Nikolaos L. Dellas

A Proxy for Privacy: the Discreet Box

The issue of user privacy is constantly brought to the spotlight since an ever increasing number of online services collects and processes personal information from users, in the context of personalized service provision. Although technology makes the collection of data easy, their protection against abuse is left to data protection legislation. However, the privacy requirements, other than being general and abstract terms to be regarded as legislature issues, should be brought down in the technological reality and carefully accounted for in devising technical solutions. In order to limit the disclosure and avoid the misuse of personal data, this paper discusses an architectural proposal for a middleware system that will enforce protection of user privacy through technical means. This goal is facilitated by a combination of a policy framework, a sensible interpretation of regulations into policies and the introduction of a privacy broker, named the discreet box.

A semantic framework for privacy-aware access control

The issue of privacy is constantly brought to the spotlight since an ever increasing number of services collects and processes personal information from users. In fact, recent advances in mobile communications, location and sensing technologies and data processing are boosting the deployment of context-aware personalized services and the creation of smart environments but, at the same time, they pose a serious risk on individualspsila privacy rights. Being situated in the realms of legal and social studies, the notion of privacy is mainly left, concerning its protection, to legislation and service providerspsila self-regulation by means of privacy policies. However, all laws and codes of conduct are useless without enforcement. Based on this concept, this paper presents a framework conceived on the basis of privacy legislation. It uses a semantic model for the specification of privacy-aware data access rules and a middleware system which mediates between the service providers and the data sources and caters for the enforcement of the regulatory provisions.

An ontology-based approach towards comprehensive workflow modelling

In recent years, several mature workflow modelling technologies have emerged. Nevertheless, they all present certain expressiveness limitations concerning primarily two aspects: first, none of them manages to adequately capture all three core workflow perspectives, that is, control, data and resource; further, they typically are either data-centric or control flow oriented, being, therefore incapable of supporting domains that involve both execution patterns. In light of these issues, this study describes an innovative, highly expressive framework for workflow modelling, guided by the flexibility by design principle. Main characteristics of the proposed approach include the following: (i) it enables the comprehensive specification of workflow elements, providing extensive coverage of all aforementioned perspectives; (ii) it introduces the novel concept of assets, as a means for representing the entities being subject to the execution of workflow tasks; (iii) workflows are defined as ontologies; this, apart from the inherent benefits regarding formal semantics, offers also the advantage of their direct and transparent integration with an ontological information model; (iv) it allows the explicit modelling of both control and data flows, thus being suitable for applications based on either of them or both of them combined; and (v) its expressiveness provides for the in-design expression of sophisticated security constraints.

Leveraging Ontologies upon a Holistic Privacy-Aware Access Control Model

Access control is a crucial concept in both ICT security and privacy, providing for the protection of system resources and personal data. The increasing complexity of nowadays systems has led to a vast family of solutions fostering comprehensive access control models, with the ability to capture a variety of parameters and to incorporate them in the decision making process. However, existing approaches are characterised by limitations regarding expressiveness. We present an approach that aims at overcoming such limitations. It is fully based on ontologies and grounded on a rich in semantics information model. The result is a privacy-aware solution that takes into consideration a variety of aspects and parameters, including attributes, context, dependencies between actions and entities participating therein, as well as separation and binding of duty constraints.

Facilitating context-awareness through hardware personalization devices: the simplicity device

The paper presents the specification, development and initial performance evaluation of the Simplicity Device (SD), which is one of the key components of the SIMPLICITY Architecture. The SD is both a portable personalization device and a hardware Single-Sign-On (SSO) token. It accommodates the Simplicity User Profile (SUP), which contains user context related information and has been designed according to 3GPP and W3C standards. In cooperation with a distributed brokerage framework the SD provides the users with the means to automatically personalize terminals and services according to their context by the simple act of “plugging” the SD into any SIMPLICITY compliant user equipment. Within this paper we present the generic SD architecture which is the basis for different SD implementations and consequently we focus on a JavaCard SD implementation and its performance evaluation.

Chapter 30 – Leveraging Semantic Web Technologies for Access Control

Access control comprises a central concept in ICT security, leveraged for the protection of various resources, including systems, networks, applications, services, corporate assets, and information. It has also emerged as an important mechanism for the protection of personal data, resulting in a family of models referred to as privacy-aware access control. Due to the increasing complexity of the ICT ecosystem, various approaches have been proposed with the aim to provide expressive access control models and, in this context, Semantic Web technologies have also been leveraged. This chapter investigates the application of Semantic Web technologies in access control, highlighting the main trends in the area and outlining the most characteristic approaches.

Towards Inherent Privacy Awareness in Workflows

This paper presents a holistic approach to the realisation of Privacy by Design in workflow environments, ensuring that workflow models are rendered privacy-aware already at their specification phase. In this direction, the proposed framework, considering the particular technical requirements stemming from data protection principles, is centred around the following features: a novel, ontology-based approach to workflow modelling, which manages, unlike all other existing technologies, to adequately capture privacy aspects pertaining to workflow execution; the appropriate codification of privacy requirements into compliance rules and directives; an automated procedure for the verification of workflow models and their subsequent transformation, if needed, so that they become inherently privacy-aware before being deployed for execution.

Evolving UMTS towards IP: Evaluation of the SIPRAN Architecture

The adoption of packet-switched technologies in mobile communication systems has enabled the provision of IP-based services to mobile users. Yet, these systems, such as the UMTS network, are not flexible enough to leave space for IP-oriented protocols to dominate nor are they able to meet the stringent QoS requirements imposed by multimedia services. This paper presents an innovative Beyond 3G network architecture, denoted as SIPRAN, posing an evolution to the standard UMTS network. According to the proposed concept, the GPRS Support Nodes are integrated into a single entity, while the Session Initiation Protocol is adopted for performing mobility and session management; these modifications result in the smooth evolution of the UMTS Core Network towards IP, while accomplishing a significant performance gain. In order to evaluate the target architecture and substantiate its actual effectiveness, a series of experiments was carried out, by utilizing a fully-functional emulator.