节点文献

基于策略的普适计算隐私保护技术研究

Research on Privacy Protection Technology for Pervasive Computing Based on Policy

【作者】 康密军

【导师】 魏志强;

【作者基本信息】 中国海洋大学 , 地图学与地理信息系统, 2009, 博士

【摘要】 普适计算隐私保护问题可以描述为:在基于网络的应用环境中,用户的个人信息被系统采集、存储、处理和发布与共享时,如何保证用户的个人信息按照其意志被合法实体有效地访问。用户的意志可以通过让用户自己制定其隐私信息的访问控制策略(隐私策略)来得到实现,本文主要研究了隐私策略的统一表示问题和隐私策略的执行机制问题。本文的主要工作在于:(1)描述了普适计算访问控制,在此基础上,针对普适计算应用场景和用户隐私策略命题,研究了隐私策略的基于谓词逻辑的形式化,即任何隐私策略可以形式化为谓词逻辑公式。本文认为,用户以自然语言描述的隐私策略是原始和简朴的,其形式化不仅仅是以数学语言重新翻译它,而是要结合普适计算应用的上下文,对包含在其中的隐性约束条件进行抽取和形式化。为此,描述了隐私策略命题的分解过程,并据此提出了原始隐私策略和可执行隐私策略的概念;给出了隐私策略形式化系统的字母表、项和公式的定义;根据普适计算应用特点,将普适计算应用系统抽象成一个数学结构,以便于隐私策略的形式化分析;给出隐私策略公式的解释和语义。(2)研究了基于一阶逻辑的隐私策略模型,通过该模型统一了构成隐私策略基本要素的隐私策略原语,为本文的研究提供了一致的研究对象和隐私策略语义。在本章中,介绍了多类逻辑理论,并指出采用多类逻辑研究隐私策略模型的必要性。对自然语言描述的隐私策略样例,分析了构成隐私策略的各种原语,并将其作为用于描述隐私策略的多类逻辑的类。提出了隐私策略执行环境的模型,在此基础上,总结出了可执行的隐私策略模型。(3)介绍了描述逻辑理论,并指出基于描述逻辑的系统,不仅可以存储术语和断言形式的领域知识,而且能提供基于术语和断言的推理服务。基于描述逻辑,并结合本文提出的隐私策略原语,建立了包含普适计算应用领域结构的抽象模型和领域个体的断言形式的隐私策略知识库PKB(TBox, ABox),为其定义了各种原子概念和原子角色,建立了TBox中的用户组公理和隐私策略公理以及ABox中的个体断言,并指出使用隐私策略公理可以表示隐私策略。根据ABox中包含的用户和用户属性、关系的个体断言,提出了隐私规则知识库PRKB(TBox, ABox, RBox)的概念,分析了隐私策略的形式化推理过程。(4)在介绍了OWL本体语言和规则引擎的内容后,从面向应用的角度出发,主要研究了隐私策略基于本体的表示方法和基于规则的执行机制,在对隐私策略执行机制验证的基础上,提出了隐私策略在普适计算中的应用框架。对于隐私策略的本体表示,本文定义了一般规则的本体,在此基础上定义了隐私规则的本体,同时将隐私信息的查询请求也作为一种无前提的规则给予本体定义,基于这些本体,从较为抽象和泛化的层面,提出了隐私策略基于本体的一般表示方法,并通过对该表示方法的修改,增加了隐私策略对隐私信息粒度的控制功能。对于隐私策略的规则表示和推理,根据隐私策略原语,本文给出了隐私策略的规则表示,定义了隐私策略的分层执行环境以及相应的映射规则,从抽象的角度分析了隐私策略响应查询的执行流程,对该流程进行了实验验证。从一般设计的角度,借鉴计算机网络OSI分层模型的思想,提出了设计普适计算隐私保护系统的逻辑层次架构;根据上述的隐私策略本体表示和规则推理,从模式和框架的高度与层面,提出一个建议性的隐私策略在普适计算中的应用模型,并分析该应用模型的可实施性。(5)对隐私策略的学习技术做了初步的研究。介绍了普适计算中面向隐私保护的用户上下文,将用户上下文分为静态上下和动态上下文两大类,并指出用户上下文对于隐私策略在用户管理接口中的动态生成有直接的作用和影响。介绍了基于案例的推理CBR的主要实现技术,在此基础上,提出了基于用户上下文和案例推理的隐私策略学习模型,研究了隐私策略案例的抽象表达方法以及案例索引的建立方法,根据一个普适应用场景,提出了一个隐私策略案例的检索算法,并结合用户上下文分析了隐私策略学习的过程。最后,就典型普适计算应用——基于位置服务(LBS)的应用,实现了一个用户位置信息暴露策略的CBR学习系统,以说明策略学习的可行性。

【Abstract】 Ubiquitous/Pervasive computing system comprises heterogeneous computing devices that are‘invisibly’embedded into environment and provide users with ubiquitous access to services. For using these services, ubiquitous computing devices may form context-aware networks for capturing contexts about users. Such contexts can be used by Ubicomp system to adapt its functionality and behavior to various user preferences. This means pervasive computing system may facilitate unobtrusive access, manipulation, and presentation of personal data derived from contexts. The unobtrusive features of ubiquitous computing may foster unethical use of the technology but, more significantly, they are also much more conducive to inadvertent intrusions on privacy.Privacy is the claim of individuals to determine for themselves when, how, and to what extent information about them is communicated to others. Accordingly, this paper address privacy issues by enabling individual (policy-author) to make privacy policies for controlling personal data. In such a case, entity (individual or agent) can access policy-author’s personal data only if permitted by her privacy policy. This paper focuses on the representation and reasoning of user privacy policy both in the level of abstract model and application frame. The main contents and innovations in this paper are summarized such as:(1) Access control mechanism for pervasive computing is described firstly. Then, privacy policy formalization is studyed based on predicate logic for pervasive computing. That is, any user privacy policy described in natural language can be formalized as predicate logic formula by extracting the hidden restrictions in context of pervasive computing. Accordingly, this paper depicts the decomposition of privacy policy, and proposes two novel concepts: primitive privacy policy and executive privacy policy. Besides, the alphabet table, item and formula in privacy policy formalization system are defined. The pervasive computing application system is abstracted into a mathematical structure convenient for formal analysis, and the explanation and semantic of privacy policy formula are put forward.(2) Privacy policy model based on first-order logic is introduced to uniform the privacy policy primitive which is the essential element constructing the privacy policy and provides consistent research object and privacy policy semantic for following research in this paper. Many-sorted logic is introduced and the necessity and importance of adopting it are pointed out as well. Through the analysis to privacy policy sample described in natural language, various primitive which construct privacy policy are regarded as sort in many-sorted logic. Also, the executive environment model is presented and executive privacy policy model is concluded based on it.(3) Description logic theory is introduced, which can be used to represent and reason domain knowledge based on term and assertion. Combined description logic and the privacy policy primitive proposed by this paper, a privacy policy knowledge base PKB (TBox, ABox) including the abstract model of pervasive computing application structure and the privacy policy with the form of individual assertion is established. Besides, this paper designs the axioms for user group and privacy policy in TBox and individual assertions in ABox. At the same time, it points out that privacy policy can be expressed by privacy policy axioms. In addition, grounded on the individual assertions about users, user properties, relationships in ABox, the concept of privacy rules knowledge base PRKB (TBox, ABox, RBox) is put forward and the formalization reasoning process of privacy policy is analyzed.(4) After introduction of Web Ontology Language and Rules Engine, both privacy policy expression method based on ontology and executive mechanism based on rules in application domain are discussed. Application frame of privacy policy in pervasive computing is proposed based on the verifying of privacy policy executive mechanism. In ontology expression side, ontology of general rules is defined firstly, followed the ontology of privacy rules. At the same time, the requests to privacy information is regarded as rules with out prerequisite to define their ontology. The general expression of privacy policy based on ontology is presented from a relatively abstract and general level. Additionally, a proper improvement is designed to add a function to control the granularity of privacy information. In rules reasoning side, according to the policy primitive, the expression method of privacy policy rules is presented, and layered implementation environment and corresponding mapping rules are defined. The procedure of response for incoming query is analyzed and substantiated by experiments. At the basis of above expression and reasoning of privacy policy basded on ontology, this paper proposed a suggestive application frame of privacy policy in pervasive computing from model and frame level, the practicality of which is analyzed.(5) Based on user context information and the ability of CBR (Case-based Reasoning), this paper gives a preliminary study on learning context-sensitive privacy policies. Firstly, the user context for pervasive computing environment is introduced, which, in this paper, is grouped into two categories, one is static user context information, and the other is dynamic user context information. This paper argues that user context information can be used to support the dynamic generating of privacy policies in a user interface for reducing the burden of user specifying policies. A history privacy policy can be regarded as a case of CBR system, and stored into the case base. Following this basic notion, this paper presents an abstract case representation based on policy primitives, where any privacy policy case is represented as a feature-value vector. For indexing privacy policy cases, this paper chooses the requester of privacy information as key index and forms the structure of case base. Finally, case retrieval algorithm for privacy policy case base is introduced based on the core of similarity measure in this paper.

节点文献中: 

本文链接的文献网络图示:

本文的引文网络