UrbanComp Lab logo
UrbanComp Lab | 学习资料库
中国地质大学(武汉)位置智能与城市感知实验室
返回论文库
论文
arXiv
SpatialIntelligence
Trajectory
Mobility
UrbanTraffic
中文标题
CityOS:面向城市感知的隐私架构
English Title
CityOS: Privacy Architecture for Urban Sensing
Giorgio Cavicchioli, Mark Chen, Navid Salami Pargoo, Shuren Xia, Xiaotian Zhou, Roxana Geambasu, Jason Nieh, Jorge Ortiz
发布时间
2026/5/5 01:54:45
来源类型
preprint
语言
en
摘要
中文对照

城市正快速部署各类感知基础设施——包括摄像头、环境传感器和联网信息亭——持续监测公共空间,但尚缺乏一套系统架构来规范应用程序对这些数据的访问、聚合与存储,由此引发隐私风险,并阻碍隐私政策的一致执行。本文提出 CityOS,一种面向城市感知的操作系统,其通过受结构化、隐私优先的 Web 接口启发的三层 API,中介应用程序对传感器数据的访问。各层在扩大数据空间覆盖范围的同时,施加逐级增强的隐私约束:现场层(On-Scene)支持实时感知,原始数据严格限定于本地上下文;单地点聚合层(Single-Locality Aggregation)在固定位置生成满足差分隐私要求的纵向统计结果;跨地点聚合层(Cross-Locality Aggregation)支持跨区域的城市级分析,由用户设备强制执行按用户的隐私预算。CityOS 作为边缘运行时环境,以临时容器方式执行不可信应用程序,强制实施上述策略,并通过广播差分隐私损失实现透明性。我们实现了 CityOS 及覆盖全部三层的应用程序,包括行人安全预警、实时与预测停车位可用性、交通态势仪表盘以及地铁轨迹测量等,并验证其可在保障强隐私的前提下支撑实际街道场景应用。

English Original

Cities are rapidly deploying sensing infrastructure -- cameras, environmental sensors, and connected kiosks -- that continuously observe public spaces, yet they lack a system architecture governing how applications access, aggregate, and retain this data, creating privacy risks and preventing consistent policy enforcement. We present CityOS, an operating system for urban sensing that mediates application access to sensor data through a three-tier API inspired by structured, privacy-conscious web interfaces. The tiers expand the spatial scope of data access while imposing progressively stronger privacy constraints: On-Scene supports real-time sensing with raw data confined to the local context; Single-Locality Aggregation enables differentially private longitudinal statistics at a fixed location; and Cross-Locality Aggregation supports citywide analytics via aggregation across locations, with user devices enforcing per-user privacy budgets. CityOS runs as an edge runtime that executes untrusted applications in ephemeral containers, enforcing these policies and providing transparency via broadcasts of differential privacy loss. We implement CityOS and applications across all tiers -- including pedestrian safety alerts, real-time and forecast parking availability, traffic dashboards, and subway trajectory measurement -- and show that it supports practical streetscape applications while enforcing strong privacy.

资源链接
论文 PDFarxiv.org/pdf/2605.02886v1论文 PDFarxiv.org/pdf/2605.02886v1原始来源页面arxiv.org/abs/2605.02886v1
元数据
arXiv2605.02886v1
来源arXiv
类型论文
抽取状态raw
关键词
SpatialIntelligence
Trajectory
Mobility
UrbanTraffic
cs.OS