Skip to main content
SpringerLink
Log in

Post-release information privacy protection: A framework and next-generation privacy-enhanced operating system

  • Published:
Information Systems Frontiers Aims and scope Submit manuscript

Abstract

In today’s digital world, privacy issues have received widespread public attention. Current research on information privacy protection focuses on release control and subject identity obscurity. Little work has been done, however, to prevent a piece of private information from being misused after that information has been released to external entities. This paper focuses on information privacy protection in a post-release phase. Without entirely depending on the information collector, an information owner is provided with powerful means to control and audit how his/her released information will be used, by whom, and when. The goal is to minimize the asymmetry of information flow between an information owner and an information collector. A set of innovative owner-controlled privacy protection and violation detection techniques has been proposed: Self-destroying File, Mutation Engine System, Automatic Receipt Collection, and Honey Token-based Privacy Violation Detection. Next generation privacy-enhanced operating system, which supports the proposed mechanisms, is introduced. Such a privacy-enhanced operating system stands for a technical breakthrough, which offers new features to existing operating systems. We discuss the functionalities of such an operating system and the design guidelines. To our best knowledge, no similar technical work has been found to provide post-release information privacy protection.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  • Ackerman, M., Cranor, L., & Reagle, R. (1999). Privacy in e-commerce: Examining user scenarios and privacy preferences. Proceedings of the ACM Conference on Electronic Commerce, pp. 1–8, November 3–5, Denver, Colorado, USA.

  • Camenisch, J., & Herreweghen, E. (2002). Design and implementation of the Idemix anonymous credential system. Proceedings of the 9th ACM Conference on Computer and Communications Security, pp. 21–30, November 17–21, Washington, DC, USA.

  • Cockcroft, S., & Clutterbuck, P. (2001). Attitudes towards information privacy. Proceedings of the 12th Australasian Conference on Information Systems, December 2001, Coffs Harbour, NSW, Australia.

  • Drew, G. (1999). Using SET for secure electronic commerce. Upper Saddle River, NJ: Prentice Hall.

    Google Scholar 

  • Feigenbaum, J., Freedman, J., Sander, T., & Shostack, A. (2001). Privacy engineering for digital rights management systems. Proceedings of the ACM Workshop in Security and Privacy in Digital Rights Management, pp. 76–105, November 5, Philadelphia, Pennsylvania, USA.

  • Greenstadt, R., & Smith, M. (2005). Protecting personal information: Obstacles and directions. Proceedings of the 5th Workshop on Economics Information Security, pp. 22, June 2–3, Harvard Square, MA, USA.

  • Jefferies, P. (2000). Multimedia, cyberspace & ethics. Proceedings of the International Conference on Information Visualization, pp. 99–104, July 19–21, London, England.

  • Jiang, X., & Landay, J. (2002). Modeling control in context-aware systems. IEEE Pervasive Computing, 1(3), 59–63.

    Article  Google Scholar 

  • Jiang, X., Hong, J., & Landay, J. (2002). Approximate information flows: Socially-based modeling of privacy in ubiquitous computing. Proceedings of the Fourth International Conference of Ubiquitous Computing, September 29–October 1, Göteborg, Sweden.

  • Miller, L. (1994). Stealth, polymorphism and other stranger words. CHIPS Magazine, pp. 48.

  • Schneier, B. (1996). Applied cryptography. New York, USA: Wiley.

    Google Scholar 

  • Signeur, J., & Jensen, C (2004). Trading privacy for trust. Proceedings of the 2nd International conference on Trust Management, Vol. 2995, pp. 93–107, March 29–April 1, Oxford, UK.

  • Spitzner, L. (2005). Honeypots: Catching the insider threat. Retrieved September 24, 2007, from http://www.acsa-admin.org/2003/papers/spitzner.pdf.

  • The Security–Privacy Paradox: Issues, Misconceptions, and Strategies. Retrieved September 24, 2007, from http://www.smeal.psu.edu/ebrc/publications/papers/security_paradox.pdf.

  • Westin, A. (1967). Privacy and freedom. New York NY: Athenaeum.

    Google Scholar 

  • Yu, T., & Winslett, M. (2003). Policy migration for sensitive credentials in trust negotiation. Proceedings of the 2nd Workshop on Privacy in the Electronic Society, October 30, Washington DC, USA.

  • Zuo, Y., Maxwell, B., Nguyen, H., & Loh, Y. (2004). Implementing Certified Digital Mail. Technical Report, CSCE Department of University of Arkansas.

Download references

Author information

Authors and Affiliations

  1. Department of Information Systems and Business Education, University of North Dakota, Grand Forks, ND, 58202, USA

    Yanjun Zuo & Timothy O’Keefe

Authors
  1. Yanjun Zuo
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Timothy O’Keefe
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yanjun Zuo.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Zuo, Y., O’Keefe, T. Post-release information privacy protection: A framework and next-generation privacy-enhanced operating system. Inf Syst Front 9, 451–467 (2007). https://doi.org/10.1007/s10796-007-9057-0

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10796-007-9057-0

Keywords

Search

Navigation