TRUST Area 3 Overview: Privacy, Usability, & Social Impact

Slides:

Advertisements

Similar presentations

© 2012 Open Grid Forum Simplifying Inter-Clouds October 10, 2012 Hyatt Regency Hotel Chicago, Illinois, USA.

Advertisements

NIST Big Data Public Working Group Security and Privacy Subgroup Presentation September 30, 2013 Arnab Roy, Fujitsu Akhil Manchanda, GE Nancy Landreville,

Building an Encrypted and Searchable Audit Log Brent Waters Dirk Balfanz Glenn Durfee D.K. Smetters.

COPYRIGHT © 2010 TECTIA CORPORATION. ALL RIGHTS RESERVED. Proactive Measures to Prevent Data Theft Securing, Auditing and Controlling remote.

Privacy No matter how exemplary your life is, there are things you want to keep to yourself © 2004, Lawrence Snyder.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

FI-WARE – Future Internet Core Platform FI-WARE Security July 2011 High-level Description.

AUDITING INFORMATION TECHNOLOGY USING COMPUTER ASSISTED AUDIT TOOLS AND TECHNIQUES.

Library Automation and Digital Libraries Class #5 LBSC 690 Information Technology.

Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Secure Knowledge Management: and.

LÊ QU Ố C HUY ID: QLU OUTLINE  What is data mining ?  Major issues in data mining 2.

Chapter 11 Databases. 11 Chapter 11: Databases2 Chapter Contents  Section A: File and Database Concepts  Section B: Data Management Tools  Section.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Beyond Intelligent Interfaces: Exploring, Analyzing, and Creating Success Models of Cooperative Problem Solving Gerhard Fischer & Brent Reeves.

Overview of Privacy Preserving Techniques.  This is a high-level summary of the state-of-the-art privacy preserving techniques and research areas  Focus.

Computer Science Open Research Questions Adversary models –Define/Formalize adversary models Need to incorporate characteristics of new technologies and.

8.1 © 2007 by Prentice Hall Minggu ke 6 Chapter 8 Securing Information Systems Chapter 8 Securing Information Systems.

© Synergetics Portfolio Security Aspecten.

Privacy Communication Privacy Confidentiality Access Policies Systems Crypto Enforced Computing on Encrypted Data Searching and Reporting Fully Homomorphic.

Secure Sensor Data/Information Management and Mining Bhavani Thuraisingham The University of Texas at Dallas October 2005.

NIST Big Data Public Working Group Security and Privacy Subgroup Presentation September 30, 2013 Arnab Roy, Fujitsu Akhil Manchanda, GE Nancy Landreville,

Virtual Workspaces Kate Keahey Argonne National Laboratory.

1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.

Introduction to Biometrics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #1 Biometrics and Other Emerging Technologies in Applications.

1 Designing a Privacy Management System International Security Trust & Privacy Alliance.

Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.

1 Copyright © International Security, Trust & Privacy Alliance -All Rights Reserved Making Privacy Operational International Security, Trust.

Erik Jonsson School of Engineering and Computer Science The University of Texas at Dallas Cyber Security Research on Engineering Solutions Dr. Bhavani.

5. 2Object-Oriented Analysis and Design with the Unified Process Objectives  Describe the activities of the requirements discipline  Describe the difference.

CRM Training Courses &Online Courses and Salesforce Online | classroom| Corporate Training | certifications | placements| support.

The technology behind the USPS EPM. AND COMPLIANCE March 25, 2004 Adam Hoffman.

The Fallacy Behind “There’s Nothing to Hide” Why End-to-End Encryption Is a Must in Today’s World.

Telephone : +234 (0) | Website : Registered company : Telephone : +234.

Database Principles: Fundamentals of Design, Implementation, and Management Chapter 1 The Database Approach.

CMSC 818J: Privacy enhancing technologies Lecture 2.

Key management issues in PGP

Design for Security Pepper.

VIRTUALIZATION & CLOUD COMPUTING

Chapter 1: Introduction

Systems Security Keywords Protecting Systems

Excellence in Business Communication, 7e

Privacy of Client Data.

Radius, LDAP, Radius used in Authenticating Users

Offline Auditing for Privacy

KNOWLEDGE MANAGEMENT (KM) Session # 39

COIT20235 Business Process Modelling

Unit 1.6 Systems security Lesson 3

Methods of Studying Human Behavior

Database Management System (DBMS)

International Collaboration Project on Information Security

CONFIDENTIALITY, INTEGRITY, LEGAL INTERCEPTION

Methods of Studying Human Behavior

Security through Encryption

Data Warehousing and Data Mining

What a non-IT auditor needs to know about IT & IT controls

TRUST:Team for Research in Ubiquitous Secure Technologies

INFORMATION SYSTEMS SECURITY and CONTROL

TRUST:Team for Research in Ubiquitous Secure Technologies

PBKM: A Secure Knowledge Management Framework

Analysis of Privacy and Data Protection Laws and Directives

Building an Encrypted and Searchable Audit Log

ONLINE SECURE DATA SERVICE

Computer Science and Engineering

Engineering Secure Software

Outline A. Perrig, R. Szewczyk, V. Wen, D. Culler, and J. D. Tygar. SPINS: Security protocols for sensor networks. In Proceedings of MOBICOM, 2001 Sensor.

Best Practices in Higher Education Student Data Warehousing Forum

COSC-100 (Elements of Computer Science) Prof. Juola

Presentation transcript:

TRUST Area 3 Overview: Privacy, Usability, & Social Impact Doug Tygar UC Berkeley NSF STC Review September 13th 2004

Security can not be understood in isolation TRUST Security can not be understood in isolation Computer security arises from human needs for information If we view it purely as a mathematical science, we miss important aspects of the problem Example: Problems using e-mail encryption Why Johnny Can’t Encrypt Our project fully incorporates these aspects: Economics, Public Policy and Societal Challenges Digital Forensics and Privacy Human Computer Interfaces and Security We integrate these issues in all aspects of our study 2 NSF STC Review September 13th 2004

Economics, Public Policy & Societal Challenges TRUST Economics, Public Policy & Societal Challenges Team members: : McFadden, Samuelson, Varian, Weber Insurance is often a way of enforcing desirable norms: e.g., business fire insurance require fire safety measures Requirement: party with control bears liability. Example: ATM machines in UK and US Economic analysis changes Attacks can be deliberate and not simply accidents Weakest link model Transaction costs associated with security 3 NSF STC Review September 13th 2004

Human Computer Interfaces & Security TRUST Human Computer Interfaces & Security Team members: Garcia-Molina, Perrig, Reiter, Song, Tygar Most common source of security problems (by far): People can’t figure out how to configure the software Problems System complexity Software complexity People have trouble generating random values (passwords) People have trouble remembering long strings Low tolerance for noticing small changes in repetitive tasks 4 NSF STC Review September 13th 2004

Digital Forensics & Privacy TRUST Digital Forensics & Privacy Team members: Birman, Boneh, Mitchell, Reiter, Samuelson, Tygar, Weber Example challenge problems: Privacy-preserving data mining (law enforcement) Peer-to-peer privacy and security Privacy in sensor networks Identity theft Mechanisms: Strong audit Selective revelation of information Rule processing technologies The next few slides explore this area more deeply 5 NSF STC Review September 13th 2004

Strategy: Selective revelation TRUST Strategy: Selective revelation Architecture based on selective revelation Goal: minimize revelation of personal data while supporting analysis Approach: partial, incremental revelation of personal data Procedure: Initial revelation by statistics & categories Subsequent revelation as justified by earlier results Supports both “standing” & real-time queries 6 NSF STC Review September 13th 2004

Idealized architecture TRUST Idealized architecture Initial revelation of sanitized data ! Discovery via standing queries or real-time search Privacy/ Security Barrier Core Idea: (1) Analyze data behind security barrier; find critical relationships (2) Reveal relationships selectively only through guarded interface 7 Data Repositories NSF STC Review September 13th 2004

Distributed architecture TRUST Distributed architecture Multiple repositories  Multiple privacy/security barriers ! 8 NSF STC Review September 13th 2004

Audit TRUST 9 Protect against abuse by “watching the watchers” Design goals: Distributed audit Everyone subject to audit Cross-organizational audit Measure accuracy of auditors by cross-validation Usage records are tamper-evident Hall of Mirrors: Audit also has a privacy problem Data sets are voluminous Usage records are sensitive 9 NSF STC Review September 13th 2004

Example technology: encrypted search TRUST Queries are sent encrypted Queries are processed but not decrypted by repository Repository prepares response but does not know what search was or whether it was successful. Work by Song (CMU), Perrig (CMU), Wagner (Berkeley) Example technology: encrypted search encrypted queries Repository of private data Analyst encrypted response  Limited trust between parties  10 NSF STC Review September 13th 2004

Labeling derived data TRUST Example: derived restrictions [R2] [R1] Conservative approach: output inherits all restrictions of inputs Often too restrictive Sometimes too liberal Hard problem Seek semi-automated solution to minimize human overhead Build on recent work on program semantics Example: derived restrictions [R2] [R1] [R3] 11 [?] NSF STC Review September 13th 2004

Privacy rules TRUST 12 Need language for expressing rules Related technology: Digital Rights Management Translate English  agent based language Rules differ based on data Types of data (3rd party or self-generated, video vs. textual) Contents of data Need tools for compliance checking Both automated and human in the loop 12 NSF STC Review September 13th 2004