A framework to enforce privacy in business processes

Li, Yin Hua, Computer Science & Engineering, Faculty of Engineering, UNSW

January 2008

Service-oriented architectures (SOA), and in particular Web services, have quickly become a popular paradigm to develop distributed applications. Nowadays, more and more organizations shift their core business to the Web services platform within which various interactions between the autonomous services occur. One of the widely accepted standards in the Web services platform is Business Process Execution Lan- guage for Web Services (BPEL4WS, or BPEL for short). BPEL defines a language to integrate Web services by creating composite Web services in the form of business processes following the service orchestration paradigm, and it enables organizations to focus on core competence and mission-critical operations while outsource every- thing else to reduce costs and time to market. However BPEL is deficient in privacy issues. The facts are: (1) service requestors?? personal information is fundamental to enable business processes (e.g., the mortgage approval business process); (2) privacy concerns have become one of the most important issues in Information Technology and has received increasing at- tention from organizations, consumers and legislators; (3) most organizations have recognized that dealing correctly and honestly with customers?? privacy concerns can have beneficial returns for their businesses, not only in terms of being compliant with laws and regulations but also in terms of reputation and potential business op- portunities. If not addressed properly, privacy concerns may become an impediment to the widespread adoption of BPEL. Privacy issues have many aspects, the privacy concerns of potential service re- questor (i.e., client) and the privacy concerns of service provider (i.e., organization) are two of them. Service requestor specifies his/her privacy concerns as privacy preference, while service provider defines and publishes its privacy policy to specify its privacy promises. Before requestor accesses certain service, he/she likes to know whether the service provider will respect his/her privacy preference. Otherwise, the requestor may seek the desired service from somewhere else. On the other hand,even though most organizations publish their privacy promises, it will be more convincing if customers are assured that such privacy promises are actually kept within the organizations. In this thesis, we propose a privacy enforcement framework for business processes. In particular, we focus on those that are automated using BPEL. The framework consists of two parts. One focuses on the service requestors?? perspective of privacy, the other concentrates on the privacy concerns of the business process owner (i.e., the service provider). More specifically, the first part of the framework is based on description logic, and allows to represent privacy concepts and perform some rea- soning about these concepts. The reasoning engine will check requestor??s privacy preference against the service provider??s published privacy promises before the re- questor accesses the desired service. The second part of the framework facilitates the service provider to enforce its privacy policy within all its business processes throughout the life cycle of personal data. The privacy enforcement can be achieved step by step: privacy inspection, privacy verification and privacy obligation man- agement. The first step, privacy inspection, aims to identify which activity needs the involvement of what personal data. The second step, privacy verification, is to verify the correctness of designed BPEL business processes in terms of privacy. The third step is to enforce the privacy by managing the fulfillment of the obligation during the execution of business process. The privacy enforcement framework presented in the thesis has been implemented. The first part of the framework is implemented in the Privacy Match Engine prototype. For the second part of the framework, as different parts of the privacy policy need to be enforced at different stages of the life cycle of business processes, the implementation consists of a privacy verification tool and a privacy obligation management system.

business process,

privacy protection

Secure and compromise-resilient architecture for advanced metering infrastructure

Alfaheid, Khalid

01 March 2011

In recent years, the Smart Grid has grown to be the solution for future electrical energy that promises to avoid blackouts as well as to be energy efficient, environmentally and customer-friendly. In Smart Grid, the customer-friendly applications are a key element that provides the feature for recognizing the active expenditure of current energy via an Advanced Metering Infrastructure (AMI) subsystem. In fact, the smart meter, as a major part of AMI that is installed in residences, which provides more details about a consumer‟s usage. The smart meter measures hour-by-hour usage of a house, and then instantly transmits the record to the utility via two-way communications, unlike the previous electrical system that collects all usage monthly. However, the live measurement of the usage creates a potential privacy leak since each electrical usage records the behaviour of consumers in the home. Therefore, any communication channel between customers and utility should have some sort of confidentiality which protects consumer privacy. In reality, smart meters are generally located in an insecure area of the house (outside), therefore anyone can potentially tamper with the device, noting the fact that it is low-end device. As a result, there is a great possibility of compromising the smart meter, resulting in disclosure of consumer usage. Actually, the nature of a smart meter, and the cost constraints, create a challenge to secure the network. Therefore, the dual motivating problems are the protection of consumer privacy as well as achieving cost efficiency. In this research, we propose a new secure and compromise resilient architecture that continues two major components: a smart meters compromise attack detection scheme and a secure usage reporting protocol. Firstly, the smart meters compromise attack detection scheme improves the security of the smart meter, preventing an adversary from compromising the smart meter. Secondly, the secure usage reporting protocol improves the security of communication between the smart meter and the utility, preventing an adversary from identifying each household's usage reported by smart meters. / UOIT

Smart meter

Security

Privacy

An architecture for identity management

Richardson, Brian Robert

06 July 2005

Personalization of on-line content by on-line businesses can improve a users experience and increase a businesss chance of making a sale, but with stricter privacy legislation and Internet users increasing concerns about privacy, businesses need to ensure they do not violate laws or frighten away potential customers. This thesis describes the design of the proposed Identity Management Architecture (IMA). The IMA system allows users to decide on a per business basis what personal information is provided, gives users greater access to their personal information held by on-line businesses, and does not rely on a trusted third-party for management of personal information. In order to demonstrate the design and functionality of the IMA system a prototype implementation has been built. This implementation consists of the IMA client application and an example participating business to demonstrate the features of the IMA client. To evaluate the design of the IMA system it was compared to three high profile identity management systems: Microsoft .NET Passport, Liberty Alliance Project, and Microsoft Infocards. Through this evaluation each tool was compared based on the access to personal information provided to users and on what areas of privacy legislation compliance are improved for a business that participates.

identity management

privacy

ima

The Common Law Right to Privacy

Lilles, Jaan

15 February 2010

This paper justifies and delineates a common law right to privacy. The first part of the paper reviews the current state of the law of privacy. The second part defines privacy by distinguishing privacy rights from those otherwise protected by the common law. The paper argues that the appropriate organizing principle behind the legal concept of privacy is the idea of control over one’s interactions with others. The third part argues that protection of privacy at common law is justified both pursuant to the demands of the Charter and with a theoretical understanding of private law based on a Kantian notion of Right. The final part argues that such an analysis determines the substantive nature of the protection that should be afforded at common law, namely that privacy should be protected from both intentional and negligent interference.

Common Law

Privacy

0398

The Common Law Right to Privacy

Lilles, Jaan

15 February 2010

This paper justifies and delineates a common law right to privacy. The first part of the paper reviews the current state of the law of privacy. The second part defines privacy by distinguishing privacy rights from those otherwise protected by the common law. The paper argues that the appropriate organizing principle behind the legal concept of privacy is the idea of control over one’s interactions with others. The third part argues that protection of privacy at common law is justified both pursuant to the demands of the Charter and with a theoretical understanding of private law based on a Kantian notion of Right. The final part argues that such an analysis determines the substantive nature of the protection that should be afforded at common law, namely that privacy should be protected from both intentional and negligent interference.

Common Law

Privacy

0398

Improving Tor using a TCP-over-DTLS Tunnel

Reardon, Joel

09 September 1923

The Tor network gives anonymity to Internet users by relaying their traffic through the world over a variety of routers. This incurs latency, and this thesis first explores where this latency occurs. Experiments discount the latency induced by routing traffic and computational latency to determine there is a substantial component that is caused by delay in the communication path. We determine that congestion control is causing the delay. Tor multiplexes multiple streams of data over a single TCP connection. This is not a wise use of TCP, and as such results in the unfair application of congestion control. We illustrate an example of this occurrence on a Tor node on the live network and also illustrate how packet dropping and reordering cause interference between the multiplexed streams. Our solution is to use a TCP-over-DTLS (Datagram Transport Layer Security) transport between routers, and give each stream of data its own TCP connection. We give our design for our proposal, and details about its implementation. Finally, we perform experiments on our implemented version to illustrate that our proposal has in fact resolved the multiplexing issues discovered in our system performance analysis. The future work gives a number of steps towards optimizing and improving our work, along with some tangential ideas that were discovered during research. Additionally, the open-source software projects latency_proxy and libspe, which were designed for our purposes but programmed for universal applicability, are discussed.

Privacy

Tor

Computer Science

Improving Tor using a TCP-over-DTLS Tunnel

Reardon, Joel

09 September 1923

The Tor network gives anonymity to Internet users by relaying their traffic through the world over a variety of routers. This incurs latency, and this thesis first explores where this latency occurs. Experiments discount the latency induced by routing traffic and computational latency to determine there is a substantial component that is caused by delay in the communication path. We determine that congestion control is causing the delay. Tor multiplexes multiple streams of data over a single TCP connection. This is not a wise use of TCP, and as such results in the unfair application of congestion control. We illustrate an example of this occurrence on a Tor node on the live network and also illustrate how packet dropping and reordering cause interference between the multiplexed streams. Our solution is to use a TCP-over-DTLS (Datagram Transport Layer Security) transport between routers, and give each stream of data its own TCP connection. We give our design for our proposal, and details about its implementation. Finally, we perform experiments on our implemented version to illustrate that our proposal has in fact resolved the multiplexing issues discovered in our system performance analysis. The future work gives a number of steps towards optimizing and improving our work, along with some tangential ideas that were discovered during research. Additionally, the open-source software projects latency_proxy and libspe, which were designed for our purposes but programmed for universal applicability, are discussed.

Privacy

Tor

Computer Science

An architecture for identity management

Richardson, Brian Robert

06 July 2005

Personalization of on-line content by on-line businesses can improve a users experience and increase a businesss chance of making a sale, but with stricter privacy legislation and Internet users increasing concerns about privacy, businesses need to ensure they do not violate laws or frighten away potential customers. This thesis describes the design of the proposed Identity Management Architecture (IMA). The IMA system allows users to decide on a per business basis what personal information is provided, gives users greater access to their personal information held by on-line businesses, and does not rely on a trusted third-party for management of personal information. In order to demonstrate the design and functionality of the IMA system a prototype implementation has been built. This implementation consists of the IMA client application and an example participating business to demonstrate the features of the IMA client. To evaluate the design of the IMA system it was compared to three high profile identity management systems: Microsoft .NET Passport, Liberty Alliance Project, and Microsoft Infocards. Through this evaluation each tool was compared based on the access to personal information provided to users and on what areas of privacy legislation compliance are improved for a business that participates.

identity management

privacy

ima

Privacy-preserving data mining

Zhang, Nan

15 May 2009

In the research of privacy-preserving data mining, we address issues related to extracting knowledge from large amounts of data without violating the privacy of the data owners. In this study, we first introduce an integrated baseline architecture, design principles, and implementation techniques for privacy-preserving data mining systems. We then discuss the key components of privacy-preserving data mining systems which include three protocols: data collection, inference control, and information sharing. We present and compare strategies for realizing these protocols. Theoretical analysis and experimental evaluation show that our protocols can generate accurate data mining models while protecting the privacy of the data being mined.

Data Mining

Privacy

Fusion center privacy policies does one size fit all? /

Harper, Jennifer L.

January 2009

Thesis (M.A. in Security Studies (Homeland Security and Defense))--Naval Postgraduate School, December 2009. / Thesis Advisor(s): Rollins, John. Second Reader: Petrie, Michael. "December 2009." Description based on title screen as viewed on January 26, 2010. Author(s) subject terms: Fusion center, privacy policy, civil liberties, information and analysis center, New Hampshire. Includes bibliographical references (p. 91-96). Also available in print.

Privacy. Terrorism. Civil rights.