nach oben

Mobile Networks and Applications

Erschienen in:

01.02.2009

Privacy from Promises to Protection

Privacy Guaranteeing Execution Container

verfasst von: Michael Maaser, Peter Langendörfer

Erschienen in: Mobile Networks and Applications | Ausgabe 1/2009

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Privacy issues are becoming more and more important especially since the cyber and the real world are converging up to certain extent when using mobile devices. Means that really protect privacy are still missing. The problem is, as soon as a user provides data to a service provider the user looses control over her data. The simple solution is not to provide any data but then many useful services, e.g. navigation applications, cannot be used. In order to solve this problem, we propose privacy guaranteeing execution containers (PGEC). Basically the concept is that the application obtains access to the user data in a specially protected and certified environment, the PGEC. PGECs enable applications to access private user data and guarantee that the user data is deleted as soon as the service is quit. The PGEC also restricts the communication between the application and the service provider to what is explicitly allowed by the service user. In addition to those means the PGEC also implements countermeasures against malicious attacks such as modified host systems and covert channel attacks, which might be misusing CPU load to signal data out of the PGEC. Thus, the PGEC guarantees a “one time use” of the provided private data.

Vorheriger Artikel Recoverable Class Loaders for a Fast Restart of Java Applications

Nächster Artikel An Activity Recognition System For Mobile Phones

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

ATZelektronik

Die Fachzeitschrift ATZelektronik bietet für Entwickler und Entscheider in der Automobil- und Zulieferindustrie qualitativ hochwertige und fundierte Informationen aus dem gesamten Spektrum der Pkw- und Nutzfahrzeug-Elektronik.

Lassen Sie sich jetzt unverbindlich 2 kostenlose Ausgabe zusenden.

Jetzt informieren

ATZelectronics worldwide

ATZlectronics worldwide is up-to-speed on new trends and developments in automotive electronics on a scientific level with a high depth of information.

Order your 30-days-trial for free and without any commitment.

Jetzt informieren

We are aware that there exist multiple ways to queue a print from Java. In this example we show the simplest approach.

There might be other channels that we are not aware of. But the container can render the most prominent ones already useless, which improves its security level significantly.

We are aware that embedded keys are subject to attacks similar to the approaches to extract decryption keys from software players for HD-DVD and Blu-Ray discs [30]. To reduce the chances for extracting the keys it should be considered to embed them into (tamper proof) hardware dongles or trusted platform modules [26].

Bennicke M, Langendörfer P (2003) Towards automatic negotiation of privacy contracts for internet services. In: Proceedings of the 11th IEEE conference on networks, ICON. IEEE Society Press, Piscataway, pp 312–324

Bruschi D, Cavallaro L, Lanzi A, Monga M (2005) Attacking a trusted computing platform—improving the security of the tcg specification. Technical report rt 05-05, Universit’a degli Studi di Milano, Milano MI, Italy

Cranor LF, Dobbs B, Egelman S, Hogben G, Humphrey J, Langheinrich M, Marchiori M, Presler-Marshall M, Reagle J, Schunter M, Stampley DA, Wenning R (2006) W3c: platform for privacy preferences (p3p) project. http://www.w3.org/P3P/

Cranor LF, Langheinrich M, Marchiori M (2002) W3c: a p3p preference exchange language 1.0 (appel1.0). W3C Working Draft. http://www.w3.org/TR/P3P-preferences/

Cuellar J, Morris J, Mulligan D, Peterson J, Polk J (2004) Geopriv requirements. Request for comments: 3693. http://www.rfc-archive.org/getrfc.php?rfc=3693

Garcia-Molina H, Ketchpel S, Shivakumar N (1998) Safeguarding and charging for content on the internet. In: Proceedings of the international conference on data engineering ’98. International conference on data engineering, Orlando, 23–27 February 1998

Gruteser M, Grunwald D (2003) Anonymous usage of location-based services through spatial and temporal cloaking. In: Proceedings of the international conference on mobile systems, applications, and services. ACM/USENIX international conference on mobile systems, applications, and services (MobiSys), San Francisco, 5–8 May 2003

Guan X, Yang Y, You J (2000) Pom—a mobile agent security model against malicious hosts. In: Proceedings of the fourth international conference/exhibition on high performance computing in the asia-pacific region, vol 02. IEEE Computer Society, Beijing, pp 1165–1166. doi:http://doi.ieeecomputersociety.org/10.1109/HPC.2000.843621

Haragutchi R, Nusbaum BD, de Luna Sáenz C, Batista NT, Oku RM, Schmitt-Heinrich P, Macgregor R (1996) IBM redbook: building the infrastructure for the internet, chap. Chapter 12 networked applications. IBM, p 526, Cryptolope. http://www.redbooks.ibm.com/redbooks/pdfs/sg244824.pdf.

10.

Hohl F (1998) Time limited blackbox security: protecting mobile agents from malicious hosts. In: Mobile agents and security. Springer, London, pp 92–113CrossRef

11.

Huda N, Yamada S, Kamioka E (2005) Privacy protection in mobile agent based service domain. In: Proceedings of the third international conference on information technology and applications (ICITA’05), Sydney, 2005

12.

Kauer B (2007) Oslo: improving the security of trusted computing. In: Proceedings of 16th USENIX security symposium on usenix security symposium

13.

Langendörfer P, Kraemer R (2002) Towards user defined privacy in location-aware platforms. In: Proceedings of the 3rd international conference on internet computing. 3rd international conference on internet computing. CSREA

14.

Lee H, Alves-Foss J, Harrison S (2004) The use of encrypted functions for mobile agent security. In: HICSS ’04: proceedings of the proceedings of the 37th annual Hawaii international conference on system sciences (HICSS’04) - Track 9, vol 9. IEEE Computer Society, Washington, DC, p 90297.2

15.

López J, Maña A, Pimentel E, Troya JM, Yagüe MI (2002) Access control infrastructure for digital objects. In: Proceedings of the international conference on information and communications security (ICICS’02). International conference on information and communications security (ICICS’02), LNCS 2513. Springer, Singapore, pp 399–410

16.

Maaser M, Langendörfer P (2005) Automated negotiation of privacy contracts. In: Proceedings of the 29th annual international computer software and applications conference (COMPSAC). IEEE Society Press, Edinburgh

17.

Maaser M, Ortmann S, Langendörfer P (2008) The privacy advocate: assertion of privacy by personalised contracts. In: Books of selected papers from WEBIST conferences, pp 85–97

18.

Maña A, Lopez J, Ortega JJ, Pimentel E, Troya JM (2004) A framework for secure execution of software. Int J Inf Secur 2(4):99–112CrossRef

19.

Page J, Zaslavsky A, Indrawan M (2004) Countering security vulnerabilities in agent execution using a self executing security examination. In: Proceedings of the third international joint conference on autonomous agents and multiagent systems (AAMAS’04), vol 3. IEEE Computer Society, Los Alamitos, pp 1486–1487. doi:http://doi.ieeecomputersociety.org/10.1109/AAMAS.2004.10229

20.

Poggi A, Rimassa G, Tomaiuolo M (2001) Multi-user and security support for multi-agent systems. In: Proceedings of WOA 2001 workshop. Modena

21.

Riordan J, Schneier B (1998) Environmental key generation towards clueless agents. In: Mobile agents and security. Springer, London, pp 15–24CrossRef

22.

Sailer R, Zhang X, Jaeger T, van Doorn L (2004) Design and implementation of a tcg-based integrity measurement architecture. In: Proceedings of the USENIX security symposium

23.

Seshadri A, Luk M, Shi E, Perrig A, van Doorn L, Khosla P (2005) Pioneer: verifying code integrity and enforcing untampered code execution on legacy systems. In: 20th ACM symposium on operating systems principles (SOSP 2005)

24.

Seshadri A, Perrig A, van Doorn L (2004) Using software-based attestation for verifying embedded systems in cars. In: Proceedings of the embedded security in cars workshop ’04. Embedded security in cars workshop (escar)

25.

Synnes K, Nord J, Parnes P (2003) Location privacy in the alipes platform. In: Proceedings of the Hawai’i international conference on system sciences. Hawai’i international conference on system sciences (HICSS-36). Big Island, Hawaii

26.

Trusted Computing Group (2008) Trusted Computing Group Administration (2008) http://www.trustedcomputinggroup.org

27.

Wagealla W, Terzis S, English C (2003) Trust-based model for privacy control in context-aware systems. In: Proceedings of the 2nd workshop on security in ubiquitous computing. 2nd workshop on security in ubiquitous computing

28.

Yamada S, Kamioka E (2005) Access control for security and privacy in ubiquitous computing environments. IEICE Trans Commun E88-B(3):846–856. doi:10.1093/ietcom/e88-b.3.846 CrossRef

29.

Yannopoulos A, Stavroulasa Y, Papadakis N, Halkos D, Varvarigou T (2002) A method which enables the assessment of private data by an untrusted party using arbitrary algorithms but prevents disclosure of their content. In: Langendoerfer P, Tsaoussidis V (eds) Proceedings of the 3rd international conference on internet computing. 3rd international conference on internet computing. CSREA Press

30.

Zota V (2007) Dvd-nachfolger in der bredouille. http://www.heise.de/newsticker/DVD-Nachfolger-in-der-Bredouille–/meldung/85467

Titel: Privacy from Promises to Protection
Privacy Guaranteeing Execution Container
verfasst von: Michael Maaser
Peter Langendörfer
Publikationsdatum: 01.02.2009
Verlag: Springer US
Erschienen in: Mobile Networks and Applications / Ausgabe 1/2009
Print ISSN: 1383-469X
Elektronische ISSN: 1572-8153
DOI: https://doi.org/10.1007/s11036-008-0116-7

Neuer Inhalt

Bildnachweise

VDI-Icon, Profil Icon, inhalt2, Springer Professional Modul/© Springer Fachmedien Wiesbaden GmbH, Zukunftswerkstatt Sales Excellence_ieS/© Springer Fachmedien Wiesbaden GmbH, Search Icon, Banner Hanser, Bunte Männchen, die Kunden darstelle, werden von einem riesigen Magneten angezogen. /© Oleksiy Mark, Dr. Daniel Schneider/© Fraunhofer IESE, Interview Level Ten PPA Bild/© LevelTen, Zeitschrift Wissensmanagement Cover, PatentFit-Logo/© Springer Fachmedien Wiesbaden GmbH, Zukunftswerkstatt Sales Excellence 2024/© AndreyPopov / Getty Images / iStock, 2023_Antrieb/© supervisuell, ATZ-Webinar: Prototypenfreie Entwicklung durch Offline- und Driver-in-the-Loop-HiL-Tests /© (c) VI-grade

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

ATZelektronik

ATZelectronics worldwide

Weitere Artikel der Ausgabe 1/2009

MobiSoC: a middleware for mobile social computing applications

Recoverable Class Loaders for a Fast Restart of Java Applications

Automatic Multi-Interface Management Through Profile Handling

Extracting High-Level Information from Location Data: The W4 Diary Example

Monitoring Smartphones for Anomaly Detection

An Activity Recognition System For Mobile Phones

Neuer Inhalt

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.