Towards a Model of User-centered Privacy Preservation

The growth in cloud-based services tailored for users means more and more personal data is being exploited, and with this comes the need to better handle user privacy. Software technologies concentrating on privacy preservation typically present a one-size fits all solution. However, users have different viewpoints of what privacy means to them and therefore, configurable and dynamic privacy preserving solutions have the potential to create useful and tailored services without breaching any user's privacy. In this paper, we present a model of user-centered privacy that can be used to analyse a service's behaviour against user preferences, such that a user can be informed of the privacy implications of that service and what fine-grained actions they can take to maintain their privacy. We show through study that the user-based privacy model can: i) provide customizable privacy aligned with user needs; and ii) identify potential privacy breaches.

[1]  Mike Surridge,et al.  Modelling Access Propagation in Dynamic Systems , 2013, TSEC.

[2]  Lorrie Faith Cranor,et al.  A "nutrition label" for privacy , 2009, SOUPS.

[3]  Hye-Young Paik,et al.  Formal consistency verification between BPEL process and privacy policy , 2006, PST.

[4]  Eytan Adar,et al.  The PViz comprehension tool for social network privacy settings , 2012, SOUPS.

[5]  Emil C. Lupu,et al.  The Ponder Policy Specification Language , 2001, POLICY.

[6]  Richard J. Lipton,et al.  A Linear Time Algorithm for Deciding Subject Security , 1977, JACM.

[7]  Percy Antonio Pari Salas,et al.  Testing Privacy Policies Using Models , 2008, 2008 Sixth IEEE International Conference on Software Engineering and Formal Methods.

[8]  Lorrie Faith Cranor,et al.  User interfaces for privacy agents , 2006, TCHI.

[9]  M. Gribaudo,et al.  2002 , 2001, Cell and Tissue Research.

[10]  Yang Wang,et al.  Privacy nudges for social media: an exploratory Facebook study , 2013, WWW.

[11]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[12]  Zhiqiu Huang,et al.  Verification of Behavior-aware Privacy Requirements in Web Services Composition , 2014, J. Softw..

[13]  Timothy W. Finin,et al.  A Policy Based Approach to Security for the Semantic Web , 2003, SEMWEB.

[14]  David W. Chadwick,et al.  A privacy preserving authorisation system for the cloud , 2012, J. Comput. Syst. Sci..

[15]  Samuel Paul Kaluvuri,et al.  A Data-Centric Approach for Privacy-Aware Business Process Enablement , 2011, IWEI.

[16]  Lorrie Faith Cranor,et al.  Necessary But Not Sufficient: Standardized Mechanisms for Privacy Notice and Choice , 2012, J. Telecommun. High Technol. Law.

[17]  Brett Benyo,et al.  Representation and reasoning for DAML-based policy and domain services in KAoS and nomads , 2003, AAMAS '03.

[18]  Aleecia M. McDonald,et al.  The Cost of Reading Privacy Policies , 2009 .

[19]  J. Reeve,et al.  Solutions to problematic polypharmacy: learning from the expertise of patients. , 2015, The British journal of general practice : the journal of the Royal College of General Practitioners.

[20]  Jerry den Hartog,et al.  Know What You Trust , 2008, Formal Aspects in Security and Trust.

[21]  Alberto Trombetta,et al.  Integrating Privacy Policies into Business Processes , 2008, J. Res. Pract. Inf. Technol..

[22]  Tracy Ann Kosa,et al.  Towards measuring privacy , 2015 .

[23]  Julita Vassileva,et al.  P2U: A Privacy Policy Specification Language for Secondary Data Sharing and Usage , 2014, 2014 IEEE Security and Privacy Workshops.

[24]  Li Ding,et al.  Enhancing Web privacy protection through declarative policies , 2005, Sixth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'05).

[25]  Latanya Sweeney,et al.  k-Anonymity: A Model for Protecting Privacy , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[26]  Gavin Lowe,et al.  Analysing the Information Flow Properties of Object-Capability Patterns , 2009, Formal Aspects in Security and Trust.

[27]  Ponnurangam Kumaraguru,et al.  Privacy Indexes: A Survey of Westin's Studies , 2005 .