Trust and privacy management support for context-aware service platforms

In a context-aware service platform, service providers adapt their services to the current situation of the service users using context information retrieved from context information providers. In such a service provisioning platform, important trust and privacy issues arise, because different entities responsible for different tasks have to collaborate in the provisioning of the services. Context information is privacy sensitive by nature, making the communication and processing of this information a potential privacy threat. The main goal of this thesis is to learn how to support users and providers of context-aware services in managing the trade-off between privacy protection and context-based service adaptation. More and more precise context information retrieved from trustworthy context information providers allows context-aware service provider to adapt their services more reliably. However, more and more precise context information also means a higher risk for the service users in case of a privacy violation.

[1]  Ricardo Neisse,et al.  A Distributed Context-Aware Trust Management Architecture , 2006 .

[2]  Gabriele Lenzini,et al.  Context-aware Trust Evaluation Functions for Dynamic Reconfigurable Systems , 2006, MTW.

[3]  Morris Sloman,et al.  Trust Management Tools for Internet Applications , 2003, iTrust.

[4]  Stephen Hailes,et al.  Supporting trust in virtual communities , 2000, Proceedings of the 33rd Annual Hawaii International Conference on System Sciences.

[5]  Andrea Westerinen,et al.  Policy Core Information Model - Version 1 Specification , 2001, RFC.

[6]  Harry Chen,et al.  An Intelligent Broker Architecture for Pervasive Context-Aware Systems , 2004 .

[7]  Julie A. McCann,et al.  A learning model for trustworthiness of context-awareness services , 2005, Third IEEE International Conference on Pervasive Computing and Communications Workshops.

[8]  Sushil Jajodia,et al.  Provisions and Obligations in Policy Management and Security Applications , 2002, VLDB.

[9]  Peter Vink,et al.  Perceived Privacy in Ambient Intelligent Environments , 2007, CAT@IFIPTM.

[10]  LouAnna Notargiacomo,et al.  Beyond the pale of MAC and DAC-defining new forms of access control , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[11]  Joan Feigenbaum,et al.  KeyNote: Trust Management for Public-Key Infrastructures (Position Paper) , 1998, Security Protocols Workshop.

[12]  Ravi S. Sandhu,et al.  Lattice-based access control models , 1993, Computer.

[13]  Emil C. Lupu,et al.  The Ponder Policy Specification Language , 2001, POLICY.

[14]  Bernt Schiele,et al.  Towards improving trust in context-aware systems by displaying system confidence , 2005, Mobile HCI.

[15]  Marten van Sinderen,et al.  Trust Management Model and Architecture for Context-Aware Service Platforms , 2007, OTM Conferences.

[16]  Steve Vinoski Service discovery 101 , 2003, IEEE Internet Computing.

[17]  Alexander Pretschner,et al.  A Trustworthy Usage Control Enforcement Framework , 2011, 2011 Sixth International Conference on Availability, Reliability and Security.

[18]  Marten van Sinderen,et al.  Supporting context-aware mobile applications: an infrastructure approach , 2006, IEEE Communications Magazine.

[19]  Antonio Corradi,et al.  Context-Driven Adaptation of Trust Relationships in Pervasive Collaborative Environments , 2005, 2005 Symposium on Applications and the Internet Workshops (SAINT 2005 Workshops).

[20]  Axel Küpper,et al.  Quality of Context: What It Is And Why We Need It , 2004 .

[21]  Audun Jøsang,et al.  The right type of trust for distributed systems , 1996, NSPW '96.

[22]  Sandro Etalle,et al.  An Introduction to the Role Based Trust Management Framework RT , 2007, FOSAD.

[23]  Julie A. McCann,et al.  An adaptive middleware framework for context-aware applications , 2005, Personal and Ubiquitous Computing.

[24]  Michael Krause,et al.  Challenges in Modelling and Using Quality of Context (QoC) , 2005, MATA.

[25]  Joan Feigenbaum,et al.  The KeyNote Trust-Management System Version 2 , 1999, RFC.

[26]  Luiz Olavo Bonino da Silva Santos,et al.  Architectural Models for Client Interaction on Service-Oriented Platforms , 2007, ACT4SOC.

[27]  Christian Schaefer,et al.  Mechanisms for usage control , 2008, ASIACCS '08.

[28]  David D. Clark,et al.  A Comparison of Commercial and Military Computer Security Policies , 1987, 1987 IEEE Symposium on Security and Privacy.

[29]  Lorrie Faith Cranor,et al.  The platform for privacy preferences , 1999, CACM.

[30]  Jaehong Park,et al.  The UCONABC usage control model , 2004, TSEC.

[31]  Joan Feigenbaum Overview of the AT&T Labs Trust-Management Project (Position Paper) , 1998, Security Protocols Workshop.

[32]  Claudia Keser,et al.  Can We Manage Trust? , 2005, iTrust.

[33]  Guy G. Gable,et al.  Integrating case study and survey research methods: an example in information systems , 1994 .

[34]  R. Chen,et al.  Poblano A Distributed Trust Model for Peer-to-Peer Networks , 2001 .

[35]  Marten van Sinderen,et al.  An Information Model and Architecture for Context-Aware Management Domains , 2008, 2008 IEEE Workshop on Policies for Distributed Systems and Networks.

[36]  Patricia Dockhorn Costa Architectural support for context-aware applications: from context models to services platforms , 2007 .

[37]  Claudio Bettini,et al.  Privacy in Georeferenced Context-aware Services: A Survey , 2009, PiLBA.

[38]  James A. Landay,et al.  Modeling Privacy Control in Context-Aware Systems , 2002, IEEE Pervasive Comput..

[39]  Marc Langheinrich,et al.  When Trust Does Not Compute - The Role of Trust in Ubiquitous Computing , 2003 .

[40]  Audun Jøsang,et al.  Trust network analysis with subjective logic , 2006, ACSC.

[41]  Mario Hoffmann User-Centric Identity Management in Open Mobile Environments , 2005 .

[42]  Joan Feigenbaum,et al.  Decentralized trust management , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[43]  Celeste Campo,et al.  PTM: A Pervasive Trust Management Model for Dynamic Open Environments ⁄ , 2003 .

[44]  J. H. Davis,et al.  An Integrative Model Of Organizational Trust , 1995 .

[45]  D. Elliott Bell,et al.  Secure Computer System: Unified Exposition and Multics Interpretation , 1976 .

[46]  Alfons H. Salden,et al.  Context sensitive access control , 2005, SACMAT '05.

[47]  Ling Feng,et al.  Implanting Life-Cycle Privacy Policies in a Context Database , 2006 .

[48]  Li Ding,et al.  Enhancing P3P Framework through Policies and Trust , 2004 .

[49]  Morris Sloman,et al.  A survey of trust in internet applications , 2000, IEEE Communications Surveys & Tutorials.

[50]  Sushil Jajodia,et al.  Protecting Privacy Against Location-Based Personal Identification , 2005, Secure Data Management.

[51]  Grit Denker,et al.  The Impact of Context on the Trustworthiness of Communication: An Ontological Approach , 2004, Trust@ISWC.

[52]  Audun Jøsang,et al.  Trust Requirements in Identity Management , 2005, ACSW.

[53]  Marten van Sinderen,et al.  Quality-of-Context and its use for Protecting Privacy in Context Aware Systems , 2008, J. Softw..

[54]  Guanling Chen,et al.  A Survey of Context-Aware Mobile Computing Research , 2000 .

[55]  Sushil Jajodia,et al.  Provisions and Obligations in Policy Rule Management , 2003, Journal of Network and Systems Management.

[56]  Andrew Tokmakoff,et al.  Controlled Disclosure of Context Information across Ubiquitous Computing Domains , 2008, 2008 IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing (sutc 2008).

[57]  Alexander Pretschner,et al.  Implementing Trust in Cloud Infrastructures , 2011, 2011 11th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing.

[58]  Oliver Günther,et al.  Privacy in e-commerce: stated preferences vs. actual behavior , 2005, CACM.

[59]  Joan Feigenbaum,et al.  REFEREE: Trust Management for Web Applications , 1997, Comput. Networks.

[60]  Marten van Sinderen,et al.  Context-Aware Trust Domains , 2006, EuroSSC.

[61]  Mortaza S. Bargh,et al.  A context management framework for supporting context-aware distributed applications , 2006, IEEE Communications Magazine.

[62]  Emil C. Lupu,et al.  Tools for domain-based policy management of distributed systems , 2002, NOMS 2002. IEEE/IFIP Network Operations and Management Symposium. ' Management Solutions for the New Communications World'(Cat. No.02CH37327).

[63]  Gregory D. Abowd,et al.  Securing context-aware applications using environment roles , 2001, SACMAT '01.

[64]  Vincent P. Wade,et al.  Trust meta-policies for flexible and dynamic policy based trust management , 2006, Seventh IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'06).

[65]  Laurent Bussard,et al.  Context-Aware Access Control; Making Access Control Decisions Based on Context Information , 2006 .

[66]  Naranker Dulay,et al.  Authorisation and Conflict Resolution for Hierarchical Domains , 2007, Eighth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'07).

[67]  Antonio Corradi,et al.  Context-based access control for ubiquitous service provisioning , 2004, Proceedings of the 28th Annual International Computer Software and Applications Conference, 2004. COMPSAC 2004..

[68]  Elisa Bertino,et al.  Access-control language for multidomain environments , 2004, IEEE Internet Computing.

[69]  Christian Schaefer,et al.  A Policy Language for Distributed Usage Control , 2007, ESORICS.

[70]  Henk Eertink,et al.  Privacy-Aware Context Discovery for Next Generation Mobile Services , 2007, 2007 International Symposium on Applications and the Internet Workshops.

[71]  Emil C. Lupu,et al.  Ponder2 - A Policy Environment for Autonomous Pervasive Systems , 2008, 2008 IEEE Workshop on Policies for Distributed Systems and Networks.

[72]  Telematica Instituut,et al.  Reading the tea-leaves in an intelligent Coffee Corner: understanding behavior by using sensory data , 2008 .

[73]  Marten van Sinderen,et al.  Trustworthiness and Quality of Context Information , 2008, 2008 The 9th International Conference for Young Computer Scientists.

[74]  Dorothy E. Denning,et al.  A lattice model of secure information flow , 1976, CACM.

[75]  Ricardo Neisse,et al.  Context-Aware Management Domains , 2007, CAT@IFIPTM.

[76]  Hector Garcia-Molina,et al.  The Eigentrust algorithm for reputation management in P2P networks , 2003, WWW '03.

[77]  K. J. Bma Integrity considerations for secure computer systems , 1977 .

[78]  Alexander P. Pons Biometric marketing: targeting the online consumer , 2006, CACM.

[79]  Matthias Baldauf,et al.  A survey on context-aware systems , 2007, Int. J. Ad Hoc Ubiquitous Comput..

[80]  Mogens Nielsen,et al.  Towards a formal notion of trust , 2003, PPDP '03.

[81]  Stig Fr. Mjølsnes,et al.  A Survey on Trust and Privacy Negotiability in the Norwegian Mobile Telecom Market , 2007, Electron. Notes Theor. Comput. Sci..

[82]  Marc Langheinrich,et al.  Privacy and trust issues with invisible computers , 2005, CACM.

[83]  Audun Jøsang,et al.  A Logic for Uncertain Probabilities , 2001, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[84]  Dieter Gollmann,et al.  Why Trust is Bad for Security , 2006, Electron. Notes Theor. Comput. Sci..

[85]  Anind K. Dey,et al.  Understanding and Using Context , 2001, Personal and Ubiquitous Computing.

[86]  Jadwiga Indulska,et al.  A software engineering framework for context-aware pervasive computing , 2004, Second IEEE Annual Conference on Pervasive Computing and Communications, 2004. Proceedings of the.

[87]  Wei Li Toward a Person-Centric Context Aware System , .