maintaining privacy on derived objects
play

Maintaining Privacy on Derived Objects N. Zannone a b and S. Jajodia - PowerPoint PPT Presentation

May 01, 2023 •442 likes •689 views

Maintaining Privacy on Derived Objects N. Zannone a b and S. Jajodia b and F. Massacci a and D. Wijesekera b a Dep. of Information and Communication Technology, University of Trento b Center for Secure Information Systems, George Mason University

  1. Maintaining Privacy on Derived Objects N. Zannone a b and S. Jajodia b and F. Massacci a and D. Wijesekera b a Dep. of Information and Communication Technology, University of Trento b Center for Secure Information Systems, George Mason University N. Zannone, WPES – 7 November 2005 Maintaining Privacy on Derived Objects – p.1

  2. Summary Access Control & Privacy Access Control Policies and User Preferences Information Flow Control Creating objects Conditions for creating objects Authorizations on derived objects Derivation Tree Conclusion and future work N. Zannone, WPES – 7 November 2005 Maintaining Privacy on Derived Objects – p.2

  3. Access Control Essential for building secure information systems Protect the confidentiality of information An authorization is a triple of the form ( o, s, � sign � a ) ( o, s, + a ) : subject s is authorized to execute action a on object o ( o, s, − a ) : subject s is denied to execute action a on object o Authorization frameworks manage access to data by users For any access request, exactly one decision (allowed/denied) is provided N. Zannone, WPES – 7 November 2005 Maintaining Privacy on Derived Objects – p.3

  4. Privacy “Privacy is the right of individuals to determine for themselves when, how, and to what extent information about them is communicated to others” Alan Westin a Data owners directly specify their preferences Who can access their information How it can be used a Professor of Public Law and Government at Columbia University N. Zannone, WPES – 7 November 2005 Maintaining Privacy on Derived Objects – p.4

  5. Access Control Policies Determine which entities are entitled to access an object and which actions they can perform on it Defined by the system administrator in agreement with enterprise policies An access control policy is a set of positive authorizations policy ( o ) = { ( s, a ) | ( o, s, a ) ∈ AUTH + } policy ( o ) returns the access control list associated with o N. Zannone, WPES – 7 November 2005 Maintaining Privacy on Derived Objects – p.5

  6. User Preferences A data owner may want to maintain permissions on his objects to check that they are not misused A data owner may want to restrict authorizations on his objects These represent user preferences and can be modeled through two sets of authorizations At least policy policy ≤ ( o ) returns the authorizations that o should have At most policy policy ≥ ( o ) returns the authorizations that o at most can have have N. Zannone, WPES – 7 November 2005 Maintaining Privacy on Derived Objects – p.6

  7. Access Control Policy vs User Preferences User preferences represent the range in which authorizations can be granted policy ≥ ( o ) ⊆ policy ( o ) ⊆ policy ≤ ( o ) N. Zannone, WPES – 7 November 2005 Maintaining Privacy on Derived Objects – p.7

  8. Zombie Objects Conflicts can arise between enterprise policies and user preferences Zombie objects : access control does not comply with user preferences Every access to zombie objects is blocked until conflicts are resolved policy ( o ) ⊆ / policy ≤ ( o ) policy ≥ ( o ) ⊆ / policy ( o ) N. Zannone, WPES – 7 November 2005 Maintaining Privacy on Derived Objects – p.8

  9. Information Flow Control Information systems manipulate information The outcome of a data processing can be seen as a new object Derived objects contain information belonging to the objects used to derive it Information systems may release information as part of their functionalities Need to introduce information flow control Ensure that information are not disclosed to unauthorized entities N. Zannone, WPES – 7 November 2005 Maintaining Privacy on Derived Objects – p.9

  10. Creating objects Information systems support data processing for manipulating information Represent data processing as function e. g., f ( s, o 1 , . . . , o m ) = o For enforcing data protection, we should answer Is the subject s entitled to create the derived object o ? Who is authorized to access the derived object o ? N. Zannone, WPES – 7 November 2005 Maintaining Privacy on Derived Objects – p.10

  11. Conditions for Creating Objects Subjects may need to use exiting objects Only users that play a certain role or belong to a certain group may be entitled to create the object Make explicit the conditions under which a subject can create an object  o if C is true  f ( s, o 1 , . . . , o m ) = ⊥ otherwise  C represents the condition that must be satisfied ⊥ means that object o cannot be created N. Zannone, WPES – 7 November 2005 Maintaining Privacy on Derived Objects – p.11

  12. Authorizations on Derived Objects Once an object is created, we should associate with the object Access control policy User preferences The derived object is not independent from the objects used to derived it The policies should take into account the authorizations associated with the objects used to derive it Not all data processing disclose information Taxonomy of functions disclosure functions non disclosure functions N. Zannone, WPES – 7 November 2005 Maintaining Privacy on Derived Objects – p.12

  13. Disclosure Functions (I) Derived objects disclose information about the objects used to create it The policy associated with the object is the intersection of the policies associated with the objects used to derive it Some information must be disclosed for satisfying availability requirements Privacy Act allows an agency to disclose data without the consent of the data owner to those officers and employees of the agency who need the data to perform their duties Some accesses should be restricted A bank does not consider “reasonable” that a client modifies his account balance by himself N. Zannone, WPES – 7 November 2005 Maintaining Privacy on Derived Objects – p.13

  14. Disclosure Functions (II) Access control policy � � � � � policy ( f DF ( s, o 1 , . . . , o m )) = i ∈ [1 ,...,m ] policy ( o i ) ∪P 1 \P 2 P 1 is the policy used to grant access for guaranteeing availability requirements P 2 is the policy used to limit the access to the object User preferences policy ≥ ( f DF ( s, o 1 , . . . , o m )) = � i ∈ [1 ,...,m ] policy ≥ ( o i ) policy ≤ ( f DF ( s, o 1 , . . . , o m )) = � i ∈ [1 ,...,m ] policy ≤ ( o i ) N. Zannone, WPES – 7 November 2005 Maintaining Privacy on Derived Objects – p.14

  15. Disclosure Functions (III) N. Zannone, WPES – 7 November 2005 Maintaining Privacy on Derived Objects – p.15

  16. Conditions Ensure that the derived object is not a zombie objects Access control policy associated with the derived object has to be compared with user preferences ∀ j, i ∈ [1 , . . . , m ] policy ≥ ( o j ) ⊆ policy ( o i ) Zombie N. Zannone, WPES – 7 November 2005 Maintaining Privacy on Derived Objects – p.16

  17. Non Disclosure Function (I) Functions such as statistical operations do not disclose sensitive information The disclosure of information is not sufficient to trace the origin of the information itself Policies can be “relaxed” Privacy Act does not impose any conditions on aggregate statistical data without any personal identifiers N. Zannone, WPES – 7 November 2005 Maintaining Privacy on Derived Objects – p.17

  18. Non Disclosure Function (II) Access control policy � � � � � policy ( f NDF ( s, o 1 , . . . , o m ))= i ∈ [1 ,...,m ] policy ( o i ) ∪P 1 \P 2 P 1 is the policy used to grant access for guaranteeing availability requirements P 2 is the policy used to limit the access to the object User preferences policy ≥ ( f NDF ( s, o 1 , . . . , o m )) = � i ∈ [1 ,...,m ] policy ≥ ( o i ) policy ≤ ( f NDF ( s, o 1 , . . . , o m )) = � i ∈ [1 ,...,m ] policy ≤ ( o i ) N. Zannone, WPES – 7 November 2005 Maintaining Privacy on Derived Objects – p.18

  19. Non Disclosure Functions (III) N. Zannone, WPES – 7 November 2005 Maintaining Privacy on Derived Objects – p.19

  20. Conditions Ensure that the derived object is not a zombie object Access control policy has to be compared with user preferences T i ∈ [1 ,...,m ] policy ≥ ( o i ) ∩ P 2 = ∅ P 1 \ P 2 ⊆ S i ∈ [1 ,...,m ] policy ≤ ( o i ) Zombie N. Zannone, WPES – 7 November 2005 Maintaining Privacy on Derived Objects – p.20

  21. Derivation Trees The outcome of a data processing may be used as input for other data processing The process to derive an object can be seen as a tree Root is the derived object Leaves are primitive objects (i.e. objects not derived by using functions) Edges Disclosure step (full edge) Non disclosure step (dotted edge) N. Zannone, WPES – 7 November 2005 Maintaining Privacy on Derived Objects – p.21

  22. Example f 4 ( u 5 , o 8 ) f 3 ( u 4 , o 5 , o 6 , o 7 ) = o 8 f 1 ( u 1 , o 1 , o 2 ) = o 5 f 1 ( u 2 , o 3 , o 4 ) = o 6 o 7 o 1 o 2 o 3 o 4 N. Zannone, WPES – 7 November 2005 Maintaining Privacy on Derived Objects – p.22

  23. Guaranteeing Data Protection Verify the entire process used to derive the object N. Zannone, WPES – 7 November 2005 Maintaining Privacy on Derived Objects – p.23

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Objects, Design, and Concurrency Achieving and Maintaining Correctness in the Face of Change

Objects, Design, and Concurrency Achieving and Maintaining Correctness in the Face of Change

Principles of Software Construction: Objects, Design, and Concurrency Achieving and Maintaining Correctness in the Face of Change Pt. 2 Josh Bloch Charlie Garrod School of Computer Science 15-214 1 Outline Java programming basics -

879 views • 84 slides
Privacy in Ubiquitous Computing Options, Trends, and Implications of Smart Objects Marc

Privacy in Ubiquitous Computing Options, Trends, and Implications of Smart Objects Marc

Privacy in Ubiquitous Computing Options, Trends, and Implications of Smart Objects Marc Langheinrich Institut fr Pervasive Computing ETH Zrich Februar 11. 2006 ZiF-Workshop: Privacy and 1 Surveillance Technologies Privacy in Ubiquitous

573 views • 32 slides
CMSC 433 Programming Language Technologies and Paradigms Composing Objects Composing Objects

CMSC 433 Programming Language Technologies and Paradigms Composing Objects Composing Objects

CMSC 433 Programming Language Technologies and Paradigms Composing Objects Composing Objects To build systems we often need to Create thread safe objects Compose them in ways that meet requirements while maintaining safety

981 views • 44 slides
Comparison of physical properties of GEO and HEO objects tracking by ISON derived from multiyear

Comparison of physical properties of GEO and HEO objects tracking by ISON derived from multiyear

Comparison of physical properties of GEO and HEO objects tracking by ISON derived from multiyear observation statistics Vladimir Agapov, Zakhary Khutorovsky, Igor Molotov IAC 2012, October 1-5, 2012 Naples, Italy International Scientific

713 views • 27 slides
PRISMACLOUD Privacy and Security Maintaining Services in the Cloud Thomas Loruenser AIT Austrian

PRISMACLOUD Privacy and Security Maintaining Services in the Cloud Thomas Loruenser AIT Austrian

PRISMACLOUD Privacy and Security Maintaining Services in the Cloud Thomas Loruenser AIT Austrian Institute of Technology GmbH FOC2015 Vienna / 17.06.2015 Challenges for Future ICT Systems Cloud computing will be at the heart of future ICT

426 views • 17 slides
Assimilation of 3D Radar Data and Derived Objects on the Convective Scale with an Ensemble-based

Assimilation of 3D Radar Data and Derived Objects on the Convective Scale with an Ensemble-based

Assimilation of 3D Radar Data and Derived Objects on the Convective Scale with an Ensemble-based Data Assimilation System 7 th International Symposium on Data Assimilation 24th of January 2019 RIKEN Center for Computational Science, Kobe, Japan

570 views • 20 slides
Maintaining Data Privacy in Association Rule Mining Shariq Rizvi Indian Institute of Technology,

Maintaining Data Privacy in Association Rule Mining Shariq Rizvi Indian Institute of Technology,

Maintaining Data Privacy in Association Rule Mining Shariq Rizvi Indian Institute of Technology, Bombay Joint work with: Jayant Haritsa Indian Institute of Science August 2002 MASK Presentation (VLDB) 1 A Typical Web-Service Form August

885 views • 42 slides
Omnipresence of Computers Privacy in a World of Smart Objects Friedemann Mattern ETH Zrich E

Omnipresence of Computers Privacy in a World of Smart Objects Friedemann Mattern ETH Zrich E

Omnipresence of Computers Privacy in a World of Smart Objects Friedemann Mattern ETH Zrich E E E ET TH T T H H H Eidgenssische Berliner Kolloquium Mai 2001 Technische Hochschule Zrich Computers - a Clear Trend One computer

876 views • 62 slides
Hoilec Closures, thunks, and objects Theory of Programming Languages Computer Science Department

Hoilec Closures, thunks, and objects Theory of Programming Languages Computer Science Department

Maintaining state Promises Object-Oriented in Hoilec Interpreter Discussion Hoilec Closures, thunks, and objects Theory of Programming Languages Computer Science Department Wellesley College Maintaining state Promises Object-Oriented in

459 views • 11 slides
61A Lecture 12 Announcements Objects (Demo) Objects 4 Objects Objects represent

61A Lecture 12 Announcements Objects (Demo) Objects 4 Objects Objects represent

61A Lecture 12 Announcements Objects (Demo) Objects 4 Objects Objects represent information 4 Objects Objects represent information They consist of data and behavior, bundled together to create abstractions 4 Objects

1.66k views • 132 slides
Pocket informers: Privacy problems with portable communication objects Mathieu Cunche

Pocket informers: Privacy problems with portable communication objects Mathieu Cunche

Pocket informers: Privacy problems with portable communication objects Mathieu Cunche mathieu.cunche@inria.fr @Cunchem INSA-Lyon CITI, Inria Privatics 10th European e-Accessibility Forum e-Accessibility in a connected world 30 May 2016,

347 views • 18 slides
$ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that

$ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that

Presentation Slides $ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that involves the rights of individuals in relation to information about them that is circulating in society. why privacy is an

318 views • 13 slides
Mutable Values Announcements Objects (Demo) Objects 4 Objects Objects represent

Mutable Values Announcements Objects (Demo) Objects 4 Objects Objects represent

Mutable Values Announcements Objects (Demo) Objects 4 Objects Objects represent information 4 Objects Objects represent information They consist of data and behavior, bundled together to create abstractions 4 Objects

2.23k views • 197 slides
Statistical Databases Query Auditing Li Xiong CS573 Data Privacy and Anonymity Partial

Statistical Databases Query Auditing Li Xiong CS573 Data Privacy and Anonymity Partial

Statistical Databases Query Auditing Li Xiong CS573 Data Privacy and Anonymity Partial slides credit: Vitaly Shmatikov, Univ Texas at Austin Query Audit Problem Maintaining privacy of data Auditor Q 1 Q 2 Q n Database

305 views • 27 slides
Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in vehicular networks; Security and Cooperation in Wireless Networks Georg-August University Gttingen Chapter outline 1 Important privacy related

1.12k views • 33 slides
Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy -

Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy -

CISPA Center for IT Security, Privacy and Accountabiltiy Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals, groups, or institutions to determine for themselves when,

573 views • 26 slides
CAN-FD FILTER FOR CLASSICAL CAN DEVICES VIENNA 27 OCTOBER 2015 BY KENT LENNARTSSON , kl@kvaser.com

CAN-FD FILTER FOR CLASSICAL CAN DEVICES VIENNA 27 OCTOBER 2015 BY KENT LENNARTSSON , kl@kvaser.com

CAN-FD FILTER FOR CLASSICAL CAN DEVICES VIENNA 27 OCTOBER 2015 BY KENT LENNARTSSON , kl@kvaser.com KVASER AB WWW.KVASER.COM THE CLASSICAL-CAN PROBLEM: A RECEIVED CAN-FD FRAMES WILL CAUSE ERROR-FRAMES THE LOGICAL FILTER WILL PREVENT CAN-FD

893 views • 56 slides
Update on RFFAG ring for STORM JB. Lagrange, J. Pasternak Imperial College Outline Enge

Update on RFFAG ring for STORM JB. Lagrange, J. Pasternak Imperial College Outline Enge

Update on RFFAG ring for STORM JB. Lagrange, J. Pasternak Imperial College Outline Enge fringe field fall-offs Change in the lattice Design of the straight magnets Collaboration JB Lagrange - phone meeting - 07/02/14 2 Outline Enge

446 views • 18 slides
nuSTORM RFFAG solution JB. Lagrange, J. Pasternak Imperial College, UK/Fermilab, USA 1 Outline

nuSTORM RFFAG solution JB. Lagrange, J. Pasternak Imperial College, UK/Fermilab, USA 1 Outline

nuSTORM RFFAG solution JB. Lagrange, J. Pasternak Imperial College, UK/Fermilab, USA 1 Outline Doublet solution Triplet solution Injection Improvements JB Lagrange - nuFACT 14 - August 2014 2 Outline Doublet solution Triplet

454 views • 29 slides
Latest developments in the Spectroscopy of Heavy Hadrons Fulvia De Fazio INFN - Bari Questi

Latest developments in the Spectroscopy of Heavy Hadrons Fulvia De Fazio INFN - Bari Questi

Latest developments in the Spectroscopy of Heavy Hadrons Fulvia De Fazio INFN - Bari Questi tion: recent discoveries in charm(onium) and bottom (onium) spectra might be exotic states? Collaborators: P. Colangelo, R. Ferrandes, S. Nicotri, A.

893 views • 64 slides
Towards Improving and Understanding the Timing of PSR J07373039B Aristeidis Noutsos MPIfR

Towards Improving and Understanding the Timing of PSR J07373039B Aristeidis Noutsos MPIfR

Max-Planck-Institut fr Radioastronomie Towards Improving and Understanding the Timing of PSR J07373039B Aristeidis Noutsos MPIfR Collaborators: G. Desvignes, M. Kramer, N. Wex, P . C. C. Freire, I. H. Stairs, M. A. McLaughlin, R. N.

292 views • 11 slides
ISPE Comments FDA Public Meeting August 24, 2015 ISPE appreciates the opportunity to provide

ISPE Comments FDA Public Meeting August 24, 2015 ISPE appreciates the opportunity to provide

ISPE Comments FDA Public Meeting August 24, 2015 ISPE appreciates the opportunity to provide comments during the public meeting. Comments represent input from ISPE membership and are largely based on objective experience gained through Wave

528 views • 15 slides
Tracking the Norm with ` 2 Constant Update Time Chi-Ning Chou Zhixian Lei

Tracking the Norm with ` 2 Constant Update Time Chi-Ning Chou Zhixian Lei

<latexit

1.55k views • 121 slides
Load Balancing and Data Migration in a Hybrid Computational Fluid Dynamics Application Esteban

Load Balancing and Data Migration in a Hybrid Computational Fluid Dynamics Application Esteban

Load Balancing and Data Migration in a Hybrid Computational Fluid Dynamics Application Esteban Meneses Patrick Pisciuneri Center for Simulation and Modeling (SaM) University of Pittsburgh University of Pittsburgh High Performance

366 views • 24 slides

More recommend