PRIVAS - automatic anonymization of databases

Currently, given the technological evolution, data and information are increasingly valuable in the most diverse areas for the most various purposes. Although the information and knowledge discovered by the exploration and use of data can be very valuable in many applications, people have been increasingly concerned about the other side, that is, the privacy threats that these processes bring. The system Privas, described in this paper, will aid the Data Publisher to pre-process the database before publishing. For that, a DSL is used to define the database schema description, identify the sensitive data and the desired privacy level. After that a Privas processor will process the DSL program and interpret it to automatically transform the repository schema. The automatization of the anonymization process is the main contribution and novelty of this work.info:eu-repo/semantics/publishedVersio

Assuring data privacy with PRIVAS - a tool for data publishers

The technology of nowadays allows to easily extract, store, process and use information about individuals and organizations. The increase of the amount of data collected and its value to our society was, at first, a great advance that could be used to optimize processes, find solutions and support decisions but also brought new problems related with lack of privacy and malicious attacks to confidential information. In this paper, a tool to anonymize databases is presented. It can be used by data publishers to protect information from attacks controlling the desired privacy level and the data usefulness. In order to specify these requirements a DSL (PrivasL) is used and the automatization of repository transformation, that is based on language processing techniques, is the novelty of this work.FCT – Fundação para a Ciência e Tecnologia within the Project Scope: UID/CEC/00319/2019.info:eu-repo/semantics/publishedVersio

Security and Privacy of Protocols and Software with Formal Methods

International audienceThe protection of users' data conforming to best practice and legislation is one of the main challenges in computer science. Very often, large-scale data leaks remind us that the state of the art in data privacy and anonymity is severely lacking. The complexity of modern systems make it impossible for software architect to create secure software that correctly implements privacy policies without the help of automated tools. The academic community needs to invest more effort in the formal modelization of security and anonymity properties, providing a deeper understanding of the underlying concepts and challenges and allowing the creation of automated tools to help software architects and developers. This track provides numerous contributions to the formal modeling of security and anonymity properties and the creation of tools to verify them on large-scale software projects

The Use of Mobility Data for Responding to the COVID-19 Pandemic

As the COVID-19 pandemic continues to upend the way people move, work, and gather, governments, businesses, and public health researchers have looked increasingly at mobility data to support pandemic response. This data, assets that describe human location and movement, generally has been collected for purposes directly related to a company's business model, including optimizing the delivery of consumer services, supply chain management or targeting advertisements. However, these call detail records, smartphone-mobility data, vehicle-derived GPS, and other mobility data assets can also be used to study patterns of movement. These patterns of movement have, in turn, been used by organizations to forecast disease spread and inform decisions on how to best manage activity in certain locations.Researchers at The GovLab and Cuebiq, supported by the Open Data Institute, identified 51 notable projects from around the globe launched by public sector and research organizations with companies that use mobility data for these purposes. It curated five projects among this listing that highlight the specific opportunities (and risks) presented by using this asset. Though few of these highlighted projects have provided public outputs that make assessing project success difficult, organizations interviewed considered mobility data to be a useful asset that enabled better public health surveillance, supported existing decision-making processes, or otherwise allowed groups to achieve their research goals.The report below summarizes some of the major points identified in those case studies. While acknowledging that location data can be a highly sensitive data type that can facilitate surveillance or expose data subjects if used carelessly, it finds mobility data can support research and inform decisions when applied toward narrowly defined research questions through frameworks that acknowledge and proactively mitigate risk. These frameworks can vary based on the individual circumstances facing data users, suppliers, and subjects. However, there are a few conditions that can enable users and suppliers to promote publicly beneficial and responsible data use and overcome the serious obstacles facing them.For data users (governments and research institutions), functional access to real-time and contextually relevant data can support research goals, even though a lack of data science competencies and both short and long-term funding sources represent major obstacles for this goal. Data suppliers (largely companies), meanwhile, need governance structures and mechanisms that facilitate responsible re-use, including data re-use agreements that define who, what, where, and when, and under what conditions data can be shared. A lack of regulatory clarity and the absence of universal governance and privacy standards have impeded effective and responsible dissemination of mobility for research and humanitarian purposes. Finally, for both data users and suppliers, we note that collaborative research networks that allow organizations to seek out and provide data can serve as enablers of project success by facilitating exchange of methods and resources, and closing the gap between research and practice.Based on these findings, we recommend the development of clear governance and privacy frameworks, increased capacity building around data use within the public sector, and more regular convenings of ecosystem stakeholders (including the public and data subjects) to broaden collaborative networks. We also propose solutions towards making the responsible use of mobility data more sustainable for longterm impact beyond the current pandemic. A failure to develop regulatory and governance frameworks that can responsibly manage mobility data could lead to a regression to the ad hoc and uncoordinated approaches that previously defined mobility data applications. It could also lead to disparate standards about organizations' responsibilities to the public

Application Of Blockchain Technology And Integration Of Differential Privacy: Issues In E-Health Domains

A systematic and comprehensive review of critical applications of Blockchain Technology with Differential Privacy integration lies within privacy and security enhancement. This paper aims to highlight the research issues in the e-Health domain (e.g., EMR) and to review the current research directions in Differential Privacy integration with Blockchain Technology.Firstly, the current state of concerns in the e-Health domain are identified as follows: (a) healthcare information poses a high level of security and privacy concerns due to its sensitivity; (b) due to vulnerabilities surrounding the healthcare system, a data breach is common and poses a risk for attack by an adversary; and (c) the current privacy and security apparatus needs further fortification. Secondly, Blockchain Technology (BT) is one of the approaches to address these privacy and security issues. The alternative solution is the integration of Differential Privacy (DP) with Blockchain Technology. Thirdly, collections of scientific journals and research papers, published between 2015 and 2022, from IEEE, Science Direct, Google Scholar, ACM, and PubMed on the e-Health domain approach are summarized in terms of security and privacy. The methodology uses a systematic mapping study (SMS) to identify and select relevant research papers and academic journals regarding DP and BT. With this understanding of the current privacy issues in EMR, this paper focuses on three categories: (a) e-Health Record Privacy, (b) Real-Time Health Data, and (c) Health Survey Data Protection. In this study, evidence exists to identify inherent issues and technical challenges associated with the integration of Differential Privacy and Blockchain Technology

SoK: Differential Privacies

Shortly after it was first introduced in 2006, differential privacy became the flagship data privacy definition. Since then, numerous variants and extensions were proposed to adapt it to different scenarios and attacker models. In this work, we propose a systematic taxonomy of these variants and extensions. We list all data privacy definitions based on differential privacy, and partition them into seven categories, depending on which aspect of the original definition is modified. These categories act like dimensions: variants from the same category cannot be combined, but variants from different categories can be combined to form new definitions. We also establish a partial ordering of relative strength between these notions by summarizing existing results. Furthermore, we list which of these definitions satisfy some desirable properties, like composition, post-processing, and convexity by either providing a novel proof or collecting existing ones.Comment: This is the full version of the SoK paper with the same title, accepted at PETS (Privacy Enhancing Technologies Symposium) 202

Privacy-Preserving Mechanism in Smart Home Using Blockchain

The IoT, or Internet of Things has been a major talking point amongst technology enthusiasts in recent years. The internet of thing (IoT) has been emerged and evolved rapidly, making the world's fabric around us smarter and more responsive. The smart home uses one such transformation of IoT, which seems to be the wave of the future. However, with the increasing wide adoption of IoT, data security, and privacy concerns about how our data is collected and shared with others, has also risen. To solve these challenges, an approach to data privacy and security in a smart home using blockchain technology is proposed in this paper. We propose authentication scheme that combines attribute-based access control with smart contracts and edge computing to create a secure framework for IoT devices in smart home systems. The edge server adds scalability to the system by offloading heavy processing activities and using a differential privacy method to aggregate data to the cloud securely and privately. We present several aspects of testing and implementing smart contracts, the differential private stochastic gradient descent algorithm, and system architecture and design. We demonstrate the efficacy of our proposed system by fully examining its security and privacy goals in terms of confidentiality, integrity, and availability. Our framework achieves desired security and privacy goals and is resilient against modification, DoS attacks, data mining and linkage attacks. Finally, we undertake a performance evaluation to demonstrate the proposed scheme's feasibility and efficiency