TY - JOUR
T1 - δRisk
T2 - Toward Context-aware Multi-objective Privacy Management in Connected Environments
AU - Bou-Chaaya, Karam
AU - Chbeir, Richard
AU - Alraja, Mansour Naser
AU - Arnould, Philippe
AU - Perera, Charith
AU - Barhamgi, Mahmoud
AU - Benslimane, Djamal
N1 - Funding information: This work is supported by the Research Council (TRC), Sultanate of Oman (Block Fund-Research Grant).
PY - 2021/6/1
Y1 - 2021/6/1
N2 - In today's highly connected cyber-physical environments, users are becoming more and more concerned about their privacy and ask for more involvement in the control of their data. However, achieving effective involvement of users requires improving their privacy decision-making. This can be achieved by: (i) raising their awareness regarding the direct and indirect privacy risks they accept to take when sharing data with consumers; (ii) helping them in optimizing their privacy protection decisions to meet their privacy requirements while maximizing data utility. In this article, we address the second goal by proposing a user-centric multi-objective approach for context-aware privacy management in connected environments, denoted δ-Risk. Our approach features a new privacy risk quantification model to dynamically calculate and select the best protection strategies for the user based on her preferences and contexts. Computed strategies are optimal in that they seek to closely satisfy user requirements and preferences while maximizing data utility and minimizing the cost of protection. We implemented our proposed approach and evaluated its performance and effectiveness in various scenarios. The results show that δ-Risk delivers scalability and low-complexity in time and space. Besides, it handles privacy reasoning in real-time, making it able to support the user in various contexts, including ephemeral ones. It also provides the user with at least one best strategy per context.
AB - In today's highly connected cyber-physical environments, users are becoming more and more concerned about their privacy and ask for more involvement in the control of their data. However, achieving effective involvement of users requires improving their privacy decision-making. This can be achieved by: (i) raising their awareness regarding the direct and indirect privacy risks they accept to take when sharing data with consumers; (ii) helping them in optimizing their privacy protection decisions to meet their privacy requirements while maximizing data utility. In this article, we address the second goal by proposing a user-centric multi-objective approach for context-aware privacy management in connected environments, denoted δ-Risk. Our approach features a new privacy risk quantification model to dynamically calculate and select the best protection strategies for the user based on her preferences and contexts. Computed strategies are optimal in that they seek to closely satisfy user requirements and preferences while maximizing data utility and minimizing the cost of protection. We implemented our proposed approach and evaluated its performance and effectiveness in various scenarios. The results show that δ-Risk delivers scalability and low-complexity in time and space. Besides, it handles privacy reasoning in real-time, making it able to support the user in various contexts, including ephemeral ones. It also provides the user with at least one best strategy per context.
KW - context-aware computing
KW - Internet of Things
KW - privacy by design
KW - privacy risk quantification
KW - semantic reasoning
KW - User-centric privacy
UR - http://www.scopus.com/inward/record.url?scp=85114273376&partnerID=8YFLogxK
U2 - 10.1145/3418499
DO - 10.1145/3418499
M3 - Article
AN - SCOPUS:85114273376
SN - 1533-5399
VL - 21
JO - ACM Transactions on Internet Technology
JF - ACM Transactions on Internet Technology
IS - 2
M1 - 3418499
ER -