1 The PORTIA Project: Research Overview Dan Boneh PORTIA Project Site Visit Stanford CA, May 12-13, 2005

Slides:

Advertisements

Similar presentations

Towards Remote Policy Enforcement for Runtime Protection of Mobile Code Using Trusted Computing Xinwen Zhang Francesco Parisi-Presicce Ravi Sandhu

Advertisements

A distributed architecture for crystallography data, metadata, and applications John C. Bollinger Indiana University Molecular Structure Center, Bloomington,

Privacy By Design Sample Use Case

Esri International User Conference | San Diego, CA Demo Theater | ArcGIS Beta Community and ArcGIS 10.1 Beta Program Mike Hogan & Rohit Gupta July 12 th,

1 Education and Outreach in the PORTIA Project Joan Feigenbaum PORTIA Project Site Visit Stanford CA, May 12-13, 2005.

Frank Yu Australian Bureau of Statistics Unstructured Data 1.

Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #21 Privacy March 29, 2005.

Privacy and Contextual Integrity: Framework and Applications Adam Barth, Anupam Datta, John C. Mitchell (Stanford), and Helen Nissenbaum (NYU) TRUST Winter.

Security Controls – What Works

OPM Cybersecurity Competencies by Occupation (Technical Competencies) Information Technology Management Series Electronics Engineering.

Peer-to-peer archival data trading Brian Cooper Joint work with Hector Garcia-Molina (and others) Stanford University.

1 WRAP UP Joan Feigenbaum PORTIA Project Site Visit Stanford CA, May 12-13, 2005.

Software Quality and Infrastructure Protection for Diffuse Computing FY2001 ONR CIP/SW URI Principal Investigator: Andre Scedrov Institution: University.

Sensitive Information in a Wired World Supported by the National Science Foundation under the ITR Program JOAN FEIGENBAUM

1 Progress on the PORTIA Project JOAN FEIGENBAUM March 21, 2005; Rutgers.

Policy Languages and Enforcement John Mitchell Stanford 4 th IAPP Privacy Summit February 2004.

Applied Cryptography for Network Security

1 Information and Data Privacy: An Indian Perspective  Why is this important? Public concern about privacy.  Considerable concern in developed countries.

Privacy-Aware Computing Introduction. Outline  Brief introduction Motivating applications Major research issues  Tentative schedule  Reading assignments.

Jun Peng Stanford University – Department of Civil and Environmental Engineering Nov 17, 2000 DISSERTATION PROPOSAL A Software Framework for Collaborative.

Contextual Integrity in PORTIA PI: Helen Nissenbaum Students: Timothy Weber & Michael Zimmer New York University In collaboration with: Sam Hawala (U.S.

Hippocratic Databases Paper by Rakesh Agrawal, Jerry Kiernan, Ramakrishnan Srikant, Yirong Xu CS 681 Presented by Xi Hua March 1st,Spring05.

1 Towards an end-to-end architecture for handling sensitive data Hector Garcia-Molina Rajeev Motwani and students.

The Safe-Tcl Security Model John K. Ousterhout Jacob Y. Levy Brent B. Welch Sun Microsystems Laboratories 2550 Garcia Avenue, MS UMTV Mountain View,

Privacy By Design Sample Use Case Privacy Controls Insurance Application- Vehicle Data.

July 25, 2005 PEP Workshop, UM A Single Sign-On Identity Management System Without a Trusted Third Party Brian Richardson and Jim Greer ARIES Lab.

1 Progress on the PORTIA Project JOAN FEIGENBAUM June 5, 2006; Google; New York NY.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Overview of Privacy Preserving Techniques.  This is a high-level summary of the state-of-the-art privacy preserving techniques and research areas  Focus.

Trusted Computing BY: Sam Ranjbari Billy J. Garcia.

INTERNET2 COLLABORATIVE INNOVATION PROGRAM DEVELOPMENT Florence D. Hudson Senior Vice President and Chief Innovation.

Network Security Lecture 9 Presented by: Dr. Munam Ali Shah.

Privacy Preserving Data Sharing With Anonymous ID Assignment

Trusted Computing Or How I Learned to Stop Worrying and Love the MPAA.

Mini-Project on Web Data Analysis DANIEL DEUTCH. Data Management “Data management is the development, execution and supervision of plans, policies, programs.

Stanford Computer Security and You . Higher Education  Higher education environment is open, sharing, exploratory, experimental  Many information assets.

1 Personalization and Trust Personalization Mass Customization One-to-One Marketing Structure content & navigation to meet the needs of individual users.

Location, Location, Location: The Emerging Crisis in Wireless Data Privacy Ari Schwartz & Alan Davidson Center for Democracy and Technology

Continuing the work of the Bill & Melinda Gates Foundation Presented by: Jeff Stauffer WebJunction Service Manager Date: 3 February 2005.

Georgios Kontaxis‡, Michalis Polychronakis‡, Angelos D. Keromytis‡, and Evangelos P.Markatos* ‡Columbia University and *FORTH-ICS USENIX-SEC (August, 2012)

1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Computing Ontology Part II. So far, We have seen the history of the ACM computing classification system – What have you observed? – What topics from CS2013.

An Introduction to Trusted Platform Technology Siani Pearson Hewlett Packard Laboratories, UK

Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.

Csci5233 Computer Security & Integrity 1 Overview of Security & Java (based on GS: Ch. 1)

m-Privacy for Collaborative Data Publishing

Privacy and Contextual Integrity: Framework and Applications Adam Barth, Anupam Datta, John C. Mitchell (Stanford) Helen Nissenbaum (NYU)

Evaluation Assistant Research Projects EAs are required to lead an evaluation research project for the academic year.

1 Privacy Preserving Data Mining Introduction August 2 nd, 2013 Shaibal Chakrabarty.

1 Privacy and Accountability: Introduction to Workshop Themes JOAN FEIGENBAUM June 28, 2006; Cambridge MA.

Trustworthy Semantic Web Dr. Bhavani Thuraisingham The University of Texas at Dallas Inference Problem March 4, 2011.

Strategic Agenda We want to be connected to the internet……… We may even want to host our own web site……… We must have a secure network! What are the.

1 Network Security: Introduction Behzad Akbari Fall 2009 In the Name of the Most High.

1 Ethics of Computing MONT 113G, Spring 2012 Session 31 Privacy as a value.

Information Security Office: Function, Alignment in the Organization, Goals, and Objectives Presentation to Sacramento PMO March 2011 Kevin Dickey.

Big Data Analytics Are we at risk? Dr. Csilla Farkas Director Center for Information Assurance Engineering (CIAE) Department of Computer Science and Engineering.

A Policy Based Infrastructure for Social Data Access with Privacy Guarantees Tim Finin (UMBC) for: Palanivel Kodeswaran (UMBC) Evelyne Viegas (Microsoft.

Web bugs are tiny graphic files embedded in messages and Web pages that are designed to monitor who is reading the message or Web page and.

Clouding with Microsoft Azure

TRUST Area 3 Overview: Privacy, Usability, & Social Impact

Role of the Systems Analyst

TRUST:Team for Research in Ubiquitous Secure Technologies

CONFIDENTIALITY, INTEGRITY, LEGAL INTERCEPTION

TRUST:Team for Research in Applied Cryptography

BioMedBridges – Work Packages 2 & 12

Title Month Year Chris Patel EMC Centera Strategic Alliance Manager

Erica Burch Jesse Forrest

Trustworthy Semantic Web

Presentation transcript:

1 The PORTIA Project: Research Overview Dan Boneh PORTIA Project Site Visit Stanford CA, May 12-13,

2 Agenda Overview 8:00 – 12:00:Technical presentations 12:00 – 2:00:Lunch, posters, and students. 2:00 – 3:45:Technical presentations. 3:45 – 4:15:Four demos. 4:15 - 4:30:Wrap-up. 4:30 - 5:30:Site visitors meeting. 5:30 - 6:00:Clarifications.

3 PORTIA : Privacy, Obligations, and Rights in Technologies of Information Assessment Five year, NSF Large- ITR project on handling of sensitive information in a networked world Currently in middle of year 2.

4 Motivation: Sensitive Data Data that can harm data subjects, data owners, or data users if it is mishandled. –Not all of it is strictly “private.” There’s a lot more of it than there used to be: –Increased use of computers and networks  Decreased storage costs “Mishandling” can be very harmful. −e.g., ID theft or Loss of employment or insurance Multi-faceted: technological, social, and legal issues.

5 Academic Participants Stanford Dan Boneh Hector Garcia-Molina John Mitchell Rajeev Motwani Yale Joan Feigenbaum Ravi Kannan Avi Silberschatz Univ. of NM Stevens NYU Stephanie Forrest Rebecca Wright Helen Nissenbaum

6 Research Partners J. Balkin (Yale Law School) C. Dwork (Microsoft) S. Hawala (Census Bureau) B. LaMacchia (Microsoft) K. McCurley (IBM) P. Miller (Yale Medical School) J. Morris (CDT) T. Pageler (Secret Service) B. Pinkas (Hewlett Packard) M. Rotenberg (EPIC) A. Schäffer (NIH) D. Schutzer (CitiGroup) Successful collaborations with (joint research, interns): SF-ECFT (SS), Microsoft, IBM, Google, HP. CDT, NIH, Census Bureau, Yale Medical and Law.

7 Statistics on Research Output Students:29 supported PhD students, 9 supported MS student 5 supported postdocs, and 6 undergraduates. Available from PORTIA web site: –92 publications since inception (18 months). 43 with women co-authors, 4 with undergrads. –4 open source software systems.

8 Five Major Research Themes 1.Privacy-preserving data mining and privacy-preserving surveillance 2.Policy-enforcement tools for database systems 3.Sensitive data in distributed systems and P2P. 4.Contextual integrity 5.Identity theft and identity privacy Tightly knit: many of the talks today will touch on more than one topic.

9 Benefit of a Large ITR: Research Collaboration Stanford Yale Stevens UNM NYU PPDM DB Policy Tools Distrib. Systems Contextual Integrity ID Protection

10 1. Privacy-Preserving Data mining Developed new techniques to mine large data sets that limit compromise of user privacy: –Mining shared sensitive data without ever aggregating data in a single location (e.g. for using bayesian-based data-mining methods) –Initial experiments with PPDM on sensitive data (e.g. Taulbee survey) Began building experimental PPDM platform: –Several components including MySQL PIR and distributed log computations.

11 2. Policy Enforcement in DB Systems Evaluated enterprise-wide information-disclosure policies: –Found inconsistencies in P3P and EPAL languages and suggested modifications. –Developed tools to distribute and access vertically partitioned data (e.g. SB1386 compliance) –Database tools for biosciences applications Developed methods and tools for policy development, testing, and maintenance: –e.g. tools to extract P3P policy from an EPAL policy.

12 3. Sensitive Data in Distributed Systems and P2P Sample results: 1.Paranoid Platform for Privacy Preferences (P4P) Enable owner to retain the desired level of control over particular information types. 2.New mechanisms for long-term and secure data preservation in a peer-to-peer (P2P) system. 3.Combating P2P-based bot-nets (current-work). Trusted platforms : –Terra architecture and Private Attestation. –Economic analysis of trusted platforms and DRM, –Studied applicability to privacy protection.

13 Trusted Platforms (TCG) Research results: –Trusted-computing platform called Terra (SOSP ’03). –Privacy preserving attestation (ACM CCS ’04) –Economic analysis of trusted platforms and DRM (WEIS’04) Events since project’s inception: –Delay/canceling of software tools (MS-NGSCB) –Premature open source virt. tools ( Xen, QEMU ) Result: Need to rework PORTIA's trusted- computing agenda in light of these events.

14 4. ID Theft and ID Privacy PORTIA Tools to combat online ID theft: –Anti-phishing tools: SpoofGuard, PwdHash –Anti-Spyware tools: SpyBlock (under development) –All our tools are available with source code on PORTIA web site. New ID privacy mechanisms: –New group signatures designed for privacy in VSC and Trusted Computing. Implemented as open source software library. –New algorithms for k-anonymity in databases.

15 5. Contextual Integrity Continued developing the concept of contextual integrity: –Developed norms of Appropriateness and transmission. –Applied to PORTIA via case studies, e.g. Vehicle Safety Communication ( VSC ), and Census Bureau. Cyber-crime and Cyber-policing.

16 Summary One and a half years into a five year project. Significant progress on all research goals. Continuing with planned research agenda. –Many remaining challenges in all five project themes. Extensive educational and outreach activity.