Improving privacy in health care with an ontology-based provenance management system

Provenanc refers to the origin of information. Therefore, provenance is the metadata that record the history of data. As provenance is the derivation history of an object starting from its original source, the provenance information is used to analyse processes that are performed on an object and to track by whom these processes are performed. Thus, provenance shows the trustworthiness and quality of data. In a provenance management system in order to verify the trustworthy of provenance information, security needs must be also fulfilled. In this work, an ontology-based privacy-aware provenance management model is proposed. The proposed model is based on the Open Provenance Model, which is a common model for provenance. The proposed model aims to detect privacy violations, to reduce privacy risks by using permissions and prohibitions, and also to query the provenance data. The proposed model is implemented with Semantic Web technologies and demonstrated for the health care domain in order to preserve patients' privacy. Also, an infectious disease ontology and a vaccination ontology are integrated to the system in order to track the patients' vaccination history, to improve the quality of medical processes, the reliability of medical data, and the decision making in the health care domain.     

Privacy-aware access control with trust management in web service

With the significant development of mobile commerce, privacy becomes a major concern for both customers and enterprises. Although data generalization can provide significant protection of an individual’s privacy, over-generalized data may render data of little value or useless. In this paper, we devise generalization boundary techniques to maximize data usability while, minimizing disclosure of privacy. Inspired by the fact that the permissible generalization level results in a much finer level access control, we propose a privacy-aware access control model in web service environments. We also analyze how to manage a valid access process through a trust-based decision and ongoing access control policies. The extensive experiments on both real-world and synthetic data sets show that the proposed privacy aware access control model is practical and effective.     

A reliable recommendation and privacy-preserving based cross-layer reputation mechanism for mobile cloud computing

Mobile cloud computing (MCC) is gaining popularity due to anywhere anytime data access. However, at the same time it also introduces the new privacy and security threats that have become an obstacle to the widespread use and popularity of MCC. In this paper, we propose a reliable recommendation and privacy preserving based cross-layer reputation mechanism (RP-CRM) to provide secure and privacy-aware communication process in wireless mesh networks (WMNs) based MCC (WM-MCC). RP-CRM integrates the cross-layer design with recommendation reputation reliability evaluation mechanism and the privacy preserving scheme to identify and manage the internal malicious nodes and protect the security and privacy against internal multi-layer attack, bad mouthing attack and information disclosure attack. Simulation results and performance analysis demonstrate that RP-CRM can provide rapid and accurate malicious node identification and management, and provide security and privacy protection against aforementioned attacks more effectively and efficiently.     

保护位置隐私近邻查询中隐私偏好问题研究

近年来,位置服务中的隐私保护问题得到了研究者的持续关注,特别是近邻查询中位置隐私保护问题更是得到了广泛的研究.已有工作缺少对查询者个性化隐私偏好约束的系统研究,位置隐私与查询服务质量的兼顾,在隐私偏好约束下尤为困难:(1)偏好强调个性与隐私模型侧重共性存在矛盾;(2)偏好对查询中间结果动态可控依赖与查询简化中间结果的思想相抵触;(3)连续查询中,支持隐私偏好存在基于候选解集攻击的风险.结合上述问题,提出保护位置隐私近邻查询中的隐私偏好问题,从位置隐藏原理及近邻查询性能与保护位置隐私内在制约机理的角度,对已有的位置隐藏与查询处理方法的性能及其对隐私偏好支持能力进行论述分析.进一步地,对支持隐私偏好与保护位置隐私查询内在制约机理进行了剖析,分析保护位置隐私近邻查询中支持隐私偏好需解决的主要问题,并对所归纳问题的可能解决方法进行了展望.     

Obfuscated volume rendering

Analyzing and processing various data types in a privacy-preserving perspective has been researched in many disciplines; however, such an issue draws very limited attention in the research field of scientific visualization. We wondered if it is possible to delegate the rendering of a volume data set to a remote server(s) while still being able to preserve its privacy to certain extent. This paper presents a block-based volume data transformation algorithm that obfuscates a volume data set so as to reduce the user’s privacy concern when the volume data set is to be uploaded to a remote server. In addition, a privacy-aware transfer function adjustment is proposed so that not only the privacy is protected during the rendering process, but also the computational loading could be leveraged to the server side as much as possible. Experimental results show that the proposed method yields visually satisfactory results compared with a normal direct volume rendering approach. Moreover, the decrease of the rendering efficiency caused by the proposed method is still controlled within an acceptable range. A case study proves that the proposed approach can be adopted in practice. This work explores the possibility of rendering a volume data set through remote server(s) while the privacy of data is still maintained.     

Anonymous subject identification and privacy information management in video surveillance

The widespread deployment of surveillance cameras has raised serious privacy concerns, and many privacy-enhancing schemes have been recently proposed to automatically redact images of selected individuals in the surveillance video for protection. Of equal importance are the privacy and efficiency of techniques to first, identify those individuals for privacy protection and second, provide access to original surveillance video contents for security analysis. In this paper, we propose an anonymous subject identification and privacy data management system to be used in privacy-aware video surveillance. The anonymous subject identification system uses iris patterns to identify individuals for privacy protection. Anonymity of the iris-matching process is guaranteed through the use of a garbled-circuit (GC)-based iris matching protocol. A novel GC complexity reduction scheme is proposed by simplifying the iris masking process in the protocol. A user-centric privacy information management system is also proposed that allows subjects to anonymously access their privacy information via their iris patterns. The system is composed of two encrypted-domain protocols: The privacy information encryption protocol encrypts the original video records using the iris pattern acquired during the subject identification phase; the privacy information retrieval protocol allows the video records to be anonymously retrieved through a GC-based iris pattern matching process. Experimental results on a public iris biometric database demonstrate the validity of our framework.     

边缘计算场景中基于虚拟映射的隐私保护卸载算法

随着移动边缘计算(Mobile Edge Computing,MEC)和无线充电技术(Wireless Power Transmission,WPT)的诞生和发展,越来越多的计算任务被卸载至MEC服务器以进行处理,并借助WPT技术为终端设备供电,以缓解终端设备计算能力受限和设备能耗过高的问题.由于卸载的任务和数据往往携...     

Privacy-Aware Autonomous Agents for Pervasive Healthcare

This article is part of a special issue on Intelligent Agents in Healthcare. Hospitals are natural candidates for pervasive computing technology, but they have significant privacy requirements. Autonomous agents can help developers design privacy-aware systems for pervasive healthcare environments. An extension of the SALSA agent framework incorporates customizable privacy mechanisms to adapt applications to a certain quality-of-privacy level, thereby harnessing the properties of autonomous agents. An implementation of a context-aware pervasive hospital application shows how this framework can help developers manage user privacy.     

Privacy-aware electricity scheduling for home energy management system

In the context of smart grid, home energy management system (HEMS) needs to collect the fine-grained energy consumption data through smart meters. However, the fine-grained data contain the electricity consumption patterns of consumers, which can induce serious privacy issues. In order to protect the electric privacy of consumers, a privacy-aware electricity scheduling strategy for HEMS is proposed in this paper. Firstly, the basic scheduling model of HEMS is presented, and the basic scheduling objective is to minimize the electricity payment while satisfy the daily power demands of consumers. On this basis, a privacy-aware optimal scheduling model adopting rechargeable batteries is established, and the introduction of preference factor enables consumers to make a tradeoff between the total operation cost and privacy security. The electric privacy protection performance is measured by coefficient of determination and the number of features. Besides, the operation cost of batteries is also considered in the modeling process, and the influence battery capacity has on the performance of privacy protection is discussed. Simulation results show that the proposed method is effective and has strong practical application value.     

A view-based monitoring for usage control in web services

Quality of service (QoS) can be a critical element for achieving the business goals of a service provider, and accepting a service by the customer. The criticality is more pronounced when the service provider handles the non-functional QoS attribute of privacy, i.e., privacy related to the customer’s personal data. In this regard, the customer needs some guarantee(s) from the service provider about confidentiality management, leading to overall quality characterization of the provided service. A service level agreement (SLA) is primarily intended to specify (in terms of clauses) the level of such non-functional QoS delivered to the customer. The aim is to provide customers with tools that show the fulfillment of QoS guarantees, through SLA monitoring process. In this paper, we address the problem of usage control of private data in service based applications ensuring end-to-end QoS capabilities. We propose a query containment based approach to support the monitoring of privacy-aware SLA compliance, that spells out a customer’s privacy rights, and shows how the customer’s private information must be handled by a Web service provider. We introduce the private data usage flow model upon which the monitoring is performed to observe the data usage flow, and capture the privacy vulnerabilities that may lead to non-compliance. The model is built on top of (i) properties and time-related privacy requirements to be monitored, and (ii) a set of identified privacy violations. As proof of concept, a privacy aware SLA monitoring system, which is an easy-to-use, and efficient tool for observing the dynamic private data usage flow is developed. Experiment results indicate the relevance and applicability of the proposed approach.     

Hierarchical hippocratic databases with minimal disclosure for virtual organizations

The protection of customer privacy is a fundamental issue in today’s corporate marketing strategies. Not surprisingly, many research efforts have proposed new privacy-aware technologies. Among them, Hippocratic databases offer mechanisms for enforcing privacy rules in database systems for inter-organizational business processes (also known as virtual organizations). This paper extends these mechanisms to allow for hierarchical purposes, distributed authorizations and minimal disclosure supporting the business processes of virtual organizations that want to offer their clients a number of ways to fulfill a service. Specifically, we use a goal-oriented approach to analyze privacy policies of the enterprises involved in a business process. On the basis of the purpose hierarchy derived through a goal refinement process, we provide algorithms for determining the minimum set of authorizations needed to achieve a service. This allows us to automatically derive access control policies for an inter-organizational business process from the collection of privacy policies associated with different participating enterprises. By using effective on-line algorithms, the derivation of such minimal information can also be done on-the-fly by the customer wishing to access a service.This is an expanded and revised version of [20].     

Privacy-Preserving Data Visualization: Reflections on the State of the Art and Research Opportunities

Preservation of data privacy and protection of sensitive information from potential adversaries constitute a key socio-technical challenge in the modern era of ubiquitous digital transformation. Addressing this challenge needs analysis of multiple factors: algorithmic choices for balancing privacy and loss of utility, potential attack scenarios that can be undertaken by adversaries, implications for data owners, data subjects, and data sharing policies, and access control mechanisms that need to be built into interactive data interfaces. Visualization has a key role to play as part of the solution space, both as a medium of privacy-aware information communication and also as a tool for understanding the link between privacy parameters and data sharing policies. The field of privacy-preserving data visualization has witnessed progress along many of these dimensions. In this state-of-the-art report, our goal is to provide a systematic analysis of the approaches, methods, and techniques used for handling data privacy in visualization. We also reflect on the road-map ahead by analyzing the gaps and research opportunities for solving some of the pressing socio-technical challenges involving data privacy with the help of visualization.     

On the design of a privacy aware authorization engine for collaborative environments

Business networking has substantially reshaped common enterprise procedures and has paved the way for the development of ground-breaking information sharing patterns and inter-organizational cooperative practices. Yet, critical issues still stand unaddressed; privacy and sensitive information confidentiality implications threaten to diminish the economic and social benefits derived from online collaboration. Nevertheless, privacy preservation refers to a multidimensional and cross-disciplinary subject, accompanied by both legal as well as technical challenges. In this context, this paper describes the design of a privacy-aware decision engine operating within synergistic contexts. Decision making regarding the production of authorizations and information usage rules is founded on a detailed privacy context and the enforcement of a deductive reasoning algorithm. The proposed reasoning process spans two distinct phases, taking into account an a priori perspective of the system while at the same time maintaining responsiveness in dynamic contexts.     

面向服务组合的用户隐私需求规约与验证方法

用户向Web服务组合提供隐私数据时,不同用户有自身的隐私信息暴露需求,服务组合应支持用户隐私需求的可满足性验证.首先提出一种面向服务组合的用户隐私需求规约方法,用户能够定义隐私数据及不同使用情境的敏感度,采用敏感度-信誉度函数明确可以使用隐私数据的成员服务,简化隐私需求的同时,提高了隐私需求的通用性.为了验证服务组合是否满足用户隐私需求,首先通过隐私数据项依赖图（privacy data item dependency graph,简称PDIDG）描述组合中隐私数据项的依赖关系,然后采用隐私开放工作流网（privacy open workflow net,简称POWFN）构建隐私敏感的服务组合模型,通过需求验证算法验证服务组合是否满足用户隐私需求,从而能够有效防止用户隐私信息的非法直接暴露和间接暴露.最后,通过实例分析说明了该方法的有效性,并对算法性能进行了实验分析.     

Design and implementation of a secure and trustworthy platform for privacy-aware video surveillance

Worldwide, thousands of video surveillance cameras record our daily activities. People are aware that video surveillance is deployed for the sake of security. However, the privacy of individuals would be endangered if the proper measures were not considered. Privacy-aware video surveillance has historically been addressed by proposals based on detecting individuals and other sensitive parts of the video and hiding them using a variety of techniques. In this paper, we present a comprehensive solution tackling video processing, video protection and management of the Information System. We claim that a video surveillance system can protect our safety and, at the same time, guarantee our privacy. We describe the design and implementation of a privacy-aware video surveillance platform that, in order to be trustworthy, accomplishes with the properties of high detection accuracy, real-time performance and protected video utility. We have tested the proposed platform, and we demonstrate the feasibility of our approach for privacy protection.     

The key role of relevance in personalized advertisement: Examining its impact on perceptions of privacy invasion,self-awareness,and continuous use intentions

Internet advertising has become increasingly personalized as advertisers tailor content to individual users. However, this has led consumers to be concerned about their privacy. Based on rational choice theory and self-awareness theory, the current research explores the role of relevance in personalized advertisements and examines its impact on perceptions of privacy invasion, self-awareness, and subsequent continuous use intentions of personalized advertising. Analysis of survey data from 386 online users found that although privacy invasion perceptions are negatively related to continuous use intentions, perceived advertisement relevance mitigates consumer's privacy concerns. Perceived relevance was also found to be positively related to consumer's continuous use intentions through the mediation of self-awareness. This research identifies and highlights the importance of relevance in the tension between privacy concerns and personalized advertisements.     

Mobile local search with noisy locations

The deep penetration of mobile devices have led to the emergence of multiple mobile applications that seek to harness the positioning capabilities embedded in such devices. One of the most functional of these applications is local search. Local search is similar to a regular web search, yet is more powerful in a mobile setting since results are ranked both by prominence and locality. Undoubtedly popular, the current design of local search applications fails to cater equally to a privacy-aware user who desires finer controls in her location disclosure. Towards this end, we propose the design for a private local search (PriLS) application that enables a user to first learn the geographic variation in local search results and then use it to determine a noisy location that has little or no affect on the search results. Parametric studies and real-world evaluations show that PriLS can help identify geographic locations that would produce similar search results (compared to when the user’s location is used) with no noticeable delays in user experience. They also reveal that large areas typically exist where there is no change in the result of a local search query, and can be exploited to provide spatial privacy guarantees to a user.     

DyDAP: A dynamic data aggregation scheme for privacy aware wireless sensor networks

End-to-end data aggregation, without degrading sensing accuracy, is a very relevant issue in wireless sensor networks (WSN) that can prevent network congestion to occur. Moreover, privacy management requires that anonymity and data integrity are preserved in such networks. Unfortunately, no integrated solutions have been proposed so far, able to tackle both issues in a unified and general environment. To bridge this gap, in this paper we present an approach for dynamic secure end-to-end data aggregation with privacy function, named DyDAP. It has been designed starting from a UML model that encompasses the most important building blocks of a privacy-aware WSN, including aggregation policies. Furthermore, it introduces an original aggregation algorithm that, using a discrete-time control loop, is able to dynamically handle in-network data fusion to reduce the communication load. The performance of the proposed scheme has been verified using computer simulations, showing that DyDAP avoids network congestion and therefore improves WSN estimation accuracy while, at the same time, guaranteeing anonymity and data integrity.     

Countering overlapping rectangle privacy attack for moving kNN queries

An important class of LBSs is supported by the moving k nearest neighbor (MkNN) query, which continuously returns the k nearest data objects for a moving user. For example, a tourist may want to observe the five nearest restaurants continuously while exploring a city so that she can drop in to one of them anytime. Using this kind of services requires the user to disclose her location continuously and therefore may cause privacy leaks derived from the user's locations. A common approach to protecting a user's location privacy is the use of imprecise locations (e.g., regions) instead of exact positions when requesting LBSs. However, simply updating a user's imprecise location to a location-based service provider (LSP) cannot ensure a user's privacy for an MkNN query: continuous disclosure of regions enable LSPs to refine more precise location of the user. We formulate this type of attack to a user's location privacy that arises from overlapping consecutive regions, and provide the first solution to counter this attack. Specifically, we develop algorithms which can process an MkNN query while protecting the user's privacy from the above attack. Extensive experiments validate the effectiveness of our privacy protection technique and the efficiency of our algorithm.