Trusted Privacy Domains – Challenges for Trusted Computing in Privacy-Protecting Information Sharing

  • Hans Löhr
  • Ahmad-Reza Sadeghi
  • Claire Vishik
  • Marcel Winandy
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5451)


With the growing use of the Internet, users need to reveal an increasing amount of private information when accessing online services, and, with growing integration, this information is shared among services. Although progress was achieved in acknowledging the need to design privacy-friendly systems and protocols, there are still no satisfactory technical privacy-protecting solutions that reliably enforce user-defined flexible privacy policies. Today, the users can assess and analyze privacy policies of data controllers, but they cannot control access to and usage of their private data beyond their own computing environment.

In this paper, we propose a conceptual framework for user-controlled formal privacy policies and examine elements of its design and implementation. In our vision, a Trusted Personal Information Wallet manages private data according to a user-defined privacy policies. We build on Trusted Virtual Domains (TVDs), leveraging trusted computing and virtualization to construct privacy domains for enforcing the user’s policy. We present protocols for establishing these domains, and describe the implementation of the building blocks of our framework. Additionally, a simple privacy policy for trusted privacy domains functioning between different organizations and entities across networks is described as an example. Finally, we identify future research challenges in this area.


Virtual Machine Privacy Policy Mobile Agent Policy Language Access Control Policy 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Anti Phishing Working Group: Phishing Activity Trends Report(s) (2005-2007),
  2. 2.
    Evers, J.: Phishers get personal (May 2005),
  3. 3.
    Sailer, R., Valdez, E., Jaeger, T., Perez, R., van Doorn, L., Griffin, J.L., Berger, S.: sHype: Secure hypervisor approach to trusted virtualized systems. Technical Report RC23511, IBM Research Division (February 2005)Google Scholar
  4. 4.
    Griffin, J.L., Jaeger, T., Perez, R., Sailer, R., van Doorn, L., Cáceres, R.: Trusted Virtual Domains: Toward secure distributed services. In: Proceedings of the 1st IEEE Workshop on Hot Topics in System Dependability (HotDep 2005) (June 2005)Google Scholar
  5. 5.
    Bussani, A., Griffin, J.L., Jansen, B., Julisch, K., Karjoth, G., Maruyama, H., Nakamura, M., Perez, R., Schunter, M., Tanner, A., Doorn, L.V., Herreweghen, E.A.V., Waidner, M., Yoshihama, S.: Trusted Virtual Domains: Secure foundations for business and IT services. Technical Report RC23792, IBM Research (2005)Google Scholar
  6. 6.
    Trusted Computing Group: TPM main specification, version 1.2 rev. 103 (July 2007),
  7. 7.
    Cabuk, S., Dalton, C.I., Ramasamy, H., Schunter, M.: Towards automated provisioning of secure virtualized networks. In: Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS 2007), pp. 235–245. ACM Press, New York (2007)Google Scholar
  8. 8.
    Berger, S., Cáceres, R., Pendarakis, D., Sailer, R., Valdez, E., Perez, R., Schildhauer, W., Srinivasan, D.: TVDc: Managing security in the trusted virtual datacenter. SIGOPS Oper. Syst. Rev. 42(1), 40–47 (2008)CrossRefGoogle Scholar
  9. 9.
    Katsuno, Y., Kudo, M., Perez, P., Sailer, R.: Towards Multi-Layer Trusted Virtual Domains. In: The 2nd Workshop on Advances in Trusted Computing (WATC 2006 Fall), Tokyo, Japan, Japanese Ministry of Economy, Trade and Industry (METI) (November 2006)Google Scholar
  10. 10.
    Kumaraguru, P., Cranor, L., Lobo, J., Calo, S.: A survey of privacy policy languages. In: Workshop on Usable IT Security Management (USM 2007): Proceedings of the 3rd Symposium on Usable Privacy and Security. ACM, New York (2007)Google Scholar
  11. 11.
    Cranor, L., Langheinrich, M., Marchiori, M., Presler-Marshall, M., Reagle, J.: The Platform for Privacy Preferences 1.0 (P3P 1.0) specification. Technical report (April 2002)Google Scholar
  12. 12.
    Cranor, L.: Web Privacy with P3P. O’Reilly & Associates, Sebastopol (2002)Google Scholar
  13. 13.
    Cranor, L., Langheinrich, M., Marchiori, M.: A P3P Preference Exchange Language 1.0 (APPEL 1.0). Technical report, WWW Consortium (June 2005)Google Scholar
  14. 14.
    Bohrer, K., Holland, B.: Customer Profile Exchange (CPExchange) Specification, Version 1.0. Technical report (October 2000)Google Scholar
  15. 15.
    Schunter, M., Ashley, P., Hada, S., Karjoth, G., Powers, C.: Enterprise Privacy Authorization Language (EPAL 1.1). Technical report, IBM (2003)Google Scholar
  16. 16.
    Moses, T.: eXtensible Access Control Markup Language (XACML) version 2.0. Technical report, Oasis (2005)Google Scholar
  17. 17.
    Schulzrinne, H., Tschofenig, H., Morris, J., Cuellar, J., Polk, J., Rosenberg, J.: A document format for expressing privacy preferences (August 2006),
  18. 18.
    Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: An XPath-based preference language for P3P. In: WWW 2003: The 12th International Conference on World Wide Web, pp. 629–639 (2003)Google Scholar
  19. 19.
    Bauer, L., Cranor, L.F., Reeder, R.W., Reiter, M.K., Vaniea, K.: A user study of policy creation in a flexible access-control system. In: SIGCHI Conference on Human Factors in Computing Systems (CHI 2008). ACM, New York (2008)Google Scholar
  20. 20.
    Cornwell, J., Fette, I., Hsieh, G., Prabaker, M., Rao, J., Tang, K., Vaniea, K., Bauer, L., Cranor, L., Hong, J., McLaren, B., Reiter, M., Sadeh, N.: User-controllable security and privacy for pervasive computing. In: 8th IEEE Workshop on Mobile Computing Systems and Applications (HotMobile 2007). IEEE, Los Alamitos (2007)Google Scholar
  21. 21.
    Sadeh, N., Hong, J., Cranor, L., Fette, I., Kelley, P., Prabaker, M., Rao, J.: Understanding and capturing people’s privacy policies in a mobile social networking application. Journal of Personal and Ubiquitous Computing (2008)Google Scholar
  22. 22.
    Gajek, S., Sadeghi, A.R., Stüble, C., Winandy, M.: Compartmented security for browsers – or how to thwart a phisher with trusted computing. In: 2nd Intl. Conference on Availability, Reliability and Security (ARES 2007), pp. 120–127 (2007)Google Scholar
  23. 23.
    Jackson, C., Boneh, D., Mitchell, J.: Spyware resistant web authentication using virtual machines (2006),
  24. 24.
    Jackson, C., Boneh, D., Mitchell, J.: Transaction generators: Root kits for web. In: 2nd USENIX Workshop on Hot Topics in Security (HotSec 2007) (2007)Google Scholar
  25. 25.
    Wilhelm, U.G., Staamann, S.M., Buttyan, L.: A pessimistic approach to trust in mobile agent platforms. IEEE Internet Computing 4(05), 40–48 (2000)CrossRefGoogle Scholar
  26. 26.
    Balfe, S., Gallery, E.: Mobile Agents and the Deus Ex Machina: Protecting Agents using Trusted Computing. In: Proceedings of the 2007 IEEE International Symposium on Ubisafe Computing (UbiSafe 2007). IEEE Computer Society Press, Los Alamitos (2007)Google Scholar
  27. 27.
    Xian, H., Feng, D.: Protecting mobile agents’ data using trusted computing technology. Journal of Communication and Computer 4(3), 44–51 (2007)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Hans Löhr
    • 1
  • Ahmad-Reza Sadeghi
    • 1
  • Claire Vishik
    • 2
  • Marcel Winandy
    • 1
  1. 1.Horst Görtz Institute for IT-SecurityRuhr-University BochumGermany
  2. 2.Intel CorporationUK

Personalised recommendations