A framework for privacy policy management in service aggregation

Wang, Peishun; Dong, Liju; Mu, Yi; Susilo, Willy; Yan, Jun

doi:10.1109/cscwd.2010.5471981

Cited by 3 publications

(3 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Their metrics were rather vague since their analysis compared the number and category of goals in policies rather than what those goals really meant. Wang et al [29] proposed a formal privacy policy management framework for aggregation of privacy policies from different service providers. They have addressed the issue of privacy leakage caused by database aggregation from different vendors by suggesting a formal negotiation protocol.…”

Section: B Modeling Privacy Policies and Investigation Warrantsmentioning

confidence: 99%

Privacy-respecting digital investigation

Dehghantanha

Franke

2014

2014 Twelfth Annual International Conference on Privacy, Security and Trust

View full text Add to dashboard Cite

the forensics investigation requirements are in direct conflict with the privacy rights of those whose actions are being investigated. At the same time, once the private data is exposed it is impossible to 'undo' its exposure effects should the suspect is found innocent! Moreover, it is not uncommon that during a suspect investigation, private information of other innocent parties becomes apparent to the forensics investigator. These all raise the concern for development of platforms for enforcing privacy boundaries even to authorized forensics investigators. To the best of authors' knowledge, there is no practical model for privacy-respecting digital investigation which is capable of considering different jurisdictions requirements and protecting subjects' data privacy in line with investigation warrant permissions and data-origin privacy requirements.Privacy-respecting digital forensics as an emerging crossdisciplinary research area is moving toward addressing above issues. In this paper, we first establish needed foundations and describe details of "privacy-respecting digital investigation" as a cross-disciplinary field of research. Afterwards, we review main research efforts in different research disciplines relevant to the field and elaborate existing research problems. We finalize the paper by looking at potential privacy issues during digital investigation in the light of EU, US, and APEC privacy regulations.The main contributions of this paper are first establishing essential foundations and providing detailed definition of "privacy-respecting digital investigation" as a new crossdisciplinary field of research, second a review of current state of art in different disciplines relevant to this field, third elaborating existing issues and discussing most promising solutions relevant to these disciplines, and forth is detailed discussion of potential privacy issues in different phases of digital forensics life cycle based on EU,US, and APEC privacy regulations. We hope this paper opens up a new and fruitful avenue in the study, design, and development of privacy respecting forensics investigation as an interdisciplinary field of research.

show abstract

Section: B Modeling Privacy Policies and Investigation Warrantsmentioning

confidence: 99%

Privacy-respecting digital investigation

Dehghantanha

Franke

2014

2014 Twelfth Annual International Conference on Privacy, Security and Trust

View full text Add to dashboard Cite

show abstract

“…First, we extend the known model of service aggregation to a cloud environment. A general diagram illustrating the high‐level architecture of service aggregation in a cloud computing environment is shown in Figure .…”

Section: Service Aggregation In the Cloudmentioning

confidence: 99%

Privacy preserving protocol for service aggregation in cloud computing

Wang

Susilo

et al. 2011

Softw Pract Exp

Self Cite

View full text Add to dashboard Cite

Cloud computing has increasingly become a new model in the world of computing, and more businesses are moving to the cloud. As a cost-effective and time-efficient way to develop new applications and services, service aggregation in cloud computing empowers all service providers and consumers and creates tremendous opportunities in various industry sectors. However, it also poses various challenges to the privacy of personal information as well as the confidentiality of business and governmental information. The full benefits of service aggregation in cloud computing would only be enjoyed if the privacy concerns are addressed properly. In this paper, we investigate the privacy issues in service aggregation in a cloud environment and propose a privacy preserving protocol that is suitable for this environment. To demonstrate the security of our system, we construct a security game called IND-P3SAC-CPA and prove the security of the protocol accordingly. Our protocol has a distinct property that allows any service provider to obtain only the queried data under its conspiracy with the cloud. Additionally, the efficiency and various extensions are also discussed. 468 P. WANG ET AL. cut down on the resource by not leasing it further when the demand has reduced. Furthermore, cloud computing makes it possible for businesses to relocate their information technology management and maintenance outside of their organizations and empowers them to redirect resources toward core functions and competencies [2]. Therefore, it is clear that the trend forces companies to move to the cloud accordingly.A character of the cloud, uncoupling computing tools from physical location, enables users to access data and systems regardless of geographical locations or available media. This encourages businesses to adopt service aggregation ‡ as a cost-effective and time-efficient way to develop new applications and services. Service aggregation in cloud computing supports on-the-fly discovery, aggregation, deployment and provision of services, and realizes the on-demand interaction among consumers, cloud providers, service aggregators, and service providers. Therefore, it is empowering all service providers and consumers and creating tremendous opportunities in various industry sectors and maximizing profitability for its users.Service aggregation is associated with methods and tools that create composite services and their lifecycle management including alignment of privacy policies, security, transaction management, quality of service, and other elements of service provision. In the Internet, the service providers are geographically distributed. A service aggregator manages the services requested by a client. The aggregated service could be one or multiple services in terms of the client's requirement. In general, the service aggregator is the only entity that is visible to the client. To obtain a suitable service, a client needs to register with the aggregator. For getting a service, a client only needs to contact the aggregator, who in turn c...

show abstract

“…They collaborate in highly distributed environments and establish on-demand, short-term and dynamic business relationships for purposes such as maximizing profitability [17]. In order to understand the requirement of authentication in service aggregation, we first explain some terms as follows.…”

Section: Service Aggregationmentioning

confidence: 99%

Constructing an Authentication Token to Access External Services in Service Aggregation

Wang

Susilo

et al. 2010

2010 IEEE International Conference on Services Computing

Self Cite

View full text Add to dashboard Cite

. (2010). Constructing an authentication token to access external services in service aggregation. 2010 IEEE 7th International Conference on Services Computing, SCC 2010 (pp. 321-328). Piscataway, New Jersey, USA: IEEE. Constructing an authentication token to access external services in service aggregation AbstractService aggregation is becoming a cost-effective and time-efficient way for a business to develop new applications and services. While it creates tremendous opportunities in various industry sectors, its crossorganization nature raises serious challenges in the security domains for authentication. In this paper we formulate a formal definition of authentication in service aggregation and a security model for it, and propose two authentication protocols. One is a one-way protocol and another is an interactive one. In particular, the constructed authentication tokens are anonymous to verifiers. We prove their security, show how to choose optimal system parameters, and analyse the efficiency. Abstract-Service aggregation is becoming a cost-effective and time-efficient way for a business to develop new applications and services. While it creates tremendous opportunities in various industry sectors, its cross-organization nature raises serious challenges in the security domains for authentication. In this paper we formulate a formal definition of authentication in service aggregation and a security model for it, and propose two authentication protocols. One is a one-way protocol and another is an interactive one. In particular, the constructed authentication tokens are anonymous to verifiers. We prove their security, show how to choose optimal system parameters, and analyse the efficiency. Disciplines Physical Sciences and Mathematics

show abstract

A framework for privacy policy management in service aggregation

Cited by 3 publications

References 10 publications

Privacy-respecting digital investigation

Privacy-respecting digital investigation

Privacy preserving protocol for service aggregation in cloud computing

Constructing an Authentication Token to Access External Services in Service Aggregation

Contact Info

Product

Resources

About