Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Data and Applications Security Developments and Directions Confidentiality Privacy Trust (CPT) COMPSAC 2005 Dr. Bhavani Thuraisingham The University of Texas at Dallas July 2005 Outline Semantic web as vehicle for collaboration Trustworthy/dependable data management Confidentiality Data Mining and Privacy Platform for Privacy Preferences Trust Management Coalition Policy Architecture Layered Architecture for Dependable Semantic Web 0Adapted from Tim Berners Lee’s description of the Semantic Web S E C U R I T Y P R I V A C Y Logic, Proof and Trust Rules/Query RDF, Ontologies Other Services XML, XML Schemas URI, UNICODE 0 Some Challenges: Interoperability between Layers; Security and Privacy cut across all layers; Integration of Services; Composability Relationships between Dependability, Confidentiality, Privacy, Trust Privacy Confidentiality Dependability Trust Dependability: Security, Privacy, Trust, Real-time Processing, Fault Tolerance; also sometimes referred to as “Trustworthiness” Confidentiality: Preventing the release of unauthorized information considered sensitive Privacy: Preventing the release of unauthorized information about individuals considered sensitive Trust: Confidence one has that an individual will give him/her correct information or an individual will protect sensitive information Some Confidentiality Models: RBAC and UCON Access Control Models by Sandhu et al RBAC (Role-based access control): - Access to information sources including structured and unstructured data both within the organization and external to the organization depending on user roles UCON: Usage Control - Policies of authorizations, Obligations and Conditions - Authorization decisions are determined by policies of the subject, objects and right Obligations are actions that are required to be performed before or during the access process - Conditions are environment restrictions that are required to be valid before or during the access process - Security/Inference Control (for Semantic Web) Interface to the Client Security Engine/ Rules Processor Policies Ontologies Rules Semantic Web Engine XML, RDF Documents Web Pages, Databases Data Mining as a Threat to Privacy Data mining gives us “facts” that are not obvious to human analysts of the data Can general trends across individuals be determined without revealing information about individuals? Possible threats: Combine collections of data and infer information that is private Disease information from prescription data Military Action from Pizza delivery to pentagon Need to protect the associations and correlations between the data that are sensitive or private - Some Privacy Problems and Potential Solutions Problem: Privacy violations that result due to data mining - Potential solution: Privacy-preserving data mining Problem: Privacy violations that result due to the Inference problem - Inference is the process of deducing sensitive information from the legitimate responses received to user queries - Potential solution: Privacy Constraint Processing Problem: Privacy violations due to un-encrypted data - Potential solution: Encryption at different levels Problem: Privacy violation due to poor system design - Potential solution: Develop methodology for designing privacyenhanced systems Privacy Preserving Data Mining Prevent useful results from mining - Introduce “cover stories” to give “false” results - Only make a sample of data available so that an adversary is unable to come up with useful rules and predictive functions Randomization - Introduce random values into the data and/or results - Challenge is to introduce random values without significantly affecting the data mining results - Give range of values for results instead of exact values Secure Multi-party Computation - Each party knows its own inputs; encryption techniques used to compute final results Platform for Privacy Preferences (P3P): What is it? P3P is an emerging industry standard that enables web sites t9o express their privacy practices in a standard format - When a user enters a web site, the privacy policies of the web site is conveyed to the user - If the privacy policies are different from user preferences, the user is notified; User can then decide how to proceed The format of the policies can be automatically retrieved and understood by user agents Main difference between privacy and security - User is informed of the privacy policies - User is not informed of the security policies Privacy Problem as a form of Inference Problem Privacy constraints - Content-based constraints; association-based constraints Privacy controller - Augment a database system with a privacy controller for constraint processing and examine the releasability of data/information (e.g., release constraints) Use of conceptual structures to design applications with privacy in mind (e.g., privacy preserving database and application design) The web makes the problem much more challenging than the inference problem we examined in the 1990s! Is the General Privacy Problem Unsolvable? Privacy Control Interface to the Semantic Web Privacy Engine/ Rules Processor Policies Ontologies Rules Client accessing the Web site XML, RDF Documents Trust Management Trust Services - Identify services, authorization services, reputation services Trust negotiation (TN) Digital credentials, Disclosure policies TN Requirements - Language requirements Semantics, constraints, policies System requirements Credential ownership, validity, alternative negotiation strategies, privacy Example TN systems KeyNote and Trust-X (U of Milan), TrustBuilder (UIUC) - - Trust Management Process Coalition CPT Policy Integration Architecture CPT Policies for Coalition Export CPT Policies Export CPT Policies Export CPT Policies Component CPT Policies for Agency A Component CPT Policies for Agency C Component CPT Policies for Agency B