Technical improvements of Web and location technologies have fostered the development of online applications that use private information of users to offer enhanced services. As a consequence, the vast amount of personal information thus available on the Web has led to growing concerns about privacy of its users. Today global networked infrastructure requires the ability for parties to communicate in a secure environment while at the same time preserving their privacy. Support for digital identities and definition of privacy-enhanced protocols and techniques for their management and exchange become then fundamental requirements. A number of useful privacy enhancing technologies (PETs) have been developed for dealing with privacy issues and previous works on privacy protection have focused on a wide variety of topics. Among them, for helping users in maintaining control over their personal information, access control solutions have been enriched with the ability of supporting privacy requirements, by regulating access to and release of users personal information. Despite the benefits of such solutions few proposals have addressed the problem of how to regulate use of personal information in secondary applications. Moreover, this large number of solutions is causing some confusion and seems increasing the effort for developers to build online services. In this thesis, the notions of privacy and access control are fully integrated within a common framework, and a privacy-aware access control system supporting digital identities, anonymous interactions, and fine-grained context information is defined together with an evaluation infrastructure. The defined models and languages, which provide authorizations based on digital certificates, include support for obligations constraints and data handling policies that regulate secondary use and dissemination of private information exchanged among parties. The proposed privacy-aware access control system is however of little values if location privacy is not protected. Location information in fact has achieved a level of accuracy that makes straightforward its adoption within an access control system to define restrictions based on physical position of users. By contrast, location information can cause loss of privacy on users whereabouts and can easily permit to re-identify the users by looking at information, such as the place in which users stay during the night. Special attention is then devoted to protection of location information with respect to privacy threats that can happen in today pervasive environment, where location information of users is available to external parties without restrictions. A further complicating factor is that while protecting location privacy, the quality of service of location-based applications plays an important role and should be preserved. In this thesis, we propose an obfuscation-based solution to location privacy protection that balances the need of privacy of users and the need of location information accuracy of location-based services. This solution is then validated in the context of our location-based access control (LBAC) system, which is responsible for the evaluation and management of an innovative access control language supporting a new class of location-aware conditions. This approach coupled with the privacy-aware access control system guarantees flexible and reliable access control evaluation and enforcement while protecting the privacy of the users. In summary, the contribution of this thesis is twofold: first we develop a privacy-aware access control system for Web transactions; then we propose a LBAC system and a location privacy solution to be validated in the context of such a system. With respect to the development of a privacy-aware access control system, the original results are: the definition of an access control model, composed of attribute-based access control and release policies, which on the one side regulates access to service provider resources, and on the other side manages release of user data. Our model supports requests for certified and uncertified data, ontology definition, anonymous interactions, and zero-knowledge proofs; the definition of a data handling model and language for specification and enforcement of policies aimed at protecting secondary use of private information of users after their release to external parties; an architecture for the composition of access control, release, and data handling policies. With respect to the definition of a location privacy solution to be integrated in the context of our location-based access control model and language, the original results are: the definition of an infrastructure for the evaluation and enforcement of LBAC policies, which manages the uncertainty of location-based information; the definition of a location privacy solution based on obfuscation techniques balancing privacy need of users and accuracy need of location-based services; a privacy-aware LBAC system integrating our privacy-aware access control system, our location-based access control system, and our location privacy solution.
|Titolo:||Privacy and security in distributed and pervasive systems|
|Supervisori e coordinatori interni:||DE CAPITANI DI VIMERCATI, SABRINA|
|Data di pubblicazione:||14-feb-2008|
|Parole Chiave:||Privacy ; Security ; Access control ; Location-based services ; Distributed and pervasive systems.|
|Settore Scientifico Disciplinare:||Settore INF/01 - Informatica|
|Citazione:||Privacy and security in distributed and pervasive systems ; P. Samarati. - Milano : Università degli studi di Milano. DIPARTIMENTO DI TECNOLOGIE DELL'INFORMAZIONE (CREMA), FACOLTA' DI SCIENZE MATEMATICHE, FISICHE E NATURALI, 2008 Feb 14. ((20. ciclo, Anno Accademico 2006/2007.|
|Appare nelle tipologie:||13 - Tesi di dottorato discussa entro ottobre 2010|