论文信息 - Privacy-Aware Service Integration

Privacy-Aware Service Integration

Privacy mechanisms exist for monolithic systems. However, pervasive environments that gather user data to support advanced services provide little control over the data an individual releases. This is a strong inhibitor for the development of pervasive systems, since most users do not accept that their personal information is sent out to the wild, and potentially passed over to third party systems. We therefore propose a framework to support user control over the data made available to service providers in the context of an OSGi based Extensible Service Systems. A formal privacy model is defined and service and policy descriptions are deduced. Technical system requirements to support these policies are identified. Since guaranteeing privacy inside the system is of little help if any malicious entity can break into it, a security architecture for OSGi based Extensible Service Systems is also defined.

[1] Thomas Stauner,et al. Security for Downloadable Automotive Services , 2005 .

[2] Rafael Accorsi,et al. On the Relationship of Privacy and Secure Remote Logging in Dynamic Systems , 2006, SEC.

[3] Pierre Parrend,et al. A Security Analysis for Home Gateway Architectures , 2008 .

[4] Stéphane Frénot,et al. Virtualization of Service Gateways in Multi-provider Environments , 2006, CBSE.

[5] Alexander Pretschner,et al. On Obligations , 2005, ESORICS.

[6] Günter Müller,et al. Privacy with Delegation of Rights by Identity Management , 2006, ETRICS.

[7] Richard S. Hall,et al. Automating Service Dependency Management in a Service-Oriented Component Model , 2003 .

[8] Rafael Accorsi,et al. Personalization in privacy-aware highly dynamic systems , 2006, CACM.

[9] Adolf Hohl,et al. Delegating Secure Logging in Pervasive Computing Systems , 2006, SPC.

[10] Sebastian Höhn. Bringing the User Back into Control: A New Paradigm for Usability in Highly Dynamic Systems , 2006, TrustBus.

[11] Helen Nissenbaum,et al. Privacy and contextual integrity: framework and applications , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).