A Risk-Benefit Driven Architecture for Personal Data Release (Invited Paper)

Personal data storages (PDSs) give individuals the ability to store their personal data in a data unified repository and control release of their data to data consumers. Being able to gather personal data from different data sources (e.g., banks, hospitals), PDSs will play strategic role in individual privacy management. As such, PDS demands for new privacy models for protecting personal data. In this paper, we propose a new technical approach that empowers individuals to better control data in PDS. Particularly, we present a privacy-aware PDS architecture by focusing on two logical data zones based on the categories of personal data. Moreover, we propose a strategy for regulating personal data release that takes in consideration both user preferences and possible risks and benefits of the data release.

[1]  Xiaodong Lin,et al.  Active Learning from Data Streams , 2007, Seventh IEEE International Conference on Data Mining (ICDM 2007).

[2]  Jorge Lobo,et al.  Analysis of privacy and security policies , 2009, IBM J. Res. Dev..

[3]  Gordon Bell,et al.  A personal digital store , 2001, CACM.

[4]  Yan Wang,et al.  Incentive driven information sharing in delay tolerant mobile networks , 2012, 2012 IEEE Global Communications Conference (GLOBECOM).

[5]  Erez Shmueli,et al.  openPDS: Protecting the Privacy of Metadata through SafeAnswers , 2014, PloS one.

[6]  Yufei Tao,et al.  Personalized privacy preservation , 2006, Privacy-Preserving Data Mining.

[7]  Roy Want,et al.  The Personal Server: Changing the Way We Think about Ubiquitous Computing , 2002, UbiComp.

[8]  James A. Landay,et al.  An architecture for privacy-sensitive ubiquitous computing , 2004, MobiSys '04.

[9]  Brian M. Sweatt,et al.  A privacy-preserving personal sensor data ecosystem , 2014 .

[10]  Barbara Carminati,et al.  Privacy in Social Networks: How Risky is Your Social Graph? , 2012, 2012 IEEE 28th International Conference on Data Engineering.

[11]  Ninghui Li,et al.  Purpose based access control for privacy protection in relational database systems , 2008, The VLDB Journal.

[12]  Kristen LeFevre,et al.  Privacy wizards for social networking sites , 2010, WWW '10.

[13]  Deborah Estrin,et al.  Personal data vaults: a locus of control for personal data streams , 2010, CoNEXT.

[14]  Eytan Adar,et al.  The PViz comprehension tool for social network privacy settings , 2012, SOUPS.

[15]  Refik Molva,et al.  Safebook: A privacy-preserving online social network leveraging on real-life trust , 2009, IEEE Communications Magazine.

[16]  Andreas Krause,et al.  A Utility-Theoretic Approach to Privacy in Online Services , 2010, J. Artif. Intell. Res..

[17]  Bhavani M. Thuraisingham,et al.  Incentive and Trust Issues in Assured Information Sharing , 2008, CollaborateCom.

[18]  Yang Wang,et al.  What matters to users?: factors that affect users' willingness to share information with online advertisers , 2013, SOUPS.

[19]  Edith Schonberg,et al.  Personal Information Management and Distribution , 2001 .

[20]  Hongxia Jin,et al.  Quantified risk-adaptive access control for patient privacy protection in health information systems , 2011, ASIACCS '11.

[21]  U. Fayyad,et al.  Scaling EM (Expectation Maximization) Clustering to Large Databases , 1998 .

[22]  Luc Bouganim,et al.  Secure personal data servers , 2010, Proc. VLDB Endow..

[23]  Jaehong Park,et al.  Preserving user privacy from third-party applications in online social networks , 2013, WWW.

[24]  Ting Yu,et al.  Determining user privacy preferences by asking the right questions: an automated approach , 2005, WPES '05.

[25]  V. P. Binu,et al.  An effective private data storage and retrieval system using secret sharing scheme based on secure multi-party computation , 2014, 2014 International Conference on Data Science & Engineering (ICDSE).

[26]  Kamel Adi,et al.  A framework for risk assessment in access control systems , 2013, Comput. Secur..

[27]  Barbara Carminati,et al.  Risk Assessment in Social Networks Based on User Anomalous Behaviors , 2018, IEEE Transactions on Dependable and Secure Computing.

[28]  Qiang Xiong,et al.  Incentive mechanism design based on repeated game theory in security information sharing , 2012, 2012 First National Conference for Engineering Sciences (FNCES 2012).

[29]  Kamel Adi,et al.  Dynamic risk-based decision methods for access control systems , 2012, Comput. Secur..

[30]  Norman M. Sadeh,et al.  Modeling Users' Mobile App Privacy Preferences: Restoring Usability in a Sea of Permission Settings , 2014, SOUPS.

[31]  Günther Pernul,et al.  Generating User-Understandable Privacy Preferences , 2009, 2009 International Conference on Availability, Reliability and Security.