Who has the data ... and will breach the duty of confidence
1 like1,740 views
This document discusses key challenges around distributed data security and privacy. It notes that sensory data is continuously captured and aggregated across devices and applications, and data is frequently exchanged between intermediaries with different access rights. The goals are to retain control over how data is used once shared, through access control, obligations, and policies. Lessons from other domains suggest protecting data at source, allowing policies to partially follow data based on context, and establishing data sharing agreements between parties. The document introduces the PRiMMA framework for enforcing privacy policies on devices and learning policies from user behavior.
Who has the data ... and will breach the duty of confidence
- 1. ! Who has the data? ... and will breach the duty of confidence! Emil Lupu Imperial College London Panel: Key Challenges in Distributed Security 22nd IFIP WG 11.3 Working Conference on Data and Applications Security
- 2. Body Area Networks for eHealth Home Appliance Control Events Monitor Events Manager Agent Managed Objects Control actions Decisions Policies New functionality Body Area Networks Policies
- 4. Pervasive Spaces Events Monitor Events Manager Agent Managed Objects Control actions Decisions Policies New functionality Policies PAN Control Autonomous Vehicles Personal Area Networks Home Appliance Control Events Monitor Events Manager Agent Managed Objects Control actions Decisions Policies New functionality Policies Intelligent Home Networks Pervasive Environments
- 5. Observations • Sensory data is continuously captured and aggregated. • Data is frequently exchanged at device level, at application level and at institutional level. • Data is often exchanged through intermediaries which may themselves have rights to access the data (and aggregate or modify it) and is stored at multiple locations. • Rights to access data are often determined by context which changes dynamically (in addition to longer lived attributes e.g., role, competency,...) • Decisions have to be made with intermittent network access, on devices with limited computational capabilities and based on incomplete information.
- 6. Goals • Retaining control over data usage once data has been exchanged remains an elusive goal that appears in many application scenarios with varying threats. • Different research topics aim to address variations of the problem: Document Protection Models, Privacy, UCON, DCON, DRM, ERM, Policy. • It’s not just about Access Control but includes obligations (both imperative and deontic), information filtering and/or transformation, monitored conditions, association between policy and data. • Access Control models such as RBAC do not easily distribute, scale down or combine with other concepts such as obligations.
- 7. Some lessons from elsewhere (non-security) • Data processing and device management must be done as close to the origin as possible. Protection? • (Constrained) Programmability is the most efficient way of achieving adaptation. • Agreements (Contracts) are often desired by all parties. • This would imply: • Protect data at source. Add layers e.g. when crossing domain boundaries • Policies (rules) follow data. Partially? enforced by the recepient; context. • Establish and enforce Data Sharing Agreements.
- 9. PRiMMA • Enforcing privacy policies on small devices • Learning privacy policies from user behaviour
- 10. Thank you!