The Experts below are selected from a list of 240 Experts worldwide ranked by ideXlab platform
Ramesh Govindan - One of the best experts on this subject based on the ideXlab platform.
-
pdvloc a personal data vault for controlled location data sharing
ACM Transactions on Sensor Networks, 2014Co-Authors: Min Y Mun, Katie Shilton, Deborah Estrin, Mark Hansen, Donnie H Kim, Ramesh GovindanAbstract:Location-Based Mobile Service (LBMS) is one of the most popular smartphone services. LBMS enables people to more easily connect with each other and analyze the aspects of their lives. However, sharing location data can leak people's privacy. We present PDVLoc, a controlled location data-sharing framework based on selectively sharing data through a Personal Data Vault (PDV). A PDV is a privacy architecture in which individuals retain ownership of their data. Data are routinely filtered before being shared with content-service providers, and users or data custodian services can participate in making controlled data-sharing decisions. Introducing PDVLoc gives users flexible and Granular Access control over their location data. We have implemented a prototype of PDVLoc and evaluated it using real location-sharing social networking applications, Google Latitude and Foursquare. Our user study of 19 participants over 20 days shows that most users find that PDVLoc is useful to manage and control their location data, and are willing to continue using PDVLoc.
-
personal data vaults a locus of control for personal data streams
Conference on Emerging Network Experiment and Technology, 2010Co-Authors: Nilesh Mishra, Katie Shilton, Jeff Burke, Deborah Estrin, Mark Hansen, Ramesh GovindanAbstract:The increasing ubiquity of the mobile phone is creating many opportunities for personal context sensing, and will result in massive databases of individuals' sensitive information incorporating locations, movements, images, text annotations, and even health data. In existing system architectures, users upload their raw (unprocessed or filtered) data streams directly to content-service providers and have little control over their data once they "opt-in". We present Personal Data Vaults (PDVs), a privacy architecture in which individuals retain ownership of their data. Data are routinely filtered before being shared with content-service providers, and users or data custodian services can participate in making controlled data-sharing decisions. Introducing a PDV gives users flexible and Granular Access control over data. To reduce the burden on users and improve usability, we explore three mechanisms for managing data policies: Granular ACL, Trace-audit and Rule Recommender. We have implemented a proof-of-concept PDV and evaluated it using real data traces collected from two personal participatory sensing applications.
-
CoNEXT - Personal data vaults: a locus of control for personal data streams
Proceedings of the 6th International COnference on - Co-NEXT '10, 2010Co-Authors: Min Mun, Nilesh Mishra, Katie Shilton, Jeff Burke, Deborah Estrin, Mark Hansen, Shuai Hao, Ramesh GovindanAbstract:The increasing ubiquity of the mobile phone is creating many opportunities for personal context sensing, and will result in massive databases of individuals' sensitive information incorporating locations, movements, images, text annotations, and even health data. In existing system architectures, users upload their raw (unprocessed or filtered) data streams directly to content-service providers and have little control over their data once they "opt-in". We present Personal Data Vaults (PDVs), a privacy architecture in which individuals retain ownership of their data. Data are routinely filtered before being shared with content-service providers, and users or data custodian services can participate in making controlled data-sharing decisions. Introducing a PDV gives users flexible and Granular Access control over data. To reduce the burden on users and improve usability, we explore three mechanisms for managing data policies: Granular ACL, Trace-audit and Rule Recommender. We have implemented a proof-of-concept PDV and evaluated it using real data traces collected from two personal participatory sensing applications.
Xiangxu Meng - One of the best experts on this subject based on the ideXlab platform.
-
ATC - An approach for trusted interoperation in a multidomain environment
Lecture Notes in Computer Science, 2006Co-Authors: Yuqing Sun, Peng Pan, Xiangxu MengAbstract:There are increasing requirements for interoperation among distributed multi-domain systems. The key challenge is how to balance security and collaboration. A novel approach is proposed in this paper to support the trusted interoperation. It introduces the notions of effect scope and life condition into role based Access control model to restrict permission to be active only in proper environment. Partial inheritance of role hierarchy is presented to support the finely Granular Access rights as well as the verification algorithms are proposed to maintain security constraints consistent. As an example, XACML-based platform is provided to combine the existent systems for secure interoperation. Without compromising the collaboration, this approach can effectively enforce a layered security policy and can reduce the complexity of security management.
-
An approach for trusted interoperation in a multidomain environment
Lecture Notes in Computer Science, 2006Co-Authors: Yuqing Sun, Peng Pan, Xiangxu MengAbstract:There are increasing requirements for interoperation among distributed multi-domain systems. The key challenge is how to balance security and collaboration. A novel approach is proposed in this paper to support the trusted interoperation. It introduces the notions of effect scope and life condition into role based Access control model to restrict permission to be active only in proper environment. Partial inheritance of role hierarchy is presented to support the finely Granular Access rights as well as the verification algorithms are proposed to maintain security constraints consistent. As an example, XACML-based platform is provided to combine the existent systems for secure interoperation. Without compromising the collaboration, this approach can effectively enforce a layered security policy and can reduce the complexity of security management.
Zhang Jiao-jiao - One of the best experts on this subject based on the ideXlab platform.
-
Department-role based finely Granular Access control model in management information system
Journal of Computer Applications, 2011Co-Authors: Zhang Jiao-jiaoAbstract:Concerning the characteristics and disadvantages of Role-Based Access Control(RBAC) model,the department-role based Access control(D-RBAC) finely Granular model was proposed in this paper.A formal description for the model elements,the implement mechanism of the model,and the algorithm of Access control were given.In D-RBAC model,role was related to department,which effectively implemented the accurate control of Access objects and data,and the permission assignment problem of the same role in different departments was resolved.The fine-grained permission control was realized as well.Through the model,the number of roles was decreased,the development assignments were simplified and the accuracy and flexibility of permission management were increased.Finally,an application example of this model being used in one equipment safeguard comprehensive information system was given.
Robert Kuykendall - One of the best experts on this subject based on the ideXlab platform.
-
WEBIST (Selected Papers) - Generating XACML Enforcement Policies for Role-Based Access Control of XML Documents
Lecture Notes in Business Information Processing, 2014Co-Authors: Alberto De La Rosa Algarin, Timoteus B Ziminski, Steven A Demurjian, Yaira K. Rivera Sánchez, Robert KuykendallAbstract:Ensuring the security of electronic data has morphed into one of the most important requirements in domains such as health care, where the eXtensible Markup Language (XML) has been leveraged via standards such as the Health Level 7’s Clinical Document Architecture and the Continuity of Care Record. These standards dictate a need for approaches to secure XML schemas and documents. In this paper, we present a secure information engineering method that is capable of generating eXtensible Access Control Markup Language (XACML) enforcement policies, defined in a role-based Access control model (RBAC), that target XML schemas and their instances, allowing instances to be customized for users depending on their roles. To achieve this goal, we extend the Unified Modeling Language (UML) with two new diagrams: the XML Schema Class Diagram, which defines the structure of an XML document in UML style; and, the XML Role-Slice Diagram, which defines roles and associated privileges at a Granular Access control level. We utilize a personal health assistant mobile application for medication and chronic disease management to demonstrate the enforcement component of our work.
-
generating xacml enforcement policies for role based Access control of xml documents
International Conference on Web Information Systems and Technologies, 2013Co-Authors: Alberto De La Rosa Algarin, Timoteus B Ziminski, Steven A Demurjian, Yaira Rivera K Sanchez, Robert KuykendallAbstract:Ensuring the security of electronic data has morphed into one of the most important requirements in domains such as health care, where the eXtensible Markup Language (XML) has been leveraged via standards such as the Health Level 7’s Clinical Document Architecture and the Continuity of Care Record. These standards dictate a need for approaches to secure XML schemas and documents. In this paper, we present a secure information engineering method that is capable of generating eXtensible Access Control Markup Language (XACML) enforcement policies, defined in a role-based Access control model (RBAC), that target XML schemas and their instances, allowing instances to be customized for users depending on their roles. To achieve this goal, we extend the Unified Modeling Language (UML) with two new diagrams: the XML Schema Class Diagram, which defines the structure of an XML document in UML style; and, the XML Role-Slice Diagram, which defines roles and associated privileges at a Granular Access control level. We utilize a personal health assistant mobile application for medication and chronic disease management to demonstrate the enforcement component of our work.
Katie Shilton - One of the best experts on this subject based on the ideXlab platform.
-
pdvloc a personal data vault for controlled location data sharing
ACM Transactions on Sensor Networks, 2014Co-Authors: Min Y Mun, Katie Shilton, Deborah Estrin, Mark Hansen, Donnie H Kim, Ramesh GovindanAbstract:Location-Based Mobile Service (LBMS) is one of the most popular smartphone services. LBMS enables people to more easily connect with each other and analyze the aspects of their lives. However, sharing location data can leak people's privacy. We present PDVLoc, a controlled location data-sharing framework based on selectively sharing data through a Personal Data Vault (PDV). A PDV is a privacy architecture in which individuals retain ownership of their data. Data are routinely filtered before being shared with content-service providers, and users or data custodian services can participate in making controlled data-sharing decisions. Introducing PDVLoc gives users flexible and Granular Access control over their location data. We have implemented a prototype of PDVLoc and evaluated it using real location-sharing social networking applications, Google Latitude and Foursquare. Our user study of 19 participants over 20 days shows that most users find that PDVLoc is useful to manage and control their location data, and are willing to continue using PDVLoc.
-
personal data vaults a locus of control for personal data streams
Conference on Emerging Network Experiment and Technology, 2010Co-Authors: Nilesh Mishra, Katie Shilton, Jeff Burke, Deborah Estrin, Mark Hansen, Ramesh GovindanAbstract:The increasing ubiquity of the mobile phone is creating many opportunities for personal context sensing, and will result in massive databases of individuals' sensitive information incorporating locations, movements, images, text annotations, and even health data. In existing system architectures, users upload their raw (unprocessed or filtered) data streams directly to content-service providers and have little control over their data once they "opt-in". We present Personal Data Vaults (PDVs), a privacy architecture in which individuals retain ownership of their data. Data are routinely filtered before being shared with content-service providers, and users or data custodian services can participate in making controlled data-sharing decisions. Introducing a PDV gives users flexible and Granular Access control over data. To reduce the burden on users and improve usability, we explore three mechanisms for managing data policies: Granular ACL, Trace-audit and Rule Recommender. We have implemented a proof-of-concept PDV and evaluated it using real data traces collected from two personal participatory sensing applications.
-
CoNEXT - Personal data vaults: a locus of control for personal data streams
Proceedings of the 6th International COnference on - Co-NEXT '10, 2010Co-Authors: Min Mun, Nilesh Mishra, Katie Shilton, Jeff Burke, Deborah Estrin, Mark Hansen, Shuai Hao, Ramesh GovindanAbstract:The increasing ubiquity of the mobile phone is creating many opportunities for personal context sensing, and will result in massive databases of individuals' sensitive information incorporating locations, movements, images, text annotations, and even health data. In existing system architectures, users upload their raw (unprocessed or filtered) data streams directly to content-service providers and have little control over their data once they "opt-in". We present Personal Data Vaults (PDVs), a privacy architecture in which individuals retain ownership of their data. Data are routinely filtered before being shared with content-service providers, and users or data custodian services can participate in making controlled data-sharing decisions. Introducing a PDV gives users flexible and Granular Access control over data. To reduce the burden on users and improve usability, we explore three mechanisms for managing data policies: Granular ACL, Trace-audit and Rule Recommender. We have implemented a proof-of-concept PDV and evaluated it using real data traces collected from two personal participatory sensing applications.
