Security and Privacy in Mobile Information and Communication Systems. Third International ICST Conference, MobiSec 2011, Aalborg, Denmark, May 17-19, 2011, Revised Selected Papers

Research Article

A Context-Aware Privacy Policy Language for Controlling Access to Context Information of Mobile Users

Download
400 downloads
  • @INPROCEEDINGS{10.1007/978-3-642-30244-2_3,
        author={Alireza Behrooz and Alisa Devlic},
        title={A Context-Aware Privacy Policy Language for Controlling Access to Context Information of Mobile Users},
        proceedings={Security and Privacy in Mobile Information and Communication Systems. Third International ICST Conference, MobiSec 2011, Aalborg, Denmark, May 17-19, 2011, Revised Selected Papers},
        proceedings_a={MOBISEC},
        year={2012},
        month={10},
        keywords={Context-aware privacy rules social relationships mobile users},
        doi={10.1007/978-3-642-30244-2_3}
    }
    
  • Alireza Behrooz
    Alisa Devlic
    Year: 2012
    A Context-Aware Privacy Policy Language for Controlling Access to Context Information of Mobile Users
    MOBISEC
    Springer
    DOI: 10.1007/978-3-642-30244-2_3
Alireza Behrooz1,*, Alisa Devlic2,*
  • 1: Appear Networks, Kista Science Tower
  • 2: Ericsson Research
*Contact email: alireza.behrooz@appearnetworks.com, alisa.devlic@ericsson.com

Abstract

This paper introduces a Context-aware Privacy Policy Language (CPPL) that enables mobile users to control who can access their context information, at what detail, and in which situation by specifying their context-aware privacy rules. privacy rules map a set of privacy rules to one or more user’s situations, in which these rules are valid. Each time a user’s situation changes, a list of valid rules is updated, leaving only a of the specified rules to be evaluated by a privacy framework upon arrival of a context query. In the existing privacy policy languages a user’s context is used as an additional condition parameter in a privacy rule, thus the specified privacy rules have to be evaluated when a request to access a user’s context arrives. Keeping the number of rules that need to be evaluated small is important because evaluation of a large number of privacy rules can potentially increase the response time to a context query. CPPL also enables rules to be defined based on a user’s social relationship with a context requestor, which reduces the number of rules that need to be defined by a user and that consequently need to be evaluated by a privacy mechanism. This paper shows that when compared to the existing privacy policy languages, this number of rules (that are encoded using CPPL) decreases with an increasing number of user-defined situations and requestors that are represented by a small number of social relationship groups.