| This thesis addresses the discretionary privacy demands of users in heterogeneous distributed systems such as ubiquitous computing environments. Because of the physical proximity and pervasiveness of personal devices, sensors, actuators, and other devices and services, ubiquitous computing environments need a powerful infrastructure for coordinating accesses to these resources. However, this infrastructure makes it easy for malicious administrators to gain access to private information of users. We present models for privacy of a user's communication, unlinkability of a user's accesses, and authorized policy feedback that is both useful and privacy preserving. Our models expose the potential threats to a user's privacy, and allow users to express their individual and differing privacy demands based on these threats. We show how a user's privacy policies can be efficiently satisfied under our models.;For secure and private communication, we present a model for trustworthy routing, with a policy specification language that is computationally efficient to enforce. We show how quantitative trust models can be used to find trustworthy paths of communication and explore various semantic models of trust. For the unlinkability of a user's accesses to services in a ubiquitous computing environment, we present a model based on access control and decentralized enforcement of policy constraints. We prove that our solution is secure, and show how security can be maintained by trading off precision for evolving protection state. Lastly, we present a model called Know for providing feedback regarding access control decisions to users. This model aims to make ubiquitous computing environments more usable and secure, while honoring the privacy of other users in the system. Administrators can specify meta-policies to tailor feedback to individual users based on perceived threat to the policy's contents. |
