Browsing by Subject "data privacy"
Now showing 1 - 7 of 7
Results Per Page
Sort Options
Item Authorization and Privacy for Semantic Web Services(IEEE, 2004-07-01) Kagal, Lalana; Paoucci, Massimo; Srinivasan, Naveen; Denker, Grit; Finin, Tim; Sycara, KatiaWhen choosing, composing, invoking or monitoring a service it may be important or even critical to understand it's security attributes and policies. By security, we refer to a range of related aspects including authentication, authorization, confidentiality and privacy. We discuss how to incorporate security information into the OWL-S Semantic Web service model by integrating descriptions of semantically rich policies for authorization, privacy and confidentiality. These policies can include conditions on attributes of the service requester, provider, and the general context. We describe the ontologies used to annotate OWL-S input and output parameters with respect to their security characteristics, including various types of encryption and digital signatures. We present an algorithm for testing policy compliance that can be integrated into the service selection process of the OWL-S MatchMaker. This integration allows the requester to invoke only those services that match the formers policies and whose policies are met by the requester.Item Capturing policies for fine-grained access control on mobile devices(IEEE, 2016-11-01) Das, Prajit Kumar; Joshi, Anupam; Finin, TimAs of 2016, there are more mobile devices than humans on earth. Today, mobile devices are a critical part of our lives and often hold sensitive corporate and personal data. As a result, they are a lucrative target for attackers, and managing data privacy and security on mobile devices has become a vital issue. Existing access control mechanisms in most devices are restrictive and inadequate. They do not take into account the context of a device and its user when making decisions. In many cases, the access granted to a subject should change based on the context of a device. Such fine-grained, context-sensitive access control policies have to be personalized too. In this paper, we present a system i.e. Mithril that uses policies represented in Semantic Web technologies and captured using user feedback, to handle access control on mobile devices. We present an iterative feedback process to capture user specific policy. We also present a policy violation metric that allows us to decide when the capture process is complete.Item Privacy control in smart phones using semantically rich reasoning and context modeling(IEEE, 2012-05-24) Ghosh, Dibyajyoti; Joshi, Anupam; Finin, Tim; Jagtap, PramodWe present our ongoing work on user data and contextual privacy preservation in mobile devices through semantic reasoning. Recent advances in context modeling, tracking and collaborative localization have led to the emergence of a new class of smartphone applications that can access and share embedded sensor data. Unfortunately, this also means significant amount of user context information is now accessible to applications and potentially others, creating serious privacy and security concerns. Mobile OS frameworks like Android lack mechanisms for dynamic privacy control. We show how data flow among applications can be successfully filtered at a much more granular level using semantic web driven technologies that model device location, surroundings, application roles as well as context-dependent information sharing policies.Item Security and Privacy Challenges in Open and Dynamic Environments(IEEE, 2006-06-19) Kagal, Lalana; Finin, Tim; Greenspan, Sol; Joshi, AnupamInformation system security and privacy, once narrow topics primarily of interest to IS designers, have become critically important to society at large. The scope of associated challenges and applications is broadening accordingly, leading to new requirements and approaches. Information networks are evolving into more open and dynamic systems. Security and privacy enforcement is problematic in these systems due to the lack of a common understanding of requirements and information as well as user unpredictability. Shared ontologies, declarative policies, and trust models offer the most promising approaches to meet these challenges.Item Semantic Approach to Automating Management of Big Data Privacy Policies(IEEE, 2016-12-02) Joshi, Karuna Pande; Gupta, Aditi; Mittal, Sudip; Pearce, Claudia; Joshi, Anupam; Finin, TimEnsuring privacy of Big Data managed on the cloud is critical to ensure consumer confidence. Cloud providers publish privacy policy documents outlining the steps they take to ensure data and consumer privacy. These documents are available as large text documents that require manual effort and time to track and manage. We have developed a semantically rich ontology to describe the privacy policy documents and built a database of several policy documents as instances of this ontology. We next extracted rules from these policy documents based on deontic logic which can be used to automate management of data privacy. In this paper we describe our ontology in detail along with the results of our analysis of privacy policies of prominent cloud servicesItem Semantic Web in in the Context Broker Architecture(IEEE, 2004-03-15) Chen, Harry; Finin, Tim; Joshi, AnupamThis document describes a new architecture that exploits Semantic Web technologies for supporting pervasive context-aware systems. This architecture called Context Broker Architecture (CoBrA) differs from other architectures in using theWeb Ontology Language OWL for modeling ontologies of context and for supporting context reasoning. Central to our architecture is a broker agent that maintains a shared model of context for all computing entities in the space and enforces the privacy policies defined by the users when sharing their contextual information. We describe the use of CoBrA, its associated ontologies, and its privacy protection mechanism in an intelligent meeting room prototype.Item Trust Based Knowledge Outsourcing for Semantic Web Agents(IEEE, 2003-10-12) Ding, Li; Zhou, Lina; Finin, TimThe semantic Web enables intelligent agents to "outsource" knowledge, extending and enhancing their limited knowledge bases. An open question is how agents can efficiently and effectively access the vast knowledge on the inherently open and dynamic semantic Web. The problem is not that of finding a source for desired information, but deciding which among many possibly inconsistent sources is most reliable. We propose an approach to agent knowledge outsourcing inspired by the use trust in human society. Trust is a type of social knowledge and encodes evaluations about which agents can be taken as reliable sources of information or services. We focus on two important practical issues: learning trust and justifying trust. An agent can learn trust relationships by reasoning about its direct interactions with other agents and about public or private reputation information, i.e., the aggregate trust evaluations of other agents. We use the term trust justification to describe the process in which an agent integrates the beliefs of other agents, trust information, and its own beliefs to update its trust model. We describe the results of simulation experiments of the use and evolution of trust in multiagent systems. Our experiments demonstrate that the use of explicit trust knowledge can significantly improve knowledge outsourcing performance. We also describe a collaborative trust justification technique that focuses on reducing search complexity, handling inconsistent knowledge, and avoiding error propagation.