secure sofuware design for data privacy
play

Secure Sofuware Design For Data Privacy Narudom Roongsiriwong, - PowerPoint PPT Presentation

Oct 20, 2022 •443 likes •864 views

Secure Sofuware Design For Data Privacy Narudom Roongsiriwong, CISSP MiSSConf(SP5), July 6, 2019 WhoAmI Lazy Blogger Japan, Security, FOSS, Politjcs, Christjan htup://narudomr.blogspot.com Informatjon Security since 1995 Web

  1. Secure Sofuware Design For Data Privacy Narudom Roongsiriwong, CISSP MiSSConf(SP5), July 6, 2019

  2. WhoAmI ● Lazy Blogger – Japan, Security, FOSS, Politjcs, Christjan – htup://narudomr.blogspot.com ● Informatjon Security since 1995 ● Web Applicatjon Development since 1998 ● SVP, Head of IT Security, Kiatnakin Bank PLC (KKP) ● Commituee Member, Thailand Banking Sector CERT (TB-CERT) ● Consultant, OWASP Thailand Chapter ● Commituee Member, Cloud Security Alliance (CSA), Thailand Chapter ● Commituee Member, Natjonal Digital ID Project, Technical Team ● Contact: narudom@owasp.org

  3. Privacy By Design The 7 Foundatjonal Principles ● Proactjve not Reactjve; Preventatjve not Remedial ● Privacy as the Default ● Privacy Embedded into Design ● Full Functjonality – Positjve-Sum, not Zero-Sum ● End-to-End Security – Lifecycle Protectjon ● Visibility and Transparency ● Respect for User Privacy Source: Privacy By Design – The 7 Foundatjonal Principles, Ann Cavoukian, Ph.D. , Informatjon & Privacy Commissioner, Ontario, Canada

  4. Data Privacy Ground Rules ● If you don’t need it, don’t collect it. ● If you need to collect it for processing only, collect it only afuer you have informed the user that you are collectjng their informatjon and they have consented, but don’t store it ● If you have the need to collect it for processing and storage, then collect it, with user consent, and store it only for an explicit retentjon period that is compliant with organizatjonal policy and/or regulatory requirements ● If you have the need to collect it and store it, then don’t archive it, if the data has outlived its usefulness and there is no retentjon requirement.

  5. Fundamental Security Concepts Confjdentjality Integrity Availability Core Authentjcatjon Authorizatjon Accountability Separatjon of Authentjcatjon Need to Know Least Privilege Authorizatjon Accountability Dutjes Fail Safe / Economy of Defense in Depth Fail Secure Mechanisms Design Complete Least Common Open Design Mediatjon Mechanisms Psychological Leveraging Existjng Weakest Link Acceptability Components

  6. Security in Privacy Design Confjdentjality Integrity Integrity Availability Core Authentjcatjon Authorizatjon Accountability Separatjon of Authentjcatjon Need to Know Least Privilege Authorizatjon Accountability Dutjes Fail Safe / Economy of Defense in Depth Fail Secure Mechanisms Design Complete Least Common Open Design Mediatjon Mechanisms Psychological Leveraging Existjng Weakest Link Acceptability Components

  7. Privacy vs Integrity ● In most of data protectjon acts (such as GDPR) said that “ organizatjons must take necessary and reasonable steps to ensure the accuracy of personal data collected from data subjects ” ● Some privacy design approaches using referentjal integrity across datasets ● But some privacy design approaches using data distortjon techniques ● Conclusion – Data as “Source of Truth” → Integrity is a must – Data in use → Integrity depends on utjlity

  8. Privacy Design

  9. Privacy with Data Anonymizatjon ● Anonymizatjon is the process of removing private informatjon from the data ● Anonymized data cannot be linked to any one individual account

  10. What You Need to Aware of Anonymizatjon ● Purpose of anonymizatjon and its utjlity ● Characteristjcs of each anonymizatjon techniques ● Inferred informatjon afuer implementatjon ● Expertjse with the subject matuer ● Competency in anonymizatjon process and techniques ● Recipients

  11. Anonymizatjon Techniques Pseudonymizatjon Replacement Record Suppression Aturibute Suppression Suppression Character Masking Anonymizatjon Generalizatjon Recoding Swapping or Shuffming Modifjcatjon Perturbatjon Others Data Synthetjc Data Aggregatjon

  12. Terminology ● Data Aturibute: – Data fjeld, data column or variable, an informatjon that can be found across the data records in a data set ● Dataset: – A set of data records, conceptually similar to a table in a conventjonal database or spreadsheet, having records (rows) and atuributes (columns) ● Direct Identjfjer: – A data aturibute that on its own identjfjes an individual (e.g. fjngerprint) or has been assigned to an individual (e.g. Citjzen ID) ● Indirect identjfjer or Quasi-Identjfjers: – A data aturibute that, by itself/on its own, does not identjfy an individual, but may identjfy an individual when combined with other informatjon ● Re-identjfjcatjon: – Identjfying a person from an anonymized dataset

  13. Pseudonymizatjon ● Decoupling identjfjable data from the dataset, usually by means of identjfjer key references ● Pseudonym (aka Token) may represent one or more atuributes ● Pseudonyms can be – Reversible (by the owner(s) of the original data), where the original values are securely kept but can be retrieved and linked back to the pseudonyms – Irreversible, where the original values are properly disposed and the pseudonymizatjon was done in a non-repeatable fashion ● Pseudonyms persistence – Persistent – Same pseudonym values represent the same individual across difgerent datasets – Non-persistent – Difgerent pseudonyms represent the same individual in difgerent datasets to prevent linking of the difgerent datasets ● Pseudonyms generatjon – Random (Ex. UUID, GUID) – Deterministjc (Ex. Hashing, Encryptjon, PCI DSS Tokenizatjon)

  14. Pseudonymizatjon – Example#1 (1/2) Before Anomymizatjon: Name Address Phone Jim Demetriou 4290 Cheval Circle, Stow, OH 44224 330-805-4211 Gary Furlong 24 Steeple Drive, Hillsborough, NJ 08844 908-359-1754 Maria Herring 8096 Wild Lemon Lane, Manlius, NY 13104 315-682-4453 John Sacksteder 2480 Pendower Lane, Keswick, VA 22947 240-994-6728 John Mantel 23 College Street, South Hadley, MA 01075 413-532-5562 Dan Okray W1748 Circle Drive, Sullivan, WI 53178 262-593-5004 Afuer Pseudonymizing the Name Aturibute: Name Address Phone LAU5B90A 4290 Cheval Circle, Stow, OH 44224 330-805-4211 1YXHL5K0 24 Steeple Drive, Hillsborough, NJ 08844 908-359-1754 KOTACI4U 8096 Wild Lemon Lane, Manlius, NY 13104 315-682-4453 SDM1VHX3 2480 Pendower Lane, Keswick, VA 22947 240-994-6728 UJQXYU27 23 College Street, South Hadley, MA 01075 413-532-5562 9NG6Y5VF W1748 Circle Drive, Sullivan, WI 53178 262-593-5004

  15. Pseudonymizatjon – Example#1 (2/2) Identjty Database Pseudonym Name LAU5B90A Jim Demetriou 1YXHL5K0 Gary Furlong KOTACI4U Maria Herring SDM1VHX3 John Sacksteder UJQXYU27 John Mantel 9NG6Y5VF Dan Okray

  16. Pseudonymizatjon – Example#2 First Name: Narudom Identjty Last Name: Roongsiriwong Age: 18 + Gender: Male Natjonality: Thai Non-Identjfjable Data Blood Type: O Occupatjon: Engineer = First Name: Narudom Last Name: Roongsiriwong Age: 18 Full Data Gender: Male Natjonality: Thai Blood Type: O Occupatjon: Engineer

  17. Pseudonymizatjon Guideline ● When to use – Data values need to be unique and no need to keep original aturibute ● How to use: – Replace the respectjve aturibute values with made up values – The made up values should be unique, and should have no relatjonship to the original values ● Tips – GDPR separates Pseudonymizatjon from Anonymizatjon – This should be a key part of your Privacy by Design strategy – Ensure not to re-use pseudonyms that have already been utjlized – Persistent pseudonyms are usually betuer for maintaining referentjal integrity across data sets – For reversible pseudonyms, the mapping tables or functjons or secret encryptjon keys should be securely kept and can only be used by the organizatjon

  18. Aturibute Suppression The removal of an entjre part of data (“column” in database) in a data set. Before Anomymizatjon: Name Address Phone Jim Demetriou 4290 Cheval Circle, Stow, OH 44224 330-805-4211 Gary Furlong 24 Steeple Drive, Hillsborough, NJ 08844 908-359-1754 Maria Herring 8096 Wild Lemon Lane, Manlius, NY 13104 315-682-4453 John Sacksteder 2480 Pendower Lane, Keswick, VA 22947 240-994-6728 John Mantel 23 College Street, South Hadley, MA 01075 413-532-5562 Dan Okray W1748 Circle Drive, Sullivan, WI 53178 262-593-5004 Afuer Suppressing the “Address” Aturibute: Name Phone Jim Demetriou 330-805-4211 Gary Furlong 908-359-1754 Maria Herring 315-682-4453 John Sacksteder 240-994-6728 John Mantel 413-532-5562 Dan Okray 262-593-5004

  19. Aturibute Suppression Guideline ● When to use – That aturibute is not required in the anonymized dataset, or when the aturibute cannot otherwise be suitably anonymized with another technique ● How to use: – Delete (e.g. remove) the aturibute(s), not hiding – If the structure of the data set needs to be maintained, clear the data (and possibly the header) ● Tips – This is the strongest type of anonymizatjon technique, because there is no way of recovering any informatjon from such an aturibute – Less sensitjve derived aturibute may be create to suppress the original aturibute(s). E.g. “Usage Duratjon” aturibute base on “Check- In” and ‘Check-Out” date and tjme atuributes

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Spotlight on Free Sofuware Building Blocks for a Secure Health Data Infrastructure Marcel

Spotlight on Free Sofuware Building Blocks for a Secure Health Data Infrastructure Marcel

FOSDEM 2020, Brussels Spotlight on Free Sofuware Building Blocks for a Secure Health Data Infrastructure Marcel Parciak, Markus Suhr, Tibor Kesztys, Dagmar Krefuing University Medical Center Gttjngen Department of Medical Informatjcs

624 views • 43 slides
Be,er Privacy and Security via Secure Computa9on Jonathan Katz Security/privacy would be much

Be,er Privacy and Security via Secure Computa9on Jonathan Katz Security/privacy would be much

Be,er Privacy and Security via Secure Computa9on Jonathan Katz Security/privacy would be much easier if there were someone we could all TRUST with our data Be8er data mining -- using MORE data, while respec@ng users PRIVACY

888 views • 35 slides
Secure Multiparty Computation Introduction to Privacy Preserving Distributed Data Mining Li

Secure Multiparty Computation Introduction to Privacy Preserving Distributed Data Mining Li

CS573 Data Privacy and Security Secure Multiparty Computation Introduction to Privacy Preserving Distributed Data Mining Li Xiong Slides credit: Chris Clifton, Purdue University; Murat Kantarcioglu, UT Dallas Outline Overview Data

901 views • 42 slides
Engineering privacy by design Privacy by Design Let's have it! Information and Privacy

Engineering privacy by design Privacy by Design Let's have it! Information and Privacy

Engineering privacy by design Privacy by Design Let's have it! Information and Privacy Commissioner of Ontario https://www.ipc.on.ca/images/resources/7foundationalprinciples.pdf Privacy by Design Let's have it! Article 25 European

1.32k views • 118 slides
Secure Genome me Analysis The privacy workshop is jointly

Secure Genome me Analysis The privacy workshop is jointly

The 2 nd Compe,,on on Cri,cal Assessment of Data Privacy and Protec,on Secure Genome me Analysis The privacy workshop is jointly sponsored by iDASH (U54HL108460) and

721 views • 53 slides
Privacy by Design Deirdre K. Mulligan Privacy by design, why now? Legal Drivers E- Government

Privacy by Design Deirdre K. Mulligan Privacy by design, why now? Legal Drivers E- Government

Privacy by Design Deirdre K. Mulligan Privacy by design, why now? Legal Drivers E- Government Act of 2002 and OMB Guidance for Implementing the Privacy Provisions of the E-Government Act of 2002 Resolution on Privacy by Design, Data Protection

556 views • 41 slides
Privacy by Design A technical perspective Carmela Troncoso Gradiant The usual privacy

Privacy by Design A technical perspective Carmela Troncoso Gradiant The usual privacy

PR eparing I ndustry to P rivacy-by-design by supporting its A pplication in RE search Privacy by Design A technical perspective Carmela Troncoso Gradiant The usual privacy scenario Protect personal data from third parties Data

359 views • 9 slides
Beyond the Pile of Knobs: Usability and Design for Privacy, Security, Safety & Consent

Beyond the Pile of Knobs: Usability and Design for Privacy, Security, Safety & Consent

Beyond the Pile of Knobs: Usability and Design for Privacy, Security, Safety & Consent Georgia Bullen // @georgiamoon Executive Director Simply Secure FOSDEM // 2 February 2020 Everyone deserves technology they can trust. Simply Secure

437 views • 28 slides
Course Organization Sofuware Architecture KU (706.707) Sran Dombi 2020-10-07 Institute

Course Organization Sofuware Architecture KU (706.707) Sran Dombi 2020-10-07 Institute

Course Organization Sofuware Architecture KU (706.707) Sran Dombi 2020-10-07 Institute for Interactive Systems and Data Science, Graz University of Technology 1 Introduction Course Elective course for Sofuware Engineering

335 views • 15 slides
Privacy by design and (big or not-so-big) clinical research data (management) Safeguarding

Privacy by design and (big or not-so-big) clinical research data (management) Safeguarding

Privacy by design and (big or not-so-big) clinical research data (management) Safeguarding privacy while maximizing scientific benefits: a biostatisticians approach to good data management Ronald Brand Dep of Medical Statistics, section

436 views • 26 slides
Secure Skyline Queries on Encrypted Data CS 573 Data Privacy and Security Jinfei Liu, Juncheng

Secure Skyline Queries on Encrypted Data CS 573 Data Privacy and Security Jinfei Liu, Juncheng

Secure Skyline Queries on Encrypted Data CS 573 Data Privacy and Security Jinfei Liu, Juncheng Yang, Li Xiong, and Jian Pei. Secure Skyline Queries on Cloud Platform. ICDE 2017. Jinfei Liu, Juncheng Yang, Li Xiong, and Jian Pei. Secure and

1.1k views • 72 slides
DPM 2013 Privacy-Preserving Multi-Party Reconciliation Secure in the Malicious Model 8th ACM

DPM 2013 Privacy-Preserving Multi-Party Reconciliation Secure in the Malicious Model 8th ACM

DPM 2013 Privacy-Preserving Multi-Party Reconciliation Secure in the Malicious Model 8th ACM International Workshop on Data Privacy Management 2013 Georg Neugebauer 1 , Lucas Brutschy 1 , Ulrike Meyer 1 and Susanne Wetzel 2 UMIC LuFG IT-Security,

212 views • 17 slides
User search and free sofuware culture by sajolida 1. What is Tails 2. Our usability process 3.

User search and free sofuware culture by sajolida 1. What is Tails 2. Our usability process 3.

https://tails.boum.org/ User search and free sofuware culture by sajolida 1. What is Tails 2. Our usability process 3. User research and free sofuware culture Tails Tails is a portable operating system that protects your privacy and avoids

717 views • 24 slides
CS573 Data Privacy and Security Secure Multiparty Computation General Constructions Li Xiong

CS573 Data Privacy and Security Secure Multiparty Computation General Constructions Li Xiong

CS573 Data Privacy and Security Secure Multiparty Computation General Constructions Li Xiong Last Lecture Symmetric & Public key encryption Secure Multiparty Computations Problem and security definitions General constructions

492 views • 48 slides
CS573 Data Privacy and Security Secure Multiparty Computation General Constructions Li Xiong

CS573 Data Privacy and Security Secure Multiparty Computation General Constructions Li Xiong

CS573 Data Privacy and Security Secure Multiparty Computation General Constructions Li Xiong Last Lecture Symmetric & Public key encryption Secure Multiparty Computations Problem and security definitions General constructions

846 views • 55 slides
Privacy and data protection by design cross-over of multiple disciplines Marit Hansen

Privacy and data protection by design cross-over of multiple disciplines Marit Hansen

Privacy and data protection by design cross-over of multiple disciplines Marit Hansen Privacy and Information Commissioner Schleswig-Holstein, Germany marit.hansen@datenschutzzentrum.de Annual Privacy Forum 2015 Luxembourg, 7 October,

551 views • 29 slides
CIAM an Evolving and Converging World Simon Wood TIIME Unconference 19-Feb-2020 Q4 2019

CIAM an Evolving and Converging World Simon Wood TIIME Unconference 19-Feb-2020 Q4 2019

CIAM an Evolving and Converging World Simon Wood TIIME Unconference 19-Feb-2020 Q4 2019 V3.5 First things first CIAM A Continual Evolution Employee B2B Consumer Customer B2B CIAM A Continual Evolution Employee Employee

327 views • 11 slides
The Creation of Adam Michelangelo Sistine Chapel Ceiling, 1510 The Fall and Expulsion from

The Creation of Adam Michelangelo Sistine Chapel Ceiling, 1510 The Fall and Expulsion from

The Creation of Adam Michelangelo Sistine Chapel Ceiling, 1510 The Fall and Expulsion from Garden of Eden Michelangelo Sistine Chapel , 1509-10 http://open.salon.com/blog/kikstad/2011/06/08/darren_aronofsky_to_direct_noahs_ark_movie

963 views • 52 slides
st sst s rs

st sst s rs

st sst s rs r r t r s ts st

1.7k views • 121 slides
On Lagrangian submanifolds in complex hyperquadrics and Hamiltonian volume variational problem

On Lagrangian submanifolds in complex hyperquadrics and Hamiltonian volume variational problem

On Lagrangian submanifolds in Qn ( C ) On Lagrangian submanifolds in complex hyperquadrics and Hamiltonian volume variational problem Hui Ma (Joint work with Yoshihiro Ohnita) Department of Mathematical Sciences Tsinghua University, Beijing,

985 views • 61 slides
Software Engineering Six easy pieces Bertrand Meyer LASER, Biodola, September 2006 Software

Software Engineering Six easy pieces Bertrand Meyer LASER, Biodola, September 2006 Software

Software Engineering Six easy pieces Bertrand Meyer LASER, Biodola, September 2006 Software Engineering 3 Contracts and tests The cluster model Dealing with events Dealing with Void Open-sourcing EiffelStudio Towards an

589 views • 48 slides
Detecting Sybil Attacks using Proofs of Work and Location for Vehicular AdHoc Networks (VANETS)

Detecting Sybil Attacks using Proofs of Work and Location for Vehicular AdHoc Networks (VANETS)

Master Defense Detecting Sybil Attacks using Proofs of Work and Location for Vehicular AdHoc Networks (VANETS) Presented by: Niclas Bewermeier Electrical and Computer December 14, 2018 Engineering Detecting Sybil Attacks using Proofs of

510 views • 49 slides
Probabilistic Graphical Models Inference & Learning in DL Zhiting Hu Lecture 19, March 29,

Probabilistic Graphical Models Inference & Learning in DL Zhiting Hu Lecture 19, March 29,

Probabilistic Graphical Models Inference & Learning in DL Zhiting Hu Lecture 19, March 29, 2017 Reading: 1 Deep Generative Models l Explicit probabilistic models Provide an explicit parametric specification of the distribution of l

514 views • 50 slides
The History and Culture Media Literacy Media includes any type of communication that reaches or

The History and Culture Media Literacy Media includes any type of communication that reaches or

The History and Culture Media Literacy Media includes any type of communication that reaches or influences people, and media literacy is an empowering skill that allows people to better analyze and interpret media messages. A really important

245 views • 7 slides

More recommend