Exploring personalized life cycle policies

H.J.W. van Heerde, N.L.G. Anciaux, M.M. Fokkinga, Peter M.G. Apers

Abstract

Ambient Intelligence imposes many challenges in protecting people's privacy. Storing privacy-sensitive data permanently will inevitably result in privacy violations. Limited retention techniques might prove useful in order to limit the risks of unwanted and irreversible disclosure of privacy-sensitive data. To overcome the rigidness of simple limited retention policies, Life-Cycle policies more precisely describe when and how data could be first degraded and finally be destroyed. This allows users themselves to determine an adequate compromise between privacy and data retention. However, implementing and enforcing these policies is a difficult problem. Traditional databases are not designed or optimized for deleting data. In this report, we recall the formerly introduced life cycle policy model and the already developed techniques for handling a single collective policy for all data in a relational database management system. We identify the problems raised by loosening this single policy constraint and propose preliminary techniques for concurrently handling multiple policies in one data store. The main technical consequence for the storage structure is, that when allowing multiple policies, the degradation order of tuples will not always be equal to the insert order anymore. Apart from the technical aspects, we show that personalizing the policies introduces some inference breaches which have to be further investigated. To make such an investigation possible, we introduce a metric for privacy, which enables the possibility to compare the provided amount of privacy with the amount of privacy required by the policy.
Original languageUndefined
Place of PublicationEnschede
PublisherCentre for Telematics and Information Technology (CTIT)
Number of pages26
StatePublished - 20 Dec 2007

Publication series

NameCTIT Technical Report Series
PublisherCentre for Telematics and Information Technology, University of Twente
No.Supplement/TR-CTIT-07-85
ISSN (Print)1381-3625

Fingerprint

Life cycle
Degradation

Keywords

  • IR-64525
  • METIS-245854
  • EWI-11547

Cite this

van Heerde, H. J. W., Anciaux, N. L. G., Fokkinga, M. M., & Apers, P. M. G. (2007). Exploring personalized life cycle policies. (CTIT Technical Report Series; No. Supplement/TR-CTIT-07-85). Enschede: Centre for Telematics and Information Technology (CTIT).

van Heerde, H.J.W.; Anciaux, N.L.G.; Fokkinga, M.M.; Apers, Peter M.G. / Exploring personalized life cycle policies.

Enschede : Centre for Telematics and Information Technology (CTIT), 2007. 26 p. (CTIT Technical Report Series; No. Supplement/TR-CTIT-07-85).

Research output: ProfessionalReport

@book{5ae87b3637c14f58871e019b8385c452,
title = "Exploring personalized life cycle policies",
abstract = "Ambient Intelligence imposes many challenges in protecting people's privacy. Storing privacy-sensitive data permanently will inevitably result in privacy violations. Limited retention techniques might prove useful in order to limit the risks of unwanted and irreversible disclosure of privacy-sensitive data. To overcome the rigidness of simple limited retention policies, Life-Cycle policies more precisely describe when and how data could be first degraded and finally be destroyed. This allows users themselves to determine an adequate compromise between privacy and data retention. However, implementing and enforcing these policies is a difficult problem. Traditional databases are not designed or optimized for deleting data. In this report, we recall the formerly introduced life cycle policy model and the already developed techniques for handling a single collective policy for all data in a relational database management system. We identify the problems raised by loosening this single policy constraint and propose preliminary techniques for concurrently handling multiple policies in one data store. The main technical consequence for the storage structure is, that when allowing multiple policies, the degradation order of tuples will not always be equal to the insert order anymore. Apart from the technical aspects, we show that personalizing the policies introduces some inference breaches which have to be further investigated. To make such an investigation possible, we introduce a metric for privacy, which enables the possibility to compare the provided amount of privacy with the amount of privacy required by the policy.",
keywords = "IR-64525, METIS-245854, EWI-11547",
author = "{van Heerde}, H.J.W. and N.L.G. Anciaux and M.M. Fokkinga and Apers, {Peter M.G.}",
year = "2007",
month = "12",
series = "CTIT Technical Report Series",
publisher = "Centre for Telematics and Information Technology (CTIT)",
number = "Supplement/TR-CTIT-07-85",
address = "Netherlands",

}

van Heerde, HJW, Anciaux, NLG, Fokkinga, MM & Apers, PMG 2007, Exploring personalized life cycle policies. CTIT Technical Report Series, no. Supplement/TR-CTIT-07-85, Centre for Telematics and Information Technology (CTIT), Enschede.

Exploring personalized life cycle policies. / van Heerde, H.J.W.; Anciaux, N.L.G.; Fokkinga, M.M.; Apers, Peter M.G.

Enschede : Centre for Telematics and Information Technology (CTIT), 2007. 26 p. (CTIT Technical Report Series; No. Supplement/TR-CTIT-07-85).

Research output: ProfessionalReport

TY - BOOK

T1 - Exploring personalized life cycle policies

AU - van Heerde,H.J.W.

AU - Anciaux,N.L.G.

AU - Fokkinga,M.M.

AU - Apers,Peter M.G.

PY - 2007/12/20

Y1 - 2007/12/20

N2 - Ambient Intelligence imposes many challenges in protecting people's privacy. Storing privacy-sensitive data permanently will inevitably result in privacy violations. Limited retention techniques might prove useful in order to limit the risks of unwanted and irreversible disclosure of privacy-sensitive data. To overcome the rigidness of simple limited retention policies, Life-Cycle policies more precisely describe when and how data could be first degraded and finally be destroyed. This allows users themselves to determine an adequate compromise between privacy and data retention. However, implementing and enforcing these policies is a difficult problem. Traditional databases are not designed or optimized for deleting data. In this report, we recall the formerly introduced life cycle policy model and the already developed techniques for handling a single collective policy for all data in a relational database management system. We identify the problems raised by loosening this single policy constraint and propose preliminary techniques for concurrently handling multiple policies in one data store. The main technical consequence for the storage structure is, that when allowing multiple policies, the degradation order of tuples will not always be equal to the insert order anymore. Apart from the technical aspects, we show that personalizing the policies introduces some inference breaches which have to be further investigated. To make such an investigation possible, we introduce a metric for privacy, which enables the possibility to compare the provided amount of privacy with the amount of privacy required by the policy.

AB - Ambient Intelligence imposes many challenges in protecting people's privacy. Storing privacy-sensitive data permanently will inevitably result in privacy violations. Limited retention techniques might prove useful in order to limit the risks of unwanted and irreversible disclosure of privacy-sensitive data. To overcome the rigidness of simple limited retention policies, Life-Cycle policies more precisely describe when and how data could be first degraded and finally be destroyed. This allows users themselves to determine an adequate compromise between privacy and data retention. However, implementing and enforcing these policies is a difficult problem. Traditional databases are not designed or optimized for deleting data. In this report, we recall the formerly introduced life cycle policy model and the already developed techniques for handling a single collective policy for all data in a relational database management system. We identify the problems raised by loosening this single policy constraint and propose preliminary techniques for concurrently handling multiple policies in one data store. The main technical consequence for the storage structure is, that when allowing multiple policies, the degradation order of tuples will not always be equal to the insert order anymore. Apart from the technical aspects, we show that personalizing the policies introduces some inference breaches which have to be further investigated. To make such an investigation possible, we introduce a metric for privacy, which enables the possibility to compare the provided amount of privacy with the amount of privacy required by the policy.

KW - IR-64525

KW - METIS-245854

KW - EWI-11547

M3 - Report

T3 - CTIT Technical Report Series

BT - Exploring personalized life cycle policies

PB - Centre for Telematics and Information Technology (CTIT)

ER -

van Heerde HJW, Anciaux NLG, Fokkinga MM, Apers PMG. Exploring personalized life cycle policies. Enschede: Centre for Telematics and Information Technology (CTIT), 2007. 26 p. (CTIT Technical Report Series; Supplement/TR-CTIT-07-85).