An Approach for Managing Access to Personal Information Using Ontology-Based Chains

The importance of electronic healthcare has caused numerous changes in both substantive and procedural aspects of healthcare processes. These changes have produced new challenges to patient privacy and information secrecy. Traditional privacy policies cannot respond to rapidly increased privacy needs of patients in electronic healthcare. Technically enforceable privacy policies are needed in order to protect patient privacy in modern healthcare with its cross organisational information sharing and decision making. This thesis proposes a personal information flow model that specifies a limited number of acts on this type of information. Ontology classified Chains of these acts can be used instead of the "intended/business purposes" used in privacy access control to seamlessly imbuing current healthcare applications and their supporting infrastructure with security and privacy functionality. In this thesis, we first introduce an integrated basic architecture, design principles, and implementation techniques for privacy-preserving data mining systems. We then discuss the key methods of privacypreserving data mining systems which include four main methods: Role based access control (RBAC), Hippocratic database, Chain method and eXtensible Access Control Markup Language (XACML). We found out that the traditional methods suffer from two main problems: complexity of privacy policy design and the lack of context flexibility that is needed while working in critical situations such as the one we find in hospitals. We present and compare strategies for realising these methods. Theoretical analysis and experimental evaluation show that our new method can generate accurate data mining models and safe data access management while protecting the privacy of the data being mined. The experiments followed comparative kind of experiments, to show the ease of the design first and then follow real scenarios to show the context flexibility in saving personal information privacy of our investigated method

Privacy in data service composition

In modern information systems different information features, about the same individual, are often collected and managed by autonomous data collection services that may have different privacy policies. Answering many end-users’ legitimate queries requires the integration of data from multiple such services. However, data integration is often hindered by the lack of a trusted entity, often called a mediator, with which the services can share their data and delegate the enforcement of their privacy policies. In this paper, we propose a flexible privacy-preserving data integration approach for answering data integration queries without the need for a trusted mediator. In our approach, services are allowed to enforce their privacy policies locally. The mediator is considered to be untrusted, and only has access to encrypted information to allow it to link data subjects across the different services. Services, by virtue of a new privacy requirement, dubbed k-Protection, limiting privacy leaks, cannot infer information about the data held by each other. End-users, in turn, have access to privacy-sanitized data only. We evaluated our approach using an example and a real dataset from the healthcare application domain. The results are promising from both the privacy preservation and the performance perspectives

Demystifying Internet of Things Security

Break down the misconceptions of the Internet of Things by examining the different security building blocks available in Intel Architecture (IA) based IoT platforms. This open access book reviews the threat pyramid, secure boot, chain of trust, and the SW stack leading up to defense-in-depth. The IoT presents unique challenges in implementing security and Intel has both CPU and Isolated Security Engine capabilities to simplify it. This book explores the challenges to secure these devices to make them immune to different threats originating from within and outside the network. The requirements and robustness rules to protect the assets vary greatly and there is no single blanket solution approach to implement security. Demystifying Internet of Things Security provides clarity to industry professionals and provides and overview of different security solutions What You'll Learn Secure devices, immunizing them against different threats originating from inside and outside the network Gather an overview of the different security building blocks available in Intel Architecture (IA) based IoT platforms Understand the threat pyramid, secure boot, chain of trust, and the software stack leading up to defense-in-depth Who This Book Is For Strategists, developers, architects, and managers in the embedded and Internet of Things (IoT) space trying to understand and implement the security in the IoT devices/platforms

Privacy-preserving detection of statically mutually exclusive roles constraints violation in interoperable role-based access control

© 2017 IEEE. Secure interoperation is an important technology to protect shared data in multi-domain environments. IRBAC (Interoperable Role-based Access Control) 2000 model has been proposed to achieve security interoperation between two or more RBAC administrative domains. Static Separation of Duties (SSoD) is an important security policy in RBAC, but it has not been enforced in the IRBAC 2000 model. As a result, some previous works have studied the problem of SMER (Statically Mutually Exclusive Roles) constraints violation between two RBAC domains in the IRBAC 2000 model. However all of them do not enforce how to preserve privacy of RBAC policies, such as roles, roles hierarchies and user-role assignment while detecting SMER constraints violation, if the two interoperable domains do not want to disclose them each other and to others. In order to enforce privacy-preserving detection of SMER constraints violation, we first introduce a solution without privacy-preserving mechanism using matrix product. Then a privacy-preserving solution is proposed to securely detect SMER constraints violation without disclosing any RBAC policy based on a secure three-party protocol to matrix product computation. By efficiency analysis and experimental results comparison, the secure three-party computation protocol to matrix product based on the Paillier cryptosystem is more efficient and practical

Privacy-preserving matrix product based static mutual exclusive roles constraints violation detection in interoperable role-based access control

© 2018 Elsevier B.V. Secure interoperation is an important technology to protect shared data in multi-domain environments. IRBAC (Interoperable Role-based Access Control) 2000 model has been proposed to achieve security interoperation between two or more RBAC administrative domains. Static Separation of Duties (SSoD) is an important security policy in RBAC, but it has not been enforced in the IRBAC 2000 model. As a result, some previous works have studied the problem of SMER (Statically Mutually Exclusive Roles) constraints violation between two RBAC domains in the IRBAC 2000 model. However all of them do not enforce how to preserve privacy of RBAC policies, such as roles, roles hierarchies and user-role assignment while detecting SMER constraints violation, if the two interoperable domains do not want to disclose them each other and to others. In order to enforce privacy-preserving detection of SMER constraints violation, we first introduce a solution without privacy-preserving mechanism using matrix product. Then a privacy-preserving solution is proposed to securely detect SMER constraints violation without disclosing any RBAC policy based on a secure three-party protocol to matrix product computation. By efficiency analysis and experimental results comparison, the secure three-party computation protocol to matrix product based on the Paillier cryptosystem is more efficient and practical

A technical approach to privacy based on mobile agents protected by tamper-resistant hardware

We address the problem of protecting the privacy of individuals in the information society. Our goal is to devise technical means that allow users to actively participate in the management and use of information related to them. The advent of the information society creates serious challenges for the privacy of individuals. Due to the drastically improving communication infrastructure, ever larger amounts of ever more precise information become available. The problem with the free availability of this information is not only the risk that the information can be abused by powerful institutions, but also that this can lead to an unconfined mutual surveillance of individuals, which can have adverse effects on society as a whole. We argue that individuals should be empowered to define for themselves the level of privacy they are comfortable with. This can be achieved by notifying them whenever information on them is created, accessed, or modified and by giving them some control over the use of this information. The notification informs individuals who is using what information on them and allows to detect possible problems with this use. The control allows individuals to resolve most (or at least some) of these problems. Obviously this requires that the individuals can trust the users of information to properly implement these notifications and to offer an effective control. We analyze the concept of trust more closely and distinguish between the optimistic and the pessimistic approach to trust, which can both provide the foundation for the protection of privacy. The former is based on the classical concepts of control and sanctions, while the latter tries to prevent malicious behaviour. We choose to pursue the pessimistic approach and investigate in technical means that can be used for this purpose. A promising technology is the mobile agent paradigm, which is a new approach to structure distributed applications. Its main idea is to move both the code and the state of an object to another principal for remote execution. This indicates that the mobile agent paradigm also embraces the object-oriented programming paradigm, which allows us to encapsulate a data item and to specify an access control policy on it. Since the mobile agent is physically moved to a remote location that is under the control of a different principal, it needs to be protected from this principal who is responsible for its execution. This problem constitutes the major diffculty for using the mobile agent paradigm for privacy protection and is explored in great detail. Based on the discussion in the relevant literature, we decide on an approach that relies on a trusted and tamper-resistant hardware device, which is developed on a conceptual level. The approach is further explored in the context of the mobile agent paradigm, where it allows us to realize more elaborate protection goals that may be desirable for the owner of the mobile agent. These are developed in the form of conducts, which regroup the goal, the requirements, as well as a specification of the necessary collaboration to achieve this goal. Finally, we return to the original problem and describe how the presented technology can be used to improve the protection of privacy. This results in a rather complex framework, in which information on individuals cannot be used freely, but where this use is constrained by the level of privacy desired by the subject of the information. The major problem of this framework is the increased complexity that individuals have to deal with. This problem is addressed with an additional level of indirection that attempts to confine the complexity and to delegate it to trusted experts. We believe that this approach, despite its complexity, is a viable means to address the urgent problems of privacy protection, which do not lend themselves to simple solutions

Data trust framework using blockchain and smart contracts

Lack of trust is the main barrier preventing more widespread data sharing. The lack of transparent and reliable infrastructure for data sharing prevents many data owners from sharing their data. Data trust is a paradigm that facilitates data sharing by forcing data controllers to be transparent about the process of sharing and reusing data. Blockchain technology has the potential to present the essential properties for creating a practical and secure data trust framework by transforming current auditing practices and automatic enforcement of smart contracts logic without relying on intermediaries to establish trust. Blockchain holds an enormous potential to remove the barriers of traditional centralized applications and propose a distributed and transparent administration by employing the involved parties to maintain consensus on the ledger. Furthermore, smart contracts are a programmable component that provides blockchain with more flexible and powerful capabilities. Recent advances in blockchain platforms toward smart contracts' development have revealed the possibility of implementing blockchain-based applications in various domains, such as health care, supply chain and digital identity. This dissertation investigates the blockchain's potential to present a framework for data trust. It starts with a comprehensive study of smart contracts as the main component of blockchain for developing decentralized data trust. Interrelated, three decentralized applications that address data sharing and access control problems in various fields, including healthcare data sharing, business process, and physical access control system, have been developed and examined. In addition, a general-purpose application based on an attribute-based access control model is proposed that can provide trusted auditability required for data sharing and access control systems and, ultimately, a data trust framework. Besides auditing, the system presents a transparency level that both access requesters (data users) and resource owners (data controllers) can benefit from. The proposed solutions have been validated through a use case of independent digital libraries. It also provides a detailed performance analysis of the system implementation. The performance results have been compared based on different consensus mechanisms and databases, indicating the system's high throughput and low latency. Finally, this dissertation presents an end-to-end data trust framework based on blockchain technology. The proposed framework promotes data trustworthiness by assessing input datasets, effectively managing access control, and presenting data provenance and activity monitoring. A trust assessment model that examines the trustworthiness of input data sets and calculates the trust value is presented. The number of transaction validators is defined adaptively with the trust value. This research provides solutions for both data owners and data users’ by ensuring the trustworthiness and quality of the data at origin and transparent and secure usage of the data at the end. A comprehensive experimental study indicates the presented system effectively handles a large number of transactions with low latency

From Controlled Data-Center Environments to Open Distributed Environments: Scalable, Efficient, and Robust Systems with Extended Functionality

The past two decades have witnessed several paradigm shifts in computing environments. Starting from cloud computing which offers on-demand allocation of storage, network, compute, and memory resources, as well as other services, in a pay-as-you-go billingmodel. Ending with the rise of permissionless blockchain technology, a decentralized computing paradigm with lower trust assumptions and limitless number of participants. Unlike in the cloud, where all the computing resources are owned by some trusted cloud provider, permissionless blockchains allow computing resources owned by possibly malicious parties to join and leave their network without obtaining permission from some centralized trusted authority. Still, in the presence of malicious parties, permissionlessblockchain networks can perform general computations and make progress. Cloud computing is powered by geographically distributed data-centers controlled and managed by trusted cloud service providers and promises theoretically infinite computing resources. On the other hand, permissionless blockchains are powered by open networks of geographically distributed computing nodes owned by entities that are not necessarily known or trusted. This paradigm shift requires a reconsideration of distributed data management protocols and distributed system designs that assume low latency across system components, inelastic computing resources, or fully trusted computing resources.In this dissertation, we propose new system designs and optimizations that address scalability and efficiency of distributed data management systems in cloud environments. We also propose several protocols and new programming paradigms to extend the functionality and enhance the robustness of permissionless blockchains. The work presented spans global-scale transaction processing, large-scale stream processing, atomic transaction processing across permissionless blockchains, and extending the functionality and the use-cases of permissionless blockchains. In all these directions, the focus is on rethinking system and protocol designs to account for novel cloud and permissionless blockchain assumptions. For global-scale transaction processing, we propose GPlacer, a placement optimization framework that decides replica placement of fully and partial geo-replicated databases. For large-scale stream processing, we propose Cache-on-Track (CoT) an adaptive and elastic client-side cache that addresses server-side load-imbalances that occur in large-scale distributed storage layers. In permissionless blockchain transaction processing, we propose AC3WN, the first correct cross-chain commitment protocol that guarantees atomicity of cross-chain transactions. Also, we propose TXSC, a transactional smart contract programming framework. TXSC provides smart contract developers with transaction primitives. These primitives allow developers to write smart contracts without the need to reason about the anomalies that can arise due to concurrent smart contract function executions. In addition, we propose a forward-looking architecture that unifies both permissioned and permissionless blockchains and exploits the running infrastructure of permissionless blockchains to build global asset management systems

Enabling Things to Talk

Information Systems Applications (incl. Internet); Business IT Infrastructure; Computer Appl. in Administrative Data Processing; Operations Management; Software Engineering; Special Purpose and Application-Based Systems; Business Information Systems; Ubiquitous Computing; Reference Architecture; Spatio-Temporal Systems; Smart Objects; Supply Chain Management; IoT; SCM; Web Applications; Internet of Things; Smart Homes; RFI

An Unexpected Journey: Towards Runtime Verification of Multiagent Systems and Beyond

The Trace Expression formalism derives from works started in 2012 and is mainly used to specify and verify interaction protocols at runtime, but other applications have been devised. More specically, this thesis describes how to extend and apply such formalism in the engineering process of distributed articial intelligence systems (such as Multiagent systems). This thesis extends the state of the art through four dierent contributions: 1. Theoretical: the thesis extends the original formalism in order to represent also parametric and probabilistic specications (parametric trace expressions and probabilistic trace expressions respectively). 2. Algorithmic: the thesis proposes algorithms for verifying trace expressions at runtime in a decentralized way. The algorithms have been designed to be as general as possible, but their implementation and experimentation address scenarios where the modelled and observed events are communicative events (interactions) inside a multiagent system. 3. Application: the thesis analyzes the relations between runtime and static verication (e.g. model checking) proposing hybrid integrations in both directions. First of all, the thesis proposes a trace expression model checking approach where it shows how to statically verify LTL property on a trace expression specication. After that, the thesis presents a novel approach for supporting static verication through the addition of monitors at runtime (post-process). 4. Implementation: the thesis presents RIVERtools, a tool supporting the writing, the syntactic analysis and the decentralization of trace expressions