PrivAPP: An integrated approach for the design of privacy‐aware applications

Nowadays, personal information is collected, stored, and managed through web applications and services. Companies are interested in keeping such information private due to regulation laws and privacy concerns of customers. Furthermore, the reputation of a company can be dependent on privacy protection, ie, the more a company protects the privacy of its customers, the more credibility it gets. This paper proposes an integrated approach that relies on models and design tools to help in the analysis, design, and development of web applications and services with privacy concerns. Using the approach, these applications can be developed consistently with their privacy policies to enforce them, protecting personal information from different sources of privacy violation. The approach is composed of a conceptual model, a reference architecture, and a Unified Modified Language Profile, ie, an extension of the Unified Modified Language for including privacy protection. The idea is to systematize the privacy concepts in the scope of web applications and services, organizing the privacy domain knowledge and providing features and functionalities that must be addressed to protect the privacy of the users in the design and development of web applications. Validation has been performed by analyzing the ability of the approach to model privacy policies from real web applications and by applying it to a simple application example of an online bookstore. Results show that privacy protection can be implemented in a model‐based approach, bringing values for the stakeholders and being an important contribution toward improving the process of designing web applications in the privacy domain.     

针对Web协同的授权用户风险评估方法

认证与授权平台可以很好地防止域外非授权的请求者对用户隐私或敏感数据进行恶意操作和暴露。但是,针对已授权的请求者可能的恶意操作与暴露存在威胁,基于令牌的认证与授权平台很难保护用户隐私与敏感数据。提出一种针对Web协同系统的授权用户风险评估方法,可以有效地防止已授权用户对用户隐私与敏感数据的恶意操作与暴露。利用实例分析了认证与授权平台存在安全问题,对授权用户风险进行建模。模拟实验说明了该模型的可行性与正确性。     

基于IMS的RCS业务中隐私策略研究与实现

富通信套件（RCS）是GSMA制定的具有互操作性的IMS通信服务标准,状态发布与订阅授权是RCS业务的重要组成部分,根据RCS业务中状态发布以及订阅授权的要求,参考IETF、OMA、GSMA标准,提出了RCS的隐私策略的解决方案,包括隐私策略的框架图以及SIP信令流程。并在该解决方案的基础上详细讨论了实现隐私策略的关键技术：呈现（presence）信息的处理、订阅授权流程以及授权规则文档的处理。经实验测试,该解决方案已经实现了RCS隐私策略中在线状态发布、订阅授权以及权限设置功能。     

电子商务中消费者隐私保护问题研究

随着精准化营销和个性化服务的广泛使用,一些市场主体越来越注重对消费者的了解,他们在利益驱使下,在 网上消费者不知情或不情愿的情况下采取各种技术手段获得和利用其信息,侵犯了消费者的隐私权。尽管消费者可以因此享 受到更加便利和个性化的产品与服务,但是他们对个人隐私的保护问题也日益关注。本文对电子商务中消费者的隐私权进行 概述,并总结了电子商务中消费者信息收集的常见途径,最后对基于隐私保护的数据挖掘技术与常见算法进行综述。     

Access control and trust in the use of widely distributed services

OASIS is a role‐based access control (RBAC) architecture for achieving secure interoperation of independently managed services in an open, distributed environment. OASIS differs from other RBAC schemes in a number of ways: role management is decentralized, roles are parametrized, roles are activated within sessions and privileges are not delegated. OASIS depends on an active middleware platform to notify services of any relevant changes in their environment. Services define roles and establish formally specified policy for role activation and service use (authorization); users must present the required credentials and satisfy specified constraints in order to activate a role or invoke a service. The membership rule of a role indicates which of the role activation conditions must remain true while the role is active. A role is deactivated immediately if any of the conditions of the membership rule associated with its activation become false. OASIS introduces the notion of appointment, whereby being active in certain roles carries the privilege of issuing appointment certificates to other users. Appointment certificates capture the notion of long‐lived credentials such as academic and professional qualification or membership of an organization. The role activation conditions of a service may include appointment certificates, prerequisite roles and environmental constraints. The role activation and authorization policies of services within an administrative domain need not embody role hierarchies nor enforce privilege delegation. But OASIS is sufficiently flexible to capture such notions, through prerequisite roles and appointments, if they are required within an application domain. We define the model and architecture and discuss engineering details, including security issues. We illustrate how an OASIS session can span multiple domains and we propose a minimal infrastructure to enable widely distributed, independently developed services to enter into agreements to respect each other's credentials. In a multi‐domain system access control policy may come from multiple sources and must be expressed, enforced and managed. In order to respond to changing relationships between organizations it should be easy to allow role holders in one domain to obtain privileges in another. Our approach to policy and meta‐policy management is described. We speculate on a further extension to mutually unknown, and therefore untrusted, parties. Each party will accumulate audit certificates which embody its interaction history and which may form the basis of a web of trust. Copyright © 2003 John Wiley & Sons, Ltd.     

A user-centric evaluation of the readability of privacy policies in popular web sites

This paper reports on a formal subject-based experiment, which seeks to evaluate the readability of privacy policy statements found on the Internet. This experiment uses 50 participants and privacy policies collected from 10 of the most popular web sites on the Internet. It evaluates, using a cloze test, the subjects’ ability to comprehend the content of these privacy policies. The paper also compares its results with the results from previous studies on this topic. In general, it finds that privacy policies are “difficult” to comprehend.     

A conditional purpose-based access control model with dynamic roles

This paper presents a model for privacy preserving access control which is based on variety of purposes. Conditional purpose is applied along with allowed purpose and prohibited purpose in the model. It allows users using some data for certain purpose with conditions. The structure of conditional purpose-based access control model is defined and investigated through dynamic roles. Access purpose is verified in a dynamic behavior, based on subject attributes, context attributes and authorization policies. Intended purposes are dynamically associated with the requested data object during the access decision. An algorithm is developed to achieve the compliance computation between access purposes and intended purposes and is illustrated with Role-based access control (RBAC) in a dynamic manner to support conditional purpose-based access control. According to this model, more information from data providers can be extracted while at the same time assuring privacy that maximizes the usability of consumers’ data. It extends traditional access control models to a further coverage of privacy preserving in data mining atmosphere. The structure helps enterprises to circulate clear privacy promise, to collect and manage user preferences and consent.     

Commitment analysis to operationalize software requirements from privacy policies

Online privacy policies describe organizations’ privacy practices for collecting, storing, using, and protecting consumers’ personal information. Users need to understand these policies in order to know how their personal information is being collected, stored, used, and protected. Organizations need to ensure that the commitments they express in their privacy policies reflect their actual business practices, especially in the United States where the Federal Trade Commission regulates fair business practices. Requirements engineers need to understand the privacy policies to know the privacy practices with which the software must comply and to ensure that the commitments expressed in these privacy policies are incorporated into the software requirements. In this paper, we present a methodology for obtaining requirements from privacy policies based on our theory of commitments, privileges, and rights, which was developed through a grounded theory approach. This methodology was developed from a case study in which we derived software requirements from seventeen healthcare privacy policies. We found that legal-based approaches do not provide sufficient coverage of privacy requirements because privacy policies focus primarily on procedural practices rather than legal practices.     

面向Android应用的细粒度位置隐私保护系统

位置隐私保护是移动定位服务中的关键安全问题,粗粒度的访问控制机制通过绝对的授权策略抑制了位置信息的暴露,但是忽略了用户的服务质量。提出一种针对本地位置信息的时空模糊算法,实现了细粒度的位置隐私保护系统,在保障用户服务质量的前提下实现位置信息的模糊,从而达到隐私保护的目的。首先设计了一种针对应用程序位置服务请求的位置信息拦截技术,截获精确位置信息,并使用位置模糊算法进行模糊处理;将模糊后的安全位置信息返回给Apps,从而实现位置隐私保护。实验结果证明了该方法的有效性。     

电子现金系统的RBAC管理方案

在基于电子现金的网络支付方案中,交易过程相关的多个实体有不同类型的权限和访问标准,如果各自进行安全管理,会使得整个系统的维护协调有很大难度。因此,横跨多个实体的权限管理带来了额外的安全性挑战。分析了基于RBAC的电子现金系统的权限管理策略,通过基于常规角色的授权实现了对电子现金系统内多个实体的访问控制,并设置与常规角色互斥的管理角色实现系统的分布式自行管理．     

Can privacy concerns for insurance of connected cars be compensated?

Internet-of-things technologies enable service providers such as insurance companies to collect vast amounts of privacy-sensitive data on car drivers. This paper studies whether and how privacy concerns of car owners can be compensated by offering monetary benefits. We study the case of usage based car insurance services for which the insurance fee is adapted to measured mileage and driving behaviour. A conjoint experiment shows that consumers prefer their current insurance products to usage based car insurance. However, when offered a minor financial compensation, they are willing to give up their privacy to car insurers. Consumers find privacy of behaviour and action more valuable than privacy of location and space. The study is a first to compare different forms of privacy in the acceptance of connected car services. Hereby, we contribute to more fine-grained understanding of privacy concerns in the acceptance of digital services, which will become more important in the upcoming Internet-of-things era.     

Authorization and revocation in object-oriented databases

Few studies of object-oriented databases deal with their security, a fundamental aspect of systems with complex data structures. Most authorization systems give users who own resources only some basic control over them; here, we provide users with more direct control over their resources by associating with each grant propagation numbers. Propagation numbers govern the grantability and exercisability of the privileges. Of particular interest in our study of authorization in an OO environment is the combination of inheritance and granting of privileges. Diverse policies are discussed and implemented in a test-bed system     

MIS系统的授权管理

在大型ＭＩＳ系统中建有许多表和视图,对这些数据库资源的存取授权管理十分复杂,而由用户直接管理数据库中的资源的存取授权十分困难。将用户－角色授权模型引入数据库系统授权管理,限制了ＤＢＡ的权利,简化了系统的授权管理。     

On optimal decision for QoS-aware composite service selection

The increasing popularity of employing web services for distributed systems contributes to the significance of service discovery. However, duplicated and similar functional features existing among services require service consumers to include additional aspects to evaluate the services. Generally, the service consumers would have different view on the quality of service (QoS) of service attributes. How to select the best composite service in theory among available service (WS) candidates for consumers is an interesting practical issue. This work proposes a QoS-aware service selection model based on fuzzy linear programming (FLP) technologies, in order to identify their dissimilarity on service alternatives, assist service consumers in selecting most suitable services with consideration of their expectations and preferences. This approach can obtain the optimal solution of consensual weight of QoS attribute and fuzzy positive ideal solution (FPIS) by extending LINMAP method, developed by Srinivasan and Shocker. Finally, two numerical examples are given to demonstrate the process of QoS-aware web service selection. The experimental results demonstrated that it is a feasible and supplementary manner in selecting the of web services.     

基于角色的软件协作环境研究与实现

近年来，软件协作技术已成为基于Web的分布式软件服务计算环境的重要研究方向，在基于角色的群体协作机制和角色协作关系建模方法基础上，提出并设计实现了一个基于角色的软件协作环境，具体讨论了该环境的功能目标、工作原理、系统结构、实现机制和关键技术，最后讨论了该工作在协同电子商务系统中的应用情况，给出了下一步研究中需要解决的若干问题．     

An extended attribute based access control model with trust and privacy: Application to a collaborative crisis management system

Many efforts in the area of computer security have been drawn to attribute-based access control (ABAC). Compared to other adopted models, ABAC provides more granularity, scalability, and flexibility. This makes it a valuable access control system candidate for securing platforms and environments used for coordination and cooperation among organizations and communities, especially over open networks such as the Internet. On the other hand, the basic ABAC model lacks provisions for context, trust and privacy issues, all of which are becoming increasingly critical, particularly in high performance distributed collaboration environments. This paper presents an extended access control model based on attributes associated with objects and subjects. It incorporates trust and privacy issues in order to make access control decisions sensitive to the cross-organizational collaboration context. Several aspects of the proposed model are implemented and illustrated by a case study that shows realistic ABAC policies in the domain of distributed multiple organizations crisis management systems. Furthermore, the paper shows a collaborative graphical tool that enables the actors in the emergency management system to make better decisions. The prototype shows how it guarantees the privacy of object’s attributes, taking into account the trust of the subjects. This tool incorporates a decision engine that relies on attribute based policies and dynamic trust and privacy evaluation. The resulting platform demonstrates the integration of the ABAC model, the evolving context, and the attributes of actors and resources.     

数据库系统授权管理研究

在大型数据库系统中建有许多表和视图，对这些数据库资源的存取授权管理十分复杂，而由用户直接管理数据库中的资源的存取授权十分困难，我们将用户一角色授权模型引入数据库系统授权管理，限制了ＤＢＡ的权利，简化了系统的授权管理。     

Personal mobile services

Ubiquitous information access through mobile devices has become a typical practice in everyday life. The mobile service paradigm shifts the role of mobile devices from consumers to providers, opening up new opportunities for a multitude of collaborative services and applications ranging from sharing personal information to collaborative participatory sensing. Although many basic principles of the standard Web service approach continue to apply, the inherent constraints of mobile devices and broadband wireless access render the deployment of the standard architecture in mobile environments inefficient. This paper introduced personal services, a user-centric paradigm that enables service-oriented interactions among mobile devices that are controlled via user-specified authorization policies. Personal services exploit the user’s contact list (ranging from phonebook to social lists) in order to publish and discover Web services while placing users in full control of their own personal data and privacy. Experimental validation demonstrates the ability of personal services to foster a new generation of collaborative mobile services. Performance evaluation results show that the publication and discovery through contact lists are efficient and that service announcements and discovery requests can reach a huge number of users in a few seconds. Results also support a conclusion that resources-constrained devices can collaborate to carry out functionalities beyond the ability of their resources limitations.     

改进属性证书和WSDL的Web Services授权机制

Web Services使得基于XML技术的分布式计算成为可能，它被看作是将会替代现存的诸如CORBA、Java RMI和DCOM等旧的分布式应用解决方案的一种新兴技术。Web Services应用中的最为基本的问题就是Web Services的安全问题，它是诸多需要被解决的问题中的最为重要的部分，所以保障用户的验证、授权、信息的机密性、完整性和不可否认性就显得十分必要了。论文中，通过引进Web Services属性证书和对WSDL进行扩展的方法为Web Services用户提供了一种行之有效的用户授权方法。