k-anonymity: a model for protecting privacy
International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems
Why we can't be bothered to read privacy policies models of privacy economics as a lemons market
ICEC '03 Proceedings of the 5th international conference on Electronic commerce
IEEE Transactions on Knowledge and Data Engineering
L-diversity: Privacy beyond k-anonymity
ACM Transactions on Knowledge Discovery from Data (TKDD)
Robust De-anonymization of Large Sparse Datasets
SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
On the Anonymity of Home/Work Location Pairs
Pervasive '09 Proceedings of the 7th International Conference on Pervasive Computing
Human Activity Recognition and Pattern Discovery
IEEE Pervasive Computing
Myths and fallacies of "Personally Identifiable Information"
Communications of the ACM
Differential privacy: a survey of results
TAMC'08 Proceedings of the 5th international conference on Theory and applications of models of computation
TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
Mobile apps: it's time to move up to CondOS
HotOS'13 Proceedings of the 13th USENIX conference on Hot topics in operating systems
Implementing Gentry's fully-homomorphic encryption scheme
EUROCRYPT'11 Proceedings of the 30th Annual international conference on Theory and applications of cryptographic techniques: advances in cryptology
MaskIt: privately releasing user context streams for personalized mobile applications
SIGMOD '12 Proceedings of the 2012 ACM SIGMOD International Conference on Management of Data
Fast app launching for mobile devices using predictive user context
Proceedings of the 10th international conference on Mobile systems, applications, and services
TRUST'12 Proceedings of the 5th international conference on Trust and Trustworthy Computing
Proceedings of the 2012 ACM Conference on Ubiquitous Computing
Deanonymizing mobility traces: using social network as a side-channel
Proceedings of the 2012 ACM conference on Computer and communications security
Model-based context privacy for personal data streams
Proceedings of the 2012 ACM conference on Computer and communications security
Proceedings of the Third International Workshop on Sensing Applications on Mobile Phones
The 14th international workshop on mobile computing systems and applications (ACM HotMobile 2013)
ACM SIGMOBILE Mobile Computing and Communications Review
ipShield: a framework for enforcing context-aware privacy
NSDI'14 Proceedings of the 11th USENIX Conference on Networked Systems Design and Implementation
Hi-index | 0.00 |
We study the competing goals of utility and privacy as they arise when a user shares personal sensor data with apps on a smartphone. On the one hand, there can be value to the user for sharing data in the form of various personalized services and recommendations; on the other hand, there is the risk of revealing behaviors to the app producers that the user would like to keep private. The current approaches to privacy, usually defined in multi-user settings, rely on anonymization to prevent such sensitive behaviors from being traced back to the user---a strategy which does not apply if user identity is already known, as is the case here. Instead of protecting identity, we focus on the more general problem of choosing what data to share, in such a way that certain kinds of inferences---i.e., those indicating the user's sensitive behavior---cannot be drawn. The use of inference functions allows us to establish a terminology to unify prior notions of privacy as special cases of this more general problem. We identify several information disclosure regimes, each corresponding to a specific privacy-utility tradeoff, as well as privacy mechanisms designed to realize these tradeoff points. Finally, we propose ipShield as a privacy-aware framework which uses current user context together with a model of user behavior to quantify an adversary's knowledge regarding a sensitive inference, and obfuscate data accordingly before sharing. We conclude by describing initial work towards realizing this framework.