cpt-compsac - The University of Texas at Dallas
Download
Report
Transcript cpt-compsac - The University of Texas at Dallas
Data and Applications Security
Developments and Directions
Confidentiality
Privacy
Trust
(CPT)
COMPSAC 2005
Dr. Bhavani Thuraisingham
The University of Texas at Dallas
July 2005
Outline
Semantic web as vehicle for collaboration
Trustworthy/dependable data management
Confidentiality
Data Mining and Privacy
Platform for Privacy Preferences
Trust Management
Coalition Policy Architecture
Layered Architecture for Dependable
Semantic Web
0Adapted from Tim Berners Lee’s description of the Semantic Web
S
E
C
U
R
I
T
Y
P
R
I
V
A
C
Y
Logic, Proof and Trust
Rules/Query
RDF, Ontologies
Other
Services
XML, XML Schemas
URI, UNICODE
0 Some Challenges: Interoperability between Layers; Security and
Privacy cut across all layers; Integration of Services; Composability
Relationships between Dependability, Confidentiality,
Privacy, Trust
Privacy
Confidentiality
Dependability
Trust
Dependability: Security,
Privacy, Trust, Real-time
Processing, Fault Tolerance;
also sometimes referred to as
“Trustworthiness”
Confidentiality: Preventing the
release of unauthorized
information considered sensitive
Privacy: Preventing the release
of unauthorized information
about individuals considered
sensitive
Trust: Confidence one has that an individual will give him/her correct information
or an individual will protect sensitive information
Some Confidentiality Models: RBAC and UCON
Access Control Models by Sandhu et al
RBAC (Role-based access control):
- Access to information sources including structured and
unstructured data both within the organization and
external to the organization depending on user roles
UCON: Usage Control
- Policies of authorizations, Obligations and Conditions
- Authorization decisions are determined by policies of the
subject, objects and right
Obligations are actions that are required to be performed
before or during the access process
- Conditions are environment restrictions that are required
to be valid before or during the access process
-
Security/Inference Control (for Semantic Web)
Interface to the Client
Security Engine/
Rules Processor
Policies
Ontologies
Rules
Semantic Web
Engine
XML, RDF
Documents
Web Pages,
Databases
Data Mining as a Threat to Privacy
Data mining gives us “facts” that are not obvious to human analysts
of the data
Can general trends across individuals be determined without
revealing information about individuals?
Possible threats:
Combine collections of data and infer information that is private
Disease information from prescription data
Military Action from Pizza delivery to pentagon
Need to protect the associations and correlations between the data
that are sensitive or private
-
Some Privacy Problems and Potential Solutions
Problem: Privacy violations that result due to data mining
- Potential solution: Privacy-preserving data mining
Problem: Privacy violations that result due to the Inference problem
- Inference is the process of deducing sensitive information from
the legitimate responses received to user queries
- Potential solution: Privacy Constraint Processing
Problem: Privacy violations due to un-encrypted data
- Potential solution: Encryption at different levels
Problem: Privacy violation due to poor system design
- Potential solution: Develop methodology for designing privacyenhanced systems
Privacy Preserving Data Mining
Prevent useful results from mining
- Introduce “cover stories” to give “false” results
- Only make a sample of data available so that an adversary is
unable to come up with useful rules and predictive functions
Randomization
- Introduce random values into the data and/or results
- Challenge is to introduce random values without significantly
affecting the data mining results
- Give range of values for results instead of exact values
Secure Multi-party Computation
- Each party knows its own inputs; encryption techniques used to
compute final results
Platform for Privacy Preferences (P3P):
What is it?
P3P is an emerging industry standard that enables web sites t9o
express their privacy practices in a standard format
- When
a user enters a web site, the privacy policies of the web
site is conveyed to the user
- If the privacy policies are different from user preferences, the
user is notified; User can then decide how to proceed
The format of the policies can be automatically retrieved and
understood by user agents
Main difference between privacy and security
- User is informed of the privacy policies
- User is not informed of the security policies
Privacy Problem as a form of
Inference Problem
Privacy constraints
- Content-based constraints; association-based constraints
Privacy controller
- Augment a database system with a privacy controller for
constraint processing and examine the releasability of
data/information (e.g., release constraints)
Use of conceptual structures to design applications with privacy in
mind (e.g., privacy preserving database and application design)
The web makes the problem much more challenging than the
inference problem we examined in the 1990s!
Is the General Privacy Problem Unsolvable?
Privacy Control
Interface to the Semantic Web
Privacy Engine/
Rules Processor
Policies
Ontologies
Rules
Client accessing the
Web site
XML, RDF
Documents
Trust Management
Trust Services
- Identify services, authorization services, reputation
services
Trust negotiation (TN)
Digital credentials, Disclosure policies
TN Requirements
- Language requirements
Semantics, constraints, policies
System requirements
Credential ownership, validity, alternative negotiation
strategies, privacy
Example TN systems
KeyNote and Trust-X (U of Milan), TrustBuilder (UIUC)
-
-
Trust Management Process
Coalition CPT Policy Integration Architecture
CPT Policies for Coalition
Export
CPT Policies
Export
CPT Policies
Export
CPT Policies
Component
CPT Policies for
Agency A
Component
CPT Policies for
Agency C
Component
CPT Policies for
Agency B