An Architecture for the Enforcement of Privacy and Security Requirements in Internet-Centric Services
2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (2012)
Liverpool, United Kingdom United Kingdom
June 25, 2012 to June 27, 2012
This paper focuses on the problem of how to protect personal data and privacy in the context of internet-centric services. Two main challenges are considered: how to enable individuals to express data protection requirements on their data in a disclosure request; and how to ensure data is actually protected and processed according to the intended purpose of use after being disclosed. As part of our solution, we introduce the notion of a distinctive online service and architectural component, called the Privacy and Security Broker (PSB), responsible for the protection of personal data. The PSB enables a user to express their data protection requirements and translates them into "Data Protection Property Policies" (DPPPs). A high level architecture and the corresponding protocols involving the interaction of the main actors of our solution are presented.
internet-centric services, privacy, security, data protection, information-flow, user-centric services
Y. Diaz-Tellez, E. L. Bodanese, S. K. Nair and T. Dimitrakos, "An Architecture for the Enforcement of Privacy and Security Requirements in Internet-Centric Services," 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications(TRUSTCOM), Liverpool, 2012, pp. 1024-1031.