<body><pre>
Network Security Architecture
Carl Gunter, U. Penn

Privacy and Smartcard

Privacy is not only
  -- Access Control
  -- Confidentiality

Formalism: privacy system
Architecture: Personal Digital Rights Management (PDRM)
Case Study: Location Based Services (LBS)

Related Work
  Protection Systems
    Graham, et. al, 1972
    Lampson, et. al, 1974
    Harrison, et. al, 1976
  Digital Rights Management
    ODRL
    XrML
  Privacy Specification Language
    P3P (W3C)
    APPEL (W3C)
    EPAL (ibm)
  Geographic Privacy
    Geopriv workgrouop (IETF)
    Snekkenes, 2001

Graham/Denning Model
  access control matrices as a model for reference monitors
  in time sharing os
  P : Principal
  O : object
  function R: P x O -> Sigma
  table R: P x (P + O) -> pwr( Sigma )

Location Based Services 
  Services based on the location of a principal
  Technial Drivers:
    cell phones; GPS and telematics; RFID tags;
    DHCP and 802.11
  Rules for adchiving, redistribution, and usage must be 
  addressed at individual and group level

  LBS Scenarios
   - subjects:
     people who concerned about privacy

   - holders:
     principals willing and able to collect location
     information about subjects (celltrek, autorealm, 
     canada on line, spartan chemicals)
                       
   - subscribers:
     (friendsintown.com, market models, what's here,
      travel archive)

Privacy Fundamentals
  -- Transfer: What is the right of a principal p to transfer
     an object x to a principal q where x is about a subject
     r ?
  -- Action: what is the right of a pincipal p to carrry out
     an action that affects the privacy of a principal q?
  -- Creation: which principal p are allowed to create objects
     x whose subject is q?
  -- Right Establishment: how are rights established for a
     principal p?

Limitations of GRaham/Denning
  No explicit reprensentation of the idea that an object is
  private data about a given subject (owning a data doesn't mean
  it can be used in whatever way)

Our Solution
  Notation: 
    Objects
    Principals
    Actions
    Time
    Each object x has subject subj(x), creation time ct(x)
    Null object, Null principal
    Privacy system: <Sigma, T, U, V, W>
      Sigma: a set of rights
      T: Sigma x Sigma x O x R -> O publlish/subscribe func
      U \includesin Sigma x A x R action right
    Events
      set policy event: p sets \tao on q for r at t
      creation event: p creates x at t
      publish/subscribe event: p gets x from q at t
    Events sequences

  E.g.
    Direct Permission
    Direct Time limited Permission
    Sharing with Partners

    AdLoc services


Smart Cards
  Embeded computer systems: installed in host devices.

  Constraints:
    - form (viz, size, shape, and weight)
    - power
    - location (mobility)

  Open APIs:
    devices with open API have advantages
    (greater fleasibility, indedendent support)

  Most do not offer open API, they have significant constraint
  on safety and security.

  Project 1: Opem
    Programmable Microwave Ovens
      hardware: microwave oven vendors
      software: frozen food manufacturers

  Project 2: PISCES

  Java cards. http://java.sun.com/products/javacard/examples.html
  SET protocol.
  </pre></body>
