A Database Framework for Expressing and Enforcing Personal Privacy Preferences

Tania Basso; Leandro Piardi; Regina Moraes; Mario Jino; Nuno Antunes; Marco Vieira

doi:10.5753/wtf.2015.22941

Tania Basso UNICAMP
Leandro Piardi UNICAMP
Regina Moraes UNICAMP
Mario Jino UNICAMP
Nuno Antunes University of Coimbra
Marco Vieira University of Coimbra

DOI: https://doi.org/10.5753/wtf.2015.22941

Resumo

Nowadays, privacy protection in web applications and services is done, most times, through privacy policies that are presented to users and give them only the options of agreeing or disagreeing. So, it is not possible for users to express, in a detailed manner, their privacy preferences. Having this flexibility would allow users to make more thoughtful choices about the use of their personal information online. This paper proposes a database framework that allows users express their privacy preferences in detail, so that web applications can protect data privacy and manage personal information more securely. We tested the framework and results showed that it can be a simple and effective alternative, avoiding using complex and expensive solutions.

Referências

Agrawal, R., Kiernan, J., Srikant, R., Xu, Y. (2003). "Implementing P3P using database technology," Proceedings of the 19th International Conference on Data Engineering”, pp.595,606.

Basso, T., Antunes, N., Moraes, R., Vieira, M. (2013). " An XML-Based Policy Model for Access Control in Web Applications". In proceedings of 24th International Conference on Database and Expert Systems Applications - DEXA, pp. 274-288.

Breaux, T. D., Rao, A. (2013). "Formal analysis of privacy requirements specifications for multi-tier applications," 21st IEEE International Requirements Engineering Conference (RE), pp.14,23.

Breaux, T.D., Anton, A. I. (2005). "Deriving semantic models from privacy policies,". Sixth IEEE International Workshop on Policies for Distributed Systems and Networks, pp.67,76 (2005).

Byun, J.-W. and Li, N. (2008). “Purpose Based Access Control for Privacy Protection in Relational Database Systems”, VLDB J., vol. 17, no 4, p. 603–619.

Cranor, L., Arjula, M., Guduru, P. (2002). "Use of a P3P User Agent by early adopters," in Proceedings of 9th ACM Workshop on Privacy in the Electronic Society, Washington, DC.

Earp, J. B., Antón, A. I., Member, S., Aiman-smith, L., Stufflebeam, W. H. (2005). “Examining Internet Privacy Policies Within the Context of User Privacy Values”, IEEE Trans. Eng. Manag., vol. 52, pp. 227–237.

EPAL (2014). “Enterprise Privacy Authorization Language (EPAL 1.2)”. [Online]. Available: [link]. [Accessed: 23-jan-2014].

Jmeter (2015). “Apache JMeter - Apache JMeterTM”. [Online]. Available: http://jmeter.apache.org/. [Accessed: 09-jan-2015].

Kolter, J. and Pernul, G. (2009). "Generating user understandable Privacy Preferences". Proceedings of IEEE International Conference on Availability, Reliability and Security. Fukuoka, pp.299-306.

Mello, V., Basso, T., Moraes, R. (2014). “A Test Process Model to Evaluate Performance Impact of Privacy Protection Solutions”. In: XV Workshop de Testes e Tolerância a Falhas (WTF 2014), 2014, Florianópolis. XXXII Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos.

Ni, Q., Trombetta, A., Bertino, E., Lobo, J. (2007). “Privacy-aware Role Based Access Control”, in Proceedings of the 12th ACM Symposium on Access Control Models and Technologies, New York, NY, USA, 2007, p. 41–50.

Oracle (2015). “Oracle | Hardware and Software, Engineered to Work Together”. Available: http://www.oracle.com/index.html. Accessed: 24-jan-2015.

P3P (2013). “P3P: The Platform for Privacy Preferences”. [Online]. Available: http://www.w3.org/P3P/. [Accessed: 04-set-2013].

TPC (2015). “TPC-W - Homepage”. Available: http://www.tpc.org/tpcw/. Accessed: 08-jan-2015.

Vieira, M., Madeira, H. (2005). “Towards a security benchmark for database management systems”, in Proceedings, of International Conference on Dependable Systems and Networks, DSN 2005. p p. 592–601.