Security and Privacy in User Modeling

User-adaptive (or "personalized") systems take individual character istics of their current users into account and adapt their behavior ac cordingly. Several empirical studies demonstrate their benefits in areas like education and training, online help for complex software, dynamic information delivery, provision of computer access to people with dis abilities, and to some extent information retrieval. Recently, personal ized systems have also started to appear on the World Wide Web where they are primarily used for customer relationship management. The aim hereby is to provide value to customers by serving them as individuals and by offering them a unique personal relationship with the business. Studies show that web visitors indeed spend considerably more time at personalized than at regular portals and view considerably more web pages. Personalized sites in general also draw more visitors and turn more visitors into buyers. Personalization therefore would look like a win-win technology for both consumers and online businesses. However, it has a major down side: in order to be able to exhibit personalized behavior, user-adaptive systems have to collect considerable amounts of personal data and "lay them in stock" for possible future usage. Moreover, the collection of information about the user is often performed in a relatively inconspic uous manner (such as by monitoring users' web navigation behavior), in order not to distract users from their tasks.

Offers a comprehensive analysis of security requirements for user modeling systems proceeding from requirements of general information systems and taking into account particular issues of user modeling

Klappentext

With a Foreword by Alfred Kobsa. The research on user modeling has developed a broad range of elaborated algorithms and techniques to support user adaptive applications with information about their users. Several empirical studies demonstrate their benefits in areas like education and training, online help for complex software, dynamic information delivery, etc. The main obstacles to wide-spread use of such systems have always been users' objections and to some extent laws regarding the usage of person-related data. This book offers a comprehensive analysis of security requirements for user modeling systems proceeding from requirements of general information systems and taking into account particular issues of user modeling. Solutions for these requirements are discussed in several ways. Existing solutions in user modeling systems are matched with these requirements. Solutions with a drawback to user modeling are displayed and weighed. New solutions for secrecy and integrity are developed and combined to a reference architecture for security in user modeling. Based on the solutions for encryption, authentication, and authorization, methods for empowering the user to define and enforce his individual requirements towards privacy and anonymity are described in detail. The reference architecture can serve as a default architecture for many user adaptive systems. It offers a modular approach that can adapt to different user requirements and protection goals.

Zusammenfassung
User-adaptive (or "personalized") systems take individual character­ istics of their current users into account and adapt their behavior ac­ cordingly. Several empirical studies demonstrate their benefits in areas like education and training, online help for complex software, dynamic information delivery, provision of computer access to people with dis­ abilities, and to some extent information retrieval. Recently, personal­ ized systems have also started to appear on the World Wide Web where they are primarily used for customer relationship management. The aim hereby is to provide value to customers by serving them as individuals and by offering them a unique personal relationship with the business. Studies show that web visitors indeed spend considerably more time at personalized than at regular portals and view considerably more web pages. Personalized sites in general also draw more visitors and turn more visitors into buyers. Personalization therefore would look like a win-win technology for both consumers and online businesses. However, it has a major down­ side: in order to be able to exhibit personalized behavior, user-adaptive systems have to collect considerable amounts of personal data and "lay them in stock" for possible future usage. Moreover, the collection of information about the user is often performed in a relatively inconspic­ uous manner (such as by monitoring users' web navigation behavior), in order not to distract users from their tasks.

Inhalt
0 Introduction.- 1. User Modeling.- 2. Privacy.- 3. Security.- 4. Requirements for Anonymity and Pseudonymity.- 5. Requirements for Security.- 6. Solutions for Anonymity and Pseudonymity.- 7. Solutions for Security.- 8. Selected User Modeling Components.- 9 Summary and Conclusion.- References.