63 research outputs found
Equivalence-based Security for Querying Encrypted Databases: Theory and Application to Privacy Policy Audits
Motivated by the problem of simultaneously preserving confidentiality and
usability of data outsourced to third-party clouds, we present two different
database encryption schemes that largely hide data but reveal enough
information to support a wide-range of relational queries. We provide a
security definition for database encryption that captures confidentiality based
on a notion of equivalence of databases from the adversary's perspective. As a
specific application, we adapt an existing algorithm for finding violations of
privacy policies to run on logs encrypted under our schemes and observe low to
moderate overheads.Comment: CCS 2015 paper technical report, in progres
Towards an Enforceable GDPR Specification
While Privacy by Design (PbD) is prescribed by modern privacy regulations
such as the EU's GDPR, achieving PbD in real software systems is a notoriously
difficult task. One emerging technique to realize PbD is Runtime enforcement
(RE), in which an enforcer, loaded with a specification of a system's privacy
requirements, observes the actions performed by the system and instructs it to
perform actions that will ensure compliance with these requirements at all
times. To be able to use RE techniques for PbD, privacy regulations first need
to be translated into an enforceable specification. In this paper, we report on
our ongoing work in formalizing the GDPR. We first present a set of
requirements and an iterative methodology for creating enforceable formal
specifications of legal provisions. Then, we report on a preliminary case study
in which we used our methodology to derive an enforceable specification of part
of the GDPR. Our case study suggests that our methodology can be effectively
used to develop accurate enforceable specifications
On XACML\u27s adequacy to specify and to enforce HIPAA
In the medical sphere, personal and medical informa-tion is collected, stored, and transmitted for various pur-poses, such as, continuity of care, rapid formulationof diagnoses, and billing. Many of these operationsmust comply with federal regulations like the HealthInsurance Portability and Accountability Act (HIPAA).To this end, we need a specification language that canprecisely capture the requirements of HIPAA. We alsoneed an enforcement engine that can enforce the pri-vacy policies specified in the language. In the currentwork, we evaluate eXtensible Access Control MarkupLanguage (XACML) as a candidate specification lan-guage for HIPAA privacy rules. We evaluate XACMLbased on the set of features required to sufficiently ex-press HIPAA, proposed by a prior work. We also discusswhich of the features necessary for expressing HIPAAare missing in XACML. We then present high level de-signs of how to enhance XACM
Privacy Preserving HIPAA-Compliant Access Control Model for Web Services
Most of the modern health-related information is collected, maintained, and accessed through computerized systems. However, the interaction with this information needs to comply with the US federal regulations such as the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Due to the complexity of healthcare regulations, it’s not easy to deploy a complaint system, especially for heterogeneous systems designed to allow data transfer and communication. Web services can be used to solve the problem of incompatible systems intercommunication; however, a generic model for HIPAA enforcement is required. In this paper we propose a generic HIPAA complaint privacy access control model for web services that can be easily applied to any existing covered entity web services
A Logical Method for Policy Enforcement over Evolving Audit Logs
We present an iterative algorithm for enforcing policies represented in a
first-order logic, which can, in particular, express all transmission-related
clauses in the HIPAA Privacy Rule. The logic has three features that raise
challenges for enforcement --- uninterpreted predicates (used to model
subjective concepts in privacy policies), real-time temporal properties, and
quantification over infinite domains (such as the set of messages containing
personal information). The algorithm operates over audit logs that are
inherently incomplete and evolve over time. In each iteration, the algorithm
provably checks as much of the policy as possible over the current log and
outputs a residual policy that can only be checked when the log is extended
with additional information. We prove correctness and termination properties of
the algorithm. While these results are developed in a general form, accounting
for many different sources of incompleteness in audit logs, we also prove that
for the special case of logs that maintain a complete record of all relevant
actions, the algorithm effectively enforces all safety and co-safety
properties. The algorithm can significantly help automate enforcement of
policies derived from the HIPAA Privacy Rule.Comment: Carnegie Mellon University CyLab Technical Report. 51 page
Analyzing the Effectiveness of Legal Regulations and Social Consequences for Securing Data
There is a wide range of concerns and challenges related to stored data security – which range from privacy and management to operations readiness, These challenges span from financial to personal and public impact. With an abundance of regulations for the enforcement of data security and emerging requirements proposed every year, organizations cannot avoid the legal or social implications of inadequate data protection. Today, public spotlight and awareness are challenging organizations to enhance how data is protected more than at any other time. For this reason, organizations have made significant efforts to improve security.
When looking at precautions or changes, the factors considered are costs associated with such action, a potential consequence of not acting, impact on users, the effort required, and the scope. For this reason, leaders need to make the hard decisions of which risks they can live with and which need to be reduced because it is unrealistic to think that data security can be guaranteed. However, it is essential to have physical, administrative, and technical controls to mitigate data risks. Data protection regulations define requirements, create procedures to identify the associated risks, determine the extent of the impact, and identify what precautions should be taken.
This dissertation defined seven areas for consideration related to stored data security. The research facilitated developing a measurement tool to gather and analyze the knowledge and opinions of working professionals within the United States. The study was performed from July to October 2020, which resulted in a quantitative data sample used to analyze the effectiveness of legal regulations and social consequences for securing data
Multi-regulation computing: examining the legal and policy questions that arise from secure multiparty computation
This work examines privacy laws and regulations that limit disclosure of personal data, and explores whether and how these restrictions apply when participants use cryptographically secure multi-party computation (MPC). By protecting data during use, MPC can help to foster the positive effects of data usage while mitigating potential negative impacts of data sharing in scenarios where participants want to analyze data that is subject to one or more privacy laws, especially when these laws are in apparent conflict so data cannot be shared in the clear. But paradoxically, most adoptions of MPC to date involve data that is not subject to any formal privacy regulation. We posit that a major impediment to the adoption of MPC is the difficulty of mapping this new technology onto the design principles of data privacy laws.
To address this issue and with the goal of spurring adoption of MPC, this work introduces the first systematic framework to reason about the extent to which secure multiparty computation implicates data privacy laws. Our framework revolves around three questions: a definitional question on whether the encodings still constitute ‘personal data,’ a process question about whether the act of executing MPC constitutes a data disclosure event, and a liability question about what happens if something goes wrong. We conclude by providing advice to regulators and suggestions to early adoptors to spur uptake of MPC.NSF 18-209 - National Science Foundation; CNS-1915763 - National Science Foundation; HR00112020021 - Department of Defense/DARPA; CNS-1801564 - National Science Foundation; CNS-1931714 - National Science Foundation; CNS-1718135 - National Science Foundationhttps://aloni.net/wp-content/uploads/2022/08/Multi-Regulation-Computing-Walsh-Varia-Cohen-Sellars-Bestavros-ACM-CSLAW-22.pdfAccepted manuscrip
- …