Abstract
Internet provides unprecedented opportunities for the collection and sharing of privacy-sensitive information from and about users. Information about users is collected every day, as they join associations or groups, shop for groceries, or execute most of their common daily activities. Such information is subsequently processed, exchanged and shared between different parties; with users often having little control over their personal information once it has been disclosed to third parties. Privacy is then becoming an increasing concern. In this paper we discuss some problems to be addressed in the protection of information in our electronic society, surveying ongoing work and open issues to be investigated.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Abadi, M., Lamport, L.: Composing specifications. ACM Transactions on Programming Languages 14(4), 1–60 (1992)
Aggarwal, G., Feder, T., Kenthapadi, K., Motwani, R., Panigrahy, R., Thomas, D., Zhu, A.: Anonymizing tables. In: Eiter, T., Libkin, L. (eds.) ICDT 2005. LNCS, vol. 3363, pp. 246–258. Springer, Heidelberg (2004)
Aggarwal, G., Feder, T., Kenthapadi, K., Motwani, R., Panigrahy, R., Thomas, D., Zhu, A.: Approximation algorithms for k-anonymity. Journal of Privacy Technology, 20051120001 (2005)
Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: An xpath based preference language for P3P. In: Proc. of the 12th International World Wide Web Conference, Budapest, Hungary (May 2003)
Ahn, G.-J., Lam, J.: Managing privacy preferences in federated identity management. In: Proc. of the ACM Workshop on Digital Identity Management, Fairfax, VA, USA (November 2005)
Ardagna, C.A., De Capitani di Vimercati, S., Samarati, P.: Enhancing user privacy through data handling policies. In: Damiani, E., Liu, P. (eds.) Data and Applications Security 2006. LNCS, vol. 4127, pp. 224–236. Springer, Heidelberg (2006)
Bayardo, R.J., Agrawal, R.: Data privacy through optimal k-anonymization. In: Proc. of the 21st International Conference on Data Engineering (ICDE 2005), Tokyo, Japan, April 2005, pp. 217–228 (2005)
Bell, D.E.: Modeling the multipolicy machine. In: Proc. of the New Security Paradigm Workshop (August 1994)
Blaze, M., Feigenbaum, J., Ioannidis, J., Keromytis, A.D.: The KeyNote Trust Management System (Version 2), internet rfc 2704 edn. (1999)
Blaze, M., Feigenbaum, J., Lacy, J.: Decentralized trust management. In: Proc. of the 17th IEEE Symp. on Security and Privacy, Oakland, CA (May 1996)
Bonatti, P., De Capitani di Vimercati, S., Samarati, P.: An algebra for composing access control policies. ACM Transactions on Information and System Security 5(1), 1–35 (2002)
Bonatti, P., Samarati, P.: A unified framework for regulating access and information release on the web. Journal of Computer Security 10(3), 241–272 (2002)
Casassa Mont, M., Pearson, S., Bramhall, P.: Towards accountable management of identity and privacy: Sticky policies and enforceable tracing services. In: Proc. of the 14th International Workshop on Database and Expert Systems Applications, Prague, Czech (September 2003)
Ciriani, V., De Capitani di Vimercati, S., Foresti, S., Samarati, P.: k-anonymity. In: Security in Decentralized Data Management. Springer, Heidelberg (2006)
Ciriani, V., De Capitani di Vimercati, S., Foresti, S., Samarati, P.: Microdata protection. In: Security in Decentralized Data Management. Springer, Heidelberg (2006)
Damiani, E., De Capitani di Vimercati, S., Fugazza, C., Samarati, P.: Extending policy languages to the semantic web. In: Koch, N., Fraternali, P., Wirsing, M. (eds.) ICWE 2004. LNCS, vol. 3140, pp. 330–343. Springer, Heidelberg (2004)
DeTreville, J.: Binder, a logic-based security language. In: Proc. of the 2001 IEEE Symposium on Security and Privacy, Oakland, CA, USA (May 2002)
Domingo-Ferrer, J., Mateo-Sanz, J.M.: Practical data-oriented microaggregation for statistical disclosure control. IEEE Transactions on Knowledge and Data Engineering 14(1), 189–201 (2002)
Ellison, C.M., Frantz, B., Lampson, B., Rivest, R.L., Thomas, B.M., Ylonen, T.: SPKI certificate theory. RFC2693 (September 1999)
Fung, B., Wang, K., Yu, P.: Top-down specialization for information and privacy preservation. In: Proc. of the 21st International Conference on Data Engineering (ICDE 2005), Tokyo, Japan (April 2005)
Hosmer, H.: Metapolicies II. In: Proc. of the 15th National Computer Security Conference (1992)
Irwin, K., Yu, T.: Preventing attribute information leakage in automated trust negotiation. In: Proc. of the 12th ACM Conference on Computer and Communications Security, Alexandria, VA, USA (November 2005)
Iyengar, V.: Transforming data to satisfy privacy constraints. In: Proc. of the Eigth ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, Edmonton, Alberta, Canada, pp. 279–288 (2002)
Jaeger, T.: Access control in configurable systems. In: Vitek, J. (ed.) Secure Internet Programming. LNCS, vol. 1603, pp. 289–316. Springer, Heidelberg (1999)
Jajodia, S., Samarati, P., Sapino, M., Subrahmanian, V.: Flexible support for multiple access control policies. ACM Transactions on Database Systems 26(2), 18–28 (2001)
Jim, T.: SD3: A trust management system with certified evaluation. In: Proc. of the 2001 IEEE Symposium on Security and Privacy, Oakland, CA, USA (May 2001)
LeFevre, K., DeWitt., D.J., Ramakrishnan, R.: Incognito: Efficient full-domain k-anonymity. In: Proc. of the 24th ACM SIGMOD International Conference on Management of Data, Baltimore, Maryland, USA, June 2005, pp. 49–60 (2005)
Li, N., Grosof, B., Feigenbaum: Delegation logic: A logic-based approach to distributed authorization. ACM Transactions on Information and System Security 6(1), 128–171 (2003)
Li, N., Mitchell, J.C., Winsborough, W.H.: Beyond proof-of-compliance: Security analysis in trust management. Journal of the ACM 52(3), 474–514 (2005)
Li, N., Winsborough, W.H., Mitchell, J.C.: Distributed credential chain discovery in trust management. Journal of Computer Security 11(1), 35–86 (2003)
Liu, P., Mitra, P., Pan, C., Atluri, V.: Privacy-preserving semantic interoperation and access control of heterogeneous databases. In: ACM Symposium on InformAtion, Computer and Communications Security, Taipei, Taiwan (March 2006)
Machanavajjhala, A., Gehrke, J., Kifer, D.: ℓ-diversity: Privacy beyond k-anonymity. In: Proc. of the ICDE 2006, Atlanta, GA, USA (April 2006)
McLean, J.: The algebra of security. In: Proc. of the 1988 IEEE Computer Society Symposium on Security and Privacy, Oakland, CA, USA (April 1988)
Meyerson, A., Williams, R.: On the complexity of optimal k-anonymity. In: Proc. of the 23rd ACM PODS, Paris, France, pp. 223–228 (2004)
Ni, J., Li, N., Winsborough, W.H.: Automated trust negotiation using cryptographic credentials. In: Proc. of the 12th ACM Conference on Computer and Communications Security, Alexandria, VA, USA (November 2005)
Ryutov, T., Zhou, L., Neuman, C., Leithead, T., Seamons, K.E.: Adaptive trust negotiation and access control. In: Proc. of the 10th ACM Symposium on Access Control Models and Technologies, Stockholm, Sweden (June 2005)
Samarati, P.: Protecting respondents identities’ in microdata release. IEEE Transactions on Knowledge and Data Engineering 13(6), 1010–1027 (2001)
Samarati, P., Sweeney, L.: Generalizing data to provide anonymity when disclosing information. In: Proc. of the 17th ACM PODS, Seattle, WA (1998)
Seamons, K.E., Winsborough, W., Winslett, M.: Internet credential acceptance policies. In: Proc. of the Workshop on Logic Programming for Internet Applications, Leuven, Belgium (July 1997)
Wang, L., Wijesekera, D., Jajodia, S.: A logic-based framework for attribute based access control. In: Proc. of the 2004 ACM Workshop on Formal Methods in Security Engineering, Washington DC, USA (October 2004)
Wijesekera, D., Jajodia, S.: A propositional policy algebra for access control. ACM Transactions on Information and System Security 6(2), 286–325 (2003)
Woo, T.Y.C., Lam, S.S.: Authorizations in distributed systems: A new approach. Journal of Computer Security 2(2,3), 107–136 (1993)
World Wide Web Consortium. A P3P Preference Exchange Language 1.0 (APPEL1.0) (April 2002), http://www.w3.org/TR/P3P-preferences/
World Wide Web Consortium. The Platform for Privacy Preferences 1.1 (P3P1.1) Specification (July 2005), http://www.w3.org/TR/2005/WD-P3P11-20050701
Yao, C., Wang, X.S., Jajodia, S.: Checking for k-anonymity violation by views. In: Proc. of the 31st International Conference on Very Large Data Bases (VLDB 2005), Trondheim, Norway (August 2005)
Yu, T., Winslett, M.: A unified scheme for resource protection in automated trust negotiation. In: Proc. of the IEEE Symp. on Security and Privacy, Oakland, CA (May 2003)
Yu, T., Winslett, M., Seamons, K.E.: Prunes: An efficient and complete strategy for automated trust negotiation over the internet. In: Proc. of the 7th ACM Conf. on Computer and Communications Security, Athens, Greece (November 2000)
Yu, T., Winslett, M., Seamons, K.E.: Supporting structured credentials and sensitive policies trough interoperable strategies for automated trust. ACM Transactions on Information and System Security (TISSEC) 6(1), 1–42 (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
De Capitani di Vimercati, S., Samarati, P. (2006). Privacy in the Electronic Society. In: Bagchi, A., Atluri, V. (eds) Information Systems Security. ICISS 2006. Lecture Notes in Computer Science, vol 4332. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11961635_1
Download citation
DOI: https://doi.org/10.1007/11961635_1
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-68962-1
Online ISBN: 978-3-540-68963-8
eBook Packages: Computer ScienceComputer Science (R0)