Modeling privacy control in context-aware systems
01 Jul 2002-IEEE Pervasive Computing (IEEE Educational Activities Department)-Vol. 1, Iss: 3, pp 59-63
TL;DR: A theoretical model for privacy control in context-aware systems based on a core abstraction of information spaces based on Ravi Sandhu's four-layer OM-AM (objectives, models, architectures, and mechanisms) idea is described.
Abstract: Significant complexity issues challenge designers of context-aware systems with privacy control. Information spaces provide a way to organize information, resources, and services around important privacy-relevant contextual factors. In this article, we describe a theoretical model for privacy control in context-aware systems based on a core abstraction of information spaces. We have previously focused on deriving socially based privacy objectives in pervasive computing environments. Building on Ravi Sandhu's four-layer OM-AM (objectives, models, architectures, and mechanisms) idea, we aim to use information spaces to construct a model for privacy control that supports our socially based privacy objectives. We also discuss how we can introduce decentralization, a desirable property for many pervasive computing systems, into our information space model, using unified privacy tagging.
Citations
More filters
TL;DR: An interdisciplinary review of privacy-related research is provided in order to enable a more cohesive treatment and recommends that researchers be alert to an overarching macro model that is referred to as APCO (Antecedents → Privacy Concerns → Outcomes).
Abstract: To date, many important threads of information privacy research have developed, but these threads have not been woven together into a cohesive fabric. This paper provides an interdisciplinary review of privacy-related research in order to enable a more cohesive treatment. With a sample of 320 privacy articles and 128 books and book sections, we classify previous literature in two ways: (1) using an ethics-based nomenclature of normative, purely descriptive, and empirically descriptive, and (2) based on their level of analysis: individual, group, organizational, and societal.
Based upon our analyses via these two classification approaches, we identify three major areas in which previous research contributions reside: the conceptualization of information privacy, the relationship between information privacy and other constructs, and the contextual nature of these relationships.
As we consider these major areas, we draw three overarching conclusions. First, there are many theoretical developments in the body of normative and purely descriptive studies that have not been addressed in empirical research on privacy. Rigorous studies that either trace processes associated with, or test implied assertions from, these value-laden arguments could add great value. Second, some of the levels of analysis have received less attention in certain contexts than have others in the research to date. Future empirical studies-both positivist and interpretive--could profitably be targeted to these under-researched levels of analysis. Third, positivist empirical studies will add the greatest value if they focus on antecedents to privacy concerns and on actual outcomes. In that light, we recommend that researchers be alert to an overarching macro model that we term APCO (Antecedents → Privacy Concerns → Outcomes).
1,595 citations
TL;DR: The goal of this paper is to review the works that were published in journals, suggest a new classification framework of context-aware systems, and explore each feature of classification framework using a keyword index and article title search.
Abstract: Nowadays, numerous journals and conferences have published articles related to context-aware systems, indicating many researchers' interest. Therefore, the goal of this paper is to review the works that were published in journals, suggest a new classification framework of context-aware systems, and explore each feature of classification framework. This paper is based on a literature review of context-aware systems from 2000 to 2007 using a keyword index and article title search. The classification framework is developed based on the architecture of context-aware systems, which consists of the following five layers: concept and research layer, network layer, middleware layer, application layer and user infrastructure layer. The articles are categorized based on the classification framework. This paper allows researchers to extract several lessons learned that are important for the implementation of context-aware systems.
624 citations
TL;DR: This paper presents a review of the Internet-of-Things through four conceptualizations: IoT as liquification and density of information of resources; IoT as digital materiality%; IoT as assemblage or service system; and IoT as modules, transactions, and service.
421 citations
29 Sep 2002
TL;DR: In this article, the principle of minimum asymmetry is proposed to minimize the imbalance between the people about whom data is being collected, and the systems and people that collect and use that data.
Abstract: In this paper, we propose a framework for supporting sociallycompatible privacy objectives in ubiquitous computing settings. Drawing on social science research, we have developed a key objective called the Principle of Minimum Asymmetry, which seeks to minimize the imbalance between the people about whom data is being collected, and the systems and people that collect and use that data. We have also developed Approximate Information Flow (AIF), a model describing the interaction between the various actors and personal data. AIF effectively supports varying degrees of asymmetry for ubicomp systems, suggests new privacy protection mechanisms, and provides a foundation for inspecting privacy-friendliness of ubicomp systems.
175 citations
27 Feb 2016
TL;DR: Examination of patient expectations and current collaboration practices around patient-generated data finds that collaboration occurs in every stage of self- tracking and that patients and providers create boundary negotiating artifacts to support the collaboration.
Abstract: Patient-generated data is increasingly common in chronic disease care management. Smartphone applications and wearable sensors help patients more easily collect health information. However, current commercial tools often do not effectively support patients and providers in collaboration surrounding these data. This paper examines patient expectations and current collaboration practices around patient-generated data. We survey 211 patients, interview 18 patients, and re-analyze a dataset of 21 provider interviews. We find that collaboration occurs in every stage of self- tracking and that patients and providers create boundary negotiating artifacts to support the collaboration. Building upon current practices with patient-generated data, we use these theories of patient and provider collaboration to analyze misunderstandings and privacy concerns as well as identify opportunities to better support these collaborations. We reflect on the social nature of patient-provider collaboration to suggest future development of the stage-based model of personal informatics and the theory of boundary negotiating artifacts.
163 citations
References
More filters
01 Jan 1999
TL;DR: The new language JFlow is described, an extension to the Java language that adds statically-checked information flow annotations and provides several new features that make information flow checking more flexible and convenient than in previous models.
Abstract: A promising technique for protecting privacy and integrity of sensitive data is to statically check information flow within programs that manipulate the data. While previous work has proposed programming language extensions to allow this static checking, the resulting languages are too restrictive for practical use and have not been implemented. In this paper, we describe the new language JFlow, an extension to the Java language that adds statically-checked information flow annotations. JFlow provides several new features that make information flow checking more flexible and convenient than in previous models: a decentralized label model, label polymorphism, run-time label checking, and automatic label inference. JFlow also supports many language features that have never been integrated successfully with static information flow control, including objects, subclassing, dynamic type tests, access control, and exceptions. This paper defines the JFlow language and presents formal rules that are used to check JFlow programs for correctness. Because most checking is static, there is little code space, data space, or run-time overhead in the JFlow implementation.
1,160 citations
13 Sep 1993
TL;DR: A framework for design for privacy in ubiquitous computing environments is described and an example of its application is described, with a description of how the technology attenuates natural mechanisms of feedback and control over information released.
Abstract: Current developments in information technology are leading to increasing capture and storage of information about people and their activities. This raises serious issues about the preservation of privacy. In this paper we examine why these issues are particularly important in the introduction of ubiquitous computing technology into the working environment. Certain problems with privacy are closely related to the ways in which the technology attenuates natural mechanisms of feedback and control over information released. We describe a framework for design for privacy in ubiquitous computing environments and conclude with an example of its application.
590 citations
03 Jun 2002
TL;DR: The concept of Usage Control (UCON) is developed that encompasses traditional access control, trust management, and digital rights management and goes beyond them in its definition and scope and offers a promising approach for the next generation of access control.
Abstract: In this paper we develop the concept of Usage Control (UCON) that encompasses traditional access control, trust management, and digital rights management and goes beyond them in its definition and scope. While usage control concepts have been mentioned off and on in the security literature for some time, there has been no systematic treatment so far. By unifying these three areas UCON offers a promising approach for the next generation of access control. Traditional access control has focused on a closed system where all users are known and primarily utilizes a server-side reference monitor within the system. Trust management has been introduced to cover authorization for strangers in an open environment such as the Internet. Digital rights management has dealt with client-side control of digital information usage. Each of these areas is motivated by its own target problems. Innovations in information technology and business models are creating new security and privacy issues which require elements of all three areas. To deal with these in a systematic unified manner we propose the new UCON model. UCON enables finer-grained control over usage of digital objects than that of traditional access control policies and models. For example, print once as opposed to unlimited prints. Unlike traditional access control or trust management, it covers both centrally controllable environment and an environment where central control authority is not available. UCON also deals with privacy issues in both commercial and non-commercial environments. In this paper we first discuss access control, trust management, and digital rights management and describe general concepts of UCON in the information security discipline. Then we define components of the UCON model and discuss how authorizations and access controls can be applied in the UCON model. Next we demonstrate some applications of the UCON model and develop further details. We use several examples during these discussions to show the relevance and validity of our approach. Finally we identify some open research issues.
401 citations
TL;DR: This work proposes a solution based on trust management that involves developing a security policy, assigning credentials to entities, verifying that the credentials fulfill the policy, delegating trust to third parties, and reasoning about users' access rights.
Abstract: Traditionally, stand-alone computers and small networks rely on user authentication and access control to provide security. These physical methods use system-based controls to verify the identity of a person or process, explicitly enabling or restricting the ability to use, change, or view a computer resource. However, these strategies are inadequate for the increased flexibility that distributed networks such as the Internet and pervasive computing environments require because such systems lack central control and their users are not all predetermined. Mobile users expect to access locally hosted resources and services anytime and anywhere, leading to serious security risks and access control problems. We propose a solution based on trust management that involves developing a security policy, assigning credentials to entities, verifying that the credentials fulfill the policy, delegating trust to third parties, and reasoning about users' access rights. This architecture is generally applicable to distributed systems but geared toward pervasive computing environments.
290 citations
TL;DR: The Interactive Workspaces Project at Stanford explores new possibilities for people to work together in technology-rich spaces with computing and interaction devices on many different scales as mentioned in this paper, and it includes faculty and students from the areas of graphics, human-computer interaction (HCI), networking, ubiquitous computing, and databases.
Abstract: The authors present a robust, infrastructure-centric, and platform-independent approach to integrating information appliances into the iRoom, an interactive workspace. The Interactive Workspaces Project at Stanford explores new possibilities for people to work together in technology-rich spaces with computing and interaction devices on many different scales. It includes faculty and students from the areas of graphics, human-computer interaction (HCI), networking, ubiquitous computing, and databases, and draws on previous work in all those areas. We design and experiment with multidevice, multiuser environments based on a new architecture that makes it easy to create and add new display and input devices, to move work of all kinds from one computing device to another, and to support and facilitate group interactions. In the same way that today's standard operating systems make it feasible to write single-workstation software that uses multiple devices and networked resources, we are constructing a higher level operating system for the world of ubiquitous computing. We combine research on infrastructure (ways of flexibly configuring and connecting devices, processes, and communication links) with research on HCI (ways of interacting with heterogeneous changing collections of devices with multiple modalities).
257 citations