ADSS: An Available-but-Invisible Data Service Scheme for Fine-Grained Usage Control | IEEE Journals & Magazine | IEEE Xplore
Access provided by:

MIT Libraries

Sign Out
Access provided by:

MIT Libraries

Sign Out
ADVANCED SEARCH
Journals & Magazines >IEEE Transactions on Services... >Volume: 18 Issue: 1

ADSS: An Available-but-Invisible Data Service Scheme for Fine-Grained Usage Control

PDF
Hao Wang; Jun Wang; Chunpeng Ge; Yuhang Li; Lu Zhou; Zhe Liu
All Authors

Abstract:

The demand for mobile terminals to participate in data services is increasingly vital. The General Data Protection Regulation (GDPR) has established several principled re...Show More

Metadata

Abstract:

The demand for mobile terminals to participate in data services is increasingly vital. The General Data Protection Regulation (GDPR) has established several principled requirements for data services. Existing studies focusing on data service put emphasis on data privacy and accessibility. However, they face challenges in achieving data forgetability and portability on mobile devices under GDPR and lack consideration of usage control. In this article, we propose ADSS, an app-level data service scheme for mobile devices that can be available-but-invisible and guarantee fine-grained usage control. ADSS addresses the challenges by executing the logic of data usage in the Trusted Execution Environment (TEE) and managing the TEE states (i.e., data usage states) in the blockchain smart contracts. It not only satisfies the requirements of GDPR, ensuring strong security and confidentiality guarantees, but also enables the functionality of “pay-per-use”. We implement a prototype of the ADSS framework based on ARM Trustzone and conduct experimental evaluations. The results demonstrate that our scheme brings high efficiency compared with other data service schemes and exhibits feasibility on mobile-grade devices.
Published in: IEEE Transactions on Services Computing ( Volume: 18, Issue: 1, Jan.-Feb. 2025)
Page(s): 43 - 56
Date of Publication: 11 November 2024

ISSN Information:

DOI: 10.1109/TSC.2024.3495498

Funding Agency:

Contents

I. Introduction

The demand for collaborative computing involving mobile devices such as smartphones and IoT devices has witnessed a significant surge. For instance, smart home devices aggregate and analyze user data to offer improved services [1], and edge devices contribute local data to federated learning [2]. Consequently, data sharing and utilization on mobile devices have emerged as a crucial issue. As individuals become increasingly aware of the value of their data and data commodification progresses, it is imperative that data sharing and usage occur in the form of commercial services. European Union's General Data Protection Regulation (GDPR) [3] confers several specific principles for data services: i. ”Privacy by design”: the data sharing mode has to be privacy-preserving to guarantee no visibility from the public perspective; ii. ”Right to access”: Data providers have the right to be informed about how and why the data receivers are using the data they share, and data are used in a manner consistent with the intended execution; iii. ”Right to be forgotten”: when the data service needs to be terminated at any time, it is essential to incorporate a withdrawal mechanism that ensures the buyer's inability to access the data any longer; iv. ”Right to data portability”: data should be regularized in a structured, commonly used and machine-readable format to facilitate sharing. It requires that data usage should have the ability to be migrated into multiple devices or operating systems.

Contact IEEE to Subscribe

References

References is not available for this document.

IEEE Account

Purchase Details

Profile Information

Need Help?

A not-for-profit organization, IEEE is the world's largest technical professional organization dedicated to advancing technology for the benefit of humanity.
© Copyright 2025 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.