Privacy and Contextual Integrity: Framework and Applications Adam Barth, Anupam Datta, John C. Mitchell (Stanford), and Helen Nissenbaum (NYU) TRUST Winter.

Slides:



Advertisements
Similar presentations
Policy Auditing over Incomplete Logs: Theory, Implementation and Applications Deepak Garg 1, Limin Jia 2 and Anupam Datta 2 1 MPI-SWS (work done at Carnegie.
Advertisements

Auto-Generation of Test Cases for Infinite States Reactive Systems Based on Symbolic Execution and Formula Rewriting Donghuo Chen School of Computer Science.
Formalization of Health Information Portability and Accountability Act (HIPAA) Simon Berring, Navya Rehani, Dina Thomas.
Declarative Privacy Policy: Finite Models and Attribute-Based Encryption 1 November 2 nd, 2011.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
CHAPTER © 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2 The Use of Health Information Technology in Physician Practices.
© 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2.5 HIPAA Legislation and its Impact on Physician Practices 2-15 The Health Insurance Portability.
Privacy: Accountability and Enforceability Jamie Yoo April 11, 2006 CPSC 457: Sensitive Information in a Wired World.
Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.
The Use of Legal Ontologies in the Development of a System for Continuous Assurance of Privacy Policy Compliance * Bonnie W. Morris, Ph.D. CPA Division.
Problems with Notice and Consent? Helen Nissenbaum, NYU INCO-TRUST Workshop, May Work supported by: NSF ITR : Sensitive Information in.
Enterprise Privacy Promises and Enforcement Adam Barth John C. Mitchell.
On Privacy and Compliance: Philosophy and Law meets Computer Science Anupam Datta Stanford University Oakland PC Crystal Ball Workshop January 2007.
James Williams – Ontario Telemedicine Network. Objectives: 1. Review policy constraints for EHR systems. 2. Traditional approaches to policies in EHRs.
Contextual Integrity and its Formalization
Anupam Datta Anupam DattaCMU Joint work with Adam Barth, John Mitchell (Stanford), Helen Nissenbaum (NYU) and Sharada Sundaram (TCS) Privacy and Contextual.
Enterprise Privacy Promises and Enforcement Adam Barth John C. Mitchell.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
ELECTRONIC MEDICAL RECORDS By Group 5 members: Kinal Patel David A. Ronca Tolulope Oke.
Privacy Challenges and Solutions for Health Information Systems John C Mitchell, Stanford University.
HIPAA Health Insurance Portability & Accountability Act of 1996.
Banks and the Privacy of Medical Information 8 th National HIPAA Summit March 8, 2004 Joy Pritts, JD Health Policy Institute Georgetown University
Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style PRIVACY AS & AND CONTEXTUAL INTEGRITY Helen Nissenbaum.
1 VUMC Confidentiality Policy and HIPAA Implications for Clinical Research General Clinical Research Center Skills Workshop March 2, 2007 Gaye Smith Privacy.
The Use of Health Information Technology in Physician Practices
Contextual Integrity & its Logical Formalization 18739A: Foundations of Security and Privacy Anupam Datta Fall 2009.
6 October 2006NHPRC Electronic Records Symposium Developing the HIPAA-Aware EAD Finding Aid The Concept of HIPAA Awareness Nancy McCall Michael Miers Phoebe.
PRIVACY AND HIPAA THE RIGHT THING TO DO. WHAT’S WRONG WITH THIS PICTURE? ? “ Did you hear that Jane from the 5 th floor is in the hospital?” “No!! Let’s.
CONFIDENTIALITY The promise of NOT to share personal information inappropriately. Grounded in an individual’s right of privacy.  “DO NO HARM” Slide 2.
Computerized Networking of HIV Providers Workshop Data Security, Privacy and HIPAA: Focus on Privacy Joy L. Pritts, J.D. Assistant Research Professor Health.
0x1A Great Papers in Computer Security Vitaly Shmatikov CS 380S
Privacy and Contextual Integrity: Framework and Applications Adam Barth, Anupam Datta, John C. Mitchell (Stanford) Helen Nissenbaum (NYU)
Feature Interactions in Policy-Driven Privacy Management George Yee Larry Korba Network Computing Group Institute for Information Technology National Research.
Author: Graham Hughes, Tevfik Bultan Computer Science Department, University of California, Santa Barbara, CA 93106, USA Source: International Journal.
Contextual Integrity as a Normative Guide for Privacy Helen Nissenbaum New York University * School of Information, UC Berkeley April 2, 2008 * Supported.
Integration of Clinical Workflows with Privacy Policies on a Common Semantic Domain Jan Werner, Bradley Malin, Yonghwan Lee, Akos Ledeczi, Janos Sztipanovits.
HIT Policy Committee Privacy & Security Workgroup Update Deven McGraw Center for Democracy & Technology Rachel Block Office of Health Information Technology.
Policy-based Dynamic Authorization Framework for Sharing Medical Data Apurva Mohan and Douglas M. Blough, Georgia Institute of Technology Andrew Post,
Health Insurance Portability and Accountability Act (HIPAA) CCAC.
Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill Chapter 6 The Privacy and Security of Electronic Health Information.
Dimensions of Privacy 18739A: Foundations of Security and Privacy Anupam Datta Fall 2009.
© 2013 The McGraw-Hill Companies, Inc. All rights reserved. Ch 8 Privacy Law and HIPAA.
Robert Guerra Director, CryptoRights Foundation Implementing Privacy Implementing Privacy: Rules of the Game for Developers Mac-Crypto Conference on Macintosh.
Lightweight Consistency Enforcement Schemes for Distributed Proofs with Hidden Subtrees Adam J. Lee, Kazuhiro Minami, and Marianne Winslett University.
Policies for Information Sharing April 10, 2006 Mark Frisse, MD, MBA, MSc Marcy Wilder, JD Janlori Goldman, JD Joseph Heyman, MD.
IT Applications Theory Slideshows By Mark Kelly Vceit.com Privacy Laws.
Authorization in Trust Management Conditional Delegation and Attribute-Based Role Assignment using XACML and RBAC Brian Garback © Brian Garback 2005.
C HAPTER 34 Code Blue Health Sciences Edition 4. Confidentiality of sensitive information is an important issue in healthcare. Breaches of confidentiality.
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Privacy in Context: Contextual Integrity Peter Radics Usable Security – CS 6204.
1 Canadian Privacy Policy: Customizing E.U. Standards Remarks by Jennifer Stoddart Privacy Commissioner of Canada Privacy Symposium: Summer 2007 August.
An Introduction to the Privacy Act Privacy Act 1993 Promotes and protects individual privacy Is concerned with the privacy of information about people.
Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Chapter 3 Privacy, Confidentiality, and Security.
HIPAA HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT.
Privacy and Contextual Integrity: Framework and Applications Adam Barth, Anupam Datta, John C. Mitchell (Stanford) Helen Nissenbaum (NYU)
1 Copyright © International Security, Trust & Privacy Alliance -All Rights Reserved Making Privacy Operational International Security, Trust.
HIPAA Overview Why do we need a federal rule on privacy? Privacy is a fundamental right Privacy can be defined as the ability of the individual to determine.
1 XACML for RBAC and CADABRA Constrained Delegation and Attribute-Based Role Assignment Brian Garback © Brian Garback 2005.
1 Ethics of Computing MONT 113G, Spring 2012 Session 31 Privacy as a value.
HIT Policy Committee Privacy & Security Workgroup Update Deven McGraw Center for Democracy & Technology Rachel Block Office of Health Information Technology.
1 HIPAA’s Impact on Depository Financial Institutions 2 nd National Medical Banking Institute Rick Morrison, CEO Remettra, Inc.
Main Line Hospitals Institutional Review Board HIPAA Policy Changes 2013 Anne Marie Hobson, BSN, JD, ORA Director.
Chapter 7. Hybrid Policies
Training Course on Integrated Management System for Regulatory Body
Institute for Cyber Security
Paul T. Smith, Esq. Partner, Davis Wright Tremaine LLP
On Parametric Obligation Policies: Enabling Privacy-aware Information Lifecycle Management in Enterprises IEEE Policy Workshop 2007 Marco Casassa Mont.
18734: Foundations of Privacy
Assured Information Sharing
Presentation transcript:

Privacy and Contextual Integrity: Framework and Applications Adam Barth, Anupam Datta, John C. Mitchell (Stanford), and Helen Nissenbaum (NYU) TRUST Winter Retreat January 2006

Broad Goal uProtect privacy State and enforce restrictions on use of data Using a formal policy language uExample: Systems enforcing the HIPAA rule for medical privacy

Outline Framework for privacy: Contextual integrity Formalization in Linear Temporal Logic Policy Relations and Operations Application to privacy laws: HIPAA, GLBA, COPPA Related Work RBAC, XACML, P3P, EPAL Future Work Connections with database privacy

Contextual Integrity [Nissenbaum04] Philosophical account of privacy Transfer of information between agents “Alice give Bob information about Charlie” Agents abstracted into roles (e.g. doctor, patient) Particular information abstracted into types (e.g., height, age, medical condition) Norms state what is allowed and what is disallowed Transmission principles impose past and future requirements on history of agent interaction

Formalization in Temporal Logic Syntax of logic Formula representing contextual norms where norm + and norms - are as follows

Policy Operations and Relations Policy consistency reduces to LTL satisfiability Refinement of policies reduces to logical implication Combination is then conjunction and disjunction Strong compliance reduces to satisfiability Weak compliance computable efficiently using techniques from LTL runtime verification Standard automated LTL tools are applicable

Applications Example from HIPAA Privacy Rule Covered entities (e.g. hospitals) can give protected health information about patients to health care providers Sender role: Covered entity Recipient role: Health care provider Subject role: Patient Information type: Protected health information Legislative statement expressed as positive norm Positive norms enumerate permissible actions

Applications Example from GLBA Privacy Rule Financial institutions must notify consumers if they share their non-public personal information with non- affiliated companies, but the notification may occur either before or after the information sharing occurs. Sender role: Financial institution Recipient role: Non-affiliated company Subject role: Consumer Information type: Non-public personal information Temporal condition: Notify data subject Legislative statement expressed as negative norm

Related Work ModelSenderRecipientSubjectAttributesPastFutureCombination RBACRoleIdentity  XACMLFlexible o  o  EPALFixedRoleFixed  o  P3PFixedRoleFixed  o  o CIRole 

Related Work RBAC lacks notion of “attribute” Insufficient for expressing privacy policies XACML does not correctly handle permission inheritance across data hierarchy EPAL contains only negative norms and uninterpreted temporal conditions Cannot express GLBA example because it contains a temporal condition that restricts both past and future actions Cannot answer consistency or strong compliance queries P3P contains only simple “opt-in” / “opt-out” temporal conditions CI can express most conditions from HIPAA, GLBA, and COPPA Fails to capture some group privacy provisions

Conclusions and Future Work Framework for privacy: Starting point: Contextual integrity – a philosophical account of privacy. Core: principles of transmission of personal information between agents Formalization in Linear Temporal Logic Consistency, refinement, combination, compliance reduce to standard LTL problems Application to privacy laws: HIPAA, GLBA, COPPA,… Future Work: Combine privacy policy work with database privacy work – Include data value in addition to data type – Extend attributes from individuals to groups – Interpret concepts like “de-identified information”