Data and Applications Security Developments and Directions

ConfidentialityPrivacyTrust(CPT)

COMPSAC 2005

Dr. Bhavani Thuraisingham

The University of Texas at Dallas

July 2005

Outline

Semantic web as vehicle for collaboration Trustworthy/dependable data management Confidentiality Data Mining and Privacy Platform for Privacy Preferences Trust Management Coalition Policy Architecture

Layered Architecture for Dependable Semantic Web

0 Some Challenges: Interoperability between Layers; Security and Privacy cut across all layers; Integration of Services; Composability

XML, XML Schemas

Rules/Query

Logic, Proof and TrustSECURITY

OtherServicesRDF, Ontologies

URI, UNICODE

PRIVACY

0Adapted from Tim Berners Lee’s description of the Semantic Web

Relationships between Dependability, Confidentiality, Privacy, Trust

Dependability

ConfidentialityPrivacy

Trust

Dependability: Security, Privacy, Trust, Real-time Processing, Fault Tolerance; also sometimes referred to as “Trustworthiness”

Confidentiality: Preventing the release of unauthorized information considered sensitive

Privacy: Preventing the release of unauthorized information about individuals considered sensitive

Trust: Confidence one has that an individual will give him/her correct information or an individual will protect sensitive information

Some Confidentiality Models: RBAC and UCON Access Control Models by Sandhu et al

RBAC (Role-based access control):

- Access to information sources including structured and unstructured data both within the organization and external to the organization depending on user roles

UCON: Usage Control

- Policies of authorizations, Obligations and Conditions

- Authorization decisions are determined by policies of the subject, objects and right

- Obligations are actions that are required to be performed before or during the access process

- Conditions are environment restrictions that are required to be valid before or during the access process

Security/Inference Control (for Semantic Web)

Policies

Ontologies

Rules

Semantic Web Engine

XML, RDF DocumentsWeb Pages, Databases

Security Engine/Rules Processor

Interface to the Client

Data Mining as a Threat to Privacy

Data mining gives us “facts” that are not obvious to human analysts of the data

Can general trends across individuals be determined without revealing information about individuals?

Possible threats:

- Combine collections of data and infer information that is private Disease information from prescription data Military Action from Pizza delivery to pentagon

Need to protect the associations and correlations between the data that are sensitive or private

Some Privacy Problems and Potential Solutions

Problem: Privacy violations that result due to data mining

- Potential solution: Privacy-preserving data mining Problem: Privacy violations that result due to the Inference problem

- Inference is the process of deducing sensitive information from the legitimate responses received to user queries

- Potential solution: Privacy Constraint Processing Problem: Privacy violations due to un-encrypted data

- Potential solution: Encryption at different levels Problem: Privacy violation due to poor system design

- Potential solution: Develop methodology for designing privacy-enhanced systems

Privacy Preserving Data Mining Prevent useful results from mining

- Introduce “cover stories” to give “false” results

- Only make a sample of data available so that an adversary is unable to come up with useful rules and predictive functions

Randomization

- Introduce random values into the data and/or results

- Challenge is to introduce random values without significantly affecting the data mining results

- Give range of values for results instead of exact values Secure Multi-party Computation

- Each party knows its own inputs; encryption techniques used to compute final results

Platform for Privacy Preferences (P3P): What is it?

P3P is an emerging industry standard that enables web sites t9o express their privacy practices in a standard format

- When a user enters a web site, the privacy policies of the web site is conveyed to the user

- If the privacy policies are different from user preferences, the user is notified; User can then decide how to proceed

The format of the policies can be automatically retrieved and understood by user agents

Main difference between privacy and security

- User is informed of the privacy policies

- User is not informed of the security policies

Privacy Problem as a form of Inference Problem

Privacy constraints

- Content-based constraints; association-based constraints Privacy controller

- Augment a database system with a privacy controller for constraint processing and examine the releasability of data/information (e.g., release constraints)

Use of conceptual structures to design applications with privacy in mind (e.g., privacy preserving database and application design)

The web makes the problem much more challenging than the inference problem we examined in the 1990s!

Is the General Privacy Problem Unsolvable?

Privacy Control

Policies

Ontologies

Rules

Client accessing theWeb site XML, RDF

Documents

Privacy Engine/Rules Processor

Interface to the Semantic Web

Trust Management Trust Services

- Identify services, authorization services, reputation services

Trust negotiation (TN)

- Digital credentials, Disclosure policies TN Requirements

- Language requirements Semantics, constraints, policies

- System requirements Credential ownership, validity, alternative negotiation

strategies, privacy Example TN systems

- KeyNote and Trust-X (U of Milan), TrustBuilder (UIUC)

Trust Management Process

Coalition CPT Policy Integration Architecture

ExportCPT Policies

ComponentCPT Policies for

Agency A

CPT Policies for Coalition

ExportCPT Policies

ComponentCPT Policies for

Agency C

ComponentCPT Policies for

Agency B

ExportCPT Policies