文章摘要

吴宗大,谢坚,郑城仁,周志峰,陈恩红.数字图书馆用户的行为偏好隐私保护框架[J].中国图书馆学报,2018,44(2):72~85
数字图书馆用户的行为偏好隐私保护框架
A Framework for the Protection of User Behavior Preference Privacy of Digital Library
投稿时间:2017-10-03  修订日期:2017-12-10
DOI:
中文关键词: 数字图书馆  行为偏好  隐私保护
英文关键词: Digital library  Behavior preference  Privacy protection
基金项目:本文系国家社会科学基金青年项目“数字图书馆用户的‘行为偏好隐私’保护方法研究”(编号:17CTQ011)的研究成果之一
作者单位E-mail
吴宗大 温州市信息安全中心 浙江 温州 325035 zongda1983@163.com 
谢坚 温州市信息安全中心 浙江 温州 325035  
郑城仁 温州市信息安全中心 浙江 温州 325035  
周志峰 温州市信息安全中心 浙江 温州 325035  
陈恩红 中国科学技术大学计算机科学与技术学院 安徽 合肥 230027  
摘要点击次数: 465
全文下载次数: 
中文摘要:
      针对新兴网络环境下数字图书馆用户的行为偏好隐私保护问题,设计实现了一个有效的方法框架。该方法框架的基本思想是:通过在可信客户端精心构造一系列“真假难辨”的伪行为,连同用户真行为一起,提交给不可信服务器端,“以假乱真”掩盖用户行为蕴含的敏感偏好。评估实验验证了该方法框架的有效性,即能在不损害数字图书馆服务的实用性、准确性和高效性的前提下,确保用户行为偏好隐私在不可信数字图书馆服务器端的安全性。该工作是针对数字图书馆用户行为偏好隐私保护问题的首次研究尝试,对搭建新网络环境下用户隐私安全的数字图书馆平台具有重要意义。图5。表1。参考文献25。
英文摘要:

    Although providing great convenience for users, digital libraries result in users serious concerns on personal privacy due to their more and more untrusted server sides. In fact, users privacy concerns have become one of the major obstacles to the development and application of digital libraries. In digital libraries, user privacy can be divided into data privacy and behavior privacy. Compared to data privacy, the protection of behavior privacy cannot be solved by using traditional privacy protection methods, because it is not allowed to change existing information services in digital libraries. Thus, it is more challenging to protect users behavior privacy in digital libraries.

The purpose of this paper can be described as follows. Aiming at various kinds of online behaviors (i.e., service requests) issued by users in a digital library, we aim to construct a unified framework and model for behavior privacy protection, so as to break the limitations of traditional privacy protection methods when being applied to digital libraries, i.e., to ensure the security of various kinds of behavior privacy on the untrusted server side, under the constraints of not changing the existing platform architecture and service algorithms of a digital library, and not compromising the accuracy and efficiency of information services supplied by the digital library.

In this paper, we first design a basic framework for user behavior privacy protection in a digital library. The basic idea of the framework is to lay a middleware (running at a trusted client, which is used to implement a privacy protection algorithm) between a library user interface (running at a trusted client) and the library services (running at the untrusted server); then, for a service request (i.e., a user behavior) issued by a user, the privacy algorithm would construct a group of high quality dummy behaviors, and submit them together with the user behavior to the untrusted server side, so as to cover up the sensitive preferences behind user's behaviors. Based on the framework, we then present a behavior privacy model, which formulates the constraints that ideal dummy behaviors should satisfy, to provide a reference for the privacy algorithm running at the client for the construction of dummy behaviors. Finally, we discuss the design and implementation of the privacy algorithm, under the model framework of users behavior privacy protection.

Both theoretical analysis and experimental evaluation demonstrate the feasibility of the framework and model proposed in this paper, i.e., by constructing dummy behaviors of semantically irrelevant categories, the significance of users sensitive preferences on the untrusted server side can be reduced effectively (thereby,resulting in a good cover up effect); and by constructing dummy behaviors of highly similar feature distributions with user behaviors, it is difficult for attackers to rule out the dummy behaviors (thereby,resulting in a good mix up effect).

This paper is the first research attempt to the protection of user behavior privacy in a digital library. The privacy framework proposed in this paper can ensure the security of user behaviors on the untrusted server side, without compromising the availability, accuracy and efficiency of information services in a digital library, resulting in a positive significance to the development of a privacy preserving digital library. However, this paper only describes a privacy framework at a high level of abstraction. In a digital library, there are various forms of behavior privacy (such as recommendation behavior and retrieval behavior). As the future work, we need to further study how to design and implement the corresponding privacy protection algorithm for each kind of user behavior. 5 figs. 1 tab. 25 refs.

下载全文   查看/发表评论  下载PDF阅读器