Frameworks for Personalized Privacy and Privacy Auditing

Samavi, M. Reza

13 August 2013

As individuals are increasingly benefiting from the use of online services, there are growing concerns about the treatment of personal information. Society’s ongoing response to these concerns often gives rise to privacy policies expressed in legislation and regulation. These policies are written in natural language (or legalese) as privacy agreements that users must agree to, or presented as a set of privacy settings and options that users must opt in or out of in order to receive the service they want. But comprehensibility of privacy policies and settings is becoming increasingly challenging as agreements become longer and there are many privacy options to choose from. Additionally, organizations face the challenge of assuring compliance with policies that govern collecting, using, and sharing of personal data. This thesis proposes frameworks for personalized privacy and privacy auditing to address these two problems. In this thesis, we focus our investigation on the comprehensibility issues of personalized privacy using the concrete application domain of personal health data as recorded in systems known as personal health records (PHR). We develop the Privacy Goals and Settings Mediator (PGSM) model, which is based on i* multi-agent modelling techniques, as a way to help users comprehend privacy settings when employing multiple services over a web platform. Additionally, the PGSM model helps privacy experts contribute their privacy knowledge to the users’ privacy decision-making task. To address the privacy auditing problem, we propose two light-weight ontologies, L2TAP and SCIP, that are designed for deployment as Linked Data, an emerging standard for representing and publishing web data. L2TAP (Linked Data Log to Transparency, Accountability and Privacy) provides flexible and extensible provenance-enabled logging of privacy events. SCIP (Simple Contextual Integrity Privacy) provides a simple target for mapping the key concepts of Contextual Integrity and enables SPARQL query-based solutions for two important privacy processes: compliance checking and obligation derivation. This thesis validates the premise of PHR users’ privacy concerns, attitudes and behaviour through an empirical study. The usefulness of the PGSM model for privacy experts is evaluated through interviews with experts. Finally, the scalability and practical benefits of L2TAP+SCIP for log-based privacy auditing are validated experimentally.

Privacy

Ontology

Audit log

Linked Data

Personal Health Record

Personal Web

Compliance queries

0790

Frameworks for Personalized Privacy and Privacy Auditing

Samavi, M. Reza

13 August 2013

As individuals are increasingly benefiting from the use of online services, there are growing concerns about the treatment of personal information. Society’s ongoing response to these concerns often gives rise to privacy policies expressed in legislation and regulation. These policies are written in natural language (or legalese) as privacy agreements that users must agree to, or presented as a set of privacy settings and options that users must opt in or out of in order to receive the service they want. But comprehensibility of privacy policies and settings is becoming increasingly challenging as agreements become longer and there are many privacy options to choose from. Additionally, organizations face the challenge of assuring compliance with policies that govern collecting, using, and sharing of personal data. This thesis proposes frameworks for personalized privacy and privacy auditing to address these two problems. In this thesis, we focus our investigation on the comprehensibility issues of personalized privacy using the concrete application domain of personal health data as recorded in systems known as personal health records (PHR). We develop the Privacy Goals and Settings Mediator (PGSM) model, which is based on i* multi-agent modelling techniques, as a way to help users comprehend privacy settings when employing multiple services over a web platform. Additionally, the PGSM model helps privacy experts contribute their privacy knowledge to the users’ privacy decision-making task. To address the privacy auditing problem, we propose two light-weight ontologies, L2TAP and SCIP, that are designed for deployment as Linked Data, an emerging standard for representing and publishing web data. L2TAP (Linked Data Log to Transparency, Accountability and Privacy) provides flexible and extensible provenance-enabled logging of privacy events. SCIP (Simple Contextual Integrity Privacy) provides a simple target for mapping the key concepts of Contextual Integrity and enables SPARQL query-based solutions for two important privacy processes: compliance checking and obligation derivation. This thesis validates the premise of PHR users’ privacy concerns, attitudes and behaviour through an empirical study. The usefulness of the PGSM model for privacy experts is evaluated through interviews with experts. Finally, the scalability and practical benefits of L2TAP+SCIP for log-based privacy auditing are validated experimentally.

Privacy

Ontology

Audit log

Linked Data

Personal Health Record

Personal Web

Compliance queries

0790

Design And Implementation Of A Secure And Searchable Audit Logging System

Incebacak, Davut

01 May 2007

Logs are append-only time-stamped records to represent events in computers or network devices. Today, in many real-world networking applications, logging is a central service however it is a big challenge to satisfy the conflicting requirements when the security of log records is of concern. On one hand, being kept on mostly untrusted hosts, the logs should be preserved against unauthorized modifications and privacy breaches. On the other, serving as the primary evidence for digital crimes, logs are often needed for analysis by investigators. In this thesis, motivated by these requirements we define a model which integrates forward integrity techniques with search capabilities of encrypted logs. We also implement this model with advanced cryptographic primitives such as Identity Based Encryption. Our model, in one side, provides secure delegation of search capabilities to authorized users while protecting information privacy, on the other, these search capabilities set boundaries of a user&rsquo / s search operation. By this way user can not access logs which are not related with his case. Also, in this dissertation, we propose an improvement to Schneier and Kelsey&rsquo / s idea of forward integrity mechanism.

Keeping an Indefinitely Growing Audit Log / En kontinuerligt växande audit log

Andersson, Måns

January 2022

An audit log enables us to discover malfeasance in a system and to understand a security breach after it has happened. An audit log is meant to preserve information about important events in a system in a non-repudiable manner. Naturally, the audit log is often a target for malicious actors trying to cover the traces of an attack. The most common type of attack would be to try to remove or modify entries which contain information about some events in the system that a malicious actor does not want anyone to know about. In this thesis, the state-of-the-art research on secure logging is presented together with a design for a new logging system. The new design has superior properties in terms of both security and functionality compared to the current EJBCA implementation. The design is based on a combination of two well-cited logging schemes presented in the literature. Our design is an audit log built on a Merkle tree structure which enables efficient integrity proofs, flexible auditing schemes, efficient queries and exporting capabilities. On top of the Merkle tree structue, an FssAgg (Forward secure sequential Aggregate) MAC (Message Authentication Code) is introduced which strengthens the resistance to truncation-attacks and provides more options for auditing schemes. A proof-of-concept implementation was created and performance was measured to show that the combination of the Merkle tree log and the FssAgg MAC does not significantly reduce the performance compared to the individual schemes, while offering better security. The logging system design and the proof-of-concept implementation presented in this project will serve as a starting point for PrimeKey when developing a new audit log for EJBCA. / En granskningslogg är viktig eftersom den ger oss möjligheten att upptäcka misstänkt aktivitet i ett system. Granskningsloggen ger också möjligheten att undersöka och förstå ett säkerhetsintrång efter att det har inträffat. En attackerare som komprometterar ett system har ofta granskningsloggen som mål, eftersom de ofta vill dölja sina spår. I denna rapport presenteras en litteraturstudie av nuvarande forskning på säkra loggingsystem samt en design av ett nytt loggingsystem. Det nya loggingsystemet har bättre säkerhetsegentskaper och funktionalitet jämfört med den nuvarande implementationen i EJBCA. Designen bygger på en kombination av två välciterade forskningsartiklar. Vår design är en granskningslogg baserad på en Merkle träd-struktur som möjliggör effektiva bevis av loggens integritet, flexibel granskning, effektiv sökning och exportfunktionalitet. Förutom Merkle träd-strukturen består den nya loggen även av en FssAgg (Forward secure sequential Aggregate) MAC (Message Authentication Code) som förstärker loggens motstånd mot trunkeringsattacker och möjliggör fler sätt att granska loggen. En prototypimplementation skapades och prestandamätningar genomfördes som visar att kombinationen av Merkle träd-loggen och FssAgg MAC:en inte försämrar loggens prestanda jämfört med de individuella logglösningarna, trots att starkare säkerhet uppnås. Designen av det nya loggingsystemet samt prototypimplementationen kommer att utgöra en grund för PrimeKeys arbete med att implementera en ny audit log i EJBCA.

Cryptography

Audit Log

Tamper-evident

Merkle tree

Kryptografi

Granskningslogg

Manipuleringsupptäckbarhet

Merkle träd

Computer Sciences

Datavetenskap (datalogi)

Computer Engineering

Datorteknik

Visualizing audit log events at the Swedish Police Authority to facilitate its use in the judicial system / Visualisering av spårbarhetslogg hos Polismyndigheten för att underlätta dess användning inom rättssystemet

Michel, Hannes

January 2019

Within the Swedish Police Authority, physical users’ actions within all systems that manage sensitive information, are registered and sent to an audit log. The audit log contains log entries that consist of information regarding the events that occur by the performing user. This means that the audit log continuously manages massive amounts of data which is collected, processed and stored. For the police authority, the audit log may be useful for proving a digital trail of something that has occurred. An audit log is based upon the collected data from a security log. Security logs can collect datafrom most of the available systems and applications. It provides the availability for the organizationto implement network surveillance over the digital assets where logs are collected in real-time whichenables the possibility to detect any intrusion over the network. Furthermore, additional assets thatlog events are generated from are security software, firewalls, operating systems, workstations,networking equipment, and applications. The actors in a court of law usually don’t possess the technical knowledge required to interpret alog events since they can contain variable names, unparsed data or undefined values. Thisemphasizes the need for a user-friendly artifact of the audit log events that facilitates its use. Researching a way of displaying the current data format and displaying it in an improvedpresentable manner would be beneficial as an academic research by producing a generalizablemodel. In addition, it would prove useful for the internal investigations of the police authority sinceit was formed by their needs.

Audit log

Data visualization

Data semantics

User-centered

Event data

Spårbarhetslogg

datavisualisering

rättssystemet

data logg

logg

Other Computer and Information Science

Annan data- och informationsvetenskap

DSAP: Data Sharing Agreement Privacy Ontology / Privacy Ontology for Health Data Sharing in Research

Li, Mingyuan

January 2018

Medical researchers utilize data sharing agreements (DSA) to communicate privacy policies that govern the treatment of data in their collaboration. Expression of privacy policies in DSAs have been achieved through the use of natural and policy languages. However, ambiguity in natural language and rigidness in policy languages make them unsuitable for use in collaborative medical research. Our goal is to develop an unambiguous and flexible form of expression of privacy policies for collaborative medical research. In this thesis, we developed a DSA Privacy Ontology to express privacy policies in medical research. Our ontology was designed with hierarchy structure, lightweight in expressivity, closed world assumption in interpretation, and the reuse of other ontologies. The design allows our ontology to be flexible and extensible. Being flexible allows our ontology to express different types of privacy policies. Being extensible allows our ontology to be mapped to other linkable ontologies without the need to change our existing ontology. We demonstrate that our ontology is capable of supporting the DSA in a collaborative research data sharing scenario through providing the appropriate vocabulary and structure to log privacy events in a linked data based audit log. Furthermore, through querying the audit log, we can answer privacy competency questions relevant to medical researchers. / Thesis / Master of Science (MSc)

Privacy

Health Research

Medical Research

Ontology

Data Sharing

Data Sharing Agreements

Linked Data

Privacy Audit Log

Health Information Sharing

Health Information

Outpatient Portal (OPP) Use Among Pregnant Women: Cross-Sectional, Temporal, and Cluster Analysis of Use

Morgan, Evan M.

09 November 2021

No description available.

Biomedical Research

Health Care Management

Information Science

Obstetrics

Public Health

Systems Design

Systems Science