Abstract
For the proper provision of online services, service providers need to collect some personal data from their customers; for instance, an address is collected in order to deliver goods to the right customer. Here the service provider and customer are called data collector (DC) and data subject (DS) respectively. After receiving the personal data, the DC is free to use them as he likes: he may process them for purposes which are not consented by the DS, and even share them with third parties (TPs). Researchers have paid attention to this problem, but previously proposed solutions do not guarantee that, after they have been disclosed to DCs, personal data can only be used as specified by DSs. These solutions require good behaving DCs and assume that DCs’ behavior is verifiable, but do not actually show what happens after DCs get the data. In this paper, we propose a solution that guarantees this by enforcing sticky policies along communication chains composed of a DS, a DC and one (or more) TPs. Our solution uses trusted platform modules (TPMs) and virtual machines (VMs).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
UK Parliament: Data Protection Act 1998 (1998)
Karjoth, G., Schunter, M., Waidner, M.: Platform for Enterprise Privacy Practices: Privacy-Enabled Management of Customer Data. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 69–84. Springer, Heidelberg (2003)
Casassa Mont, M., Pearson, S., Bramhall, P.: Towards accountable management of identity and privacy: Sticky policies and enforceable tracing services. In: DEXA Workshops, pp. 377–382 (2003)
Tang, Q.: On using encryption techniques to enhance sticky policies enforcement. Technical report, Enschede (2008)
Pearson, S., Casassa Mont, M., Kounga, G.: Enhancing accountability in the cloud via sticky policies. In: STAVE (2011)
Casassa Mont, M., Pearson, S., Bramhalll, P.: Towards Accountable Management of Identity and Privacy: Sticky Policies and Enforceable Tracing Services. Technical Report Marco Casassa Mont, Siani Pearson, Pete Bramhall (2003)
Zuo, Y., O’Keefe, T.: Post-release information privacy protection: A framework and next-generation privacy-enhanced operating system. Information Systems Frontiers 9(5), 451–467 (2007)
Bishop, M.: Computer Security: Art and Science. Addison–Wesley (2003)
Trusted Computing Group: Trusted Platform Module Specification Main page, http://www.trustedcomputinggroup.org/resources/tpm_main_specification
Trusted Computing Group: Enterprise Security: Putting the TPM to Work, http://www.trustedcomputinggroup.org/files/temp/4B52C159-1D09-3519-AD2F881556C29076/TPM/Applications/Whitepaper.pdf
Karger, P.A.: Multi-level security requirements for hypervisors. In: ACSAC 2005: Proceedings of the 21st Annual Computer Security Applications Conference, pp. 267–275. IEEE Computer Society, Washington, DC (2005)
Cabuk, S., Chen, L., Plaquin, D., Ryan, M.: Trusted Integrity Measurement and Reporting for Virtualized Platforms. In: Chen, L., Yung, M. (eds.) INTRUST 2009. LNCS, vol. 6163, pp. 180–196. Springer, Heidelberg (2010)
England, P., Loeser, J.: Para-Virtualized TPM Sharing. In: Lipp, P., Sadeghi, A.-R., Koch, K.-M. (eds.) Trust 2008. LNCS, vol. 4968, pp. 119–132. Springer, Heidelberg (2008)
Sandhu, R.S., Zhang, X.: Peer-to-peer access control architecture using trusted computing technology. In: SACMAT, pp. 147–158 (2005)
Han, W., Xu, M., Zhao, W., Li, G.: A trusted decentralized access control framework for the client/server architecture. J. Network and Computer Applications 33(2), 76–83 (2010)
Housley, R., Polk, W., Ford, W., Solo, D.: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. RFC 3280 (Proposed Standard) (April 2002); Obsoleted by RFC 5280, updated by RFCs 4325, 4630
Smith, J., Nair, R.: The architecture of virtual machines. Computer 38(5), 32–38 (2005)
Garfinkel, T., Pfaff, B., Chow, J., Rosenblum, M., Boneh, D.: Terra: a virtual machine-based platform for trusted computing. In: SOSP, pp. 193–206 (2003)
Brickell, E., Camenisch, J., Chen, L.: Direct anonymous attestation. In: CCS 2004: Proceedings of the 11th ACM Conference on Computer and Communications Security, pp. 132–145. ACM, New York (2004)
Stumpf, F., Fuchs, A., Katzenbeisser, S., Eckert, C.: Improving the scalability of platform attestation. In: STC 2008: Proceedings of the 3rd ACM Workshop on Scalable Trusted Computing, pp. 1–10. ACM, New York (2008)
Zeilenga, K.: Lightweight Directory Access Protocol version 3 (LDAPv3): All Operational Attributes. RFC 3673 (Proposed Standard) (December 2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kounga, G., Chen, L. (2012). Enforcing Sticky Policies with TPM and Virtualization. In: Chen, L., Yung, M., Zhu, L. (eds) Trusted Systems. INTRUST 2011. Lecture Notes in Computer Science, vol 7222. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-32298-3_3
Download citation
DOI: https://doi.org/10.1007/978-3-642-32298-3_3
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-32297-6
Online ISBN: 978-3-642-32298-3
eBook Packages: Computer ScienceComputer Science (R0)