A Context-Aware Privacy Policy Language for Controlling Access to Context Information of Mobile Users

This paper introduces a Context-aware Privacy Policy Language (CPPL) that enables mobile users to control who can access their context information, at what detail, and in which situation by specifying their context-aware privacy rules. Context-aware privacy rules map a set of privacy rules to one or more user’s situations, in which these rules are valid. Each time a user’s situation changes, a list of valid rules is updated, leaving only a subset of the specified rules to be evaluated by a privacy framework upon arrival of a context query. In the existing context-dependent privacy policy languages a user’s context is used as an additional condition parameter in a privacy rule, thus all the specified privacy rules have to be evaluated when a request to access a user’s context arrives. Keeping the number of rules that need to be evaluated small is important because evaluation of a large number of privacy rules can potentially increase the response time to a context query. CPPL also enables rules to be defined based on a user’s social relationship with a context requestor, which reduces the number of rules that need to be defined by a user and that consequently need to be evaluated by a privacy mechanism. This paper shows that when compared to the existing context-dependent privacy policy languages, this number of rules (that are encoded using CPPL) decreases with an increasing number of user-defined situations and requestors that are represented by a small number of social relationship groups.

[1]  Tim Moses,et al.  EXtensible Access Control Markup Language (XACML) version 1 , 2003 .

[2]  Peter F. Patel-Schneider,et al.  Enabling context-aware and privacy-conscious user data sharing , 2004, IEEE International Conference on Mobile Data Management, 2004. Proceedings. 2004.

[3]  Kurt Geihs,et al.  A Context Query Language for Pervasive Computing Environments , 2008, 2008 Sixth Annual IEEE International Conference on Pervasive Computing and Communications (PerCom).

[4]  Archan Misra,et al.  Privacy Engine for Context-Aware Enterprise Application Services , 2008, 2008 IEEE/IFIP International Conference on Embedded and Ubiquitous Computing.

[5]  Markus Endler,et al.  A Privacy Service for Context-aware Mobile Computing , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).

[6]  Ian T. Foster,et al.  Grid information services for distributed resource sharing , 2001, Proceedings 10th IEEE International Symposium on High Performance Distributed Computing.

[7]  Antonio Corradi,et al.  Context-based access control management in ubiquitous environments , 2004, Third IEEE International Symposium on Network Computing and Applications, 2004. (NCA 2004). Proceedings..

[8]  Andreas Matheus,et al.  How to Declare Access Control Policies for XML Structured Information Objects using OASIS' eXtensible Access Control Markup Language (XACML) , 2005, Proceedings of the 38th Annual Hawaii International Conference on System Sciences.

[9]  H. Lan,et al.  SWRL : A semantic Web rule language combining OWL and ruleML , 2004 .

[10]  Tara Matthews,et al.  Location disclosure to social relations: why, when, & what people want to share , 2005, CHI.

[11]  Kurt Geihs,et al.  A Comprehensive Context Modeling Framework for Pervasive Computing Systems , 2008, DAIS.

[12]  Yolande Berbers,et al.  Context inference of users' social relationships and distributed policy management , 2009, 2009 IEEE International Conference on Pervasive Computing and Communications.

[13]  Deborah L. McGuinness,et al.  OWL Web ontology language overview , 2004 .