论文信息 - Automated Privacy Audits to Complement the Notion of Control for Identity Management

Automated Privacy Audits to Complement the Notion of Control for Identity Management

Identity management systems are indispensable in modern networked computing, as they equip data providers with key techniques to avoid the imminent privacy threats intrinsic to such environments. Their rationale is to convey data providers with a sense of control over the disclosure and usage of personal data to varying degree, so that they can take an active role in protecting their privacy. However, we purport the thesis that a holistic sense of control includes not only the regulation of disclosure, as identity management techniques currently do, but must equivalently comprise the supervision of compliance, i.e. credible evidence that data consumers behave according to the policies previously agreed upon. Despite its relevance, supervision has so far not been possible. We introduce the concept of privacy evidence and present the necessary technical building blocks to realise it in dynamic systems.

Rafael Accorsi

[1] Sushil Jajodia,et al. Provisional Authorizations , 2001, E-Commerce Security and Privacy.

[2] Rafael Accorsi,et al. On the Relationship of Privacy and Secure Remote Logging in Dynamic Systems , 2006, SEC.

[3] Andreas Pfitzmann,et al. Multilateral Security: Enabling Technologies and Their Evaluation , 2001, Informatics.

[4] Alexander Pretschner,et al. Distributed usage control , 2006, CACM.

[5] Siani Pearson,et al. Towards Accountable Management of Privacy and Identity Information , 2003, ESORICS.

[6] Erin Kenneally. Digital logs - proof matters , 2004, Digit. Investig..

[7] Rafael Accorsi,et al. Personalization in privacy-aware highly dynamic systems , 2006, CACM.

[8] R. Accorsi,et al. On Privacy Evidence for UbiComp Environments , 2007 .

[9] Jens Strüker. Der gläserne Kunde im Supermarkt der Zukunft , 2007 .

[10] Bryan Pardo. Music information retrieval , 2006 .

[11] Adolf Hohl,et al. Delegating Secure Logging in Pervasive Computing Systems , 2006, SPC.

[12] A. Froomkin. The Death of Privacy? , 2000 .