簡易檢索 / 詳目顯示
| 研究生: |
胡倩瑋 Hu, Chien-Wei |
|---|---|
| 論文名稱: |
支援以使用者為中心於雲端服務環境之個人隱私保護 Supporting User-Centric Privacy Protection in Cloud Environments |
| 指導教授: |
焦惠津
Jiau, Hewijin Christine |
| 學位類別: |
碩士 Master |
| 系所名稱: |
電機資訊學院 - 電腦與通信工程研究所 Institute of Computer & Communication Engineering |
| 論文出版年: | 2016 |
| 畢業學年度: | 104 |
| 語文別: | 英文 |
| 論文頁數: | 41 |
| 中文關鍵詞: | 軟體即服務 、雲端服務 、使用者隱私 、隱私量測 、隱私保護 |
| 外文關鍵詞: | Software as a Service, Cloud Computing, User Privacy, Privacy Measurement, Privacy Protection |
| 相關次數: | 點閱:93 下載:4 |
| 分享至: |
| 查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報 |
現今各式雲端服務已深入一般人的生活中。身為雲端服務的終端使用者,終端使用者可透過手機等攜帶式裝置,不分時間地點地使用這些雲端服務,包含文書處理、健康管理、金融管理、生活資訊回饋等,充分享受這些雲端服務所帶來的便利性。然而,當使用雲端服務時,終端使用者必然會留下各式操作資料在雲端服務中。單一筆操作資料對於終端使用者而言可能不會透露任何資訊,但是當大量的操作資料被取得,更多的使用者資料,甚至包含終端使用者的個人敏感資訊,將會被雲端服務提供者透過資料分析取得,造成一種潛在的隱私威脅。因為基於使用者資料所具備的商業價值,雲端服務提供者往往趨於取得更多的使用者資料,除了終端使用者在雲端服務所留下的操作資料,雲端服務提供者也會對這些操作資料進行進一步分析以得到更多的使用者資料。而且雲端服務提供者身為操作資料的管理者,對於終端使用者的操作資料以及所推演出的額外使用者資料有絕對掌控權,雲端服務提供者可能會對這些資料進行任何操作,包含將這些資料傳給雲端服務提供者的商業合作夥伴,或是進一步地被使用在各種終端使用者無法預期的目的上。當可能被雲端服務取得的使用者資料增加,使用者的隱私風險將會跟著增加。目前,隨著網路上可取得的公開資訊增加,除了使用傳統的資料分析模式之外,雲端服務提供者更可將終端使用者的操作資料與各式網路公開資訊進行整合,推演出更多額外的使用者資料,進而增加使用者的隱私風險。對於終端使用者而言,當雲端服務推演出更多的使用者資料的同時,雲端服務並不會告知終端使用者。終端使用者在無法知道自己哪些個人資訊出現了隱私風險的前提之下,將無法採取行動進行隱私保護,減少隱私風險所可能帶來的危害。本論文以終端使用者在使用雲端服務時,所留給雲端服務的操作資料為基礎,針對整合使用者操作資料與網路資訊所帶來的風險,提出了針對整合型資料分析模式的終端使用者個人隱私風險量測工具。除此之外,並提供一套個人隱私保護系統,此個人隱私保護系統除了涵蓋前述提到,針對整合型資料分析模式的終端使用者個人隱私風險量測工具之外,也蒐集現有針對其他分析模式的終端使用者個人隱私風險量測工具。以這些風險量測工具為基礎,此個人隱私保護系統將分析使用者實際的雲端服務使用情形,並針對個人的雲端服務使用情況與隱私偏好,提出量身訂做的個人化隱私風險測量計畫。此個人隱私保護系統將會自動幫終端使用者執行個人化隱私風險測量計畫,並在發現潛在的隱私威脅時,提出適當的隱私保護策略建議,讓終端使用者在能正常使用雲端服務的前提之下,也能保護自己的個人隱私,避免因隱私洩漏所可能造成的傷害。
Nowadays, people access cloud services whenever and wherever they want using all kinds of mobile devices, and leave a large amount of usage data on the service side. A single piece of operation data may seem harmless to user’s privacy. However, if the usage data is aggregated with some other data (e.g. public data on the Internet), even more user information will be exposed. In this thesis, two types of attacks focusing on users’ usage data are exposed. Since it is difficult for users to be aware of these kinds of privacy leakages, privacy-leakage-detection metrics are provided. To evaluate the effectiveness of these metrics, three case studies from real operation data are conducted. The results show that users’ usage data indeed creates privacy risks, which can be highlighted by the privacy leakage detection metrics outlined here. Besides the privacy-leakage-detection metrics which emphasis on privacy leakages caused by data aggregation, traditional privacy measurements, which focus on analyzing the usage data itself, also have been proposed in previous work. For end users, there are various privacy measurements for them to detect different privacy leakages. However, it’s not easy for end users to find suitable privacy measurements because they do not have the background knowledge. Moreover, end users also do not know what is available to be used for protecting their privacy when they finds privacy leakages. In this thesis, iGuard, a personalized guard system for cloud service usage on mobile devices, is provided. iGuard provides a customized privacy measurement plan which fits in a user’s personal situation. The plan is executed to detect possible privacy leakages when the user is using cloud services. To resolve the leakages, iGuard also provides workable privacy protection strategies. The user can apply one of the strategies and see its effect on the privacy measurement results. According to the results, the user can tune his strategy continuously until he is satisfied with the results. By continuously tuning, the user can manage the privacy-utility trade-offs of using cloud services.
[1] H. Seybert and P. Reinecke, “Internet and Cloud Services - Statistics On The Use by Individuals,” http://ec.europa.eu/eurostat/statistics-explained/index.php/Internet and cloud services - statistics on the use by individuals, Dec. 2014, [Online; accessed 18-July-2016].
[2] T. Danova, “The Cloud Computing Report: How Different Cloud Services Are Competing For Users And Pushing Up Usage,” http://www.businessinsider.com/cloud-report-competing-for-users-and-pushing-up-usage-2014-7, Jul. 2014, [Online;accessed 18-July-2016].
[3] K. Shilton, “Four Billion Little Brothers?: Privacy, Mobile Phones, and Ubiquitous Data Collection,” Communications of the ACM, vol. 52, no. 11, pp. 48–53, Nov. 2009.
[4] S. Subashini and V. Kavitha, “A Survey on Security Issues in Service Delivery Models of Cloud Computing ,” Journal of Network and Computer Applications, vol. 34, no. 1, pp. 1 – 11, Jan. 2011.
[5] J. Woods, “20 Cloud Computing Statistics Every CIO Should Know,” http://siliconangle.com/blog/2014/01/27/20-cloud-computing-statistics-tc0114/, Jan. 2014, [Online; accessed 18-July-2016].
[6] P. Chairunnanda, N. Pham, and U. Hengartner, “Privacy: Gone With the Typing! Identifying Web Users by Their Typing Patterns,” in 2011 IEEE Third International Conference on Privacy, Security, Risk and Trust (PASSAT) and 2011 IEEE Third Inernational Conference on Social Computing (SocialCom), Oct. 2011, pp. 974–980.
[7] L. Liao, D. J. Patterson, D. Fox, and H. Kautz, “Learning and Inferring Transportation Routines,” Artificial Intelligence, vol. 171, no. 5-6, pp. 311–331, Apr. 2007.
[8] L. Liao, D. J. Patterson, D. Fox, and H. Kautz, “Building Personal Maps from GPS Data,” Annals of the New York Academy of Sciences, vol. 1093, no. 1, pp. 249–265, 2006.
[9] G. Valkanas and D. Gunopulos, “Location Extraction from Social Networks with Commodity Software and Online Data,” in 2012 IEEE 12th International Conference on Data Mining Workshops (ICDMW), 2012, pp. 827–834.
[10] L. Ferrari, A. Rosi, M. Mamei, and F. Zambonelli, “Extracting Urban Patterns From Location-Based Social Networks,” in Proceedings of the 3rd ACM SIGSPATIAL International Workshop on Location-Based Social Networks, 2011, pp. 9–16.
[11] P. Murukannaiah and M. Singh, “Platys Social: Relating Shared Places and Private Social Circles,” IEEE Internet Computing, vol. 16, no. 3, pp. 53 –59, May-Jun. 2012.
[12] L. O. Stenneth and P. S. Yu, “Privacy-Aware Mobile Location-Based Systems,” in Proceedings of the 1st International Workshop on Mobile Location-Based Service, 2011, pp. 79–88.
[13] G. Zhang, X. Liu, and Y. Yang, “Time-Series Pattern Based Effective Noise Generation for Privacy Protection on Cloud,” IEEE Transactions on Computers, vol. 64, no. 5, pp. 1456–1469, May 2015.
[14] P. Ren, W. Liu, and D. Sun, “Partition-Based Data Cube Storage and Parallel Queries for Cloud Computing,” in 2013 Ninth International Conference on Natural Computation (ICNC), Jul. 2013, pp. 1183–1187.
[15] A. R. Beresford, A. Rice, N. Skehin, and R. Sohan, “MockDroid: Trading Privacy for Application Functionality on Smartphones,” in Proceedings of the 12th Workshop on Mobile Computing Systems and Applications, 2011, pp. 49–54.
[16] S. Guha, M. Jain, and V. N. Padmanabhan, “Koi: A Location-Privacy Platform for Smartphone Apps,” in Proceedings of the 9th USENIX Conference on Networked Systems Design and Implementation, 2012.
[17] H. Kasai, W. Uchida, and S. Kurakake, “A Service Provisioning System for Distributed Personalization With Private Data Protection,” Journal of Systems and Software, vol. 80, no. 12, pp. 2025 – 2038, 2007.
[18] R. Jin and B. Wang, “Malware Detection for Mobile Devices Using Software-Defined Networking,” in Proceedings of the 2013 Second GENI Research and Educational Experiment Workshop, 2013, pp. 81–88.
[19] K. Biermann, “Betrayed by Our Own Data,” http://www.zeit.de/digital/datenschutz/2011-03/data-protection-malte-spitz, Mar. 2011, [Online; accessed 18-July-2016].
校內:2021-08-03公開校外:2021-08-03公開