A formal privacy system and its application to location based services

Carl A. Gunter; Michael J. May; Stuart G. Stubblebine

doi:10.1007/11423409_17

A formal privacy system and its application to location based services

Carl A. Gunter, Michael J. May, Stuart G. Stubblebine

Research output: Contribution to journal › Conference article › peer-review

Abstract

There are a variety of well-known models for access control developed for purposes like formally modeling the access rights on files, databases, and web resources. However, the existing models provide an inadequate representation of a number of concepts that are important when modeling privacy rights in distributed systems. We present an analog of the access control matrix designed to model such concepts. Our formalism, which we call a privacy system, empashizes the management of data and actions that affect the privacy of subjects. We motivate privacy systems, describe them mathematically, and illustrate their value in an architecture based on Personal Digital Rights Management (PDRM), which uses DRM concepts as a foundation for the specification and negotiation of privacy rights. This illustration is carried out throuh a case study of a privacy-respecting system for location based services. Our prototype, which we call AdLoc, manages advertising interupts on PDAs based on their location as determined by WiFi sightings in accordance with contracts written in the DRM language XrML.

Original language	English (US)
Pages (from-to)	256-282
Number of pages	27
Journal	Lecture Notes in Computer Science
Volume	3424
DOIs	https://doi.org/10.1007/11423409_17
State	Published - 2005
Externally published	Yes
Event	4th International Workshop on Privacy Enhancing Technologies, PET 2004 - Toronto, Ont., Canada Duration: May 26 2004 → May 28 2004

ASJC Scopus subject areas

Theoretical Computer Science
Computer Science(all)

Access to Document

10.1007/11423409_17

Fingerprint Dive into the research topics of 'A formal privacy system and its application to location based services'. Together they form a unique fingerprint.

Cite this

@article{2d6bad7483a74d409f244b4c868a2b7a,

title = "A formal privacy system and its application to location based services",

abstract = "There are a variety of well-known models for access control developed for purposes like formally modeling the access rights on files, databases, and web resources. However, the existing models provide an inadequate representation of a number of concepts that are important when modeling privacy rights in distributed systems. We present an analog of the access control matrix designed to model such concepts. Our formalism, which we call a privacy system, empashizes the management of data and actions that affect the privacy of subjects. We motivate privacy systems, describe them mathematically, and illustrate their value in an architecture based on Personal Digital Rights Management (PDRM), which uses DRM concepts as a foundation for the specification and negotiation of privacy rights. This illustration is carried out throuh a case study of a privacy-respecting system for location based services. Our prototype, which we call AdLoc, manages advertising interupts on PDAs based on their location as determined by WiFi sightings in accordance with contracts written in the DRM language XrML.",

author = "Gunter, {Carl A.} and May, {Michael J.} and Stubblebine, {Stuart G.}",

year = "2005",

doi = "10.1007/11423409_17",

language = "English (US)",

volume = "3424",

pages = "256--282",

journal = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

issn = "0302-9743",

publisher = "Springer Verlag",

}

TY - JOUR

T1 - A formal privacy system and its application to location based services

AU - Gunter, Carl A.

AU - May, Michael J.

AU - Stubblebine, Stuart G.

PY - 2005

Y1 - 2005

N2 - There are a variety of well-known models for access control developed for purposes like formally modeling the access rights on files, databases, and web resources. However, the existing models provide an inadequate representation of a number of concepts that are important when modeling privacy rights in distributed systems. We present an analog of the access control matrix designed to model such concepts. Our formalism, which we call a privacy system, empashizes the management of data and actions that affect the privacy of subjects. We motivate privacy systems, describe them mathematically, and illustrate their value in an architecture based on Personal Digital Rights Management (PDRM), which uses DRM concepts as a foundation for the specification and negotiation of privacy rights. This illustration is carried out throuh a case study of a privacy-respecting system for location based services. Our prototype, which we call AdLoc, manages advertising interupts on PDAs based on their location as determined by WiFi sightings in accordance with contracts written in the DRM language XrML.

AB - There are a variety of well-known models for access control developed for purposes like formally modeling the access rights on files, databases, and web resources. However, the existing models provide an inadequate representation of a number of concepts that are important when modeling privacy rights in distributed systems. We present an analog of the access control matrix designed to model such concepts. Our formalism, which we call a privacy system, empashizes the management of data and actions that affect the privacy of subjects. We motivate privacy systems, describe them mathematically, and illustrate their value in an architecture based on Personal Digital Rights Management (PDRM), which uses DRM concepts as a foundation for the specification and negotiation of privacy rights. This illustration is carried out throuh a case study of a privacy-respecting system for location based services. Our prototype, which we call AdLoc, manages advertising interupts on PDAs based on their location as determined by WiFi sightings in accordance with contracts written in the DRM language XrML.

UR - http://www.scopus.com/inward/record.url?scp=24344463958&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=24344463958&partnerID=8YFLogxK

U2 - 10.1007/11423409_17

DO - 10.1007/11423409_17

M3 - Conference article

AN - SCOPUS:24344463958

VL - 3424

SP - 256

EP - 282

JO - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

JF - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SN - 0302-9743

T2 - 4th International Workshop on Privacy Enhancing Technologies, PET 2004

Y2 - 26 May 2004 through 28 May 2004

ER -