Min Mun
Deborah Estrin
Ramesh Govindan
ABSTRACT
The increasing ubiquity of the mobile phone is creating many opportunities for personal context sensing, and will result in massive databases of individuals' sensitive information incorporating locations, movements, images, text annotations, and even health data. In existing system architectures, users upload their raw (unprocessed or filtered) data streams directly to content-service providers and have little control over their data once they "opt-in".
We present Personal Data Vaults (PDVs), a privacy architecture in which individuals retain ownership of their data. Data are routinely filtered before being shared with content-service providers, and users or data custodian services can participate in making controlled data-sharing decisions. Introducing a PDV gives users flexible and granular access control over data. To reduce the burden on users and improve usability, we explore three mechanisms for managing data policies: Granular ACL, Trace-audit and Rule Recommender. We have implemented a proof-of-concept PDV and evaluated it using real data traces collected from two personal participatory sensing applications.
- Freereversegeo. www.freereversegeo.com.Google Scholar
- Google health. https://www.google.com/health.Google Scholar
- Microsoft healthvault. http://www.healthvault.com.Google Scholar
- Mysql - couchdb performance comparison. http://metalelf0dev.blogspot.com/2008/09/mysql-couchdb-performance-comparison.html.Google Scholar
- oauth. http://oauth.net/.Google Scholar
- X.509. http://en.wikipedia.org/wiki/X.509.Google Scholar
- R. Baden, A. Bender, N. Spring, B. Bhattacharjee, and D. Starin. Persona: An online social network with user-defined privacy. In SIGCOMM, 2009. Google ScholarDigital Library
- M. M. Breunig, H. P. Kriegel, R. T. Ng, and J. Sander. Lof: Identifying density-based local outliers. In ACM SIGMOD, 2000. Google ScholarDigital Library
- J. Burke, D. Estrin, M. Hansen, A. Parker, N. Ramanathan, S. Reddy, and M. Srivastava. Participatory sensing. In ACM Sensys WSW Workshop, 2006.Google Scholar
- C. Cornelius, A. Kapadia, D. Kotz, D. Peebles, M. Shin, and N. Triandopoulos. Anonysense: privacy-aware people-centric sensing. In MobiSys '08: Proceeding of the 6th international conference on Mobile systems, applications, and services, pages 211--224, New York, NY, USA, 2008. ACM. Google ScholarDigital Library
- R. Cceres, L. Cox, H. Lim, A. Shakimov, and A. Varshavsky. Virtual individual servers as privacy-preserving proxies for mobile devices. In Proc. of 1st ACM SIGCOMM Workshop on Networking, Systems, and Applications on Mobile Handhelds (MobiHeld), 2009. Google ScholarDigital Library
- D. K. D. Anthony and T. Henderson. Privacy in locationaware computing environments. In Pervasive Computing, 2007. Google ScholarDigital Library
- P. Dutta, P. Aoki, N. Kumar, A. Mainwaring, C. Myers, W. Willett, and A. Woodruff. Common Sense: Participatory Urban Sensing Using a Network of Handheld Air Quality Monitors (demonstration). In Proc. SenSys, 2009. Google ScholarDigital Library
- S. E. Miluzzo, N. D. Lane and A. Campbell. Cenceme injecting sensing presence into social networking applications. In Proc. of EuroSSC, 2007. Google ScholarDigital Library
- G. H. et al. Physical, social and experiential knowledge in pervasive computing environments. In Pervasive Computing, 2007. Google ScholarDigital Library
- J. F. Froehlich, M. Y. Chen, and et al. Myexperience: a system for in situ tracing and capturing of user feedback on mobile phones. In ACM MobiSys, 2007. Google ScholarDigital Library
- R. K. Ganti, N. Pham, Y. Tsai, and T. F. Abdelzaher. Poolview: Stream privacy for grassroots participatory sensing. In Sensys, 2008. Google ScholarDigital Library
- S. Gaonkar, J. Li, R. R. Choudhury, L. Cox, and A. Schmidt. Micro-blog: sharing and querying content through mobile phones and social participation. In Proceedings of MobiSys, 2005. Google ScholarDigital Library
- S. Guha, K. Tang, and P. Francis. Noyb: Privacy in online social networks. In WOSP 08: Proceedings of the First Workshop on Online Social Networks, 2009. Google ScholarDigital Library
- J. Hicks, N. Ramanathan, D. Kim, M. Monibi, J. Selsky, M. Hansen, and D. Estrin. Andwellness: An open mobile system for activity and experience sampling. In Proc. of Wireless Health, 2010. Google ScholarDigital Library
- B. Hoh and et al. Enhancing security and privacy in traffic-monitoring systems. In IEEE Pervasive Computing, 2006. Google ScholarDigital Library
- B. Hoh, M. Gruteser, R. Herring, J. Ban, D. Work, J. Herrera, and et al. Virtual trip lines for distributed privacy-preserving traffic monitoring. In Proceeding of the 6th international conference on Mobile systems, applications, and services, 2008. Google ScholarDigital Library
- J. I. Hong and J. A. Landay. An architecture for privacy-sensitive ubiquitous computing. In Proceeding of the 6th international conference on Mobile systems, applications, and services, 2004. Google ScholarDigital Library
- J. Horey, M. M. Groat, S. Forrest, and F. Esponda. Anonymous data collection in sensor networks. In Proceedings of the 4th Annual International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services, 2007. Google ScholarDigital Library
- J. Kang, W. Welbourne, B. Stewart, and G. Borriello. Extracting places from traces of locations. In Mobile Computing and Communications Review, 2005. Google ScholarDigital Library
- J. Krumm. Inference Attacks on Location Tracks. Lecture Notes in Computer Science, 4480:127, 2007. Google ScholarDigital Library
- M. Y. Mun, S. Reddy, K. Shilton, N. Yau, and et al. Peir, the personal environmental impact report, as a platform for participatory sensing systems research. In Mobisys, 2009. Google ScholarDigital Library
- H. Nissenbaum. Privacy as contextual integrity. In Washington Law Review, 2004.Google Scholar
- A. Parker, S. Reddy, and et al. Network System Challenges in Selective Sharing and Verification for Personal, Social, and Urban-ScaleSensingApplications. In HotNets, 2006.Google Scholar
- J. Ryder, B. Longstaff, S. Reddy, and D. Estrin. Ambulation: A tool for monitoring mobility patterns over time using mobile phones. In Social Computing with Mobile Phones Workshop at IEEE SocialCom, 2009. Google ScholarDigital Library
- S. Seong, J. Seo, M. Nasielski, D. Sengupta, S. Hangal, and et al. PrPl: A Decentralized Social Networking Infrastructure. In ACM Workshop on Mobile Cloud Computing and Services: Social Networks and Beyond, 2010. Google ScholarDigital Library
- K. Shilton, J. Burke, D. Estrin, M. Hansen, R. Govindan, and J. Kang. Designing the personal data stream: Enabling participatory privacy in mobile personal sensing. In The 37th Research Conference on Communication, Information and Internet Policy (TPRC), 2009.Google Scholar
- A. Tootoonchian, S. Saroiu, Y. Ganjali, and A. Wolman. Lockr: Better privacy for social networks. In CoNEXT, 2009. Google ScholarDigital Library
- C. Zhou, D. Frankowski, P. Ludford, S. Shekhar, and L. Terveen. Discovering personal gazetteers: an interactive clustering approach. In ACM GIS, 2004. Google ScholarDigital Library
Index Terms
- Personal data vaults: a locus of control for personal data streams
Recommendations
Online consumer privacy concerns and willingness to provide personal data on the internet
Our research examines the manner in which web users choose between participation in the internet economy and protection of their personal data. We study the influence of various contextual elements (e.g., the privacy policies posted on sites) and ...
An analytical framework for online privacy research
An analytical framework is suggested for interdisciplinary online privacy research.Websites managers views and knowledge is a neglected topic in privacy research.Websites managers indicate that their own websites do not violate users privacy.The younger ...
Comments