A Customer-Centric Privacy Protection Framework for Mobile Service-Oriented Architectures

Mobile companions such as smart phones and PDAs carry a lot of sensitive data about their owners. With new services aimed at providing more targeted information retrieval through increased interactions with these devices, privacy concerns of individuals must be addressed. Existing mobile service computing solutions give users little control over the release of this information. In this paper, we present a privacy-aware information brokerage framework called MUPPET that incorporates three novel techniques to give users control over the release of their data. First, it introduces operation-focused access control, a purpose-based access control model that supports flexible and fine-grain policies using typed operation labels. Second, MUPPET includes a purpose detector that has a number of techniques to detect the active purpose in a pervasive environment. Third, our system allows reward-driven information exchange, a protocol for explicit communication and negotiation of justifications and rewards supporting tunable privacy policies based on ongoing evaluation of the information exchange. To validate our design, the MUPPET prototype has been integrated with a personalized coupon offering application for two different service providers in an experimental retail kiosk setting.

[1]  Alan H. Karp,et al.  MUPPET: Mobile Ubiquitous Privacy Protection for Electronic Transactions , 2007 .

[2]  Paul R. Ashley,et al.  Enterprise Privacy Authorization Language , 2003 .

[3]  Latanya Sweeney,et al.  k-Anonymity: A Model for Protecting Privacy , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[4]  Lorrie Faith Cranor,et al.  The platform for privacy preferences , 1999, CACM.

[5]  M. Fahrmair,et al.  Security and privacy rights management for mobile and ubiquitous computing , 2005 .

[6]  Alan H. Karp Authorization-Based Access Control for the Services Oriented Architecture , 2006, Fourth International Conference on Creating, Connecting and Collaborating through Computing (C5'06).

[7]  Ramakrishnan Srikant,et al.  Hippocratic Databases , 2002, VLDB.

[8]  Mu-Chen Chen,et al.  Mining changes in customer behavior in retail marketing , 2005, Expert Syst. Appl..

[9]  Charu C. Aggarwal,et al.  On the design and quantification of privacy preserving data mining algorithms , 2001, PODS.

[10]  Elisa Bertino,et al.  Privacy Protection , 2022 .

[11]  Mark Strembeck,et al.  An approach to engineer and enforce context constraints in an RBAC environment , 2003, SACMAT '03.

[12]  Ramakrishnan Srikant,et al.  Privacy-preserving data mining , 2000, SIGMOD '00.

[13]  Sören Preibusch,et al.  Implementing privacy negotiation techniques in e-commerce , 2005, Seventh IEEE International Conference on E-Commerce Technology (CEC'05).

[14]  Marc Langheinrich,et al.  The platform for privacy preferences 1.0 (p3p1.0) specification , 2002 .

[15]  Roy H. Campbell,et al.  Cerberus: a context-aware security scheme for smart spaces , 2003, Proceedings of the First IEEE International Conference on Pervasive Computing and Communications, 2003. (PerCom 2003)..

[16]  Elisa Bertino,et al.  GEO-RBAC: a spatially aware RBAC , 2005, SACMAT '05.