A Context-Aware Privacy Policy Language for Controlling Access to Context Information of Mobile Users

This paper introduces a Context-aware Privacy Policy Language (CPPL) that enables mobile users to control who can access their context information, at what detail, and in which situation by specifying their context-aware privacy rules. privacy rules map a set of privacy rules to one or more user’s situations, in which these rules are valid. Each time a user’s situation changes, a list of valid rules is updated, leaving only a of the specified rules to be evaluated by a privacy framework upon arrival of a context query. In the existing privacy policy languages a user’s context is used as an additional condition parameter in a privacy rule, thus the specified privacy rules have to be evaluated when a request to access a user’s context arrives. Keeping the number of rules that need to be evaluated small is important because evaluation of a large number of privacy rules can potentially increase the response time to a context query. CPPL also enables rules to be defined based on a user’s social relationship with a context requestor, which reduces the number of rules that need to be defined by a user and that consequently need to be evaluated by a privacy mechanism. This paper shows that when compared to the existing privacy policy languages, this number of rules (that are encoded using CPPL) decreases with an increasing number of user-defined situations and requestors that are represented by a small number of social relationship groups.