Contextual Integrity in PORTIA PI: Helen Nissenbaum Students: Timothy Weber & Michael Zimmer New York University In collaboration with: Sam Hawala (U.S.

Slides:

Advertisements

Similar presentations

4 th Meeting of the EC International Dialogue on Bioethics Copenhagen, June 19 th, 2012 Large research and medical databases in clinical and research multi-centred.

Advertisements

MARITIME AFFAIRS Common Information Sharing Environment for Maritime Surveillance Maritime policy Mediterranean and Black sea Eddy Hartog - Head of Unit.

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.

Systems Engineering in a System of Systems Context

Privacy and Contextual Integrity: Framework and Applications Adam Barth, Anupam Datta, John C. Mitchell (Stanford), and Helen Nissenbaum (NYU) TRUST Winter.

Problems with Notice and Consent? Helen Nissenbaum, NYU INCO-TRUST Workshop, May Work supported by: NSF ITR : Sensitive Information in.

1 WRAP UP Joan Feigenbaum PORTIA Project Site Visit Stanford CA, May 12-13, 2005.

Report on Intrusion Detection and Data Fusion By Ganesh Godavari.

1 The PORTIA Project: Research Overview Dan Boneh PORTIA Project Site Visit Stanford CA, May 12-13, 2005

User Authentication Recommendations Transport & Security Standards Workgroup December 10, 2014.

Computer Security: Principles and Practice

Supporting Information Needs by Ostensive Definition in an Adaptive Information Space Iain Campbell 1995 Gretchen Schwarz.

Manual on Disability Statistics Central Statistics Office Ministry of Statistics & PI Government of India New Delhi.

Privacy By Design Sample Use Case Privacy Controls Insurance Application- Vehicle Data.

 Road Safety the European Union Policy Carla Hess European Commission, Directorate General for Mobility & Transport Road.

Semantic Interoperability Jérôme Euzenat INRIA & LIG France Natasha Noy Stanford University USA.

Introduction To System Analysis and design

1st MODINIS workshop Identity management in eGovernment Frank Robben General manager Crossroads Bank for Social Security Strategic advisor Federal Public.

Role-based Trust Management Security Policy Analysis and Correction Environment (RT-SPACE). Gregory T. Hoffer CS7323 – Research Seminar (Dr. Qi Tian)

Defence and Security Division SC37 Paris status report CEN Biometric Focus Group Brussels January 26th 2005.

OASIS PRIVACY MANAGEMENT REFERENCE MODEL EEMA European e-identity Management Conference Paris, June 2012 John Sabo, CA Technologies Co-Chair, OASIS.

SC32 WG2 Metadata Standards Tutorial Metadata Registries and Big Data WG2 N1945 June 9, 2014 Beijing, China.

Office of Information Technology Balancing Technology and Privacy – the Directory Conundrum January 2007 Copyright Barbara Hope and Lori Kasamatsu 2007.

Privacy as contextual integrity Helen Nissenbaum New York University September 6, 2007 Ars Electronica, Linz Support.

0x1A Great Papers in Computer Security Vitaly Shmatikov CS 380S

Privacy and Contextual Integrity: Framework and Applications Adam Barth, Anupam Datta, John C. Mitchell (Stanford) Helen Nissenbaum (NYU)

Security Architecture and Design Chapter 4 Part 3 Pages 357 to 377.

Session ID: Session Classification: Dr. Michael Willett OASIS and WillettWorks DSP-R35A General Interest OASIS Privacy Management Reference Model (PMRM)

Electronic identity management for eGovernment Conceptual framework and objectives Frank Robben General manager Crossroads Bank for Social Security Strategic.

The ECB Statistical Quality Framework and Quality Assurance Procedures: An assessment in the light of the attempt to harmonise frameworks of international.

Contextual Integrity as a Normative Guide for Privacy Helen Nissenbaum New York University * School of Information, UC Berkeley April 2, 2008 * Supported.

Report on Intrusion Detection and Data Fusion By Ganesh Godavari.

SWIM-SUIT Information Models & Services

Other Quality Attributes Other Important Quality attributes Variability: a special form of modifiability. The ability of a system and its supporting artifacts.

Privacy in Context Helen Nissenbaum Department of Culture and Communication New York University m Research supported.

Overview Privacy Management Reference Model and Methodology (PMRM) John Sabo Co-Chair, PMRM TC.

Dimensions of Privacy 18739A: Foundations of Security and Privacy Anupam Datta Fall 2009.

Privacy as Contextual Integrity Helen Nissenbaum Department of Culture & Communications, NYU

Approximate Information Flows: Socially-based Modeling of Privacy in Ubiquitous Computing Xiaodong Jiang Jason I. Hong James A. Landay G r o u p f o r.

Requirements Engineering-Based Conceptual Modelling From: Requirements Engineering E. Insfran, O. Pastor and R. Wieringa Presented by Chin-Yi Tsai.

Energize Your Workflow! ©2006 Merge eMed. All Rights Reserved User Group Meeting “Energize Your Workflow” May 7-9, Security.

1 Designing a Privacy Management System International Security Trust & Privacy Alliance.

Lighting Design aided by Activity Zones and Context-Aware Computing Andy Perelson Advisor: Kimberle Koile.

Privacy and Contextual Integrity: Framework and Applications Adam Barth, Anupam Datta, John C. Mitchell (Stanford) Helen Nissenbaum (NYU)

R2 Themes and Historical Context for Observatory Management & Data Product Generation.

1 Privacy and Accountability: Introduction to Workshop Themes JOAN FEIGENBAUM June 28, 2006; Cambridge MA.

Ocean Observatories Initiative OOI Cyberinfrastructure Life Cycle Objectives Milestone Review, Release 1 San Diego, CA February 23-25, 2010.

Integrating FRs and NFRs: A Use Case and Goal Driven Approach Presented by Chin-Yi Tsai.

A Solution Perspective An Open Source Collaborative and Foundational Solution Targeted at Non-OECD Member Countries February 9, 2016.

PMRM Revision Discussion Slides Illustrations/Figures 1-3 o Model, Methodology, “Scope” options Functions, Mechanisms and “Solutions” Accountability and.

19-20 October 2010 IT Directors’ Group meeting 1 Item 6 of the agenda ISA programme Pascal JACQUES Unit B2 - Methodology/Research Local Informatics Security.

Contextual Text Cube Model and Aggregation Operator for Text OLAP

Data Warehousing Data Mining Privacy. Reading FarkasCSCE Spring

1 Ethics of Computing MONT 113G, Spring 2012 Session 31 Privacy as a value.

Session 6: Data Flow, Data Management, and Data Quality.

 ROAD SAFETY: the European Union Policy European Commission, Directorate General for Mobility & Transport «Road Safety.

Doc.: IEEE /0085r1 Submission June 2010 Tuncer Baykas, NICTSlide TG1 and System Design Document Notice: This document has been prepared.

COMMUNITY-WIDE HEALTH INFORMATION EXCHANGE: HIPAA PRIVACY AND SECURITY ISSUES Ninth National HIPAA Summit September 14, 2004 Prepared by: Robert Belfort,

Developing Business Processes Developing an activity diagram of the business processes can provide us with an overall view of the system.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.

Stages of Research and Development

The Coordinated Database

Policy reasoning A policy is a set of norms that define optimal behavior of agents in a system What does policy reasoning usually entail ? Proving that.

Metadata in Digital Preservation: Setting the Scene

Information Management for Effective Emergency Response

Data and Applications Security Developments and Directions

TG1 and System Design Document

Data and Applications Security Developments and Directions

Data and Applications Security Developments and Directions

Data and Applications Security Developments and Directions

Presentation transcript:

Contextual Integrity in PORTIA PI: Helen Nissenbaum Students: Timothy Weber & Michael Zimmer New York University In collaboration with: Sam Hawala (U.S. Census) Dan Boneh (Stanford)

Embedding Values in Design: Constitutive Activities Discovery Discovering the values relevant to a project Translation Realizing values in design features –Operationalization ** Finding correct concrete expression of value –Implementation ** Specifying design features per operationalized values Verification Verifying that it worked

Privacy as Contextual Integrity In a given setting, contextual integrity is maintained when norms of information flow -- appropriateness and transmission --are respected; it is violated otherwise.

Norms of Contextual Integrity Norms of Appropriateness –Govern types/categories of information (e.g. fields in a database) Norms of Transmission –Principles governing of flow of information from agent to agent A1 shares info voluntarily with A2 A2 infers information about A1 A1 is mandated to share info with A2 (e.g. earnings to IRS) Confidentiality: A1 shares with A2; A2 may not share further Commercial exchange: A2 buys information about A1 Reciprocity? Information about A1 flows to A2; vice versa? Entitlement: A2 is entitled to information about A1 Etc.

Applying CI as a Decision Heuristic A.What is the governing context? B.What type of information is at issue? C.According to what transmission principles (flow and actors)? Red flag if CI is violated.

CI in PORTIA: Current work 1.Refine conceptual framework Book 2.“Proof of Concept” in User spaces Model information flow policies and question selection in context of US Census in terms of norms of information flow (Hawala & Weber) P Cybercrime and cyber-policing 3.Implement CI in PORTIA technical projects Vehicle Safety Communication System (Boneh & Zimmer) P

CI in PORTIA: Future work 1.Conceptual Framework Address problem of conservatism Complete book 2.Analysis of User Spaces More cases (healthcare; cyber-policing) 3.Technical Implementation More cases (“privacy-sensitive data mining”; aggregation and profiling, e.g. Choicepoint, differential authorization)