SecureCheck: User-Centric and Geolocation-Aware Access Mediation Contracts for Sharing Private Data
Jacob Hopkins, and Carlos Rubio-Medrano
In Proceedings of the 29th ACM Symposium on Access Control Models and Technologies, San Antonio, TX, USA, 2024
Data oversharing is a critical issue in today’s technologically driven society. Numerous entities, i.e., corporations, governments, criminal groups, are collecting individuals’ data. One potential cause is that current systems, such as verification systems, do not prioritize the minimization of exchanged data. To address this issue, we propose SecureCheck, a novel privacy-enhancing technology (PET) framework that prioritizes data minimization. We aim to ensure that individuals control technology and its access to themselves, and not technology controlling individuals or their data. To that end, our proposed framework is comprised of two components: a novel access control model, called access mediation contracts, that enables users to negotiate with third parties over what data is used in a verification event, and a novel recommendation system that recommends the access mediation contracts in situationally-aware manner using geolocation data. As a part of ongoing work, we are developing a privacy calculus model detailing the decision process for data exchange. Also, we are conducting an exploratory study to better identify how to resolve conflicts between data owners and verifiers. Finally, we are actively working towards VaxCheck, a prototype implementation of SecureCheck focused on vaccine verification systems, so we can assess its effectiveness and suitability for future deployments in practice.