SWYSWYK: A Privacy-by-Design Paradigm for Personal Information Management Systems

Pushed by recent legislation and smart disclosure initiatives, Personal Information Management Systems (PIMS) emerge and hold the promise of giving the control back to the individual on her data. However, this shift leaves the privacy and security issues in user's hands, a role that few people can properly endorse. Indeed, existing sharing models are difficult to administrate and securing their implementation in user's computing environment is an unresolved challenge. This paper advocates the definition of a Privacy-by-Design sharing paradigm, called SWYSWYK (Share What You See with Who You Know), dedicated to the PIMS context. This paradigm allows each user to physically visualize the net effects of sharing rules on her PIMS and automatically provides tangible guarantees about the enforcement of the defined sharing policies. Finally, we demonstrate the practicality of the approach through a performance evaluation conducted on a real PIMS platform.

[1]  Frank Wang,et al.  Sieve: Cryptographically Enforced Access Control for User Data in Untrusted Clouds , 2016, NSDI.

[2]  Serge Abiteboul,et al.  Managing your digital life , 2015, Commun. ACM.

[3]  Qi Li,et al.  Personal Data Management with the Databox: What's Inside the Box? , 2016, CAN@CoNEXT.

[4]  Saikat Guha,et al.  NOYB: privacy in online social networks , 2008, WOSN '08.

[5]  T. Alves,et al.  TrustZone : Integrated Hardware and Software Security , 2004 .

[6]  Bobby Bhattacharjee,et al.  Persona: an online social network with user-defined privacy , 2009, SIGCOMM '09.

[7]  Barbara Carminati,et al.  Rule-Based Access Control for Social Networks , 2006, OTM Workshops.

[8]  Paolo Bellavista,et al.  Peer-to-Peer Content Sharing Based on Social Identities and Relationships , 2014, IEEE Internet Computing.

[9]  Lujo Bauer,et al.  Toward strong, usable access control for shared distributed data , 2014, FAST.

[10]  Elisa Bertino,et al.  Access Control for Databases: Concepts and Systems , 2011, Found. Trends Databases.

[11]  Nigel Shadbolt,et al.  A decentralized architecture for consolidating personal information ecosystems: The WebBox , 2012 .

[12]  Krishna P. Gummadi,et al.  Analyzing facebook privacy settings: user expectations vs. reality , 2011, IMC '11.

[13]  Shiping Chen,et al.  Secure Data Sharing in the Cloud , 2014 .

[14]  Touradj Ebrahimi,et al.  Privacy-preserving photo sharing based on a secure JPEG , 2015, 2015 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS).

[15]  Athanasios V. Vasilakos,et al.  SeDaSC: Secure Data Sharing in Clouds , 2017, IEEE Systems Journal.

[16]  Srinivas Devadas,et al.  Intel SGX Explained , 2016, IACR Cryptol. ePrint Arch..

[17]  Yossi Matias,et al.  Suggesting friends using the implicit social graph , 2010, KDD.

[18]  Magdalena Balazinska,et al.  Homeviews: peer-to-peer middleware for personal data sharing applications , 2007, SIGMOD '07.