Système d'aide à la décision pour la protection des données de vie privée

Nous utilisons de plus en plus d’équipements informatiques connectés à Internet. Nos téléphones, nos tablettes, et maintenant les équipements de notre quotidien peuvent désormais partager des informations pour faciliter notre vie. Mais partager ces données peut porter préjudice à notre vie privée et il est nécessaire de les contrôler. Cependant, cette tâche est complexe surtout pour des utilisateurs novices. Pour les aider dans cette tâche, nous proposons KAPUER, un système d’aide à la décision dont l’objectif est d’apprendre les préférences de l’utilisateur en terme de protection de la vie privée et de lui proposer des règles adaptées pour le contrôle de l’accès aux données. Cet apprentissage est basé sur une approche multicritère pour laquelle nous avons défini un modèle de résolution de problème innovant qui utilise des méta-critères afin de pouvoir exprimer les différentes abstractions présentes dans les politiques d’autorisation. Nous proposons aussi KAGOP, un opérateur d’agrégation utilisant notre modèle de résolution de problème pour prendre en compte simplement les interactions entre critères. KAPUER a été implémenté dans un système basé sur Android et une plateforme d’analyse et de simulation a été développé afin de pouvoir tester le système.We are using more and more devices connected to the Internet. Our smartphones, tablets and now everyday items can share data to make our life easier. Sharing data may harm our privacy and there is a need to control them. However, this task is complex especially for non technical users. To facilitate this task, we present a decision support system, named KAPUER, that proposes high level authorization policies by learning users' privacy preferences. This learning phase is based on a multi criteria approach. We have defined an innovative model of problem solving using meta-criteria to express the different level of abstraction existing in autorisation policies. We also present KAGOP, an aggregation operator using our model of problem solving to take into account interactions between criteria. KAPUER has been implemented in an Android based system and a simulator has been developed to test it

Système d'aide à la décision pour la protection des données de vie privée

Nous utilisons de plus en plus d’équipements informatiques connectés à Internet. Nos téléphones, nos tablettes, et maintenant les équipements de notre quotidien peuvent désormais partager des informations pour faciliter notre vie. Mais partager ces données peut porter préjudice à notre vie privée et il est nécessaire de les contrôler. Cependant, cette tâche est complexe surtout pour des utilisateurs novices. Pour les aider dans cette tâche, nous proposons KAPUER, un système d’aide à la décision dont l’objectif est d’apprendre les préférences de l’utilisateur en terme de protection de la vie privée et de lui proposer des règles adaptées pour le contrôle de l’accès aux données. Cet apprentissage est basé sur une approche multicritère pour laquelle nous avons défini un modèle de résolution de problème innovant qui utilise des méta-critères afin de pouvoir exprimer les différentes abstractions présentes dans les politiques d’autorisation. Nous proposons aussi KAGOP, un opérateur d’agrégation utilisant notre modèle de résolution de problème pour prendre en compte simplement les interactions entre critères. KAPUER a été implémenté dans un système basé sur Android et une plateforme d’analyse et de simulation a été développé afin de pouvoir tester le système.We are using more and more devices connected to the Internet. Our smartphones, tablets and now everyday items can share data to make our life easier. Sharing data may harm our privacy and there is a need to control them. However, this task is complex especially for non technical users. To facilitate this task, we present a decision support system, named KAPUER, that proposes high level authorization policies by learning users' privacy preferences. This learning phase is based on a multi criteria approach. We have defined an innovative model of problem solving using meta-criteria to express the different level of abstraction existing in autorisation policies. We also present KAGOP, an aggregation operator using our model of problem solving to take into account interactions between criteria. KAPUER has been implemented in an Android based system and a simulator has been developed to test it

Authorization policies: Using Decision Support System for context-aware protection of user's private data

International audienceNowadays privacy in ambient system is a real issue. Users will have to control their data more and more in the future. Current security systems don't support a strong constraint: policy writers are non-technical users and not security experts. We propose in this paper to use Decision Support techniques and more specifically Multi-Criteria Decision Analysis in the process of authorization policy writing. This research area provides techniques to inform and assist non-technical users to write their own authorization policies following the paradigm of Attribute-Based Access Control

KAPUER: A Decision Support System for Privacy Policies Specification

International audienceWe are using more and more devices connected to the Internet. Our smartphones, tablets and now everyday items can share data to make our life easier. Sharing data may harm our privacy and there is a need to control them. However, this task is complex especially for non technical users. To facilitate this task, we present a decision support system, named KAPUER, that proposes high level authorization policies by learning users’ privacy preferences. KAPUER has been integrated into XACML and three learning algorithms have been evaluated

dynSMAUG: A Dynamic Security Management Framework Driven by Situations

We present a dynamic security management framework where security policies are specified according to situations. A situation allows to logically group dynamic constraints and make policies closer to business. Situations are specified and calculated by using complex events processing techniques and security policies are written in XACMLv3. Finally, the framework is supported by a modular event based deployment infrastructure. The whole framework has been implemented and its performance is evaluated

Improved Identity Management with Verifiable Credentials and FIDO

We describe how FIDO and W3C VCs can overcome the problems of existing identity management systems. We describe our conceptual model and architecture, and the protocol we used by extending FIDO’s UAF in order to provide both strong authentication and strong authorization. We built a pilot implementation for U.K. NHS patients to validate our implementation. Patients were able to use a mobile phone with a fingerprint reader to access restricted NHS sites in order to make and cancel appointments and order repeat prescription drugs. Our initial user trials with 10 U.K. NHS patients found the system to be easy to use, and fingerprints to be preferable to using usernames and passwords for authentication

Know Your Customer: Opening a new bank account online using UAAF

Universal Authentication and Authorization Framework is a user-centric, privacy by design and decentralized system that allows anyone to easily benefit from a reliable digital identity made of multi-purpose and multi-origin attributes. In this article, we present the implementation of this framework in the context of online banking. We demonstrate how it can facilitate enforcing Know Your Customer when opening a new bank account online by allowing users to combine verifiable identity attributes issued by different organizations

A User-Centric Identity Management Framework based on the W3C Verifiable Credentials and the FIDO Universal Authentication Framework

We present a user-centric and decentralized digital identity system that allows anyone to easily benefit from an enriched digital identity made of multi-purpose and multi-origin attributes. It increases usability by the elimination of user passwords. It also makes this digital identity highly trustworthy both for the user (in terms of privacy and sovereignty) and the service provider who requires highly certified information about the user being enrolled to and/or authenticated on its services. We built our system based on the Universal Authentication Framework specified by the FIDO Alliance and the data model proposed by the W3C Verifiable Credentials WG. The whole system has been implemented in a banking scenario

Difficulties to enforce your privacy preferences on Android? Kapuer will help you

Smartphones and mobile computing have changed our world and we are now over connected. Millions of applications are available to help us in every way possible. However applications can collect data from users for different purposes. Many private data are used to profile users. How to control privacy in this environment? We propose a system called Kapuer that improves the management of applications permissions on Android by combining access control and decision support. We present in this article the Android implementation of Kapuer

Projet INCOME : INfrastructure de gestion de COntexte Multi-Echelle pour l'Internet des Objets

International audienceCet article donne un aperçu du projet de recherche INCOME financé par l'Agence Nationale de la Recherche française en décrivant la fiche d'identité du projet, ses principaux enjeux scientifiques ainsi que les premiers résultats obtenus