Presentation is loading. Please wait.

Presentation is loading. Please wait.

17/09/2018 The Importance of Accountability and Enforceability of Enterprise Privacy Languages Going to pick up on some of the issues that Steve talked.

Published by혜수 기 Modified over 6 years ago

Similar presentations

Presentation on theme: "17/09/2018 The Importance of Accountability and Enforceability of Enterprise Privacy Languages Going to pick up on some of the issues that Steve talked."— Presentation transcript:

1 17/09/2018 The Importance of Accountability and Enforceability of Enterprise Privacy Languages Going to pick up on some of the issues that Steve talked about: Personal privacy Policy management and enforcement ID management And briefly explain the research I’ve been doing in this area over the last few months Dr Siani Pearson Trusted Systems Laboratory HP Labs, Bristol, UK 19th June 2003 HP template

2 Siani Pearson, W3C Workshop on the Future of P3P
Contents Why is technological enforcement important? How does this affect privacy policy languages? What type of enforcement and accountability mechanisms can be used? Can we define richer privacy policies to help protect info? How can the sender of data be assured that its handling will be according to policy? 17/09/2018 Siani Pearson, W3C Workshop on the Future of P3P

3 Why have technological enforcement?
17/09/2018 Siani Pearson, W3C Workshop on the Future of P3P

4 Benefits of enforceability
Languages should be enforceable Need to keep policy associated with data Server could lie about privacy policy Do natural language policies correspond to how the system behaves? Social pressure only goes so far Legal agreements aren’t always enough Very sensitive information New business scenarios e.g. mobile Flexible, dynamic, new business partners Infringements can go unnoticed Underdog: difficult/slow to pursue through courts Privacy laws can encourage and even require PET 17/09/2018 Siani Pearson, W3C Workshop on the Future of P3P

5 Siani Pearson, W3C Workshop on the Future of P3P
17/09/2018 Further benefits Enables citizens and consumers to participate confidently in digital economy 34% of users who don’t buy online would do so with better privacy Basis for trust & privacy cert. Best practice, data protection & conformance with corporate privacy policy/privacy laws Can prevent accidental/deliberate infringements of privacy policies 17/09/2018 Siani Pearson, W3C Workshop on the Future of P3P HP template

6 Implications for privacy policy language
17/09/2018 Implications for privacy policy language 17/09/2018 Siani Pearson, W3C Workshop on the Future of P3P HP template

7 Implications for the policy language
17/09/2018 Implications for the policy language More expressive language, beyond normal access controls, e.g. if/how data can be forwarded displayed on another machine’s screen properties the receiving machine should have e.g. certain level of trustworthiness of design (can it enforce policies?) software state & config (will it?) execution environment protection of stored data 17/09/2018 Siani Pearson, W3C Workshop on the Future of P3P HP template

8 Siani Pearson, W3C Workshop on the Future of P3P
17/09/2018 Example One “data can only be displayed on a given device used by a given user if it is either not sensitive or else the device is trusted and the environment has a trust rating of at least 3 and the user fulfils the role of a customer relations member”  can_do(display(Data, Current_device, User)):- ¬is_sensitive(Data) v (trusted_platform(Current_device) & env_trust_level(3) & role(User, customer_relations)) 17/09/2018 Siani Pearson, W3C Workshop on the Future of P3P HP template

9 Siani Pearson, W3C Workshop on the Future of P3P
Example Two Complexity, competences, security => enforcement of high level privacy languages at different levels <sticky policy> // privacy policy <attribute> // name of the attribute Data </attribute> <owner> <reference name> pseudonym1 </reference name> //reference name – encryption key <owner’s details> //encrypted owner’s call back address encrypted call back address <owner’s details> </owner> <validity> expiration date </validity> <action> notify_owner_before_disclosure </action> <constraint> // constraint that can be easily checked by TTP X.509_authentication_required & receiver.DN != (“ACME.com”) </constraint> < constraint> // constraint targeted to check the potential trustworthiness of remote platform or its owner before // permitting decrypt ion of the data on the remote platform can_do(read(Data, Remote_device)):- (trusted_platform(Remote_device) & trusted_state(Remote_device)) v owner_cert(Remote_device) </sticky policy> 17/09/2018 Siani Pearson, W3C Workshop on the Future of P3P

10 Implications for the policy language (2)
17/09/2018 Implications for the policy language (2) The exact constructs to be included depends upon what people want to express to protect their data corporate, consumer, community, citizen,… Allows varying levels of trust that the system will respect privacy policies associated with data Option to negotiate partial disclosure of info Technology can help certify reliability of such info e.g. generalisation, ranges, selective/anonymised disclosure ? 17/09/2018 Siani Pearson, W3C Workshop on the Future of P3P HP template

11 Siani Pearson, W3C Workshop on the Future of P3P
17/09/2018 Progression STAGE 1: Policies expressed in natural language; reliance on law for enforcement STAGE 2 (P3P now): machine support for warning users where their privacy requirements conflict with a web site’s policy; automated negotiation STAGE 3(+): range of choices offered to users, inc. sensitive data sent only if given degree of trust, enforcement and accountability in receiver’s system data modified to minimise privacy risks sent no data sent / negotation of benefits if data sent anyway 17/09/2018 Siani Pearson, W3C Workshop on the Future of P3P HP template

12 Enforceability mechanisms
17/09/2018 Enforceability mechanisms 17/09/2018 Siani Pearson, W3C Workshop on the Future of P3P HP template

13 Enforcement of privacy policies
17/09/2018 Enforcement of privacy policies Via trusted hardware component & extended OS Strongly associate privacy policies to confidential data => block attempts to remove policy Policy enforcement across multiple apps and enterprise boundaries Create end-to-end privacy policy enforcement framework that cannot be easily circumvented 17/09/2018 Siani Pearson, W3C Workshop on the Future of P3P HP template

14 Building blocks towards privacy
17/09/2018 Building blocks towards privacy Trusted platforms provide: Protection for users’ secrets Can prevent the revelation of secrets unless the software state is in an approved state Potential for remote trust … while avoiding user’s loss of choice and control Binds secrets to platform Users or enterprises can recognise that a platform has known properties and will behave as expected 17/09/2018 Siani Pearson, W3C Workshop on the Future of P3P HP template

15 Use of trusted platforms
17/09/2018 Use of trusted platforms Trusted platforms provide building blocks for privacy without dictating architecture of resulting systems designed in full support of data protection legislation Enable a user to have more confidence in the behaviour of the platform in front of them (or remote) trust a platform to handle private data whether privacy mechanisms work Doesn’t provide a complete privacy solution legislation e.g. re. treatment of personal information given when applying for credentials other mechanisms e.g. identity management 17/09/2018 Siani Pearson, W3C Workshop on the Future of P3P HP template

16 Enforceability via data tagging
17/09/2018 Enforceability via data tagging Data comes with tags Data owners’ policy and privacy policies enforced by OS irrespective of application behaviour Tags follow data across the network Tags follow data through multiple applications Policies specify what controls to apply e.g. HP Confidential shouldn’t leave the company unencrypted Policies applied to tagged data Works on all applications Transparent and automatic application of policies 17/09/2018 Siani Pearson, W3C Workshop on the Future of P3P HP template

17 Accountable identity management
17/09/2018 Accountable identity management Ensure that all entities that access confidential data are accountable In certain contexts a user is given extra confidence that their data will be used in accordance with their policy In other contexts this may not be possible: better audit trail if user still wants to reveal data Models with or without IBE Tampering with policies prevents access to data Policy compliance can be checked by TTPs With IBE, TA used to enforce policies 17/09/2018 Siani Pearson, W3C Workshop on the Future of P3P HP template

18 Accountable management of identities/data
17/09/2018 Accountable management of identities/data User Enterprise Negotiation of Privacy Policy Provision of Identity & Profile Data Identity/ Profile Disclosure Multiparty Transaction / Interaction Policies Services Tracing, Fraud Detection, Forensic Analysis 17/09/2018 Siani Pearson, W3C Workshop on the Future of P3P HP template

19 Mobility: a special case
17/09/2018 Mobility: a special case 17/09/2018 Siani Pearson, W3C Workshop on the Future of P3P HP template

20 Using someone else’s infrastructure
17/09/2018 Using someone else’s infrastructure network Home platform Distributed private information Sensitivity Storage …. Data Attributes Policy-based Decision Engine Policy Context Characteristics Trust level Environment 17/09/2018 Siani Pearson, W3C Workshop on the Future of P3P HP template

21 Siani Pearson, W3C Workshop on the Future of P3P
17/09/2018 Conclusions Policy languages should allow specification of the use of trust and security techniques In certain cases there is a need for such privacy languages to be enforced (end-to-end) Another important aspect is management of accountability across enterprises wrt policy enforcement Technology exists to address these problems at different levels simple, integrated tools for users and administrators are needed 17/09/2018 Siani Pearson, W3C Workshop on the Future of P3P HP template

22 17/09/2018 HP template

23 Enforceability via “trusted computing”
17/09/2018 Enforceability via “trusted computing” Can I trust you to behave in an expected manner? Can I trust you to protect my data I want to know that my data is protected on my PC and when I’m interacting with other platforms on the ‘net. Put everyone in the position where they can say: I can protect my data I can find out whether my platform is in a trustworthy state I have the means to decide whether it’s reasonable for me to trust other platforms Do I have confidence in interacting with this platform? Can I trust you to be what you say you are? 17/09/2018 Siani Pearson, W3C Workshop on the Future of P3P HP template

24 Privacy-positive design
17/09/2018 Privacy-positive design Owner control Ultimate TPM functionality control goes to the Owner TPM activation controlled by the Owner, and deactivation available to the user Owner chooses Privacy-CAs involved in issuing IDs Pseudonymity No single TPM “identity” is ever used across transactions Multiple pseudonymous IDs (limits correlation) Owner control over: Generation of IDs Remote control of the TPM enabled by challenge response protocols for authorization mechanisms 17/09/2018 Siani Pearson, W3C Workshop on the Future of P3P HP template

25 Fear, uncertainty and doubt
17/09/2018 Fear, uncertainty and doubt All software that can execute on a trusted platform would have to be certified by some agency (Not true) Unapproved software can’t execute on a trusted platform (Not true) The technology can’t be completely disabled (Not true) Open-source software can’t work on trusted platforms (Not true) Trusted platforms are designed to reinforce existing monopolies (Not true) Trusted platforms are designed for Digital Rights Management (Not true) Most of the public discussion is uninformed and demonstrably factually incorrect. It’s perfectly reasonable for people to worry about a powerful technology, and it’s natural for them to assume the worst when there is an information vacuum. The problem is that the technology is still in its infancy. The industry worked out the value propositions for organisations and enterprises, but propositions for consumers is much more complex. Trusted Platforms aren’t yet intended for the consumer market, just for the enterprise market. Very few people think it’s a bad thing that a computer can protect its data. TCG just provides protection mechanisms, and gives full control of those mechanisms to the platform owner. The platform owner must activate the technology, and controls who can use the technology. Lots of FUD about trusted computing in the open source community. Fears that software must be certified by TCG are completely unfounded. TCG doesn’t certify any software – all that TCG does is publish specifications for a TPM, a TSS, and Protection Profiles. Anyone may attest to any software 17/09/2018 Siani Pearson, W3C Workshop on the Future of P3P HP template

Download ppt "17/09/2018 The Importance of Accountability and Enforceability of Enterprise Privacy Languages Going to pick up on some of the issues that Steve talked."

Similar presentations

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.
Copyright© 2005-2006 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 Tightening the Network: Network.

Copyright© Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 Tightening the Network: Network.
Chapter 17 Controls and Security Measures

Chapter 17 Controls and Security Measures
On Privacy-aware Information Lifecycle Management (ILM) in Enterprises: Setting the Context Marco Casassa Mont Hewlett-Packard.

On Privacy-aware Information Lifecycle Management (ILM) in Enterprises: Setting the Context Marco Casassa Mont Hewlett-Packard.
Sophos / Utimaco Data Loss Prevention Peter Szendröi, SOPHOS Nordics Jan 20, 2010.

Sophos / Utimaco Data Loss Prevention Peter Szendröi, SOPHOS Nordics Jan 20, 2010.
02/12/00 E-Business Architecture

02/12/00 E-Business Architecture
Using Digital Credentials On The World-Wide Web M. Winslett.

Using Digital Credentials On The World-Wide Web M. Winslett.
P3P: Platform for Privacy Preferences Charlin Lu Sensitive Information in a Wired World November 11, 2003.

P3P: Platform for Privacy Preferences Charlin Lu Sensitive Information in a Wired World November 11, 2003.
Trusted Computing Platform Alliance – Introduction and Technical Overview – Joe Pato HP Labs MIT 6.805/6.857 17 October 2002.

Trusted Computing Platform Alliance – Introduction and Technical Overview – Joe Pato HP Labs MIT 6.805/ October 2002.
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
Securing Information Transfer in Distributed Computing Environments AbdulRahman A. Namankani.

Securing Information Transfer in Distributed Computing Environments AbdulRahman A. Namankani.
Cloud Usability Framework

Cloud Usability Framework
Chapter 20 20-1 © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Identity Management Marco Casassa Mont Trusted E-Services Lab Hewlett-Packard Laboratories Bristol, UK June 2002.

Identity Management Marco Casassa Mont Trusted E-Services Lab Hewlett-Packard Laboratories Bristol, UK June 2002.
Trusted Computing BY: Sam Ranjbari Billy J. Garcia.

Trusted Computing BY: Sam Ranjbari Billy J. Garcia.
Auditing Information Systems (AIS)

Auditing Information Systems (AIS)
COMP1321 Networks in Organisations Richard Henson March 2014.

COMP1321 Networks in Organisations Richard Henson March 2014.
出處 :2010 2nd International Conference on Signal Processing Systems (ICSPS) 作者 :Zhidong Shen 、 Qiang Tong 演講者 : 碩研資管一甲 吳俊逸.

出處 :2010 2nd International Conference on Signal Processing Systems (ICSPS) 作者 :Zhidong Shen 、 Qiang Tong 演講者 : 碩研資管一甲 吳俊逸.
Group D Privacy with accountability, auditability and transparency.

Group D Privacy with accountability, auditability and transparency.

Similar presentations

Ads by Google