minimal disclosure in hierarchical hippocratic databases
play

Minimal Disclosure in Hierarchical Hippocratic Databases with - PowerPoint PPT Presentation

Aug 15, 2022 •239 likes •536 views

Minimal Disclosure in Hierarchical Hippocratic Databases with Delegation Nicola Zannone Dep. of Information and Communication Technology University of Trento joint work with Fabio Massacci and John Mylopoulos N. Zannone, ESORICS05

  1. Minimal Disclosure in Hierarchical Hippocratic Databases with Delegation Nicola Zannone Dep. of Information and Communication Technology University of Trento joint work with Fabio Massacci and John Mylopoulos N. Zannone, ESORICS’05 – September 12 - 14, 2005 Minimal Disclosure – p.1

  2. Motivation Privacy and data protection is becoming essential in IS Customers viewpoint Protect their personal sensible information Enterprises viewpoint Losing market share Many countries have promulgated privacy legislation The US Privacy Act of 1974 The EU Directives on Privacy of 1995 Privacy principles Purpose specification Consent Minimal collection Minimal disclosure Limited retention N. Zannone, ESORICS’05 – September 12 - 14, 2005 Minimal Disclosure – p.2

  3. Running Example Mississippi: an on-line bookseller Purchase: delivery, credit assessment, and notification Delivery: direct delivery or by post Notification: by email or by fax Information: name, shipping address, and credit card info Worldwide Express (WWEx): a delivery company Direct delivery: door-to-door delivery Information: name, shipping address Local Delivery Companies (LDCs): Door-to-door delivery Information: name, shipping address Credit Card Company (CCC): Credit assessment: credit rating, credit resolution Information: name, credit card info, transaction Credit Rating Company (CRC): Credit rating Information: credit card info, transaction N. Zannone, ESORICS’05 – September 12 - 14, 2005 Minimal Disclosure – p.3

  4. Summary Hippocratic Databases Hierarchy of Purposes Minimum Cost Algorithms Minimal Authorization Table Conclusion and future work N. Zannone, ESORICS’05 – September 12 - 14, 2005 Minimal Disclosure – p.4

  5. Hippocratic Databases Privacy-aware technology Use purpose as a central concept special attribute occurring in every table of the database associated with each piece of data Together with purpose, collect external-recipients: the actors to whom data items can be disclosed retention-period: the period during which data items should be maintained in the database authorized-users: the users entitled to access data items Metadata Schema Privacy Policy Table Privacy Authorization Table N. Zannone, ESORICS’05 – September 12 - 14, 2005 Minimal Disclosure – p.5

  6. Privacy Policy Table Contains the privacy policies of the enterprise Stores purpose external-recipients retention-period N. Zannone, ESORICS’05 – September 12 - 14, 2005 Minimal Disclosure – p.6

  7. Privacy Policy Table purpose table attribute external-recipients retention purchase customer name 1 month empty purchase customer address 1 month empty purchase customer email 1 month empty purchase customer fax-number 1 month empty purchase customer credit-card-info 1 month empty purchase order transaction 1 month empty purchase order status 1 month empty delivery customer name 1 month empty delivery customer address 1 month empty direct delivery customer name { delivery-company } 1 month direct delivery customer address { delivery-company } 1 month delivery by post customer name { post-office } 1 month delivery by post customer address { post-office } 1 month credit-assessment customer name { credit-card-company } 1 month credit-assessment customer credit-card-info { credit-card-company } 1 month credit-assessment order transaction { credit-card-company } 1 month notification customer name 1 month empty notification customer email 1 month empty notification customer fax-number 1 month empty notification order status 1 month empty notification by email customer name 1 month empty notification by email customer email 1 month empty notification by email order status 1 month empty notification by fax customer name 1 month empty notification by fax customer fax-number 1 month empty notification by fax order status 1 month empty N. Zannone, ESORICS’05 – September 12 - 14, 2005 Minimal Disclosure – p.7

  8. Privacy Authorization Table Contains the access controls policies that implement privacy policies Represents the effective disclosure of information Created from Privacy Policy Table by instantiating each external recipient with the corresponding users. Stores purpose authorized-users N. Zannone, ESORICS’05 – September 12 - 14, 2005 Minimal Disclosure – p.8

  9. Privacy Authorization Table purpose table attribute authorized-users purchase customer name { Mississippi } purchase customer address { Mississippi } purchase customer email { Mississippi } purchase customer fax-number { Mississippi } purchase customer credit-card-info { Mississippi } purchase order transaction { Mississippi } purchase order status { Mississippi } delivery customer name { Mississippi } delivery customer address { Mississippi } direct delivery customer name { Mississippi, WWEx } direct delivery customer address { Mississippi, WWEx } delivery by post customer name { Mississippi, Post Office } delivery by post customer address { Mississippi, Post Office } credit-assessment customer name { Mississippi, CCC } credit-assessment customer credit-card-info { Mississippi, CCC } credit-assessment order transaction { Mississippi, CCC } notification customer name { Mississippi } notification customer email { Mississippi } notification customer fax-number { Mississippi } notification order status { Mississippi } notification by email customer name { Mississippi } notification by email customer email { Mississippi } notification by email order status { Mississippi } notification by fax customer name { Mississippi } notification by fax customer fax-number { Mississippi } notification by fax order status { Mississippi } N. Zannone, ESORICS’05 – September 12 - 14, 2005 Minimal Disclosure – p.9

  10. Beyond Hippocratic Databases Complex strategies Enterprises may provide their services in different ways Each different method could require different data Dynamic coalitions & Delegation of Information Business process may be not executed by a single enterprise We can have a host of partners Enterprises may outsource some information to partners Different partners can offer the same service N. Zannone, ESORICS’05 – September 12 - 14, 2005 Minimal Disclosure – p.10

  11. Beyond Hippocratic Databases (II) Agrawal’s proposal Split a purpose into multiple purposes and store them in the database Opt-in and opt-out data items for a certain purpose This solution cannot be used to reason about the fulfillment of the root purpose The system may collect a set of information that is not sufficient to fulfill the root purpose N. Zannone, ESORICS’05 – September 12 - 14, 2005 Minimal Disclosure – p.11

  12. Hierarchy of Purposes Goal analysis Decomposing purposes through an AND/OR refinement If a purpose is AND-decomposed, then all of its sub-purposes must be fulfilled to fulfill it If a purpose is OR-decomposed, then at least one of its sub-purposes must be fulfilled to fulfill it N. Zannone, ESORICS’05 – September 12 - 14, 2005 Minimal Disclosure – p.12

  13. From Hippocratic DBs to Purpose DAGs Individual Partner’s Privacy Policy Table Purposes are analyzed through a goal refinement process Build a purpose hierarchy (or purpose DAG) Privacy policy of the entire business process Merge purpose DAGs associated with each partner Delegation arcs link nodes across PPTs Purposes node are linked to the data items Data item nodes are linked to a source node Privacy penalty is associated with arcs Arcs joining source node and data item nodes Delegation arcs N. Zannone, ESORICS’05 – September 12 - 14, 2005 Minimal Disclosure – p.13

  14. Purpose DAG door−to−door LDC2 delivery (2) WWEx address address LDC1 Mississippi door−to−door door−to−door delivery credit−card−info direct delivery (1) delivery credit−card−info delivery transaction Post delivery Office transaction by post CRC purchase name credit name rating credit assessment fax−number fax−number credit resolution CCC notification status status notification book−info by fax book−info notification email by email email N. Zannone, ESORICS’05 – September 12 - 14, 2005 Minimal Disclosure – p.14

  15. Minimum Cost Algorithms Customers want to know which is process that more protect their privacy A path represents a possible process to fulfill a service Find the minimum cost path from the source to the root Different cost functions can be used to measure the same path The cost of a path is the sum of the weights of its arcs Minimum cost set of data items The cost of one edge is counted as many times as it is traversed Effective use of information More a datum is used, more it might be compromised N. Zannone, ESORICS’05 – September 12 - 14, 2005 Minimal Disclosure – p.15

  16. Selection of Privacy Preferences Off-line Requirements Capture initialization delete arcs add arcs increase weights decrease weights On-Line Privacy Assessment delete arcs increase weights decrease weights ———— add arcs Customers cannot impose a new method for delivering a service Customers cannot add a partner to a business process Solve problems such as system integration and commercial agreement minimum cost path cannot be computed by the enterprise Each customer may associate a different privacy penalty with the same data item N. Zannone, ESORICS’05 – September 12 - 14, 2005 Minimal Disclosure – p.16

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Hippocratic Capitalism An Ethical Marriage of Health and Tech Brian Jackson, MD, MS Medical

Hippocratic Capitalism An Ethical Marriage of Health and Tech Brian Jackson, MD, MS Medical

Hippocratic Capitalism An Ethical Marriage of Health and Tech Brian Jackson, MD, MS Medical Director, ARUP Laboratories Associate Professor of Pathology (Clinical), University of Utah JAN 2020 Does medicine need a dose of Silicon Valley

513 views • 32 slides
Creating Databases and Tables Introduction to Databases in Python Creating Databases

Creating Databases and Tables Introduction to Databases in Python Creating Databases

INTRODUCTION TO DATABASES IN PYTHON Creating Databases and Tables Introduction to Databases in Python Creating Databases Varies by the database type Databases like PostgreSQL and MySQL have command line tools to initialize

878 views • 31 slides
Databases and PHP Accessing databases from PHP PHP & Databases l PHP can connect to

Databases and PHP Accessing databases from PHP PHP & Databases l PHP can connect to

Databases and PHP Accessing databases from PHP PHP & Databases l PHP can connect to virtually any database l There are specific functions built-into PHP to connect with some DB l There is also generic ODBC functions that will work with many

868 views • 28 slides
3. Text and document databases Normal databases: formatted records; document databases:

3. Text and document databases Normal databases: formatted records; document databases:

3. Text and document databases Normal databases: formatted records; document databases: free-form or semi-structured data (e.g. XML). Application areas: - Office automation, document archives - Digital libraries - Electronic dictionaries

741 views • 38 slides
A Practical Guide to Providing Telepsychology with Minimal Risks November 9, 2019 Washington,

A Practical Guide to Providing Telepsychology with Minimal Risks November 9, 2019 Washington,

A Practical Guide to Providing Telepsychology with Minimal Risks November 9, 2019 Washington, D.C. Disclosure The presenters no actual or potential conflict of interest in relation to this program/presentation. Learning Objectives

1.25k views • 91 slides
Module 3: Creating and Managing Databases Overview Creating Databases Creating

Module 3: Creating and Managing Databases Overview Creating Databases Creating

Module 3: Creating and Managing Databases Overview Creating Databases Creating Filegroups Managing Databases Introduction to Data Structures Creating Databases Defining Databases How the Transaction Log Works

445 views • 18 slides
A toy example in Minimal Model Program In minimal model program for 3-folds, Mori connected

A toy example in Minimal Model Program In minimal model program for 3-folds, Mori connected

A toy example in Minimal Model Program In minimal model program for 3-folds, Mori connected minimal models with flops. A flop is a pair of birational proper surjections: X Y Z of 3-folds with certain properties. In particular, X and Y

321 views • 10 slides
CSE 462 - Databases Oliver Kennedy okennedy@buffalo.edu 1 Why Study Databases? 2 3 3 2

CSE 462 - Databases Oliver Kennedy okennedy@buffalo.edu 1 Why Study Databases? 2 3 3 2

CSE 462 - Databases Oliver Kennedy okennedy@buffalo.edu 1 Why Study Databases? 2 3 3 2 Queries per Second 3 Interesting Problems Algorithms Systems Databases Hardware Theory 4 $$$ 8 of the top 10 Forbes Global 2000 Software &

1.12k views • 73 slides
UT DA Hierarchical and Analytical Hierarchical and Analytical Pla Placement T cement

UT DA Hierarchical and Analytical Hierarchical and Analytical Pla Placement T cement

UT DA Hierarchical and Analytical Hierarchical and Analytical Pla Placement T cement Technique echniques for s for High High- Performa Performance A nce Analog C nalog Circuit ircuits Biying Xu, Shaolan Li, Xiaoqing Xu, Nan Sun, and

506 views • 29 slides
Introduc)on*to*Databases 1 Rela%onal(Databases(with(PostgreSQL

Introduc)on*to*Databases 1 Rela%onal(Databases(with(PostgreSQL

Introduc)on*to*Databases 1 Rela%onal(Databases(with(PostgreSQL Databases(have(tables(to(classify(data Collec3ons(have: rows :(data(defining(an(en3re(rectod,(e.g.(a(user columns

862 views • 25 slides
Proposal of a Hierarchical Proposal of a Hierarchical Architecture for Multimodal Architecture for

Proposal of a Hierarchical Proposal of a Hierarchical Architecture for Multimodal Architecture for

Proposal of a Hierarchical Proposal of a Hierarchical Architecture for Multimodal Architecture for Multimodal Interactive Systems y Masahiro Araki* 1 Tsuneo Nitta* 2 Kouichi Katsurada* 2 Takuya Nishimoto* 3 Tetsuo Amakasu* 4 Shinnichi Kawamoto* 5

546 views • 35 slides
www.tablegroup.com/hub Smart Healthy Strategy Minimal Politics Marketing Minimal

www.tablegroup.com/hub Smart Healthy Strategy Minimal Politics Marketing Minimal

www.tablegroup.com/hub Smart Healthy Strategy Minimal Politics Marketing Minimal Confusion Finance High Morale Technology High Productivity Low Turnover BUILD A CREATE COHESIVE CLARITY LEADERSHIP TEAM

240 views • 4 slides
On the minimal coloring number of the minimal diagram of torus links Eri Matsudo Nihon

On the minimal coloring number of the minimal diagram of torus links Eri Matsudo Nihon

Introduction Known results Main theorem On the minimal coloring number of the minimal diagram of torus links Eri Matsudo Nihon University Graduate School of Integrated Basic Sciences Joint work with K. Ichihara (Nihon Univ.) & K.

560 views • 21 slides
Understanding Minimal Risk Richard T. Campbell University of Illinois at Chicago Why is Minimal

Understanding Minimal Risk Richard T. Campbell University of Illinois at Chicago Why is Minimal

Understanding Minimal Risk Richard T. Campbell University of Illinois at Chicago Why is Minimal Risk So Important? It is the threshold for determining level of review (Issue 8) Determines, in part, what is on list of research eligible for

689 views • 23 slides
Strongly minimal groups in o-minimal structures ( with P . Eleftheriou and A. Hasson ) Kobi

Strongly minimal groups in o-minimal structures ( with P . Eleftheriou and A. Hasson ) Kobi

Strongly minimal groups in o-minimal structures ( with P . Eleftheriou and A. Hasson ) Kobi Peterzil Department of Mathematics University of Haifa Model theory, combinatorics and valued fields, IHP , Paris 2018 Kobi Peterzil 1

336 views • 15 slides
Flicker: Flicker: Minimal TCB Code Execution Minimal TCB Code Execution Jonathan M. McCune

Flicker: Flicker: Minimal TCB Code Execution Minimal TCB Code Execution Jonathan M. McCune

Flicker: Flicker: Minimal TCB Code Execution Minimal TCB Code Execution Jonathan M. McCune Carnegie Mellon University March 25, 2008 Bryan Parno, Arvind Seshadri Adrian Perrig, Michael Reiter 1 Password Reuse People often use 1

748 views • 49 slides
<draft-ietf-fax-coverpage-02.txt> 1. Background Traditional fax: cover information

<draft-ietf-fax-coverpage-02.txt> 1. Background Traditional fax: cover information

<draft-ietf-fax-coverpage-02.txt> 1. Background Traditional fax: cover information on first page E-mail: message headers carry information about the message a covering text note and an attached document file

51 views • 4 slides
NKN Annual Workshop, IIT Mumbai, 31 st Oct -2 nd Nov 2012 Evolution of Network Management Systems

NKN Annual Workshop, IIT Mumbai, 31 st Oct -2 nd Nov 2012 Evolution of Network Management Systems

NKN Annual Workshop, IIT Mumbai, 31 st Oct -2 nd Nov 2012 Evolution of Network Management Systems Device centric approach 90s Network Management meant device control and monitoring Mostly based on Simple Network Management Protocol (SNMP)

730 views • 19 slides
Autonomous Systems Development at AFRL June 25, 2002 Paul Paul Zetocha Zetocha Paul Zetocha

Autonomous Systems Development at AFRL June 25, 2002 Paul Paul Zetocha Zetocha Paul Zetocha

Autonomous Systems Development at AFRL June 25, 2002 Paul Paul Zetocha Zetocha Paul Zetocha Group Lead, Intelligent Satellite Systems Group Lead, Intelligent Satellite Systems Group Lead, Intelligent Satellite Systems AFRL/VS AFRL/VS

446 views • 7 slides
Fault lt Tre ree An Analysis lysis (F (FTA) A) Kim R. Fowler KSU ECE February 2013 Pu

Fault lt Tre ree An Analysis lysis (F (FTA) A) Kim R. Fowler KSU ECE February 2013 Pu

Fault lt Tre ree An Analysis lysis (F (FTA) A) Kim R. Fowler KSU ECE February 2013 Pu Purp rpose se for r FTA A In the face of potential failures, determine if design must change to improve: Reliability Safety

1.41k views • 59 slides
2020 Census Resource ces for Congressional Office ces February

2020 Census Resource ces for Congressional Office ces February

2020 Census Resource ces for Congressional Office ces February 7, 2019 Steve Jost Subject Matter jost@teamsubjectmatter.com 2020 Census U.S. Constitutional Mandate, Article

379 views • 16 slides
Facing Eviction with Facts, Not Fear HUD Faith and Opportunity Initiative Office Phone:

Facing Eviction with Facts, Not Fear HUD Faith and Opportunity Initiative Office Phone:

Facing Eviction with Facts, Not Fear HUD Faith and Opportunity Initiative Office Phone: 202-708-2404 Email: Partnerships@hud.gov Technical Issues? Questions? Chat Please submit any technical issues via the Chat box Send the message

626 views • 38 slides
PDF created with pdfFactory trial version www.pdffactory.com PDF created with pdfFactory trial

PDF created with pdfFactory trial version www.pdffactory.com PDF created with pdfFactory trial

PDF created with pdfFactory trial version www.pdffactory.com PDF created with pdfFactory trial version www.pdffactory.com PDF created with pdfFactory trial version www.pdffactory.com PDF created with pdfFactory trial version www.pdffactory.com

339 views • 7 slides
BALL BEAR RING SOFT CLOSE SLIDES ES Soft close fu full extension ball beari aring slide Side

BALL BEAR RING SOFT CLOSE SLIDES ES Soft close fu full extension ball beari aring slide Side

TECHNICAL DATA SHEET 6 August 2016 AJC Revised 16 A Phone: 08 9446 6333 Fax: 08 9446 8865 65 Email: hardware@galvinhw.com.au Web: ga galvinhw.com.au BALL BEAR RING SOFT CLOSE SLIDES ES Soft close fu full

454 views • 4 slides

More recommend