Implanting Life-Cycle Privacy Policies in a Context Database

Ambient intelligence (AmI) environments continuously monitor surrounding individuals' context (e.g., location, activity, etc.) to make existing applications smarter, i.e., make decision without requiring user interaction. Such AmI smartness ability is tightly coupled to quantity and quality of the available (past and present) context. However, context is often linked to an individual (e.g., location of a given person) and as such falls under privacy directives. The goal of this paper is to enable the difficult wedding of privacy (automatically fulfilling users' privacy whishes) and smartness in the AmI. interestingly, privacy requirements in the AmI are different from traditional environments, where systems usually manage durable data (e.g., medical or banking information), collected and updated trustfully either by the donor herself, her doctor, or an employee of her bank. Therefore, proper information disclosure to third parties constitutes a major privacy concern in the traditional studies

Safer in the Clouds (Extended Abstract)

We outline the design of a framework for modelling cloud computing systems.The approach is based on a declarative programming model which takes the form of a lambda-calculus enriched with suitable mechanisms to express and enforce application-level security policies governing usages of resources available in the clouds. We will focus on the server side of cloud systems, by adopting a pro-active approach, where explicit security policies regulate server's behaviour.Comment: In Proceedings ICE 2010, arXiv:1010.530

A Declarative Framework for Specifying and Enforcing Purpose-aware Policies

Purpose is crucial for privacy protection as it makes users confident that their personal data are processed as intended. Available proposals for the specification and enforcement of purpose-aware policies are unsatisfactory for their ambiguous semantics of purposes and/or lack of support to the run-time enforcement of policies. In this paper, we propose a declarative framework based on a first-order temporal logic that allows us to give a precise semantics to purpose-aware policies and to reuse algorithms for the design of a run-time monitor enforcing purpose-aware policies. We also show the complexity of the generation and use of the monitor which, to the best of our knowledge, is the first such a result in literature on purpose-aware policies.Comment: Extended version of the paper accepted at the 11th International Workshop on Security and Trust Management (STM 2015

Security Applications of Formal Language Theory

We present an approach to improving the security of complex, composed systems based on formal language theory, and show how this approach leads to advances in input validation, security modeling, attack surface reduction, and ultimately, software design and programming methodology. We cite examples based on real-world security flaws in common protocols representing different classes of protocol complexity. We also introduce a formalization of an exploit development technique, the parse tree differential attack, made possible by our conception of the role of formal grammars in security. These insights make possible future advances in software auditing techniques applicable to static and dynamic binary analysis, fuzzing, and general reverse-engineering and exploit development. Our work provides a foundation for verifying critical implementation components with considerably less burden to developers than is offered by the current state of the art. It additionally offers a rich basis for further exploration in the areas of offensive analysis and, conversely, automated defense tools and techniques. This report is divided into two parts. In Part I we address the formalisms and their applications; in Part II we discuss the general implications and recommendations for protocol and software design that follow from our formal analysis

An Efficient Medical Text Mining in Diseases Diagnoses And its equivalent Data privacy Preservation Policy for Medical Data: A Review

Healthcare systems use a medical text mining which have been increasingly facilitating health condition monitoring and disease modeling. System works on the Personal Health Information (PHI) of the user. Healthcare system grant users access to range of health information and medical knowledge. Benefit of the system is all the information about disease, precautions and healthcare are store at one place. Unfortunately, delegating both storage and computation to the untreated entity would bring a series of security and privacy issues. One of the controversial issues for PHI is how the technology could threaten the privacy of patient health information. The proposed system focused on fine-grained privacy-preserving static medical text access and analysis, which can hardly afford the dynamic health condition fluctuation

Survey on Data Leak Detection of Sensitive Data Exposure for Preserving Privacy

Now-a-days large amount of data leaks occur in various research institutions, organization and security firms. The data leakage occurs due to the improper protection to the data. Deliberately planned attacks, inadvertent leaks (e.g. forwarding confidential emails to unclassified email accounts), and human mistakes (e.g. assigning the wrong privilege) lead to most of the data-leak incidents .The common way is used to monitor the data that are stored in a organizational local network. However, this requirement is undesirable, as it may threaten the confidentiality of the sensitive information .For existing method we require plaintext sensitive data. A privacy preserving data-leak detection solution is proposed which can be outsourced and be deployed in a semi-honest detection environment. In this paper, fuzzy fingerprint technique is designed and implemented to enhance data privacy during data leak detection operation. The DLD provider computes fingerprints from network traffic and identifies potential leaks in them. The estimation result shows that this method can provide accurate detection