A Formal Privacy System and Its Application to Location Based Services

Gunter, Carl A.; May, Michael J.; Stubblebine, Stuart G.

doi:10.1007/11423409_17

Carl A. Gunter¹⁸,
Michael J. May¹⁸ &
Stuart G. Stubblebine¹⁹

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 3424))

Included in the following conference series:

International Workshop on Privacy Enhancing Technologies

1475 Accesses
20 Citations

Abstract

There are a variety of well-known models for access control developed for purposes like formally modeling the access rights on files, databases, and web resources. However, the existing models provide an inadequate representation of a number of concepts that are important when modeling privacy rights in distributed systems. We present an analog of the access control matrix designed to model such concepts. Our formalism, which we call a privacy system, empashizes the management of data and actions that affect the privacy of subjects. We motivate privacy systems, describe them mathematically, and illustrate their value in an architecture based on Personal Digital Rights Management (PDRM), which uses DRM concepts as a foundation for the specification and negotiation of privacy rights. This illustration is carried out throuh a case study of a privacy-respecting system for location based services. Our prototype, which we call AdLoc, manages advertising interupts on PDAs based on their location as determined by WiFi sightings in accordance with contracts written in the DRM language XrML.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

HR 122. Wireless telephone spam protection act
Google Scholar
HR 71. The wireless privacy protection act
Google Scholar
Blaze, M., Feigenbaum, J., Lacy, J.: Decentralized trust management. In: Proceedings on IEEE Symposium on Security and Privacy (1996)
Google Scholar
Electronic Privacy Information Center and Junkbusters. Pretty poor privacy: An assessment of P3P and internet privacy (2000), http://www.epic.org/reports/prettypoorprivacy.html
Clarke, R.: Platform for Privacy Preferences: A critique (1998), http://www.anu.edu.au/people/Roger.Clarke/DV/P3PCrit.html
US Dept of Health and Human Services. Standards for privacy of individually identiable health information (2002), www.hhs.gov/ocr/hipaa/nalreg.html
Fahlman, S.E.: Selling interrupt rights: a way to control unwanted e-mail and telephone calls. IBM Systems Journal 41(4), 759–766 (2002)
Article Google Scholar
Graham, G.S., Denning, P.J.: Protection: Principles and Practices. In: Proceedings of the AFIPS Spring Joint Computer Conference, pp. 417–429 (1972)
Google Scholar
Harrison, M.H., Ruzzo, W.L., Ullman, J.D.: Protection in operating systems. Communications of the ACM 19(8), 461–471 (1976)
Article MATH MathSciNet Google Scholar
Lampson, B.W.: Protection. In: 5th Princeton Symposium on Information Science and Systems (1971); Reprinted in ACM Operating Systems Review 8(1), 18-24 (1974)
Google Scholar
Li, N., Mitchell, J.C., Winsborough, W.H.: Design of a role-based trust management framework. In: Proc. IEEE Symposium on Security and Privacy, Oakland (May 2002)
Google Scholar
Park, J., Sandhu, R.: Towards usage control models: beyond traditional access control. In: Proceedings of the seventh ACM symposium on Access control models and technologies, pp. 57–64. ACM Press, New York (2002)
Chapter Google Scholar
Schulzrinne, H., Morris, J., Tschofenig, H., Cuellar, J., Polk, J.: Policy rules for disclosure and modification of geographic information - draft-ietf-geopriv-policy-00.txt. Work in progress (2003)
Google Scholar
Snekkenes, E.: Concepts for personal location privacy policies. In: Proceedings of the 3rd ACM conference on Electronic Commerce, pp. 48–57. ACM Press, New York (2001)
Chapter Google Scholar
Thibadeau, R.: A critique of P3P: Privacy on the Web (2000), http://dollar.ecom.cmu.edu/p3pcritique/
Titkov, L., Poslad, S., Tan, J.J.: Enforcing privacy via brokering within nomadic environment. In: AT2AI-4 (2004)
Google Scholar
W3C. The Platform for Privacy Preferences 1.0 (P3P1.0) (2001), http://www.w3c.org/P3P
Warren, S.D., Brandeis, L.D.: The right to privacy. IV(5) (December 1890)
Google Scholar

Download references

Author information

Authors and Affiliations

University of Pennsylvania,
Carl A. Gunter & Michael J. May
Stubblebine Research Labs,
Stuart G. Stubblebine

Authors

Carl A. Gunter
View author publications
You can also search for this author in PubMed Google Scholar
Michael J. May
View author publications
You can also search for this author in PubMed Google Scholar
Stuart G. Stubblebine
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Artificial Intelligence Center, SRI International,
David Martin
The Free Haven Project,
Andrei Serjantov

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Gunter, C.A., May, M.J., Stubblebine, S.G. (2005). A Formal Privacy System and Its Application to Location Based Services. In: Martin, D., Serjantov, A. (eds) Privacy Enhancing Technologies. PET 2004. Lecture Notes in Computer Science, vol 3424. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11423409_17

Download citation

DOI: https://doi.org/10.1007/11423409_17
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-26203-9
Online ISBN: 978-3-540-31960-3
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics