security and data privacy
play

Security and Data Privacy Instructor: Pratiksha Thaker - PowerPoint PPT Presentation

Sep 18, 2023 •657 likes •1.53k views

Security and Data Privacy Instructor: Pratiksha Thaker cs245.stanford.edu Outline Security requirements Key concepts and tools Differential privacy Other security tools CS 245 2 Outline Security requirements Key concepts and tools

  1. Security and Data Privacy Instructor: Pratiksha Thaker cs245.stanford.edu

  2. Outline Security requirements Key concepts and tools Differential privacy Other security tools CS 245 2

  3. Outline Security requirements Key concepts and tools Differential privacy Other security tools CS 245 3

  4. Why Security & Privacy? CS 245 4

  5. Why Security & Privacy? Data is valuable & can cause harm if released » Example: medical records, purchase history, internal company documents, etc Data releases can’t usually be “undone” Security policies can be complex » Each user can only see data from their friends » Analyst can only query aggregate data » Users can ask to delete their derived data CS 245 5

  6. Why Security & Privacy? It’s the law! New regulations about user data: US HIPAA: Health Insurance Portability & Accountability Act (1996) » Mandatory encryption, access control, training EU GDPR, CA CCPA: (2018) » Users can ask to see & delete their data PCI DSS: Payment Card Industry standard (2004) » Required in contracts with MasterCard, etc CS 245 6

  7. Consequence Security and privacy must be baked into the design of data-intensive systems » Often a key differentiator for products! CS 245 7

  8. The Good News Declarative interface to many data-intensive systems can enable powerful security features » One of the “big ideas” in our class! Example: System R’s access control on views read arbitrary write SQL query SQL Tables View Users CS 245 8

  9. Outline Security requirements Key concepts and tools Differential privacy Other security tools CS 245 9

  10. Some Security Goals Access Control: only the “right” users can perform various operations; typically relies on: » Authentication: a way to verify user identity (e.g. password) » Authorization: a way to specify what users may take what actions (e.g. file permissions) Auditing: system records an incorruptible audit trail of who did each action CS 245 10

  11. Some Security Goals Confidentiality: data is inaccessible to external parties (often via cryptography) Integrity: data can’t be modified by external parties Privacy: only a limited amount of information about “individual” users can be learned CS 245 11

  12. Clarifying These Goals Say our goal was access control : only Matei can set CS 245 student grades on Axess What scenarios should Axess protect against? 12

  13. Clarifying These Goals Say our goal was access control : only Matei can set CS 245 student grades on Axess What scenarios should Axess protect against? 1. Bobby T. (an evil student) logging into Axess as himself and being able to change grades 13

  14. Clarifying These Goals Say our goal was access control : only Matei can set CS 245 student grades on Axess What scenarios should Axess protect against? 1. Bobby T. (an evil student) logging into Axess as himself and being able to change grades 2. Bobby sending hand-crafted network packets to Axess to change his grades 14

  15. Clarifying These Goals Say our goal was access control : only Matei can set CS 245 student grades on Axess What scenarios should Axess protect against? 1. Bobby T. (an evil student) logging into Axess as himself and being able to change grades 2. Bobby sending hand-crafted network packets to Axess to change his grades 3. Bobby getting a job as a DB admin at Axess 15

  16. Clarifying These Goals Say our goal was access control : only Matei can set CS 245 student grades on Axess What scenarios should Axess protect against? 1. Bobby T. (an evil student) logging into Axess as himself and being able to change grades 2. Bobby sending hand-crafted network packets to Axess to change his grades 3. Bobby getting a job as a DB admin at Axess 4. Bobby guessing Matei’s password 16

  17. Clarifying These Goals Say our goal was access control : only Matei can set CS 245 student grades on Axess What scenarios should Axess protect against? 1. Bobby T. (an evil student) logging into Axess as himself and being able to change grades 2. Bobby sending hand-crafted network packets to Axess to change his grades 3. Bobby getting a job as a DB admin at Axess 4. Bobby guessing Matei’s password 5. Bobby blackmailing Matei to change his grade 17

  18. Clarifying These Goals Say our goal was access control : only Matei can set CS 245 student grades on Axess What scenarios should Axess protect against? 1. Bobby T. (an evil student) logging into Axess as himself and being able to change grades 2. Bobby sending hand-crafted network packets to Axess to change his grades 3. Bobby getting a job as a DB admin at Axess 4. Bobby guessing Matei’s password 5. Bobby blackmailing Matei to change his grade 6. Bobby discovering a flaw in AES to do #2 18

  19. Threat Models To meaningfully reason about security, need a threat model : what adversaries may do » Same idea as failure models! For example, in our Axess scenario, assume: » Adversaries only interact with Axess through its public API » No crypto algorithm or software bugs » No password theft Implementing complex security policies can be hard even with these assumptions! CS 245 19

  20. Threat Models No useful threat model can cover everything » Goal is to cover the most feasible scenarios for adversaries to increase the cost of attacks Threat models also let us divide security tasks across different components » E.g. auth system handles passwords, 2FA CS 245 20

  21. Threat Models CS 245 Source: XKCD.com 21

  22. Useful Building Blocks Encryption: encode data so that only parties with a key can efficiently decrypt Cryptographic hash functions: hard to find items with a given hash (or collisions) Secure channels (e.g. TLS): confidential, authenticated communication for 2 parties CS 245 22

  23. Security Tools from DBMSs First-class concept of users + access control » Views as in System R, tables, etc Secure channels for network communication Audit logs for analysis Encrypt data on-disk (perhaps at OS level) CS 245 23

  24. Modern Tools for Security Privacy metrics and enforcement thereof (e.g. differential privacy) Computing on encrypted data (e.g. CryptDB) Hardware-assisted security (e.g. enclaves) Multi-party computation (e.g. secret sharing) CS 245 24

  25. Outline Security requirements Key concepts and tools Differential privacy Other security tools CS 245 25

  26. Threat Model queries queries Table with Database private data server Data analysts • Database software is working correctly • Adversaries only access it through public API • Adversaries have limited # of user accounts CS 245 26

  27. Private statistics SELECT AVG(income) FROM professors WHERE state= “ California ” 27

  28. Private statistics Are aggregate statistics more private than individual data? SELECT AVG(income) FROM professors WHERE state= “ California ” SELECT AVG(income) FROM professors WHERE name= “ Matei Zaharia ” 28

  29. Private statistics Are aggregate statistics more private than individual data? No! SELECT AVG(income) FROM professors WHERE state=“ California ” SELECT AVG(income) FROM professors WHERE name=“ Matei Zaharia ” 29

  30. Private statistics 30

  31. Private statistics 31

  32. Idea: differential privacy A contract for algorithms that output statistics 32

  33. Idea: differential privacy A contract for algorithms that output statistics Intuition: the function is differentially private if removing or changing a data point does not change the output "too much" 33

  34. Idea: differential privacy A contract for algorithms that output statistics Intuition: the function is differentially private if removing or changing a data point does not change the output "too much" Intuition: plausible deniability 34

  35. Idea: differential privacy A contract for algorithms that output statistics For A and B that differ in one element , 35

  36. Idea: differential privacy A contract for algorithms that output statistics For A and B that differ in one element , Randomized algorithm that computes statistic 36

  37. Idea: differential privacy A contract for algorithms that output statistics For A and B that differ in one element , Any subset of possible outcomes 37

  38. Idea: differential privacy A contract for algorithms that output statistics For A and B that differ in one element , Privacy parameter Smaller ε ~= more privacy, less accuracy 38

  39. What Does It Mean? Say an adversary runs some query and observes a result Adversary had some set of results, S , that lets them infer something about Matei if Then: ≈ 1+ε Similar outcomes whether or not Matei in DB CS 245 39

  40. What Does It Mean? Private information is noisy. Can we determine anything useful? CS 245 40

  41. What Does It Mean? Private information is noisy. Can we determine anything useful? Query: SELECT COUNT(*) FROM patients WHERE causeOfDeath = ... Assume ε =0.1 CS 245 41

  42. What Does It Mean? CS 245 42

  43. What Does It Mean? CS 245 43

  44. What Does It Mean? With enough base signal, DP can still give useful information! CS 245 44

  45. Side Information Consider the following query: SELECT AVG(income) FROM professors WHERE state=“CA” 45

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CS573 Data Privacy and Security Data Privacy and Security in Healthcare Data Privacy and Security

CS573 Data Privacy and Security Data Privacy and Security in Healthcare Data Privacy and Security

CS573 Data Privacy and Security Data Privacy and Security in Healthcare Data Privacy and Security in Healthcare Li Xiong Healthcare security and privacy HIPAA overview Research survey on information security and privacy in healthcare

1.05k views • 57 slides
Be,er Privacy and Security via Secure Computa9on Jonathan Katz Security/privacy would be much

Be,er Privacy and Security via Secure Computa9on Jonathan Katz Security/privacy would be much

Be,er Privacy and Security via Secure Computa9on Jonathan Katz Security/privacy would be much easier if there were someone we could all TRUST with our data Be8er data mining -- using MORE data, while respec@ng users PRIVACY

888 views • 35 slides
Privacy & Security Matters: Privacy & Security Matters: Protecting Personal Data

Privacy & Security Matters: Privacy & Security Matters: Protecting Personal Data

Privacy & Security Matters: Privacy & Security Matters: Protecting Personal Data Protecting Personal Data Privacy & Security Project HIPAA: What it is Health Insurance Portability and Accountability Act of 1996 Also known as

445 views • 26 slides
Healthcare privacy and security Li Xiong CS573 Data Privacy and Security Patients Are Concerned

Healthcare privacy and security Li Xiong CS573 Data Privacy and Security Patients Are Concerned

Healthcare privacy and security Li Xiong CS573 Data Privacy and Security Patients Are Concerned Did you know... 77 percent of all Americans feel their personal health information privacy is very important, and 84 percent said they

769 views • 50 slides
CS573 Data Privacy and Security Local Differential Privacy Li Xiong Privacy at Scale: Local

CS573 Data Privacy and Security Local Differential Privacy Li Xiong Privacy at Scale: Local

CS573 Data Privacy and Security Local Differential Privacy Li Xiong Privacy at Scale: Local Differential Privacy in Practice (Module 1) Graham Cormode, Somesh Jha, Tejas Kulkarni, Ninghui Li, Divesh Srivastava, and Tianhao Wang Differential

819 views • 38 slides
Data Privacy Law Overview Privacy Protections (D) Working Group Jennifer McAdam Senior Counsel

Data Privacy Law Overview Privacy Protections (D) Working Group Jennifer McAdam Senior Counsel

Data Privacy Law Overview Privacy Protections (D) Working Group Jennifer McAdam Senior Counsel DECEMBER 8, 2019 Data Privacy vs. Data Security Data Privacy Data Security How data is collected & How data is stored & used

465 views • 23 slides
CS573 Data Privacy and Security Location Privacy Location Privacy Yonghui (Yohu) Xiao htt //

CS573 Data Privacy and Security Location Privacy Location Privacy Yonghui (Yohu) Xiao htt //

CS573 Data Privacy and Security Location Privacy Location Privacy Yonghui (Yohu) Xiao htt // http://yxiao.info i i f Outline Outline What is Location Privacy Basic Techniques Private Information Retrieval Probabilistic

415 views • 24 slides
CS573 Data Privacy and Security Li Xiong Department of Mathematics and Computer Science Emory

CS573 Data Privacy and Security Li Xiong Department of Mathematics and Computer Science Emory

CS573 Data Privacy and Security Li Xiong Department of Mathematics and Computer Science Emory University Today Meet everyone in class Course overview Why data privacy and security What is data privacy and security What we

810 views • 70 slides
Beyond the Basics: Recent Developments in Global Data Privacy and Security David Bender Special

Beyond the Basics: Recent Developments in Global Data Privacy and Security David Bender Special

Beyond the Basics: Recent Developments in Global Data Privacy and Security David Bender Special Counsel, Data Privacy GTC Law Group Distinguished Fellow, Ponemon Institute The Universe of Current Privacy Concerns n The Privacy world is today

698 views • 40 slides
GTC Data Privacy & Security Training November 3, 2017 Hosted by 1 SPECIAL THANKS TO ....

GTC Data Privacy & Security Training November 3, 2017 Hosted by 1 SPECIAL THANKS TO ....

GTC Data Privacy & Security Training November 3, 2017 Hosted by 1 SPECIAL THANKS TO .... EMILY CHANG ASSISTANT GENERAL COUNSEL, DIRECTOR 2 GTC DATA PRIVACY & SECURITY GROUP gtclawgroup.com 3 PLEASE GIVE YOUR QUESTION CARDS TO:

984 views • 34 slides
Privacy-Preserving Query Processing over Encrypted Data in Cloud CS573 Data Privacy and Security

Privacy-Preserving Query Processing over Encrypted Data in Cloud CS573 Data Privacy and Security

Motivation Two-Cloud Setting PP k NN Classification Conclusion and Future Research Privacy-Preserving Query Processing over Encrypted Data in Cloud CS573 Data Privacy and Security Yousef M. Elmehdwi Department of Mathematics and Computer

919 views • 19 slides
Data Privacy Anonymization Li Xiong CS573 Data Privacy and Security Outline Inference

Data Privacy Anonymization Li Xiong CS573 Data Privacy and Security Outline Inference

Data Privacy Anonymization Li Xiong CS573 Data Privacy and Security Outline Inference control Anonymization problem Anonymization notions and approaches (and how they fail to work!) k-anonymity l-diversity t-closeness

741 views • 51 slides
Global Privacy and Data Security Developments2013 By Katherine Ritchey, Mauricio Paez,

Global Privacy and Data Security Developments2013 By Katherine Ritchey, Mauricio Paez,

Global Privacy and Data Security Developments2013 By Katherine Ritchey, Mauricio Paez, Veronica McGregor, and Maria Sendra* Privacy and data security continue to be a focus for corporations, regulators, law enforcement, and consumer groups

282 views • 10 slides
Li Xiong CS573 Data Privacy and Security

Li Xiong CS573 Data Privacy and Security

Li Xiong CS573 Data Privacy and Security Security Engineering by Ross Anderson, 2001 Its function is to control which

422 views • 40 slides
Security and Privacy in the Cloud Mayer Brown LLP: Cybersecurity and Data Privacy / Technology

Security and Privacy in the Cloud Mayer Brown LLP: Cybersecurity and Data Privacy / Technology

Security and Privacy in the Cloud Mayer Brown LLP: Cybersecurity and Data Privacy / Technology Transactions Practice Groups November 14, 2017 Linda Rhodes Joe Pennell Brad Peterson Partner Partner Partner 202-263-3382 312-701-8354

313 views • 29 slides
CCPA - How To Do It Tanya Forsheit, Chair, Privacy & Data Security Group, Frankfurt Kurnit

CCPA - How To Do It Tanya Forsheit, Chair, Privacy & Data Security Group, Frankfurt Kurnit

CCPA - How To Do It Tanya Forsheit, Chair, Privacy & Data Security Group, Frankfurt Kurnit Klein & Selz Beth Hill, General Counsel & Chief Compliance Officer, FordDirect Maggie Mansourkia Mobley, Advisor, Privacy Matters Privacy &

524 views • 26 slides
Ethical Issues in Child and Adolescent Psychiatry Avi Kriechman, M.D. UNM Department of

Ethical Issues in Child and Adolescent Psychiatry Avi Kriechman, M.D. UNM Department of

Ethical Issues in Child and Adolescent Psychiatry Avi Kriechman, M.D. UNM Department of Psychiatry Center for Rural and Community Behavioral Health Division of Child and Adolescent Psychiatry Fundamental Ethical Principles

317 views • 19 slides
INFORMATION RISK MANAGEMENT PROGRAM Developing a Unit Training Plan Information Security &

INFORMATION RISK MANAGEMENT PROGRAM Developing a Unit Training Plan Information Security &

INFORMATION TECHNOLOGY SERVICES INFORMATION RISK MANAGEMENT PROGRAM Developing a Unit Training Plan Information Security & Privacy Office June 8, 2017 Information Security and Privacy Plan Goal 2: Training and Outreach People are the

384 views • 13 slides
Organizations Annual Meeting: National Committee on Vital and Health Statistics Presentation

Organizations Annual Meeting: National Committee on Vital and Health Statistics Presentation

2015 National Association of Health Data Organizations Annual Meeting: National Committee on Vital and Health Statistics Presentation Data Stewardship, Privacy, and Confidentiality: Implications for Collection and Dissemination of APCD and

465 views • 35 slides
Presented to DBHDD Providers By Elizabeth Bentley Watson DBHDD Attorney and HIPAA Privacy Officer

Presented to DBHDD Providers By Elizabeth Bentley Watson DBHDD Attorney and HIPAA Privacy Officer

Presented to DBHDD Providers By Elizabeth Bentley Watson DBHDD Attorney and HIPAA Privacy Officer betty.bentley.watson@dbhdd.ga.gov August 2014 Disclaimer This presentation does not constitute legal advice. Providers should seek their own

488 views • 48 slides
THE ROLE OF POWER IN LEGAL COMPLIANCE ROBERT MUTHURI, SEPIDEH GHANAVATI, ANDRE RIFAUT, LLIO

THE ROLE OF POWER IN LEGAL COMPLIANCE ROBERT MUTHURI, SEPIDEH GHANAVATI, ANDRE RIFAUT, LLIO

THE ROLE OF POWER IN LEGAL COMPLIANCE ROBERT MUTHURI, SEPIDEH GHANAVATI, ANDRE RIFAUT, LLIO HUMPHREYS AND GUIDO BOELLA Norm conferring power in legislative text

437 views • 19 slides
Impact of Pharmacy Legislation on Changing Practice Virgil Van Dusen, RPh, JD Bernhardt

Impact of Pharmacy Legislation on Changing Practice Virgil Van Dusen, RPh, JD Bernhardt

Impact of Pharmacy Legislation on Changing Practice Virgil Van Dusen, RPh, JD Bernhardt Professor of Pharmacy Southwestern Oklahoma State University Weatherford, Oklahoma 5/26/2015 1 Change is the law of life. John F. Kennedy 5/26/2015 2

672 views • 44 slides
DATA Classification State of Ohio Administrative Policy IT-13 Agenda Background

DATA Classification State of Ohio Administrative Policy IT-13 Agenda Background

DATA Classification State of Ohio Administrative Policy IT-13 Agenda Background Classification Elements Roles & Responsibilities Methodology Education & Awareness Compliance & Implementation Purpose The

290 views • 18 slides
Supply Chain Sponsored By: The Digital Ecosystem How to Manage Cyber Effects on Your Supply

Supply Chain Sponsored By: The Digital Ecosystem How to Manage Cyber Effects on Your Supply

The Digital Ecosystem How to Manage Cyber Effects on Your Supply Chain Sponsored By: The Digital Ecosystem How to Manage Cyber Effects on Your Supply Chain Visit www.advisenltd.com at the end of this webinar to download: Copy of

538 views • 19 slides

More recommend