Löhr, Hans and Sadeghi, Ahmad-Reza and Vishik, Claire and Winandy, Marcel
:
Trusted Privacy Domains - Challenges for Trusted Computing in Privacy-Protecting Information Sharing.
In: LNCS
, 5451
.
Springer
[Conference or Workshop Item]
, (2009)
Abstract
With the growing use of the Internet, users need to reveal an increasing amount of private information when accessing online services, and, with growing integration, this information is shared among services. Although progress was achieved in acknowledging the need to design privacy-friendly systems and protocols, there are still no satisfactory technical privacy-protecting solutions that reliably enforce user-defined flexible privacy policies. Today, the users can assess and analyze privacy policies of data controllers, but they cannot control access to and usage of their private data beyond their own computing environment. In this paper, we propose a conceptual framework for user-controlled formal privacy policies and examine elements of its design and implementation. In our vision, a Trusted Personal Information Wallet manages private data according to a user-defined privacy policies. We build on Trusted Virtual Domains (TVDs), leveraging trusted computing and virtualization to construct privacy domains for enforcing the user's policy. We present protocols for establishing these domains, and describe the implementation of the building blocks of our framework. Additionally, a simple privacy policy for trusted privacy domains functioning between different organizations and entities across networks is described as an example. Finally, we identify future research challenges in this area.
| Item Type: | Conference or Workshop Item |
|---|---|
| Erschienen: | 2009 |
| Creators: | Löhr, Hans and Sadeghi, Ahmad-Reza and Vishik, Claire and Winandy, Marcel |
| Title: | Trusted Privacy Domains - Challenges for Trusted Computing in Privacy-Protecting Information Sharing |
| Language: | German |
| Abstract: | With the growing use of the Internet, users need to reveal an increasing amount of private information when accessing online services, and, with growing integration, this information is shared among services. Although progress was achieved in acknowledging the need to design privacy-friendly systems and protocols, there are still no satisfactory technical privacy-protecting solutions that reliably enforce user-defined flexible privacy policies. Today, the users can assess and analyze privacy policies of data controllers, but they cannot control access to and usage of their private data beyond their own computing environment. In this paper, we propose a conceptual framework for user-controlled formal privacy policies and examine elements of its design and implementation. In our vision, a Trusted Personal Information Wallet manages private data according to a user-defined privacy policies. We build on Trusted Virtual Domains (TVDs), leveraging trusted computing and virtualization to construct privacy domains for enforcing the user's policy. We present protocols for establishing these domains, and describe the implementation of the building blocks of our framework. Additionally, a simple privacy policy for trusted privacy domains functioning between different organizations and entities across networks is described as an example. Finally, we identify future research challenges in this area. |
| Title of Book: | 5th Information Security Practice and Experience Conference (ISPEC'09) |
| Series Name: | LNCS |
| Volume: | 5451 |
| Publisher: | Springer |
| Uncontrolled Keywords: | Secure Things;Trusted Computing, Trusted Virtual Domains |
| Divisions: | Department of Computer Science Department of Computer Science > System Security Lab LOEWE LOEWE > LOEWE-Zentren LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt |
| Date Deposited: | 10 Mar 2016 10:18 |
| Identification Number: | TUD-CS-2009-1853 |
| Related URLs: | |
| Export: |
Optionen (nur für Redakteure)
 |
View Item |
Print
Impressum