privacy is linking permission to purpose
play

Privacy is Linking Permission to Purpose F.Massacci N. Zannone - PowerPoint PPT Presentation

Mar 26, 2023 •37 likes •247 views

Universit degli Studi di Trento Privacy is Linking Permission to Purpose F.Massacci N. Zannone Presented by Fabio Massacci (DIT - University of Trento - www.dit.unitn.it) (Create-NET - www.create-net.it) Universit degli Studi di Trento

  1. Università degli Studi di Trento Privacy is Linking Permission to Purpose F.Massacci N. Zannone Presented by Fabio Massacci (DIT - University of Trento - www.dit.unitn.it) (Create-NET - www.create-net.it)

  2. Università degli Studi di Trento Privacy On the Web • Regulatory solutions – Mandatory - HIPAA – Third Party Certified - TRUSTe • Client-based technological solutions – Anonymizers – Remailers • Server-based technological solutions – VPNs/Firewalls • Client-Server-based technological solutions – P3P – EPAL (a classification borrowed from IEEE Security & Privacy Magazine)

  3. Università degli Studi di Trento Observation 1 • If private information is not really relevant to the service… • No Need of Crypto! – Just create your own fake identity • My Identity – Babbo Natale (Santa Claus) – Born in Fortezza BZ (Italy) on 25/12/1900 (or 1901 if 1900 not accepted), – Resident in Fortezza (BZ), via della Stazione 5, – Phone 0472-458772, Fax: 39045, – Email: sono_babbo_natale@libero.it – Social Security Number/Tax Code: NTLBBB00T25D731U (or V)

  4. Università degli Studi di Trento Observation 2 • If private info really relevant for the service – Eg delivery some goods at your house • No crypto can help… – Server must see the plaintext – And once they have it, they have it… • Credentials don’t help that much either – Issuer gives credential that somebody has a property – Just shift faith from server to credential issuer – Possibly worse because you are likely to have less issuers than servers (so concentrating data)

  5. Università degli Studi di Trento Real life • Delegation of permissions can never be as fine grained as you would need them – Cleaning lady has the key to open the room – She can empty the wastebin or look at papers on the desk. • Real life contracts or data submissions have purpose tagged to permissions – Special power of attorney for contracts – Privacy statement according EU or Italian Legislation (Our starting point defining policy for Genetic Data for local health authority) – You got that (permission, data, thing) to do that • If you breach trust (use for other purposes) then you can be sued

  6. Università degli Studi di Trento Alias Privacy=‘ln -s Purpose Permission’ • Fact of Life – We want something done – We give private information (or access to it) to get it done • If private information is used for the purpose we have given it – Happy user • If private information can be used for other purposes – Consent must be sought (eg according Law) – Unhappy or unwilling users

  7. Università degli Studi di Trento Privacy & Purpose II • All interesting proposals add purpose – Hyppocratic Databases – EPAL – P3P • Allow to specify other purposes and other recipients of private info – Marketing, – Analysis etc. • Also specify what data is added

  8. Università degli Studi di Trento Exercise 1: Spot the Purpose in P3P <POLICIES xmlns="http://www.w3.org/2002/01/P3Pv1"> <POLICY name="forBrowsers” discuri=”someUrl.html” xml:lang="en"> <ENTITY> <DATA-GROUP> <DATA ref="#business.name">CatalogExample</DATA> </DATA-GROUP> </ENTITY> <ACCESS><nonident/></ACCESS> <DISPUTES-GROUP> <DISPUTES resolution-type="independent” service="http://www.PrivacySeal.example.org" <REMEDIES><correct/></REMEDIES> </DISPUTES> </DISPUTES-GROUP> <STATEMENT> <PURPOSE><admin/><develop/></PURPOSE> <RECIPIENT><ours/></RECIPIENT> <RETENTION><stated-purpose/></RETENTION> <DATA-GROUP> <DATA ref="#dynamic.clickstream"/> <DATA ref="#dynamic.http"/> </DATA-GROUP> </STATEMENT> </POLICY>

  9. Università degli Studi di Trento Solution (??) • Thick appropriate Box Ø Web site basic.example.com uses a variety of images, all of which it hosts. It also includes some forms, which are all submitted directly to the site. Ø Web site busy.example.com uses a content distribution network called cdn.example.com to host its images so as to reduce the load on its servers. Ø Web site busy.example.com also has a contract with an advertising company called clickads.example.com to provide banner ads on its site. Ø Web site busy.example.com also has a contract with funchat.example.com to host a chat room for its users. When users enter the chat room they are actually leaving the Busy site. However, the chat room has the Busy logo and is actually covered by the Busy privacy policy. Ø Web site bigsearch.example.com also has a form that allows users to type in a search query and have it simultaneously performed on ten different search engines. Bigsearch submits the queries, gets back the results from each search engine, removes the duplicates, and presents the results to the user. Ø Web site bigsearch.example.com also has banner advertisements provided by a company called adnetwork.example.com. Adnetwork uses cookies to develop profiles of users across many different Web sites so that it can provide them with ads better suited to their interests. Because the data about the sites that users are visiting is being used for purposes other than just serving ads on the Bigsearch Web site, Adnetwork cannot be considered an agent in this context. Adnetwork must create its own P3P policy and use its own policy reference file to indicate what content it applies to. • Answer: you have no clue

  10. Università degli Studi di Trento Requirements Eng. Security & Privacy • Where’s purpose? – Focus on “modelling and implementing” privacy statements for other services – Privacy Declaration and Authorizations derives from (implicit) (dis)trust relationships for some functional goals different from the original goal the data has been collected for • Modelling Trust/Privacy/Functional Model together – In Model-based Development Architecture appropriate privacy declarations and authorizations should be automatically derived from original purpose – All we need is Functional/Trust/Ownership relations

  11. Università degli Studi di Trento Exercise 2: Spot Purpose in Hipp. DB • Hippocratic Privacy Policy Table • That’s better… • Yet not linked to design: ex-post addition

  12. Università degli Studi di Trento Idea… • Specify (Functional) Requirements from the User Perspective – Users have certains goals and delegate some of them to the system • Explicit purpose when delegating goals to system – Essentially data submission is a credential mentioning not only the information/permission but also the goal for which the permission can be used • You can even make chain of credentials – Each with a refinement of purpose • You have the data, but can you show the police a valid chain?

  13. Università degli Studi di Trento Requirements Engineering Methodology • Agent-Oriented RE Methodology - Tropos – Agents, Roles – Goals, Tasks, Resources – Dependency among agents (A depends on B on G, if A wants G to be done and B agrees to look after that) – Goal Decomposition (AND/OR, positive, negative contribution) • Easy to Understand by Users for Early RE • Good for Modelling Organizations • Formal Reasoning Tools Available

  14. Università degli Studi di Trento Security-Aware RE Methodology • Add-ons – Distinction between wanting/offering/owning a goal – Trust relationship on Agent/goals/Agents • Some agents want some goal/task to be done – Hospital doctor wants to consult medical record • Other agents offer this goal/task – Nephrology ward locker stores medical records • Another agent owns this goal/task – Patient owns the medical record • Agents trust other agents on the goal – Patient trust Hospital to store medical record

  15. Università degli Studi di Trento Security-Aware Tropos - Informal II • Use Diagram to communicate requirements Hosp Deleg – Nice drawing with ovals and arrows Clinician – Model Dependency and Trust Relationships Trust Obtain Medical Hospital Dep Dep Treatment Dep Dep Dep Dep Trust Trust Obtain Medical Analys Pers. Data Owns Treatment Dep Dep Patient Dep Dep Dep Dep Trust Clinician And now derive permissions automatically

  16. Università degli Studi di Trento Security-Aware Tropos - Informal III

  17. Università degli Studi di Trento Security-Aware Tropos - Informal IV • Beware: NOT all “permissions” and “auth. processes” are mapped onto digital certificates • Remember – Fabio’s “Real-Life Dominance Rule” – Some “credentials” will be papers signed by an individual – Others corresponds to oral or physical permissions • Examples – Permission to use donor’s placenta genetic data for research and “self” usage (collected on the day of childbirth…) – Parents’ or Guardian approval for blood samples to be used in case of unexpected outcome in “wet” surgery – University visiting professor’s request for temp. IP address

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Web and privacy Privacy and protection of personal data specific purpose (to collect and

Web and privacy Privacy and protection of personal data specific purpose (to collect and

Web and privacy Industrial perspectives on Cryptography A. Esterle - ENISA Antwerp 29 May 2008 www.enisa.europa.eu Web and privacy Privacy and protection of personal data specific purpose (to collect and process it) subject

732 views • 7 slides
PRIVACY BREACH GUIDELINES Purpose The Privacy Breach Guidelines may provide to contain, assess

PRIVACY BREACH GUIDELINES Purpose The Privacy Breach Guidelines may provide to contain, assess

Office of the Saskatchewan Information and Privacy Commissioner PRIVACY BREACH GUIDELINES Purpose The Privacy Breach Guidelines may provide to contain, assess and analyze a privacy some guidance to government institutions, breach. The

291 views • 10 slides
Current Privacy Law Topics WMU Cooley Journal Of Practical and Clinical Law Legal Conference

Current Privacy Law Topics WMU Cooley Journal Of Practical and Clinical Law Legal Conference

Current Privacy Law Topics WMU Cooley Journal Of Practical and Clinical Law Legal Conference January 30, 2015 Keith A. Cheresko Principal, Privacy Associates International LLC Purpose Privacy is a complex, multifaceted topic. The purpose

281 views • 27 slides
Privacy Overview WMU Cooley Journal Of Practical and Clinical Law Legal Conference January 30,

Privacy Overview WMU Cooley Journal Of Practical and Clinical Law Legal Conference January 30,

Privacy Overview WMU Cooley Journal Of Practical and Clinical Law Legal Conference January 30, 2015 Robert L. Rothman Principal, Privacy Associates International LLC Purpose What is Privacy? Historical Development What is privacy? 3

712 views • 25 slides
Privacy Past and Future ISSA Lansing, MI May 19, 2016 Keith A. Cheresko Principal, Privacy

Privacy Past and Future ISSA Lansing, MI May 19, 2016 Keith A. Cheresko Principal, Privacy

Privacy Past and Future ISSA Lansing, MI May 19, 2016 Keith A. Cheresko Principal, Privacy Associates International LLC Purpose What is Privacy? American Privacy Past - How we got to here Some International Privacy OECD, EU

499 views • 36 slides
$ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that

$ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that

Presentation Slides $ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that involves the rights of individuals in relation to information about them that is circulating in society. why privacy is an

318 views • 13 slides
Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in vehicular networks; Security and Cooperation in Wireless Networks Georg-August University Gttingen Chapter outline 1 Important privacy related

1.12k views • 33 slides
Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy -

Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy -

CISPA Center for IT Security, Privacy and Accountabiltiy Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals, groups, or institutions to determine for themselves when,

573 views • 26 slides
$ Lesson Fourteen Consumer Privacy 04/09 privacy and information information privacy: privacy

$ Lesson Fourteen Consumer Privacy 04/09 privacy and information information privacy: privacy

Presentation Slides $ Lesson Fourteen Consumer Privacy 04/09 privacy and information information privacy: privacy that involves the rights of individuals in relation to information about them that is circulating in society. why privacy is an

429 views • 13 slides
CS305 Topic Privacy Concept Evolution Rights to Privacy Privacy and Technologies

CS305 Topic Privacy Concept Evolution Rights to Privacy Privacy and Technologies

CS305 Topic Privacy Concept Evolution Rights to Privacy Privacy and Technologies US Privacy Laws Sources: Baase: A Gift of Fire and Quinn: Ethics for the Information Age Ethics Spring 2010 Privacy 1 Privacy The original

725 views • 45 slides
Whitepaper information Security Management (and a little on privacy) GEANT SIG ISM Alf Moens, 1st

Whitepaper information Security Management (and a little on privacy) GEANT SIG ISM Alf Moens, 1st

22-10-15 Whitepaper information Security Management (and a little on privacy) GEANT SIG ISM Alf Moens, 1st WISE workshop, Barcelona 20-22/10/2015 Purpose and target group Purpose * Provide a comprehensive framework for

256 views • 7 slides
Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals,

Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals,

Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is

1.01k views • 76 slides
Data Privacy Security Breach Exercise ISSA Meeting January 21, 2016 Purpose Provide a forum

Data Privacy Security Breach Exercise ISSA Meeting January 21, 2016 Purpose Provide a forum

Data Privacy Security Breach Exercise ISSA Meeting January 21, 2016 Purpose Provide a forum to discuss privacy security data incident/event issues Discuss how best to respond in the event of a privacy incident and learn from the

723 views • 54 slides
Data privacy: an introduction (part 1) Klara Stokes What is privacy? Privacy has been defined in

Data privacy: an introduction (part 1) Klara Stokes What is privacy? Privacy has been defined in

Data privacy: an introduction (part 1) Klara Stokes What is privacy? Privacy has been defined in many ways over the years. Usually privacy is concerned with the individual human being. We may talk about privacy as the control over your own

230 views • 21 slides
Linking Linking the the Digital Ag Digital Agend enda to r to rur ural al and spar and

Linking Linking the the Digital Ag Digital Agend enda to r to rur ural al and spar and

SEDEC Commission Meeting, Committee of the Regions Brussels, 20 April 2016 Linking Linking the the Digital Ag Digital Agend enda to r to rur ural al and spar and sparsel sely popula y populated ted ar areas eas to to boost boost

428 views • 12 slides
Engineering privacy by design Privacy by Design Let's have it! Information and Privacy

Engineering privacy by design Privacy by Design Let's have it! Information and Privacy

Engineering privacy by design Privacy by Design Let's have it! Information and Privacy Commissioner of Ontario https://www.ipc.on.ca/images/resources/7foundationalprinciples.pdf Privacy by Design Let's have it! Article 25 European

1.32k views • 118 slides
Inferring Ontology Fragments From Semantic Role Typing of Lexical Variants Mitra Bokaei Hosseini 1

Inferring Ontology Fragments From Semantic Role Typing of Lexical Variants Mitra Bokaei Hosseini 1

Inferring Ontology Fragments From Semantic Role Typing of Lexical Variants Mitra Bokaei Hosseini 1 , Travis D. Breaux 2 , Jianwei Niu 1 1 University of Texas at San Antonio (UTSA) 2 Carnegie Mellon University University of Texas at San Antonio

495 views • 32 slides
CSE 115 Introduction to Computer Science I Announcements Lab activites/Lab exams submit

CSE 115 Introduction to Computer Science I Announcements Lab activites/Lab exams submit

CSE 115 Introduction to Computer Science I Announcements Lab activites/Lab exams submit regularly to autograder.cse.bu fg alo.edu Announcements Lab activites/Lab exams submit regularly to autograder.cse.bu fg alo.edu autograder enforces

577 views • 39 slides
Inspect and Adapt Then What? @coreyhaines Agile! Agility! Agility Feedback Agility Minimize

Inspect and Adapt Then What? @coreyhaines Agile! Agility! Agility Feedback Agility Minimize

Inspect and Adapt Then What? @coreyhaines Agile! Agility! Agility Feedback Agility Minimize time between Doing Something Agility Finding out if it was the Right Thing To Do Agile Methodology (XP, Scrum, etc) vs Agility

1.63k views • 50 slides
Planning and Scheduling Operations part 2 Scheduling and Control Functions Facility

Planning and Scheduling Operations part 2 Scheduling and Control Functions Facility

Chapter 10 Planning and Scheduling Operations part 2 Scheduling and Control Functions Facility Scheduling Scheduling Services Sequencing Jobs Pilot Scheduling Air New Zealand has a combined fleet of 105 aircraft, with

177 views • 7 slides
Detecting Nation State Cyberattacks with Classified Threat Sensors Dr. Steve Weis, Dr. Aloni

Detecting Nation State Cyberattacks with Classified Threat Sensors Dr. Steve Weis, Dr. Aloni

Detecting Nation State Cyberattacks with Classified Threat Sensors Dr. Steve Weis, Dr. Aloni Cohen, Dr. Amina Asim Dr. Stephen Weis Dr. Aloni Cohen Dr. Amina Asim Private companies must defend against foreign nations without access to

194 views • 17 slides
Wasting Away: Can Wasted Food be Curtailed? Erik D. Olson Director, Health Program 40% of

Wasting Away: Can Wasted Food be Curtailed? Erik D. Olson Director, Health Program 40% of

Wasting Away: Can Wasted Food be Curtailed? Erik D. Olson Director, Health Program 40% of all food goes uneaten enough to feed 164 million people Image Source: trijandjs What gets wasted? Milk 2 % Meat Grains Seafood Fruits and

462 views • 25 slides
UCI International, Inc. Q4 2014 Results | March 5, 2015 Confidential Disclaimer This

UCI International, Inc. Q4 2014 Results | March 5, 2015 Confidential Disclaimer This

UCI International, Inc. Q4 2014 Results | March 5, 2015 Confidential Disclaimer This presentation may contain forward-looking statements as that term is defined in the Private Securities Litigation Reform Act of 1995. The words

248 views • 13 slides
4G: Convergence, Openness for Excellence and Opportunity 1 2009 Cisco Systems, Inc 4GNot

4G: Convergence, Openness for Excellence and Opportunity 1 2009 Cisco Systems, Inc 4GNot

4G: Convergence, Openness for Excellence and Opportunity 1 2009 Cisco Systems, Inc 4GNot Just for Mobility This next generation of mobility networks will have over the air throughput speeds that will approach those of wireless /WiFi and

359 views • 11 slides

More recommend