Data Degradation: Making Private Data Less Sensitive Over Time

Trail disclosure is the leakage of privacy sensitive data, resulting from negligence, attack or abusive scrutinization or usage of personal digital trails. To prevent trail disclosure, data degradation is proposed as an alternative to the limited retention principle. Data degradation is based on the assumption that long lasting purposes can often be satisfied with a less accurate, and therefore less sensitive, version of the data. Data will be progressively degraded such that it still serves application purposes, while decreasing accuracy and thus privacy sensitivity

Ubiquité et confidentialité des données

Ubiquité et confidentialité des donnée

SWYSWYK: A Privacy-by-Design Paradigm for Personal Information Management Systems

Pushed by recent legislation and smart disclosure initiatives, Personal Information Management Systems (PIMS) emerge and hold the promise of giving the control back to the individual on her data. However, this shift leaves the privacy and security issues in user\u27s hands, a role that few people can properly endorse. Indeed, existing sharing models are difficult to administrate and securing their implementation in user\u27s computing environment is an unresolved challenge. This paper advocates the definition of a Privacy-by-Design sharing paradigm, called SWYSWYK (Share What You See with Who You Know), dedicated to the PIMS context. This paradigm allows each user to physically visualize the net effects of sharing rules on her PIMS and automatically provides tangible guarantees about the enforcement of the defined sharing policies. Finally, we demonstrate the practicality of the approach through a performance evaluation conducted on a real PIMS platform

A Manifest-Based Framework for Organizing the Management of Personal Data at the Edge of the Network

Smart disclosure initiatives and new regulations such as GDPR allow individuals to get the control back on their data by gathering their entire digital life in a Personal Data Management Systems (PDMS). Multiple PDMS architectures exist, from centralized web hosting solutions to self-data hosting at home. These solutions strongly differ on their ability to preserve data privacy and to perform collective computations crossing data of multiple individuals (e.g., epidemiological or social studies) but none of them satisfy both objectives. The emergence of Trusted Execution Environments (TEE) changes the game. We propose a solution called Trusted PDMS, combining the TEE and PDMS properties to manage the data of each individual, and a Manifest-based framework to securely execute collective computation on top of them. We demonstrate the practicality of the solution through a real case-study being conducted over 10.000 patients in the healthcare field

Fairness concerns in digital right management models

International audienceDigital piracy is threatening the global multimedia content industry and blindly applied coercive Digital Right Management (DRM) policies do nothing but legitimise this piracy. This paper presents new software and hardware infrastructure aimed at reconciling the content providers' and consumers' points of view by giving the ability to develop fair business models (i.e., that preserve the interest of both parties). The solution is based on the use of tamper-resistant devices (smart cards) to securely store sensitive data (e.g., personal consumer data or data expressing the terms of a B2C contract or licence) and to perform the computation required by a contract/licence activation. In other words, smart cards can be seen as tamper-resistant Service Level Agreement (SLA) enablers

The Life-Cycle Policy model

Our daily life activity leaves digital trails in an increasing number of databases (commercial web sites, internet service providers, search engines, location tracking systems, etc). Personal digital trails are commonly exposed to accidental disclosures resulting from negligence or piracy and to ill-intentioned scrutinization and abusive usages fostered by fuzzy privacy policies. No one is sheltered because a single event (e.g., applying for a job or a credit) can suddenly make our history a precious asset. By definition, access control fails preventing trail disclosures, motivating the integration of the Limited Data Retention principle in legislations protecting data privacy. By this principle, data is withdrawn from a database after a predefined time period. However, this principle is difficult to apply in practice, leading to retain useless sensitive information for years in databases. In this paper, we propose a simple and practical data degradation model where sensitive data undergoes a progressive and irreversible degradation from an accurate state at collection time, to intermediate but still informative degraded states, up to complete disappearance when the data becomes useless. The benefits of data degradation is twofold: (i) by reducing the amount of accurate data, the privacy offence resulting from a trail disclosure is drastically reduced and (ii) degrading the data in line with the application purposes offers a new compromise between privacy preservation and application reach. We introduce in this paper a data degradation model, analyze its impact over core database techniques like storage, indexation and transaction management and propose degradation-aware techniques

SGBD embarqué dans une puce : retour d'expérience

National audienceLa carte à puce est aujourd'hui l'objet portable sécurisé le plus répandu. Il y a 4 ans, nous avons jeté les bases d'une étude portant sur l'embarquement de techniques bases de données dans une carte à puce. Cette étude a conduit à la définition de principes de conception pour ce que nous avons appelé alors PicoDBMS, un système de gestion de bases de données (SGBD) complet intégré dans une carte à puce. Depuis, grâce au progrès du matériel et aux efforts conjoints de notre équipe et de notre partenaire industriel, les principes définis initialement ont donné naissance à un prototype complet tournant sur une plate-forme carte à puce expérimentale. Cet article reconsidère la formulation du problème initial à la lumière des évolutions matérielles et applicatives. Il introduit ensuite un banc d'essai dédié aux bases de données embarquées dans des puces et présente une analyse de performance détaillée de notre prototype. Enfin, il dresse des perspectives de recherche dans le domaine de la gestion de données dans les puces sécurisées