is better than lying. Data & Knowledge Engineering, 33:1--24, 2000.

Digital Library

[6]

J. Biskup and P. A. Bonatti. Lying versus refusal for known potential secrets. Data & Knowledge Engineering, 38:199--222, 2001.

Digital Library

[7]

J. Biskup and P. A. Bonatti. Controlled query evaluation for known policies by combing lying and refusal. Annals of Mathematics and Artificial Intelligence, 40(1--2):37--62, 2004.

Digital Library

[8]

X. Boyen. Inference and Learning in Complex Stochastic Processes. PhD thesis, Computer Science Department, Stanford University, Stanford, CA, USA, 2002.

[9]

H. Chen, T. Finin, and A. Joshi. An ontology for context-aware pervasive computing environments. Knowledge Engineering Review, Special Issue on Ontologies for Distributed Systems, 18(3):197--207, May 2004.

Digital Library

[10]

F. Y. Chin and G. Özsoyoglu. Auditing and inference control in statistical databases. IEEE Transactions on Software Engineering, 8(6):574--582, 1982.

Digital Library

[11]

J. Clark and S. DeRose. XML Path language (XPath) Version 1.0. Technical report, W3C Recommendation, http://www.w3.org/TR/xpath, November 1999.

[12]

L. H. Cox. Suppression methodology and statistical disclosure control. Journal of the American Statistical Association, 75(370):377--385, 1980.

[13]

L. Cranor, M. Langheinrich, and M. Marchiori. A P3P preference exchange language 1.0 (APPEL 1.0). Technical report, W3C Working Draft, http://www.w3.org/TR/P3P-preference, April 2002.

[14]

L. Cranor, M. Langheinrich, M. Marchiori, M. Presler-Marshall, and J. Reagle. The platform for privacy preferences 1.0 (P3P 1.0) specification. Technical report, W3C Recommendation, http://www.w3.org/TR/P3P, April 2002.

[15]

F. Cuppens and A. Gabillon. Logical foundations of multilevel databases. Data & Knowledge Engineering, 29(3):199--222, 1999.

Digital Library

[16]

P. Dagum, A. Galper, E. Horvitz, and A. Seiver. Uncertain reasoning and forescasting. International Journal of Forecasting, 11(1):73--87, 1995.

[17]

A. Darwiche. Constant space reasoning in dynamic Bayesian networks. International Journal of Approximate Reasoning, 26:161--178, 2001.

[18]

N. Davies and H. W. Gellersen. Beyond prototypes: Challenges in deploying ubiquitous systems. IEEE Pervasive Computing, 1(1):26--35, 2002.

Digital Library

[19]

T. Dean and K. Kanazawa. Probabilistic temporal reasoning. In Proceedings of the 7th National Conference on Artificial Intelligence (AAAI-1988), pages 524--528, St. Paul, Minnesota, 1988. AAAI Press.

[20]

A. P. Dempster. Upper and lower probabilities induced by a multivalued mapping. Annual Mathematical Statistics, 38:325--339, 1967.

[21]

D. Denning. Secure statistical databases with random sample queries. ACM Transactions on Database Systems, 5(3):291--315, September 1980.

Digital Library

[22]

D. E. Denning, P. J. Denning, and M. D. Schwartz. The tracker: a threat to statistical database security. ACM Transactions on Database Systems, 4(1):76--96, 1979.

Digital Library

[23]

D. E. Denning and J. Schlörer. Inference control for statistical databases. IEEE Computer, 16(7):69--82, 1983.

Digital Library

[24]

A. Dey. Understanding and using context. Personal and Ubiquitous Computing, 5(1):4--7, 2001.

Digital Library

[25]

A. Dey, J. Mankoff, G. Abowd, and S. Carter. Distributed mediation of ambiguous context in aware environments. In M. Beaudouin-Lafon, editor, Proceedings of the 15th Annual ACM Symposium on User Interface Software and Technology (UIST'02), pages 121--130, Paris, France, October 27--30 2002. ACM Press.

Digital Library

[26]

C. Díaz, S. Seys, J. Claessens, and B. Preneel. Towards measuring anonymity. In H. Federath, editor, Proceedings of the 2nd Workshop on Privacy Enhancing Technologies (PET'02), volume 2482 of LNCS, pages 54--68, San Francisco, CA, April 14--15 2002. Springer-Verlag.

Digital Library

[27]

D. Dobkin, A. Jones, and R. Lipton. Secure databases: Protection against user influence. ACM Transactions on Database Systems, 4(1):97--106, March 1979.

Digital Library

[28]

N. Dojer, A. Gambin, A. Mizera, B. Wilczynski, and J. Tiuryn. Applying dynamic Bayesian networks to perturbed gene expression data. BMC Bioinformatics, 7, 2006.

[29]

D. Dubois, J. Lang, and H. Prade. Automated reasoning using possibilistic logic: semantics, belief revision, and variable certainty weights. IEEE Transactions on Knowledge and Data Engineering, 6(1):64--71, 1994.

Digital Library

[30]

I. Fellegi. On the question fo statistical confidentiality. Journal of American Statistical Association, 67(337):7--18, March 1972.

[31]

N. Friedman, K. Murphy, and S. Russell. Learning the structure of dynamic probabilistic networks. In G. F. Cooper and S. Moral, editors, Proceedings of the 14th Conference on Uncertainty in Artificial Intelligence (UAI-1998), Madison, WI, USA, 1998. Morgan Kaufmann Publishers.

Digital Library

[32]

F. L. Gandon and N. M. Sadeh. Semantic web technologies to reconcile privacy and context awareness. Journal of Web Semantics, 1(3), 2005.

[33]

Z. Ghahramani. Learning dynamic Bayesian networks. In Adaptive Processing of Sequences and Data Structures, volume 1387 of Lecture Notes in Artificial Intelligence, pages 168--197. Springer-Verlag, 1998.

Digital Library

[34]

T. Gu, H. K. Peng, and D. Q. Zhang. A Bayesian approach for dealing with uncertain contexts. In Proceedings of the Second International Conference on Pervasive Computing (Pervasive'04), Vienna, Austria, April 2004. Austrian Computer Society.

[35]

P. Haddawy. An overview of some recent developments in Bayesian problem solving techniques. AI Magazine, 20(2):11--19, 1999.

[36]

G. Hogben. P3P using the semantic web (OWL ontology, RDF policy and RDQL rules). Technical report, W3C Working Group Note, http://www.w3.org/P3P/2004/040920_p3p-sw.html, September 3 2004.

[37]

R. Hull, B. Kumar, D. Lieuwen, and P. F. Patel-Schneider. Enabling context-aware and privacy-conscious user data sharing. In Proceedings of the 2004 IEEE International Conference on Mobile Data Management (MDM'04), pages 103--109, November 21 2004.

[38]

S. Jajodia and R. Sandhu. Polyinstantiation integrity in multilevel relations. In Proceedings of the 1990 IEEE Computer Symposium on Research in Security and Privacy, pages 104--115, Oakland, CA, May 1990. IEEE Computer Society.

[39]

F. V. Jensen. An introduction to Bayesian networks. UCL Press, London, UK, 1996.

Digital Library

[40]

L. Kagal, T. Finin, and A. Joshi. A policy language for pervasive systems. In Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'03), Lake Como, June 4--6 2003.

Digital Library

[41]

L. Kagal, T. Finin, and A. Joshi. Declarative policies for describing web services capabilities and constraints. In Proceedings of the W3C Workshop on Constraints and Capabilities for Web Services, Redwood Shores, CA, USA, October 12--14 2004.

[42]

M. Khedr and A. Karmouch. ACAI: Agent-based context-aware infrastructure for spontaneous applications. Journal of Network and Computer Applications, 28(1):19--44, January 2005.

Digital Library

[43]

J. Kleinberg, C. Papadimitriou, and P. Raghavan. Auditing boolean attributes. In Proceedings of the 19th ACM SIGMOD-SIGART Symposium on Principles of Database Systems (PODS'00), pages 86--91, Dallas, TX, May 15--17 2000. ACM Press.

Digital Library

[44]

P. Kolari, L. Ding, S. Ganjugunte, L. Kagal, A. Joshi, and T. Finin. Enhancing web privacy protection through declarative policies. In A. Sahai and W. H. Winsborough, editors, Proceedings of the 6th IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'05), pages 57--66, Stockholm, Sweden, June 6--8 2005. IEEE Computer Society.

Digital Library

[45]

J. McCarthy. Circumscription --- a form of non-monotonic reasoning. Artificial Intelligence, 13:27--39, 1980.

Digital Library

[46]

R. C. Moore. Semantical considerations on non-monotonic logic. Artificial Intelligence, 28:75--94, 1985.

Digital Library

[47]

K. Murphy. Dynamic Bayesian networks: representation, inference and learning. PhD thesis, CS Division, UC Berkeley, Berkeley, CA, USA, July 2002.

Digital Library

[48]

R. E. Neapolitan. Probabilistic Reasoning in Expert Systems: Theory and Algorithms. John Wiley & Sons, Inc., New York, NY, USA, 1990.

Digital Library

[49]

A. V. Nefian, L. Liang, X. Pi, and K. Murphy. Dynamic Bayesian networks for audio-visual speech recognition. EURASIP Journal on Applied Signal Processing, 11:1--15, 2002.

Digital Library

[50]

D. Nute. Defeasible reasoning. In Proceedings of the 20th Hawaii International Conference on System Science, pages 470--477, Kailua-Kona, HI, USA, 1987. IEEE Press.

[51]

J. Pearl. Probabilistic Reasoning in Intelligent Systems: Networks of Plausible Inference. Morgan Kaufmann Publishers, San Franciso, CA, USA, 1988.

Digital Library

[52]

J. M. Peña, J. Björkegren, and J. Tegnér. Learning dynamic Bayesian network models via cross-validation. Pattern Recognition Letters, 26(14):2295--2308, 2005.

Digital Library

[53]

S. P. Reiss. Practical data-swapping: The first steps. ACM Transactions on Database Systems, 9(1):20--37, 1984.

Digital Library

[54]

R. Reiter. A logic for default reasoning. Artificial Intelligence, 13:81--132, 1980.

Digital Library

[55]

M. Satyanarayanan. Pervasive computing: vision and challenges. IEEE Personal Communications, pages 10--17, August 2001.

[56]

G. Shafer. A Mathematical Theory of Evidence. Princeton University Press, Princeton, MA, USA, 1976.

[57]

G. L. Sicherman, W. de Jonge, and R. P. van de Riet. Answering queries without revealing secrets. ACM Transactions on Database Systems, 8(1):41--59, 1983.

Digital Library

[58]

J. Staddon. Dynamic inference control. In M. J. Zaki and C. C. Aggarwal, editors, Proceedings of the 8th ACM SIGMOD Workshop on Research Issues in Data Mining and Knowledge Discovery (DMKD'03), pages 94--100, San Diego, CA, June 13 2003. ACM Press.

Digital Library

[59]

S. Steinbrecher and S. Köpsell. Modelling unlinkability. In R. Dingledine, editor, Proceedings of the 3rd Workshop on Privacy Enhancing Technologies (PET'03), volume 2760 of LNCS, pages 32--47, Dresden, Germany, March 26--28 2003. Springer-Verlag.

[60]

M. E. Stickel. Elimination of inference channels by optimal upgrading. In Proceedings of the 1994 IEEE Symposium on Security and Privacy, pages 168--174, Oakland, CA, May 1994. IEEE Computer Society.

Digital Library

[61]

J. F. Traub, Y. Yemini, and H. Woznaikowski. The statistical security of a statistical database. ACM Transactions on Database Systems, 9(4):672--679, 1984.

Digital Library

[62]

M. Weiser. Hot topics: ubiquitous computing. Computer, 26(10):71--72, 1993.

Digital Library

[63]

M. Weiser. Some computer science issues in ubiquitous computing. Communications of the ACM, pages 75--84, July 1993.

Digital Library

[64]

W.-K. Wong, G. Cooper, and M. Wagner. Bayesian network anomaly pattern detection for disease outbreaks. In Proceedings of the 20th International Conference on Machine Learning (ICML-2003), Washington DC, USA, 2003.

[65]

R. W. Yip and K. N. Levitt. Data level inference detection in database systems. In Proceedings of the 11th IEEE Computer Security Foundations, pages 179--189, Rockport, MA, June 9--11 1998.

Digital Library

[66]

L. Zadeh. Fuzzy sets. Information and Control, 8:338--353, 1965.

Cited By

Jebali ASassi SJemai A(2020)Secure data outsourcing in presence of the inference problem: issues and directionsJournal of Information and Telecommunication10.1080/24751839.2020.1819633(1-19)Online publication date: 24-Sep-2020
https://doi.org/10.1080/24751839.2020.1819633
Jebali ASassi SJemai A(2020)Inference Control in Distributed Environment: A Comparison StudyRisks and Security of Internet and Systems10.1007/978-3-030-41568-6_5(69-83)Online publication date: 28-Feb-2020
https://doi.org/10.1007/978-3-030-41568-6_5
Accorsi RMueller G(2013)Preventive Inference Control in Data-centric Business ModelsProceedings of the 2013 IEEE Security and Privacy Workshops10.1109/SPW.2013.25(28-33)Online publication date: 23-May-2013
https://dl.acm.org/doi/10.1109/SPW.2013.25

Index Terms

Dynamic inference control in privacy preference enforcement

Recommendations

Uncertain inference control in privacy protection

Context management is the key enabler for emerging context-aware applications, and it includes context acquisition, understanding and exchanging. Context exchanging should be made privacy-conscious. We can specify privacy preferences to limit the ...
Read More
Reasoning about obfuscated private information: who have lied and how to lie
WPES '06: Proceedings of the 5th ACM workshop on Privacy in electronic society

In ubiquitous environments, context sharing among agents should be made privacy-conscious. Privacy preferences are generally specified to govern the context exchanging among agents. Besides who has rights to see what information, a user's privacy ...
Read More
Inference control to protect sensitive information in text documents
ISI-KDD '10: ACM SIGKDD Workshop on Intelligence and Security Informatics

This paper describes a framework and algorithms for ensuring a specified level of privacy in text data sets. Recent work has attempted to quantify the likelihood of privacy breaches for text data. We build on these notions to provide a means of ...
Read More

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

PST '06: Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services

October 2006

389 pages

ISBN:1595936041

DOI:10.1145/1501434

General Chair:
Greg Sprague
National Research Council, Fredericton, New Brunswick, Canada
,
Program Chairs:
Bernadette Schell
UOIT, Oshawa, Ontario, Canada
,
Wilfred Fong
UOIT, Oshawa, Ontario, Canada

Copyright © 2006 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

In-Cooperation

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 30 October 2006

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

PST06

PST06: International Conference on Privacy, Security and Trust

October 30 - November 1, 2006

Ontario, Markham, Canada

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
181
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Other Metrics

View Author Metrics

Citations

Cited By

Jebali ASassi SJemai A(2020)Secure data outsourcing in presence of the inference problem: issues and directionsJournal of Information and Telecommunication10.1080/24751839.2020.1819633(1-19)Online publication date: 24-Sep-2020
https://doi.org/10.1080/24751839.2020.1819633
Jebali ASassi SJemai A(2020)Inference Control in Distributed Environment: A Comparison StudyRisks and Security of Internet and Systems10.1007/978-3-030-41568-6_5(69-83)Online publication date: 28-Feb-2020
https://doi.org/10.1007/978-3-030-41568-6_5
Accorsi RMueller G(2013)Preventive Inference Control in Data-centric Business ModelsProceedings of the 2013 IEEE Security and Privacy Workshops10.1109/SPW.2013.25(28-33)Online publication date: 23-May-2013
https://dl.acm.org/doi/10.1109/SPW.2013.25

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents