4,506 research outputs found
Secure data sharing and processing in heterogeneous clouds
The extensive cloud adoption among the European Public Sector Players empowered them to own and operate a range of cloud infrastructures. These deployments vary both in the size and capabilities, as well as in the range of employed technologies and processes. The public sector, however, lacks the necessary technology to enable effective, interoperable and secure integration of a multitude of its computing clouds and services. In this work we focus on the federation of private clouds and the approaches that enable secure data sharing and processing among the collaborating infrastructures and services of public entities. We investigate the aspects of access control, data and security policy languages, as well as cryptographic approaches that enable fine-grained security and data processing in semi-trusted environments. We identify the main challenges and frame the future work that serve as an enabler of interoperability among heterogeneous infrastructures and services. Our goal is to enable both security and legal conformance as well as to facilitate transparency, privacy and effectivity of private cloud federations for the public sector needs. © 2015 The Authors
Enhancing user's privacy : developing a model for managing and testing the lifecycle of consent and revocation
Increasingly, people turn to the Internet for access to services, which often require
disclosure of a significant amount of personal data. Networked technologies have
enabled an explosive growth in the collection, storage and processing of personal
information with notable commercial potential. However, there are asymmetries in
relation to how people are able to control their own information when handled by
enterprises. This raises significant privacy concerns and increases the risk of privacy
breaches, thus creating an imperative need for mechanisms offering information
control functionalities.
To address the lack of controls in online environments, this thesis focuses on
consent and revocation mechanisms to introduce a novel approach for controlling
the collection, usage and dissemination of personal data and managing privacy ex-
pectations. Drawing on an extensive multidisciplinary review on privacy and on
empirical data from focus groups, this research presents a mathematical logic as the
foundation for the management of consent and revocation controls in technological
systems.
More specifically, this work proposes a comprehensive conceptual model for con-
sent and revocation and introduces the notion of 'informed revocation'. Based on
this model, a Hoare-style logic is developed to capture the effects of expressing indi-
viduals' consent and revocation preferences. The logic is designed to support certain
desirable properties, defined as healthiness conditions. Proofs that these conditions
hold are provided with the use of Maude software. This mathematical logic is
then verified in three real-world case study applications with different consent and
revocation requirements for the management of employee data in a business envi-
ronment, medical data in a biobank and identity assurance in government services.
The results confirm the richness and the expressiveness of the logic. In addition, a
novel testing strategy underpinned by this logic is presented. This strategy is able
to generate testing suites for systems offering consent and revocation controls, such
as the EnCoRe system, where testing was carried out successfully and resulted in
identifying faults in the EnCoRe implementation
An Event Driven Hybrid Identity Management Approach to Privacy Enhanced e-Health
Credential-based authorization offers interesting advantages for ubiquitous scenarios involving limited devices such as sensors and personal mobile equipment: the verification can be done locally; it offers a more reduced computational cost than its competitors for issuing, storing, and verification; and it naturally supports rights delegation. The main drawback is the revocation of rights. Revocation requires handling potentially large revocation lists, or using protocols to check the revocation status, bringing extra communication costs not acceptable for sensors and other limited devices. Moreover, the effective revocation consent—considered as a privacy rule in sensitive scenarios—has not been fully addressed.This paper proposes an event-based mechanism empowering a new concept, the sleepyhead credentials, which allows to substitute time constraints and explicit revocation by activating and deactivating authorization rights according to events. Our approach is to integrate this concept in IdM systems in a hybrid model supporting delegation, which can be an interesting alternative for scenarios where revocation of consent and user privacy are critical. The delegation includes a SAML compliant protocol, which we have validated through a proof-of-concept implementation. This article also explains the mathematical model describing the event-based model and offers estimations of the overhead introduced by the system. The paper focus on health care scenarios, where we show the flexibility of the proposed event-based user consent revocation mechanism.This work was partially founded by the Spanish Ministry of Science and Innovation under the project TEC2010-20572-C02-01 (CONSEQUENCE) and by the State of Madrid (Spain) under the contract number S2009/TIC-1650 (e-Madrid). Moreover, the authors would like to thank to the anonymous referees for comments and recommendations for the paper improvement
Contributions to the privacy provisioning for federated identity management platforms
Identity information, personal data and userâs profiles are key assets for organizations
and companies by becoming the use of identity management (IdM) infrastructures a prerequisite
for most companies, since IdM systems allow them to perform their business
transactions by sharing information and customizing services for several purposes in more
efficient and effective ways.
Due to the importance of the identity management paradigm, a lot of work has been done
so far resulting in a set of standards and specifications. According to them, under the
umbrella of the IdM paradigm a personâs digital identity can be shared, linked and reused
across different domains by allowing users simple session management, etc. In this way,
usersâ information is widely collected and distributed to offer new added value services
and to enhance availability. Whereas these new services have a positive impact on usersâ
life, they also bring privacy problems.
To manage usersâ personal data, while protecting their privacy, IdM systems are the ideal
target where to deploy privacy solutions, since they handle usersâ attribute exchange.
Nevertheless, current IdM models and specifications do not sufficiently address comprehensive
privacy mechanisms or guidelines, which enable users to better control over the
use, divulging and revocation of their online identities. These are essential aspects, specially
in sensitive environments where incorrect and unsecured management of userâs data
may lead to attacks, privacy breaches, identity misuse or frauds.
Nowadays there are several approaches to IdM that have benefits and shortcomings, from
the privacy perspective.
In this thesis, the main goal is contributing to the privacy provisioning for federated
identity management platforms. And for this purpose, we propose a generic architecture
that extends current federation IdM systems. We have mainly focused our contributions
on health care environments, given their particularly sensitive nature. The two main
pillars of the proposed architecture, are the introduction of a selective privacy-enhanced
user profile management model and flexibility in revocation consent by incorporating an
event-based hybrid IdM approach, which enables to replace time constraints and explicit
revocation by activating and deactivating authorization rights according to events. The
combination of both models enables to deal with both online and offline scenarios, as well
as to empower the user role, by letting her to bring together identity information from
different sources.
Regarding userâs consent revocation, we propose an implicit revocation consent mechanism
based on events, that empowers a new concept, the sleepyhead credentials, which
is issued only once and would be used any time. Moreover, we integrate this concept
in IdM systems supporting a delegation protocol and we contribute with the definition
of mathematical model to determine event arrivals to the IdM system and how they are
managed to the corresponding entities, as well as its integration with the most widely
deployed specification, i.e., Security Assertion Markup Language (SAML).
In regard to user profile management, we define a privacy-awareness user profile management
model to provide efficient selective information disclosure. With this contribution a
service provider would be able to accesses the specific personal information without being
able to inspect any other details and keeping user control of her data by controlling
who can access. The structure that we consider for the user profile storage is based on
extensions of Merkle trees allowing for hash combining that would minimize the need of
individual verification of elements along a path. An algorithm for sorting the tree as we
envision frequently accessed attributes to be closer to the root (minimizing the accessâ
time) is also provided.
Formal validation of the above mentioned ideas has been carried out through simulations
and the development of prototypes. Besides, dissemination activities were performed in
projects, journals and conferences.Programa Oficial de Doctorado en IngenierĂa TelemĂĄticaPresidente: MarĂa Celeste Campo VĂĄzquez.- Secretario: MarĂa Francisca Hinarejos Campos.- Vocal: Ăscar Esparza MartĂ
Privacy in Mobile Technology for Personal Healthcare
Information technology can improve the quality, efficiency, and cost of healthcare. In this survey, we examine the privacy requirements of \emphmobile\/ computing technologies that have the potential to transform healthcare. Such \emphmHealth\/ technology enables physicians to remotely monitor patients\u27 health, and enables individuals to manage their own health more easily. Despite these advantages, privacy is essential for any personal monitoring technology. Through an extensive survey of the literature, we develop a conceptual privacy framework for mHealth, itemize the privacy properties needed in mHealth systems, and discuss the technologies that could support privacy-sensitive mHealth systems. We end with a list of open research questions
Tutorial: Identity Management Systems and Secured Access Control
Identity Management has been a serious problem since the establishment of the Internet. Yet little progress has been made toward an acceptable solution. Early Identity Management Systems (IdMS) were designed to control access to resources and match capabilities with people in well-defined situations, Todayâs computing environment involves a variety of user and machine centric forms of digital identities and fuzzy organizational boundaries. With the advent of inter-organizational systems, social networks, e-commerce, m-commerce, service oriented computing, and automated agents, the characteristics of IdMS face a large number of technical and social challenges. The first part of the tutorial describes the history and conceptualization of IdMS, current trends and proposed paradigms, identity lifecycle, implementation challenges and social issues. The second part addresses standards, industry initia-tives, and vendor solutions. We conclude that there is disconnect between the need for a universal, seamless, trans-parent IdMS and current proposed standards and vendor solutions
- âŠ