2,211 research outputs found
Privacy Preserving Enforcement of Sensitive Policies in Outsourced and Distributed Environments
The enforcement of sensitive policies in untrusted environments is still an
open challenge for policy-based systems. On the one hand, taking any
appropriate security decision requires access to these policies. On the other
hand, if such access is allowed in an untrusted environment then confidential
information might be leaked by the policies. The key challenge is how to
enforce sensitive policies and protect content in untrusted environments. In
the context of untrusted environments, we mainly distinguish between outsourced
and distributed environments. The most attractive paradigms concerning
outsourced and distributed environments are cloud computing and opportunistic
networks, respectively.
In this dissertation, we present the design, technical and implementation
details of our proposed policy-based access control mechanisms for untrusted
environments. First of all, we provide full confidentiality of access policies
in outsourced environments, where service providers do not learn private
information about policies. We support expressive policies and take into
account contextual information. The system entities do not share any encryption
keys. For complex user management, we offer the full-fledged Role-Based Access
Control (RBAC) policies.
In opportunistic networks, we protect content by specifying expressive
policies. In our proposed approach, brokers match subscriptions against
policies associated with content without compromising privacy of subscribers.
As a result, unauthorised brokers neither gain access to content nor learn
policies and authorised nodes gain access only if they satisfy policies
specified by publishers. Our proposed system provides scalable key management
in which loosely-coupled publishers and subscribers communicate without any
prior contact. Finally, we have developed a prototype of the system that runs
on real smartphones and analysed its performance.Comment: Ph.D. Dissertation. http://eprints-phd.biblio.unitn.it/1124
Secure data sharing and processing in heterogeneous clouds
The extensive cloud adoption among the European Public Sector Players empowered them to own and operate a range of cloud infrastructures. These deployments vary both in the size and capabilities, as well as in the range of employed technologies and processes. The public sector, however, lacks the necessary technology to enable effective, interoperable and secure integration of a multitude of its computing clouds and services. In this work we focus on the federation of private clouds and the approaches that enable secure data sharing and processing among the collaborating infrastructures and services of public entities. We investigate the aspects of access control, data and security policy languages, as well as cryptographic approaches that enable fine-grained security and data processing in semi-trusted environments. We identify the main challenges and frame the future work that serve as an enabler of interoperability among heterogeneous infrastructures and services. Our goal is to enable both security and legal conformance as well as to facilitate transparency, privacy and effectivity of private cloud federations for the public sector needs. © 2015 The Authors
Revealing the Landscape of Privacy-Enhancing Technologies in the Context of Data Markets for the IoT: A Systematic Literature Review
IoT data markets in public and private institutions have become increasingly
relevant in recent years because of their potential to improve data
availability and unlock new business models. However, exchanging data in
markets bears considerable challenges related to disclosing sensitive
information. Despite considerable research focused on different aspects of
privacy-enhancing data markets for the IoT, none of the solutions proposed so
far seems to find a practical adoption. Thus, this study aims to organize the
state-of-the-art solutions, analyze and scope the technologies that have been
suggested in this context, and structure the remaining challenges to determine
areas where future research is required. To accomplish this goal, we conducted
a systematic literature review on privacy enhancement in data markets for the
IoT, covering 50 publications dated up to July 2020, and provided updates with
24 publications dated up to May 2022. Our results indicate that most research
in this area has emerged only recently, and no IoT data market architecture has
established itself as canonical. Existing solutions frequently lack the
required combination of anonymization and secure computation technologies.
Furthermore, there is no consensus on the appropriate use of blockchain
technology for IoT data markets and a low degree of leveraging existing
libraries or reusing generic data market architectures. We also identified
significant challenges remaining, such as the copy problem and the recursive
enforcement problem that-while solutions have been suggested to some extent-are
often not sufficiently addressed in proposed designs. We conclude that
privacy-enhancing technologies need further improvements to positively impact
data markets so that, ultimately, the value of data is preserved through data
scarcity and users' privacy and businesses-critical information are protected.Comment: 49 pages, 17 figures, 11 table
ESPOON: Enforcing Security Policies In Outsourced Environments
Data outsourcing is a growing business model offering services to individuals
and enterprises for processing and storing a huge amount of data. It is not
only economical but also promises higher availability, scalability, and more
effective quality of service than in-house solutions. Despite all its benefits,
data outsourcing raises serious security concerns for preserving data
confidentiality. There are solutions for preserving confidentiality of data
while supporting search on the data stored in outsourced environments. However,
such solutions do not support access policies to regulate access to a
particular subset of the stored data.
For complex user management, large enterprises employ Role-Based Access
Controls (RBAC) models for making access decisions based on the role in which a
user is active in. However, RBAC models cannot be deployed in outsourced
environments as they rely on trusted infrastructure in order to regulate access
to the data. The deployment of RBAC models may reveal private information about
sensitive data they aim to protect. In this paper, we aim at filling this gap
by proposing \textbf{} for enforcing RBAC policies in
outsourced environments. enforces RBAC policies in an
encrypted manner where a curious service provider may learn a very limited
information about RBAC policies. We have implemented
and provided its performance evaluation showing a limited overhead, thus
confirming viability of our approach.Comment: The final version of this paper has been accepted for publication in
Elsevier Computers & Security 2013. arXiv admin note: text overlap with
arXiv:1306.482
Cloud technology options towards Free Flow of Data
This whitepaper collects the technology solutions that the projects in the Data Protection, Security and Privacy Cluster propose to address the challenges raised by the working areas of the Free Flow of Data initiative. The document describes the technologies, methodologies, models, and tools researched and developed by the clustered projects mapped to the ten areas of work of the Free Flow of Data initiative. The aim is to facilitate the identification of the state-of-the-art of technology options towards solving the data security and privacy challenges posed by the Free Flow of Data initiative in Europe. The document gives reference to the Cluster, the individual projects and the technologies produced by them
Privacy in the Genomic Era
Genome sequencing technology has advanced at a rapid pace and it is now
possible to generate highly-detailed genotypes inexpensively. The collection
and analysis of such data has the potential to support various applications,
including personalized medical services. While the benefits of the genomics
revolution are trumpeted by the biomedical community, the increased
availability of such data has major implications for personal privacy; notably
because the genome has certain essential features, which include (but are not
limited to) (i) an association with traits and certain diseases, (ii)
identification capability (e.g., forensics), and (iii) revelation of family
relationships. Moreover, direct-to-consumer DNA testing increases the
likelihood that genome data will be made available in less regulated
environments, such as the Internet and for-profit companies. The problem of
genome data privacy thus resides at the crossroads of computer science,
medicine, and public policy. While the computer scientists have addressed data
privacy for various data types, there has been less attention dedicated to
genomic data. Thus, the goal of this paper is to provide a systematization of
knowledge for the computer science community. In doing so, we address some of
the (sometimes erroneous) beliefs of this field and we report on a survey we
conducted about genome data privacy with biomedical specialists. Then, after
characterizing the genome privacy problem, we review the state-of-the-art
regarding privacy attacks on genomic data and strategies for mitigating such
attacks, as well as contextualizing these attacks from the perspective of
medicine and public policy. This paper concludes with an enumeration of the
challenges for genome data privacy and presents a framework to systematize the
analysis of threats and the design of countermeasures as the field moves
forward
- …