 |
|
|
Award Abstract #0430274
Collaborative Research: A Comprehensive Policy-Driven Framework for Online Privacy Protection: Integrating IT, Human, Legal and Economic Perspectives
| NSF Org: |
IIS
Division of Information & Intelligent Systems
|
|
|
| Initial Amendment Date: |
August 27, 2004 |
|
| Latest Amendment Date: |
June 23, 2006 |
|
| Award Number: |
0430274 |
|
| Award Instrument: |
Continuing grant |
|
| Program Manager: |
Le Gruenwald
IIS Division of Information & Intelligent Systems
CSE Directorate for Computer & Information Science & Engineering
|
|
| Start Date: |
September 15, 2004 |
|
| Expires: |
August 31, 2007 (Estimated) |
|
| Awarded Amount to Date: |
$666000 |
|
| Investigator(s): |
Elisa Bertino bertino@cs.purdue.edu (Principal Investigator)
Victor Raskin (Co-Principal Investigator)
Robert Proctor (Co-Principal Investigator)
Melissa Dark (Co-Principal Investigator)
Ninghui Li (Co-Principal Investigator)
|
|
| Sponsor: |
Purdue University
302 Wood Street
West Lafayette, IN 47907 765/494-4600
|
|
| NSF Program(s): |
ITR-CYBERTRUST
|
|
| Field Application(s): |
0104000 Information Systems,
0116000 Human Subjects
|
|
| Program Reference Code(s): |
HPCC,9218,7254
|
|
| Program Element Code(s): |
7456
|
ABSTRACT
Privacy is increasingly a major concern that prevents the exploitation of the Internet's full potential. Consumers are concerned about the trustworthiness of the websites to which they entrust their sensitive information. Although significant industry efforts are seeking to better protect sensitive information online, existing solutions are still fragmented and far from satisfactory. Specifically, existing languages for specifying privacy policies lack a formal and unambiguous semantics, are limited in expressive power and lack enforcement as well as auditing support. Moreover, existing privacy management tools aimed at increasing end-users' control over their privacy are limited in capability or difficult to use.
This project seeks to provide a comprehensive framework for protecting online privacy, covering the entire privacy policy life cycle. This cycle includes enterprise policy creation, enforcement, analysis and auditing, as well as end user agent presentation and privacy policy processing. The project integrates privacy-relevant human, legal and economic perspectives in the proposed framework. This project will develop an expressive, semantics-based formal language for specifying privacy policies, an access control and auditing language for enforcing privacy policies in applications, as well as theory and tools for verifying privacy policies. Additionally, experiments and surveys will be conducted to better understand the axes of users' privacy concerns and protection objectives. Results from this empirical work will be used to develop an effective paradigm for specifying privacy preferences and methods to present privacy policies to end users in an accurate and accessible way.
PUBLICATIONS PRODUCED AS A RESULT OF THIS RESEARCH
Next
(Showing: 1 - 20 of 27).
] K.-P. L. Vu, F. P. Garcia, D. Nelson, J. Sulaitis, B. Creekmur, V. Chambers, and R. W. Proctor.
"Examining user privacy practices while shopping online: What are users looking for?,"
Human Interface, Part II, HCII 2007, Lecture Notes in Computer Science 4558 (pp. 792?801). Berlin: Springer-Verlag.,
2007,
] K.-P. L. Vu, V. Chambers, F. P. Garcia, B. Creekmur, J. Sulaitis, D. Nelson, R. Pierce, and R. W. Proctor.
"How users read and comprehend privacy policies,"
Human Interface, Part II, HCII 2007, Lecture Notes in Computer Science 4558 (pp. 802-811). Berlin: Springer-Verlag.,
2007,
] J.W. Byun, A. Kamra, E. Bertino, and N. Li.
"Efficient k-Anonymization Using Clustering Techniques,"
Proc. of the International Conference on Database Systems for Advanced Applications (DASFAA), Bangkok (Thailand), April 2007, Lecture Notes in Computer Science 443, Springer,
2007,
] K. Irwin and T. Yu..
"Determining User Privacy Preferences by Asking the Right Questions: An Automated Approach.,"
Proc. of the 4th ACM International Workshop on Privacy in Electronic Society (WPES).,
2005,
p. 47.
A. Trombetta, E. Bertino..
"Private Updates to Anonymous Databases.,"
Proc. of 22th IEEE International Conference on Data Engineering, Atlanta (Georgia).,
2006,
p. 116.
A.I. Anton, E. Bertino, N. Li, and T. Yu..
"A Roadmap for Comprehensive Online Privacy Policy Management.,"
Communications of the ACM, 50(7):109-116.,
2006,
E. Bertino, A. Kamra, E. Terzi, A. Vakali..
"Intrusion Detection in RBAC administered Databases.,"
Proc. of the 2005 Annual Computer Security Applications Conference (ACSAC), Tucson (Ariz.).,
2005,
p. 170.
E.Bertino, B.Catania, M.Damiani, P. Perlasca..
"GEO-RBAC: A Spatially Aware RBAC.,"
ACM Transactions on Information and System Security (TISSEC), 10(1).,
2007,
H. Chen and N. Li.
"Constraint Generation for Separation of Duty.,"
Proc. of 11th ACM Symposium on Access Control Models and Methodologies, Lake Tahoe (Calif.).,
2006,
J.W. Byun, Y. Sohn, and E. Bertino..
"Systematic Control and Management of Data Integrity.,"
Proc. of 11th ACM Symposium on Access Control Models and Methodologies, Lake Tahoe (Calif.).,
2006,
K. Irwin and T. Yu..
"Preventing Attribute Information Leakage in Automated Trust Negotiation.,"
Proc.of the 12th ACM Conference on Computer and Communications Security (CCS), Alexandria.,
2005,
p. 36.
K.-P. L. Vu, R. W. Proctor, A. Bhargav-Spanzel, B.-L. Tai, J. Cook, and E. E. Schultz.
"Improving password security and memorability to protect personal and organizational information,"
International Journal of Human-Computer Studies, 65, 744-757,
2007,
Krachina, O., and V. Raskin..
"Ontology-Based Inference Methods: Application in Question Answering.,"
. Proceedings of MCLC-06: The 3rd Annual Midwest Computational Linguistics Colloquium, Urbana-Champaign, IL: University of Illinois.,
2006,
p. 68.
M. Damiani, E.Bertino..
"Access Control and Privacy in Location-aware Services for Mobile Operations.,"
Proc. of the 7th International Conference on Mobile Data Management (MDM), Nara (Japan).,
2006,
p. 38.
M. Dark and C. McPherson.
"Privacy perceptions in public education,"
Proc. of the Human Computer Interface International Conference, Beijing, China. Springer-Verlag, ISBN: 978-3-540-73353-9,
2007,
M. Scannapieco, I. Figotin, E. Bertino, A.Elmagarmid.
"Privacy Preserving Schema and Data Matching,"
Proc. of ACM SIGMOD Conference, Beijing (China), June 11-14, 2007, ACM Press.,
2007,
M. Shehab, E. Bertino, A. Ghafoor..
"Secure Collaboration in Mediator-Free Environments.,"
Proc. of 12th ACM Conference on Computer and Communication Security (CCS), Alexandria (Virginia).,
2005,
p. 58.
M.Mecella, M. Ouzzani, F. Paci, E. Bertino..
"Access Control Enforcement for Conversation-based Web Services.,"
Proc. of the 15th ACM International World Wide Web Conference, Edinburgh (Scotland).,
2006,
p. 136.
N. Li and M.V. Tripunitara..
"Security Analysis in Role-Based Access Control.,"
ACM Transactions on Information and System Security (TISSEC), 9(4):391-420,
2006,
N. Li, J.W. Byun, and E. Bertino..
"A Critique of the ANSI Standard on Role Based Access Control.,"
IEEE Security & Privacy, 5(6).,
2007,
Next
(Showing: 1 - 20 of 27).
Please report errors in award information by writing to: awardsearch@nsf.gov.
|
|
|
