Title: Q-RICE: Query Rewriting and Policy Integration for access Control and Enforcement
Managing the security and privacy of patient records is increasingly important in the health care field. The challenges include complying with access control policy requirements from multiple sources like participating institution guidelines, the terms of collaboration, as well as legal requirements such as HIPAA. Previous work has suggested fine-grained access control (FGAC) mechanisms to handle this problem. Early FGAC mechanisms involved tuple-labeling (currently used in MIFAR and similar systems), which is not scalable. Delays hinder data movement between researchers and often lead them to bypass access control mechanisms. Newer FGAC mechanisms combine role-based access control and query rewriting. However, these have some of their own limitations.
Our FGAC system integrates policy management and query modification. We extend policy management to handle multiple data sources, the common SQL data types and aggregate queries. For example, imagine two policies allow a user to see only aggregated results over a range for anonymity, on two different but overlapping ranges. A query over the intersection of these two ranges may or may not be accepted depending on constituent data types. For effective query evaluation, we use a number of heuristics while rendering the outcome of policy management.
Title: Peer-Produced Privacy Violations
Social network sites offer a compelling social experience; users create satisfying identities, relationships, and communities. This social experience, however, is built on the pervasive reuse of personal information. Users must supply extensive personal information to participate. That information is then redeployed to convince others to do the same. The resulting dynamics are viral. Users systematically underestimate the privacy risks involved and experience incessant privacy violations. Those violations are peer-produced, that is, they arise out of the distributed interactions of similarly situated individuals, rather than from the overbearing actions of a powerful central entity. This fact encourages a skeptical attitude towards mandatory data portability and towards purely technical measures for ensuring privacy on social network sites
Title: Pirate Evolution in Broadcast Encryption Schemes
Pirate Evolution in Broadcast Encryption Schemes This talk will overview pirate evolution, an attack concept against broadcast encryption schemes. A pirate evolution strategy is a method a pirate can use to schedule the compromised key material it possesses so that it can maximize its overall reception time in a content distribution system. In the talk we will describe pirate evolution strategies for current broadcast encryption schemes. Moreover, countermeasures to pirate evolution will be discussed that exhibit tradeoffs between the level of susceptibility to pirate evolution and the efficiency parameters of the underlying encryption scheme.
Title: Pinning Down "Privacy" in Statistical Databases
This talk discusses a recent, rigorous approach to privacy in statistical databases. This is a specific, important aspect of "privacy" problems in the Internet and in modern information systems generally.
Consider an agency holding a large database of sensitive personal information (perhaps medical records, census survey answers, or web search records). The agency would like to discover and publicly release global characteristics of the data (say, to inform policy and business decisions) while protecting the privacy of individuals' records. This problem is known variously as "statistical disclosure control", "privacy-preserving data mining" or simply "database privacy".
We describe "differential privacy", a notion which emerged from a recent line of work in theoretical computer science that seeks to formulate and satisfy rigorous definitions of privacy for such statistical databases. We also sketch some basic techniques for achieving differential privacy. The techniques are reminiscent of (but different from) those used in noise-tolerant machine learning and robust statistics.
Based on several papers with Cynthia Dwork, Shiva Kasiviswanathan, Homin Lee, Frank McSherry, Kobbi Nissim and Sofya Raskhodnikova, published or to appear at TCC 2006, STOC 2007, KDD 2008 and FOCS 2008.
Title: Security, Obscurity,and Information Sharing
For this conference on "seamless data movement with appropriate controls" a key question is what data should move seamlessly. A slogan among computer security experts is that there is no security through obscurity. In contrast, military and other security experts in the physical world are inclined to say that "loose lips sink ships," so that sharing more data will undermine security. "Appropriate controls" are needed for privacy as well as security reasons. This talk draws on a continuing research project about appropriate intellectual structures for information sharing in a networked world.