A Pessimistic Approach to Trust in Mobile Agent Platforms
IEEE Internet Computing
An XPath-based preference language for P3P
WWW '03 Proceedings of the 12th international conference on World Wide Web
Web Privacy with P3p
Mobile Agents and the Deus Ex Machina
AINAW '07 Proceedings of the 21st International Conference on Advanced Information Networking and Applications Workshops - Volume 02
Compartmented Security for Browsers - Or How to Thwart a Phisher with Trusted Computing
ARES '07 Proceedings of the The Second International Conference on Availability, Reliability and Security
Towards automated provisioning of secure virtualized networks
Proceedings of the 14th ACM conference on Computer and communications security
User-Controllable Security and Privacy for Pervasive Computing
HOTMOBILE '07 Proceedings of the Eighth IEEE Workshop on Mobile Computing Systems and Applications
TVDc: managing security in the trusted virtual datacenter
ACM SIGOPS Operating Systems Review
A user study of policy creation in a flexible access-control system
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Transaction generators: root kits for web
HOTSEC'07 Proceedings of the 2nd USENIX workshop on Hot topics in security
Understanding and capturing people's privacy policies in a mobile social networking application
Personal and Ubiquitous Computing
Trusted virtual domains: toward secure distributed services
HotDep'05 Proceedings of the First conference on Hot topics in system dependability
Proceedings of the 1st ACM International Health Informatics Symposium
Trusted virtual domains on OKL4: secure information sharing on smartphones
Proceedings of the sixth ACM workshop on Scalable trusted computing
Trusted virtual domains – design, implementation and lessons learned
INTRUST'09 Proceedings of the First international conference on Trusted Systems
Hi-index | 0.00 |
With the growing use of the Internet, users need to reveal an increasing amount of private information when accessing online services, and, with growing integration, this information is shared among services. Although progress was achieved in acknowledging the need to design privacy-friendly systems and protocols, there are still no satisfactory technical privacy-protecting solutions that reliably enforce user-defined flexible privacy policies. Today, the users can assess and analyze privacy policies of data controllers, but they cannot control access to and usage of their private data beyond their own computing environment. In this paper, we propose a conceptual framework for user-controlled formal privacy policies and examine elements of its design and implementation. In our vision, a Trusted Personal Information Wallet manages private data according to a user-defined privacy policies. We build on Trusted Virtual Domains (TVDs), leveraging trusted computing and virtualization to construct privacy domains for enforcing the user's policy. We present protocols for establishing these domains, and describe the implementation of the building blocks of our framework. Additionally, a simple privacy policy for trusted privacy domains functioning between different organizations and entities across networks is described as an example. Finally, we identify future research challenges in this area.