Presentation is loading. Please wait.

Presentation is loading. Please wait.

Privacy rules over JPEG images Jaime Delgado DMAG UPC BarcelonaTECH October 2015.

Published byChristopher Summers Modified over 8 years ago

Similar presentations

Presentation on theme: "Privacy rules over JPEG images Jaime Delgado DMAG UPC BarcelonaTECH October 2015."— Presentation transcript:

1 Privacy rules over JPEG images Jaime Delgado DMAG UPC BarcelonaTECH http://dmag.ac.upc.edu jaime.delgado@ac.upc.edu October 2015

2 Introduction  The objective: To control access to images (partial, complete, metadata).  The “tools”: Privacy policies.  The “mechanism”: Evaluation & enforcement of policies.

3 Introduction  The objective: To control access to images (partial, complete, metadata).  The “tools”: Privacy policies.  The “mechanism”: Evaluation & enforcement of policies.  The issues (for standardization) : How to express privacy rules. Authorization for access using privacy rules.

4 Main open issues to discuss  Privacy rules: How to express them, level of detail, relationship to the images, what to standardize,...  Authorization for access: Mechanism, formalization, what to standardize,...

5 Scope  Access control to specific images is defined with rules (privacy policies).  Policies are defined either by the service provider or by the image owner.  Policies/rules follow a standard for its representation and enforcement.

6 Privacy rules/policies  Rules / Policies could be based on conditions over information on:  User: individual, group, location, role, …  Context: date and time, number of accesses, action (view, download, …), …  Image: quality, geo-location, author, date, semantic information, …  Action: read, update, delete, …

7 Privacy rules/policies  Rules / Policies could be based on conditions over information on:  User: individual, group, location, role, …  Context: date and time, number of accesses, action (view, download, …), …  Image: quality, geo-location, author, date, semantic information, …  Action: read, update, delete, …

8 Privacy rules/policies example  A specific example could be: “only my workmates can see the Christmas Dinner photo album and only during this month”  In this case, the conditions are:  User: my workmates  Context: this month  Image: Christmas Dinner photo album  Action: read (“see”).

9 Additional features  Different parts of the image might have different privacy policies.  Access to specific metadata elements might be limited.  Provision of different levels of image quality based on roles or other conditions or context.  Time restricted (image can become unusable after certain period of time).  Images are physically kept in a specific repository or they are just referenced.

10 Main open issues to discuss (back)  Privacy rules: How to express them, level of detail, relationship to the images, what to standardize,...

11 Main open issues to discuss (back)  Privacy rules: How to express them, level of detail, relationship to the images, what to standardize,...

12 Main open issues to discuss (back)  Privacy rules: How to express them, level of detail, relationship to the images, what to standardize,... XACML XACML (eXtensible Access Control Markup Language)

13 What to standardize  Where to keep (XML) privacy policies.  RightsDescription element (JPSearch Part 2). Location of the rights description standard. Textual description. Actual rights description. It can be embedded or referenced.

14 What to standardize SOI APP1 (Exif) EOI Image data APP3 (JPSearch) Privacy metadata JPEG file

15 Main open issues to discuss (back)  Privacy rules: How to express them, level of detail, relationship to the images, what to standardize,...  Authorization for access: Mechanism, formalization, what to standardize,...

16 Main open issues to discuss (back)  Privacy rules: How to express them, level of detail, relationship to the images, what to standardize,...  Authorization for access: Mechanism, formalization, what to standardize,... - Rules validity. - Who does the enforcement? - Keep information on the encryption / decryption tools used.

17 What to standardize SOI APP1 (Exif) EOI Image data APP3 (JPSearch) Original JPEG file

18 What to standardize SOI APP1 (Exif) EOI SOI APP1 (Exif) EOI APP11 (protected Exif & JPSearch metadata) Image data APP11 (protected image data) APP3 (JPSearch) Privacy metadata Original JPEG file Protected JPEG file

19 Requirements for solutions  Express privacy policies at enough level of detail.  Include the policies (or a link to them) in the image file.  Provide for the evaluation of privacy policies to authorize or not the access to partial or complete metadata and image data.

20 Possible technologies  Privacy provision using external services:  Privacy policies included in the image, but only a reference to an external system.  External system handles everything:  Creation of the privacy policies  Protection of the images (keys managment)  Access to the privacy policies  Authorization of access to the images  etc.

21 MIPAMS architecture for a solution http://dmag.ac.upc.edu/mipams/

22 Protection of an image with MIPAMS

23 Authorization of access to a protected image

24 Conclusions  Definition of privacy rules to control access to JPEG images.  XACML, a valid, already existing standard.  JPSearch metadata as placeholder for policies.  The highest possible level of granularity for rules.  One example of technology: “External” services.  FUTURE: JPEG Privacy & Security standards.

25 Privacy rules over JPEG images Jaime Delgado DMAG UPC BarcelonaTECH http://dmag.ac.upc.edu jaime.delgado@ac.upc.edu October 2015

Download ppt "Privacy rules over JPEG images Jaime Delgado DMAG UPC BarcelonaTECH October 2015."

Similar presentations

Can I Use It, and If so, How? Christian Lieske SAP AG – MultiLingual Technology Discussion of Consortium Proposal for OLIF2 File Header.

Can I Use It, and If so, How? Christian Lieske SAP AG – MultiLingual Technology Discussion of Consortium Proposal for OLIF2 File Header.
Access control for geospatial information objects using/extending the eXtensible Access Control Markup Language Andreas Matheus, Technische Universität.

Access control for geospatial information objects using/extending the eXtensible Access Control Markup Language Andreas Matheus, Technische Universität.
® IBM Software Group © IBM Corporation WS-Policy Attachment- spec overview Maryann Hondo IBM.

® IBM Software Group © IBM Corporation WS-Policy Attachment- spec overview Maryann Hondo IBM.
NRL Security Architecture: A Web Services-Based Solution

NRL Security Architecture: A Web Services-Based Solution
METS: An Introduction Structuring Digital Content.

METS: An Introduction Structuring Digital Content.
Data Modeling and Database Design Chapter 1: Database Systems: Architecture and Components.

Data Modeling and Database Design Chapter 1: Database Systems: Architecture and Components.
Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.
Dr Gordon Russell, Napier University Unit 5.3 - Data Dictionary 1 Data Dictionary Unit 5.3.

Dr Gordon Russell, Napier University Unit Data Dictionary 1 Data Dictionary Unit 5.3.
Content Types: Markup and Multimedia. Introduction Markup languages use extra textual syntax to encode: –Formatting / display information –Structure information.

Content Types: Markup and Multimedia. Introduction Markup languages use extra textual syntax to encode: –Formatting / display information –Structure information.
16/3/2015 META ACCESS MANAGEMENT SYSTEM Implementing Authorised Access Dr. Erik Vullings MAMS Programme Manager

16/3/2015 META ACCESS MANAGEMENT SYSTEM Implementing Authorised Access Dr. Erik Vullings MAMS Programme Manager
XACML 2.0 and Earlier Hal Lockhart, Oracle. What is XACML? n XML language for access control n Coarse or fine-grained n Extremely powerful evaluation.

XACML 2.0 and Earlier Hal Lockhart, Oracle. What is XACML? n XML language for access control n Coarse or fine-grained n Extremely powerful evaluation.
3. Technical and administrative metadata standards Metadata Standards and Applications.

3. Technical and administrative metadata standards Metadata Standards and Applications.
Data Management I DBMS Relational Systems. Overview u Introduction u DBMS –components –types u Relational Model –characteristics –implementation u Physical.

Data Management I DBMS Relational Systems. Overview u Introduction u DBMS –components –types u Relational Model –characteristics –implementation u Physical.
Securing Web Services Using Semantic Web Technologies Brian Shields PhD Candidate, Department of Information Technology, National University of Ireland,

Securing Web Services Using Semantic Web Technologies Brian Shields PhD Candidate, Department of Information Technology, National University of Ireland,
Creating a Secured and Trusted Information Sphere in Different Markets Giuseppe Contino.

Creating a Secured and Trusted Information Sphere in Different Markets Giuseppe Contino.
Image Metadata Summary of 4/18/99 NISO/DLF Image Metadata Meeting (http://www.niso.org/image.html) Howard Besser UCLA School of Education & Information.

Image Metadata Summary of 4/18/99 NISO/DLF Image Metadata Meeting ( Howard Besser UCLA School of Education & Information.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.

ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
Universe Design Concepts Business Intelligence www.supinfo.com Copyright © SUPINFO. All rights reserved.

Universe Design Concepts Business Intelligence Copyright © SUPINFO. All rights reserved.
Chapter 1: The Database Environment

Chapter 1: The Database Environment
Secure Systems Research Group - FAU Web Services Standards Presented by Keiko Hashizume.

Secure Systems Research Group - FAU Web Services Standards Presented by Keiko Hashizume.

Similar presentations

Ads by Google