Upload
ray-ball
View
11
Download
0
Embed Size (px)
DESCRIPTION
Data and Applications Security Developments and Directions. Confidentiality Privacy Trust (CPT) COMPSAC 2005 Dr. Bhavani Thuraisingham The University of Texas at Dallas July 2005. Outline. Semantic web as vehicle for collaboration Trustworthy/dependable data management Confidentiality - PowerPoint PPT Presentation
Citation preview
Data and Applications Security Developments and Directions
ConfidentialityPrivacyTrust(CPT)
COMPSAC 2005
Dr. Bhavani Thuraisingham
The University of Texas at Dallas
July 2005
Outline
Semantic web as vehicle for collaboration Trustworthy/dependable data management Confidentiality Data Mining and Privacy Platform for Privacy Preferences Trust Management Coalition Policy Architecture
Layered Architecture for Dependable Semantic Web
0 Some Challenges: Interoperability between Layers; Security and Privacy cut across all layers; Integration of Services; Composability
XML, XML Schemas
Rules/Query
Logic, Proof and TrustSECURITY
OtherServicesRDF, Ontologies
URI, UNICODE
PRIVACY
0Adapted from Tim Berners Lee’s description of the Semantic Web
Relationships between Dependability, Confidentiality, Privacy, Trust
Dependability
ConfidentialityPrivacy
Trust
Dependability: Security, Privacy, Trust, Real-time Processing, Fault Tolerance; also sometimes referred to as “Trustworthiness”
Confidentiality: Preventing the release of unauthorized information considered sensitive
Privacy: Preventing the release of unauthorized information about individuals considered sensitive
Trust: Confidence one has that an individual will give him/her correct information or an individual will protect sensitive information
Some Confidentiality Models: RBAC and UCON Access Control Models by Sandhu et al
RBAC (Role-based access control):
- Access to information sources including structured and unstructured data both within the organization and external to the organization depending on user roles
UCON: Usage Control
- Policies of authorizations, Obligations and Conditions
- Authorization decisions are determined by policies of the subject, objects and right
- Obligations are actions that are required to be performed before or during the access process
- Conditions are environment restrictions that are required to be valid before or during the access process
Security/Inference Control (for Semantic Web)
Policies
Ontologies
Rules
Semantic Web Engine
XML, RDF DocumentsWeb Pages, Databases
Security Engine/Rules Processor
Interface to the Client
Data Mining as a Threat to Privacy
Data mining gives us “facts” that are not obvious to human analysts of the data
Can general trends across individuals be determined without revealing information about individuals?
Possible threats:
- Combine collections of data and infer information that is private Disease information from prescription data Military Action from Pizza delivery to pentagon
Need to protect the associations and correlations between the data that are sensitive or private
Some Privacy Problems and Potential Solutions
Problem: Privacy violations that result due to data mining
- Potential solution: Privacy-preserving data mining Problem: Privacy violations that result due to the Inference problem
- Inference is the process of deducing sensitive information from the legitimate responses received to user queries
- Potential solution: Privacy Constraint Processing Problem: Privacy violations due to un-encrypted data
- Potential solution: Encryption at different levels Problem: Privacy violation due to poor system design
- Potential solution: Develop methodology for designing privacy-enhanced systems
Privacy Preserving Data Mining Prevent useful results from mining
- Introduce “cover stories” to give “false” results
- Only make a sample of data available so that an adversary is unable to come up with useful rules and predictive functions
Randomization
- Introduce random values into the data and/or results
- Challenge is to introduce random values without significantly affecting the data mining results
- Give range of values for results instead of exact values Secure Multi-party Computation
- Each party knows its own inputs; encryption techniques used to compute final results
Platform for Privacy Preferences (P3P): What is it?
P3P is an emerging industry standard that enables web sites t9o express their privacy practices in a standard format
- When a user enters a web site, the privacy policies of the web site is conveyed to the user
- If the privacy policies are different from user preferences, the user is notified; User can then decide how to proceed
The format of the policies can be automatically retrieved and understood by user agents
Main difference between privacy and security
- User is informed of the privacy policies
- User is not informed of the security policies
Privacy Problem as a form of Inference Problem
Privacy constraints
- Content-based constraints; association-based constraints Privacy controller
- Augment a database system with a privacy controller for constraint processing and examine the releasability of data/information (e.g., release constraints)
Use of conceptual structures to design applications with privacy in mind (e.g., privacy preserving database and application design)
The web makes the problem much more challenging than the inference problem we examined in the 1990s!
Is the General Privacy Problem Unsolvable?
Privacy Control
Policies
Ontologies
Rules
Client accessing theWeb site XML, RDF
Documents
Privacy Engine/Rules Processor
Interface to the Semantic Web
Trust Management Trust Services
- Identify services, authorization services, reputation services
Trust negotiation (TN)
- Digital credentials, Disclosure policies TN Requirements
- Language requirements Semantics, constraints, policies
- System requirements Credential ownership, validity, alternative negotiation
strategies, privacy Example TN systems
- KeyNote and Trust-X (U of Milan), TrustBuilder (UIUC)
Trust Management Process
Coalition CPT Policy Integration Architecture
ExportCPT Policies
ComponentCPT Policies for
Agency A
CPT Policies for Coalition
ExportCPT Policies
ComponentCPT Policies for
Agency C
ComponentCPT Policies for
Agency B
ExportCPT Policies