Abstract
In this paper, we propose a framework to administrate privacy policies in distributed service infrastructure. We define new administrative capabilities that model user preferences and specify how data owners can access to them. We investigate a distributed administration of the privacy policy where three different administrative policies can coexist and one can dominate the other. We define the data collector practices, the legal organisation policies, such as emergency service’s policies, and the negotiated policy between the data collector and services providers. We finally specify how to manage these three distributed privacy administration policies.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
3rd Generation Partnership Project: Open Service Access; Application Programming Interface (API); Part 3: Framework, 3GPP TS 29.198-3
Acquisti, A., Grossklags, J.: Privacy Rationality in Individual Dicision Making. IEEE Security and Privacy 1(1), 26–33 (2005)
Ajam, N., Cuppens, N., Cuppens, F.: Contextual Privacy Management in Extended Role based Access Control Model. In: The Proceedings of the DPM workshop, DPM-ESORICS, Saint-Malo, France (September 2009)
Ben Ghorbel-Talbi, M.: Decentralized Administration of Security Policies, PhD thesis, Télécom Bretagne (2009)
Ben Ghorbel-Talbi, M., Cuppens, F., Cuppens-Boulahia, N., Bouhoula, A.: An Extended Role-Based Access Control Model for Delegating Obligations. In: Fischer-Hübner, S., Lambrinoudakis, C., Pernul, G. (eds.) Trust, Privacy and Security in Digital Business. LNCS, vol. 5695, pp. 127–137. Springer, Heidelberg (2009)
Byun, J., Bertino, E., Li, N.: Purpose Based Access Control of Complex Data for Privacy Protection. In: Symposium on Access Control Models and Technologies (SACMAT), Stockholm, Sweden, pp. 102–110 (2005)
Coma, C.: Interopérabilité et Cohérence de politiques de sécurité pour les Systèmes Auto-organisant, PhD thesis, Télécom Bretagne (2009)
Cuppens, F., Cuppens-Boulahia, N.: Modeling Contextual Security Policies. International Journal of Information Security 7(4), 285–305 (2007)
Cuppens, F., Miège, A.: An Administration Model for Or-BAC. International Journal of Computer Systems Science and Engineering 19(3), 151–162 (2004)
Cuppens, F., Cuppens-Boulahia, N., Coma, C.: O2O: Virtual Private Organizations to Manage Security Policy interoperability. In: Bagchi, A., Atluri, V. (eds.) ICISS 2006. LNCS, vol. 4332, pp. 101–120. Springer, Heidelberg (2006)
Cuppens, F., Cuppens-Boulahia, N., Ben Ghorbel, M.: High Level Conflict Management Strategies in Advanced Access Control Models. Electronics Notes in Theoretical Computer Science, vol. 186, pp. 3–26. Elsevier, V., Amsterdam (2007)
Duckham, M., Kulik, L.: Location Privacy and Location-aware Computing. In: Dynamic and Mobile GIS: Investigating Change in Space and Time, pp. 34–51. CRC press, Boca Raton (2006)
Gabillon, A., Capolsini, P.: Dynamic Security Rules for Geo Data. In: Garcia-Alfaro, J., Navarro-Arribas, G., Cuppens-Boulahia, N., Roudier, Y. (eds.) Data Privacy Management and Autonomous Spontaneous Security. LNCS, vol. 5939, pp. 136–152. Springer, Heidelberg (2009)
Gedik, B., Liu, L.: Protecting Location Privacy with Personalized k-Anonymity: Architecture and Algorithms. IEEE Transactions on Mobile Computing 7(1), 1–18 (2008)
Abou El Kalam, A., El Baida, R., Balbiani, P., Benferhat, S., Cuppens, F., Deswarte, Y., Miège, A., Saurel, C., Trouessin, G.: Organization Based Access Control. In: Proceedings of the 4th International Workshop on Policies for Distributed Systems and Networks (Policy 2003), Como, Italy (June 2003)
Krumm, J.: A Survey of Computational Location Privacy. Journal: Personal and Ubiquitous Computing 13(6), 391–399 (2008)
Ni, Q., Trombetta, A., Bertino, E., Lobo, J.: Privacy-aware Role Based Access Control. In: 12th ACM symposium on Access control models and technologies, Session Privacy management, pp. 41–50 (2007)
Spiekermann, S., Grossklags, J., Berendt, B.: E-Privacy in Second Generation E-Commerce: Privacy Preferences versus Actual Behaviour. In: Proceedings of the ACM Conference Electronic Commerce (EC 2001), Florida, USA, pp. 38–47 (October 2001)
World Wide Web Consortium (W3C), The Platform for Privacy Preferences 1.0 (P3P) Specification (April 2002)
World Wide Web Consortium (W3C), A P3P Preference Exchange Language 1.0 (APPEL), Working draft (April 2002)
Yang, N., Barringer, H., Zhang, N.: A Purpose-Based Access Control Model. In: The third International Symposium on Information Assurance and Security, pp. 143–148 (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Ajam, N., Cuppens-Boulahia, N., Cuppens, F. (2010). Privacy Administration in Distributed Service Infrastructure. In: Jajodia, S., Zhou, J. (eds) Security and Privacy in Communication Networks. SecureComm 2010. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 50. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-16161-2_4
Download citation
DOI: https://doi.org/10.1007/978-3-642-16161-2_4
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-16160-5
Online ISBN: 978-3-642-16161-2
eBook Packages: Computer ScienceComputer Science (R0)