Output-Dependent Access Control

Access control management techniques can reduce the risk of data exfiltration while making privacy-trivial data insights, such as statistical correlations, more accessible. Controlling access to sensitive or private data without unduly restricting essential activities is challenging. Traditional access control techniques, including whitelists, blacklists, and Access Control Lists (ACLs) limit access to sensitive data even when the query output does not contain sensitive information. This approach uses a combination of differential privacy, policy-based access controls, and dynamic query analysis. Dynamic query analysis determines what access controls apply to the output of query, i.e. what output-dependent access controls are appropriate. When output-dependent access controls are appropriate, a policy-based engine determines what level of privilege is required. If the user lacks the required privilege, differential privacy may be applied to the results to prevent exfiltration of sensitive information

Protecting sensitive data using differential privacy and role-based access control

Dans le monde d'aujourd'hui où la plupart des aspects de la vie moderne sont traités par des systèmes informatiques, la vie privée est de plus en plus une grande préoccupation. En outre, les données ont été générées massivement et traitées en particulier dans les deux dernières années, ce qui motive les personnes et les organisations à externaliser leurs données massives à des environnements infonuagiques offerts par des fournisseurs de services. Ces environnements peuvent accomplir les tâches pour le stockage et l'analyse de données massives, car ils reposent principalement sur Hadoop MapReduce qui est conçu pour traiter efficacement des données massives en parallèle. Bien que l'externalisation de données massives dans le nuage facilite le traitement de données et réduit le coût de la maintenance et du stockage de données locales, elle soulève de nouveaux problèmes concernant la protection de la vie privée. Donc, comment on peut effectuer des calculs sur de données massives et sensibles tout en préservant la vie privée. Par conséquent, la construction de systèmes sécurisés pour la manipulation et le traitement de telles données privées et massives est cruciale. Nous avons besoin de mécanismes pour protéger les données privées, même lorsque le calcul en cours d'exécution est non sécurisé. Il y a eu plusieurs recherches ont porté sur la recherche de solutions aux problèmes de confidentialité et de sécurité lors de l'analyse de données dans les environnements infonuagique. Dans cette thèse, nous étudions quelques travaux existants pour protéger la vie privée de tout individu dans un ensemble de données, en particulier la notion de vie privée connue comme confidentialité différentielle. Confidentialité différentielle a été proposée afin de mieux protéger la vie privée du forage des données sensibles, assurant que le résultat global publié ne révèle rien sur la présence ou l'absence d'un individu donné. Enfin, nous proposons une idée de combiner confidentialité différentielle avec une autre méthode de préservation de la vie privée disponible.In nowadays world where most aspects of modern life are handled and managed by computer systems, privacy has increasingly become a big concern. In addition, data has been massively generated and processed especially over the last two years. The rate at which data is generated on one hand, and the need to efficiently store and analyze it on the other hand, lead people and organizations to outsource their massive amounts of data (namely Big Data) to cloud environments supported by cloud service providers (CSPs). Such environments can perfectly undertake the tasks for storing and analyzing big data since they mainly rely on Hadoop MapReduce framework, which is designed to efficiently handle big data in parallel. Although outsourcing big data into the cloud facilitates data processing and reduces the maintenance cost of local data storage, it raises new problem concerning privacy protection. The question is how one can perform computations on sensitive and big data while still preserving privacy. Therefore, building secure systems for handling and processing such private massive data is crucial. We need mechanisms to protect private data even when the running computation is untrusted. There have been several researches and work focused on finding solutions to the privacy and security issues for data analytics on cloud environments. In this dissertation, we study some existing work to protect the privacy of any individual in a data set, specifically a notion of privacy known as differential privacy. Differential privacy has been proposed to better protect the privacy of data mining over sensitive data, ensuring that the released aggregate result gives almost nothing about whether or not any given individual has been contributed to the data set. Finally, we propose an idea of combining differential privacy with another available privacy preserving method

A Fundamental Performance Limit of Cloud-based Control in Terms of Differential Privacy Level

In this paper, we address a privacy issue raised by cloud based control. In a cloud based control framework, a plant typically has no access to the models of the cloud system and other plants connected via the cloud system. Under restricted information, the plant is required to design its local controller for achieving control objectives. As a control objective, we consider a tracking problem, and for constant reference signals, a class of tracking controllers is identified based on Youla parametrization. More importantly, as local tracking controllers are implemented, there is a possibility that the cloud system or other plants connected via the cloud system may be able to identify private information of the plant by using the collected signal from the plant; for example, the reference signal (say, the target production amount) of the plant can be viewed as a piece of private information. In order to evaluate the privacy level of the reference signal, we employ the concept of differential privacy. For the Laplace mechanism induced by the entire system, we show that the differential privacy level cannot be further improved from a ceiling value for any parameters of the local controller. In other words, there is a performance limit in terms of differential privacy level, which is determined by the plant and cloud system only.</p

Modular control under privacy protection:Fundamental trade-offs

In privacy-preserving controller design, there is usually a trade-off between the privacy level and control performances, and we show in this paper that this trade-off in particular determines a lower bound on the differential privacy level of the closed-loop system. The control task we consider is reference tracking in a plug-and-play setting, and the plant under control is a networked system of modules, each of which has no access to the models of the others. For a module, we first identify the whole set of tracking local controllers based on the Youla parametrization. At the same time, each module, to protect its own privacy, tries to prevent the other interconnected modules to identify its private information; in this context, for example, the tracking reference signal (say, the target production amount if each module is a workshop in a factory) can be viewed as a piece of private information. Each module can tune the parameters of its local controller to increase the privacy level of its reference signal. However, if the distribution of Laplace (resp. uniform) noise is fixed, the differential privacy level of a Laplace (resp. uniform) mechanism cannot be further improved from a ceiling value no matter how one tunes parameters. In other words, for modular systems under local reference tracking control, there is a lower bound on the differential privacy level.</p

Modular control under privacy protection:Fundamental trade-offs

In privacy-preserving controller design, there is usually a trade-off between the privacy level and control performances, and we show in this paper that this trade-off in particular determines a lower bound on the differential privacy level of the closed-loop system. The control task we consider is reference tracking in a plug-and-play setting, and the plant under control is a networked system of modules, each of which has no access to the models of the others. For a module, we first identify the whole set of tracking local controllers based on the Youla parametrization. At the same time, each module, to protect its own privacy, tries to prevent the other interconnected modules to identify its private information; in this context, for example, the tracking reference signal (say, the target production amount if each module is a workshop in a factory) can be viewed as a piece of private information. Each module can tune the parameters of its local controller to increase the privacy level of its reference signal. However, if the distribution of Laplace (resp. uniform) noise is fixed, the differential privacy level of a Laplace (resp. uniform) mechanism cannot be further improved from a ceiling value no matter how one tunes parameters. In other words, for modular systems under local reference tracking control, there is a lower bound on the differential privacy level

Taking Computation to Data: Integrating Privacy-preserving AI techniques and Blockchain Allowing Secure Analysis of Sensitive Data on Premise

PhD thesis in Information technologyWith the advancement of artificial intelligence (AI), digital pathology has seen significant progress in recent years. However, the use of medical AI raises concerns about patient data privacy. The CLARIFY project is a research project funded under the European Union’s Marie Sklodowska-Curie Actions (MSCA) program. The primary objective of CLARIFY is to create a reliable, automated digital diagnostic platform that utilizes cloud-based data algorithms and artificial intelligence to enable interpretation and diagnosis of wholeslide-images (WSI) from any location, maximizing the advantages of AI-based digital pathology. My research as an early stage researcher for the CLARIFY project centers on securing information systems using machine learning and access control techniques. To achieve this goal, I extensively researched privacy protection technologies such as federated learning, differential privacy, dataset distillation, and blockchain. These technologies have different priorities in terms of privacy, computational efficiency, and usability. Therefore, we designed a computing system that supports different levels of privacy security, based on the concept: taking computation to data. Our approach is based on two design principles. First, when external users need to access internal data, a robust access control mechanism must be established to limit unauthorized access. Second, it implies that raw data should be processed to ensure privacy and security. Specifically, we use smart contractbased access control and decentralized identity technology at the system security boundary to ensure the flexibility and immutability of verification. If the user’s raw data still cannot be directly accessed, we propose to use dataset distillation technology to filter out privacy, or use locally trained model as data agent. Our research focuses on improving the usability of these methods, and this thesis serves as a demonstration of current privacy-preserving and secure computing technologies

Reversible Data Perturbation Techniques for Multi-level Privacy-preserving Data Publication

The amount of digital data generated in the Big Data age is increasingly rapidly. Privacy-preserving data publishing techniques based on differential privacy through data perturbation provide a safe release of datasets such that sensitive information present in the dataset cannot be inferred from the published data. Existing privacy-preserving data publishing solutions have focused on publishing a single snapshot of the data with the assumption that all users of the data share the same level of privilege and access the data with a fixed privacy level. Thus, such schemes do not directly support data release in cases when data users have different levels of access on the published data. While a straight-forward approach of releasing a separate snapshot of the data for each possible data access level can allow multi-level access, it can result in a higher storage cost requiring separate storage space for each instance of the published data. In this paper, we develop a set of reversible data perturbation techniques for large bipartite association graphs that use perturbation keys to control the sequential generation of multiple snapshots of the data to offer multi-level access based on privacy levels. The proposed schemes enable multi-level data privacy, allowing selective de-perturbation of the published data when suitable access credentials are provided. We evaluate the techniques through extensive experiments on a large real-world association graph dataset and our experiments show that the proposed techniques are efficient, scalable and effectively support multi-level data privacy on the published data

Privacy-Preserving Face Recognition with Learnable Privacy Budgets in Frequency Domain

Face recognition technology has been used in many fields due to its high recognition accuracy, including the face unlocking of mobile devices, community access control systems, and city surveillance. As the current high accuracy is guaranteed by very deep network structures, facial images often need to be transmitted to third-party servers with high computational power for inference. However, facial images visually reveal the user's identity information. In this process, both untrusted service providers and malicious users can significantly increase the risk of a personal privacy breach. Current privacy-preserving approaches to face recognition are often accompanied by many side effects, such as a significant increase in inference time or a noticeable decrease in recognition accuracy. This paper proposes a privacy-preserving face recognition method using differential privacy in the frequency domain. Due to the utilization of differential privacy, it offers a guarantee of privacy in theory. Meanwhile, the loss of accuracy is very slight. This method first converts the original image to the frequency domain and removes the direct component termed DC. Then a privacy budget allocation method can be learned based on the loss of the back-end face recognition network within the differential privacy framework. Finally, it adds the corresponding noise to the frequency domain features. Our method performs very well with several classical face recognition test sets according to the extensive experiments.Comment: ECCV 2022; Code is available at https://github.com/Tencent/TFace/tree/master/recognition/tasks/dctd