Documente Academic
Documente Profesional
Documente Cultură
Presentation Outline
Privacy: Core Concepts Scenarios and Key Issues Addressed Problem Related Work vs. Our Approach Our Approach: Adaptive Privacy Management Discussion and Open Issues Conclusions
Presentation Outline
Privacy: Core Concepts Scenarios and Key Issues Addressed Problem Related Work vs. Our Approach Our Approach: Adaptive Privacy Management Discussion and Open Issues Conclusions
Privacy Management has Strong Implications on how Personal Identifiable Information (PII data) is Managed by Various Parties Accessing these Data
Privacy Policies:
Personal Data Laws/Legislations Guidelines Preferences
Limited Use
Limited Disclosure Limited Retention
Privacy Policies
Limited Collection
Privacy Rights
Privacy Obligations
Limited Disclosure
Limited Retention
Privacy Policies
Presentation Outline
Privacy: Core Concepts Scenarios and Key Issues Addressed Problem Related Work vs. Our Approach Our Approach: Adaptive Privacy Management Discussion and Open Issues Conclusions
Relevant Scenarios
Enterprise
- Company vs. Private data for Employees - Protection of Customers and Employees Data - Compliance to Legislation
Health Care
- View on Data dependent upon Requestors Roles - Patients Sensitive Data
Information Flow
Enterprise
Role 3
Role 2
Role 1
Application /Service
PEOPLE Personal Data
Key Issues
Data might be accessed and manipulated by multiple employees to fulfil tasks and support/provide information to people with different roles (marketing, management, etc.) These employees actually might not be entitled to access these data, due to data sensitivity/privacy policies However they are the only one that know how to retrieve and manipulate data Access granted to enable Business Processes vs. Privacy Data can be disclosed outside the Enterprise. Privacy Policy Enforcement based on Trust (and Contracts )
Presentation Outline
Privacy: Core Concepts Scenarios and Key Issues Addressed Problem Related Work vs. Our Approach Our Approach: Adaptive Privacy Management Discussion and Open Issues Conclusions
Addressed Problem
Adaptive Privacy Policy Enforcement for Personal Data Stored in Data Repositories: o How to Allow People with Different Roles to Retrieve Relevant Data and, at the same time, Enforce Privacy Policies without Disrupting Business Processes and Interaction Flows? o How to do it in an Inter-Enterprise Context?
Presentation Outline
Privacy: Core Concepts Scenarios and Key Issues Addressed Problem Related Work vs. Our Approach Our Approach: Adaptive Privacy Management Discussion and Open Issues Conclusions
Our Approach
Focus on and Leverage current Data Repositories
Presentation Outline
Privacy: Core Concepts Scenarios and Key Issues Addressed Problem Related Work vs. Our Approach Our Approach: Adaptive Privacy Management Discussion and Open Issues Conclusions
Personal Data is Encrypted and Stored in Data Repositories along with Privacy Policies
Retrieved Data could still be (partially) Encrypted and Strongly Associated to Privacy Policies The actual Visibility (Access) of Encrypted Data is Adaptive, depending on the Requestor, Context, Intent and Purpose Multiple Views on Personal Data
Retrieve/ Disclose Data Repositories
Privacy Policy Package Encrypted Data
Information Flow
Data Repositories
Privacy Policy Package Encrypted Data
Privacy Policy
Package
Encryption Techniques
Privacy Policies
all fields are viewable by members of the customer service department; the credit card number must be readable only by accredited personnel or systems within the account department; the name and address fields may be readable by the advertising department only if approved in the customers data usage preferences
Privacy Policies
all fields are viewable by members of the customer service department; the credit card number must be readable only by accredited personnel or systems within the account department; the name and address fields may be readable by the advertising department only if approved in the customers data usage preferences
custome r name
Customer DB
<extracteddata> <PrivacyManagementService>125.18.219.66</PrivacyManagementService> <mediator>www.policysite.org/mediator.jar</mediator> <record> <customerID>123857841</customerID> <customername>Jane Doe</customername> <customeraddress> <street>123 Long Ave.</street> <city>New York</city> <state>NY</state> <zip>12345-0000</zip> </customeraddress> <customercreditcardnumber> www.policysite.org/12568.pol, MTM0VF9F5E$R96%K#$PCP3$QCP04T#2T </customercreditcardnumber> <customercountry>USA</customercountry> <customerflightpref>Window,Vegitarian</customerflightpref> <customerdatausage>Y</customerdatausage> <customersex>F</customersex> </record> </extracteddata>
Comms
Encryption Module
Deobfuscation Key
A P I
Context Management
Enterprise Polices
Audit Logs
Encrypted Data
Audit Module
Presentation Outline
Privacy: Core Concepts Scenarios and Key Issues Addressed Problem Related Work vs. Our Approach Our Approach: Adaptive Privacy Management Discussion and Open Issues Conclusions
Discussion
Privacy and Confidentiality are enforced even if the Privacy Virtualization System is Bypassed Data are Encrypted The Privacy Management Service(s) can Act as a Trusted Auditing System for Accountability and Compliance Management Verifications Once Data are Disclosed they can be Misused : Auditing as a Risk Mitigation Mechanism We have all the Technological Components to Build a Prototype: Database Mediator (Proxy), IBE/Crypto Libraries and Auditing Systems
Lifecycle Management of Privacy Policies associated to Data: need for Tools to Simplify their Management and Update Performance Issues: To be fully Investigated once our Prototype is Available Future Work: build a Prototype, Research and Explore how to better Address these Open Issues, in Real-World Contexts
Presentation Outline
Privacy: Core Concepts Scenarios and Key Issues Addressed Problem Related Work vs. Our Approach Our Approach: Adaptive Privacy Management Discussion and Open Issues Conclusions
Conclusions
Importance of Enforcing Privacy and, at the same time, enable Business Interactions We propose a Privacy Management System to enable Adaptive, Incremental Disclosure of Personal Data based on Privacy Policies All technological components are Available at HPL Open Issues: Policy and Key Lifecycle Management and Performance Next Steps: build working Prototype and Make Experiment in Real-world Contexts
It is Work in Progress
Backup Slides
It is an Emerging Cryptography Technology Based on a Three-Player Model: Sender, Receiver, Trust Authority (Trusted Third Party) Same Strength of RSA Different Approaches: Quadratic Residuosity, Weil Pairing, Tate Pairing SW Library and Technology available at HP Laboratories
1st Property: any kind of String (or sequence of bytes) can be used as an IBE encryption key: for example a Role, an e-Mail Address, a Picture, a Disclosure Time, Terms and Conditions, a Privacy Policy
2nd Property: the generation of IBE decryption keys can be postponed in time, even long time after the generation of the correspondent IBE encryption key 3rd Property: reliance on at least a trust authority (trusted third party) for the generation of IBE decryption key
Bob
5. Bob requests the Decryption Key associated to the Encryption Key to the relevant Trust Authority.
2. Alice knows the Trust Authority's published value of Public Detail N It is well known or available from reliable source 3. Alice chooses an appropriate Encryption Key. She encrypts the message: Encrypted message
6. The Trust Authority issues an IBE Decryption Key Trust 1 corresponding to the supplied Authority Encryption Key only if it is happy with Bobs 1. Trust Authority entitlement to the Decryption Key. - Generates and It needs the Secret to perform the protects a Secret computation. - Publishes a Public Detail N