First research report on research on next generation policies

This document describes the advancement status of the research work on policies in PrimeLife. It first highlights the overall objectives of Work Package 5.2 and then illustrates the main research results of the work package. The research results are related to the development of privacy-aware languages incorporating dierent cryptographic primitives and allowing the involved parties to define context-aware policies and privacy-aware constraints that regulate the data views accessible by the collaborating parties. Furthermore, an extensive analysis of the relationships between access control and data handling policies has been performed as well as an analysis of the main legal aspects related to the processing of personal data.

[1]  Jan Camenisch,et al.  An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation , 2001, IACR Cryptol. ePrint Arch..

[2]  Arnon Rosenthal,et al.  Administering Permissions for Distributed Data: Factoring and Automated Inference , 2001, DBSec.

[3]  Stefan A. Brands,et al.  Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy , 2000 .

[4]  Frank Stajano,et al.  Mix zones: user privacy in location-aware services , 2004, IEEE Annual Conference on Pervasive Computing and Communications Workshops, 2004. Proceedings of the Second.

[5]  Hui Xiong,et al.  Preserving privacy in gps traces via uncertainty-aware path cloaking , 2007, CCS '07.

[6]  David Chaum,et al.  Security without identification: transaction systems to make big brother obsolete , 1985, CACM.

[7]  Sabrina De Capitani di Vimercati,et al.  Access Control: Policies, Models, and Mechanisms , 2000, FOSAD.

[8]  William J. Kirsch,et al.  The protection of privacy and transborder flows of personal data: the work of the Council of Europe, the Organization for Economic Co-operation and Development and the European Economic Community , 1982, Legal Issues of Economic Integration.

[9]  Sushil Jajodia,et al.  Controlled Information Sharing in Collaborative Distributed Query Processing , 2008, 2008 The 28th International Conference on Distributed Computing Systems.

[10]  Sushil Jajodia,et al.  Protecting Privacy Against Location-Based Personal Identification , 2005, Secure Data Management.

[11]  Arnon Rosenthal,et al.  View security as the basis for data warehouse security , 2000, DMDW.

[12]  Anind K. Dey,et al.  Location-Based Services for Mobile Telephony: a Study of Users' Privacy Concerns , 2003, INTERACT.

[13]  Sabrina De Capitani di Vimercati,et al.  A privacy-aware access control system , 2008, J. Comput. Secur..

[14]  Jan Camenisch,et al.  How to win the clonewars: efficient periodic n-times anonymous authentication , 2006, CCS '06.

[15]  Pierangela Samarati,et al.  Exploiting cryptography for privacy-enhanced access control: A result of the PRIME Project , 2010, J. Comput. Secur..

[16]  Lothar Fritsch,et al.  Profiling and Location-Based Services (LBS) , 2008, Profiling the European Citizen.

[17]  S. Sudarshan,et al.  Extending query rewriting techniques for fine-grained access control , 2004, SIGMOD '04.

[18]  Ling Liu,et al.  Protecting Location Privacy with Personalized k-Anonymity: Architecture and Algorithms , 2008, IEEE Transactions on Mobile Computing.

[19]  Sushil Jajodia,et al.  Assessing query privileges via safe and efficient permission composition , 2008, CCS.

[20]  Amihai Motro,et al.  An access authorization model for relational databases based on algebraic manipulation of view definitions , 1989, [1989] Proceedings. Fifth International Conference on Data Engineering.

[21]  Pierangela Samarati,et al.  Location privacy in pervasive computing , 2008 .

[22]  Daniel J. Solove A Taxonomy of Privacy , 2006 .

[23]  Ernest F. Brickell,et al.  Direct anonymous attestation , 2004, CCS '04.

[24]  Martin Colbert,et al.  A diary study of rendezvousing: implications for position-aware computing and communications for the general public , 2001, GROUP.

[25]  M. Rundle International Personal Data Protection and Digital Identity Management Tools , 2006 .

[26]  Jan Camenisch,et al.  Practical Verifiable Encryption and Decryption of Discrete Logarithms , 2003, CRYPTO.

[27]  Sushil Jajodia,et al.  Regulating Exceptions in Healthcare Using Policy Spaces , 2008, DBSec.

[28]  Lillian Røstad,et al.  A Study of Access Control Requirements for Healthcare Systems Based on Audit Trails from Access Logs , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[29]  H. Nissenbaum Privacy as contextual integrity , 2004 .