Jan Kolter scite author profile

2009

Abstract-Making use of the World Wide Web's numerous services increasingly requires the disclosure of personal user data. While these data represent an important value for service providers, users are increasingly concerned about growing privacy threats, as more and more of their personal and private information is released to a rising number of parties.Privacy-enhancing technologies, like the P3P specification, assist users in protecting their privacy. P3P provides means to express a machine-readable P3P privacy policy of a Web site and allows the interpretation of a dedicated P3P user agent that recommends a certain disclosure behavior. The agent's recommendation, however, is based on the quality of pre-defined privacy preferences of the user. Accordingly, the creation of these disclosure rules requires tools that accurately record individual privacy preferences in an understandable way. This paper introduces a novel, user-friendly privacy preference generator that allows the definition of privacy preferences for twelve different Internet service types, allowing for more precise and practical user preferences. Addressing the needs of users with different levels of experience, we present a multi-level user interface. Our solution includes a user-friendly P3P-based wizard as well as a clear and understandable configuration summary. The resulting privacy preferences of this tool will allow more accurate recommendations of future privacy agents.

A Privacy-Enhanced Attribute-Based Access Control System

Schillinger

2007

Service-oriented architectures (SOAs) are increasingly gaining popularity due to their considerable flexibility and scalability in open IT-environments. Along with their rising acceptance comes the need for well suited security components. In this respect, access control and privacy emerged to crucial factors. Targeting the demands of a SOA, many promising authorization models have been developed, most notably the attribute-based access control (ABAC) model. In this paper we take up concepts from the OASIS XACML and WS-XACML specifications and introduce a dynamic ABAC system that incorporates privacy preferences of the service requestor in the access control process. Separating the Policy Decision Point from the service provider's premises, our infrastructure enables the deployment of alternative PDPs the service requestor can choose from. We employ a PKI to reflect the sufficient trust relation between the service provider and a potential PDP. Our work is carried out within the European research project Access-eGov that aims at a European-wide e-Government service platform.

Visualizing Past Personal Data Disclosures

Netter

2010

Abstract-Today's rich service offer in the World Wide Web increasingly requires the disclosure of personal user data. Service providers' appetite for personal user data, however, is accompanied by growing privacy implications for Internet users. Addressing this rising threat, privacy-enhancing technologies aim at aiding users in protecting their personal data. Even though effective privacy laws facilitate users to edit and revoke already disclosed personal data, few PET solutions support users in exercising this right. Available tools lack intuitive interfaces and are built on powerful infrastructures on the provider side. In this paper we introduce the Data Disclosure Log component within a user-centric privacy architecture. Built on a browser-based logging extension, we present a visualization tool that displays past personal data disclosures from different perspectives. A graph-based view allows for the dynamic presentation of relations between selected entity types. Such an overview enables users to know the conditions of past personal data transactions at any time. This knowledge represents a prerequisite for an ex post revision or revocation of personal data. Usability and user acceptance of the developed prototype is evaluated in a conducted user test.

Collaborative privacy management

Kernchen²,

2010

Computers & Security

a b s t r a c tThe landscape of the World Wide Web with all its versatile services heavily relies on the disclosure of private user information. Unfortunately, the growing amount of personal data collected by service providers poses a significant privacy threat for Internet users. Targeting growing privacy concerns of users, privacy-enhancing technologies emerged. One goal of these technologies is the provision of tools that facilitate a more informative decision about personal data disclosures. A famous PET representative is the PRIME project that aims for a holistic privacy-enhancing identity management system. However, approaches like the PRIME privacy architecture require service providers to change their server infrastructure and add specific privacy-enhancing components. In the near future, service providers are not expected to alter internal processes. Addressing the dependency on service providers, this paper introduces a user-centric privacy architecture that enables the provider-independent protection of personal data. A central component of the proposed privacy infrastructure is an online privacy community, which facilitates the open exchange of privacy-related information about service providers. We characterize the benefits and the potentials of our proposed solution and evaluate a prototypical implementation. ª 2009 Elsevier Ltd. All rights reserved. IntroductionToday's rich service offer in the World Wide Web increasingly requires the disclosure of personal user data, which poses a growing privacy threat to Internet users. Web site providers utilize these personal data to create and analyze profiles or to trigger personalized advertisements. At the worst, personal information is released or sold to third parties. Motivated by users who needed technical means to protect their private data, privacy-enhancing technologies emerged (Burkert, 1997;Goldberg and Wagner, 1997). A frequently discussed subject in this area is anonymity on network level. On application level, privacy-enhancing technologies aim for solutions that assist users in controlling and managing the disclosure of personal data. Unfortunately, most approaches rely on the cooperation of service providers who are required to reveal their data handling practices truthfully.The goal of this paper is the introduction of a collaborative privacy community that facilitates a service provider-independent privacy management. We propose a user-centric privacy architecture and show the functions and the potentials of an inherent collaborative privacy community. Finally, we present a prototypical implementation of our solution.The remainder of this paper is structured as follows. After describing related work in Section 2, we present an overview as well as the components of a user-centric privacy architecture in Section 3. Section 4 introduces the content, functions as well as the implementation and evaluation of our * Corresponding author.E-mail address: jan.kolter@wiwi.uni-regensburg.de (J. Kolter). 0167-4048/$ -see front matter ª

Security Requirements for a Semantic Service-oriented Architecture

Dürbeck

Schillinger

2007

Service-oriented architectures (SOAs) are a commonly used paradigm for IT infrastructures in various fields. Due to their flexibility and the easy accessibility of their underlying web services, SOAs are the architecture of choice for more and more service providers. Semantic SOAs (SSOAs) are going one step further and are enhancing the common SOA with semantic components.However, a major success criterion of any SOA is the existence of a reliant security infrastructure. Therefore, this paper identifies security requirements for an eGovernment SSOA focusing on communication security, trust, privacy and access control. Our work is based on the architecture designed within the scope of the European research project Access-eGov, which envisions the development of a SSOAbased eGovernment platform.