Presentation on theme: "Protecting Privacy in Terrorist Tracking Applications Teresa Lunt, PI Jessica Staddon, Dirk Balfanz Glenn Durfee, Tomas Uribe (SRI) Diana Smetters, Jim."— Presentation transcript:
Protecting Privacy in Terrorist Tracking Applications Teresa Lunt, PI Jessica Staddon, Dirk Balfanz Glenn Durfee, Tomas Uribe (SRI) Diana Smetters, Jim Thornton Paul Aoki, Brent Waters (intern) David Woodruff (intern)
Privacy Appliance data source privacy appliance user query cross- source privacy appliance privacy appliance Government owned Privately owned Independently operated Standalone devices –Under private control –Better assurance of correct operation Sits between the analyst and each private data source –Easily added to an enterprise’s computing infrastructure –Like firewalls Benefits Private data stays in private hands Privacy controls isolated from the government
Access Control Check authorizations Modify query as needed to withhold data Access control DB Mark access “history” Analyst query Send modified query to data source The privacy appliance will recognize –Which queries touch inference channels –Whether the user is authorized for the query Input special authorizations For higher authorization: –Can retrieve specific identifying info –Must specify scope of data authorized For lowest authorization: –Withhold identifying attributes –Prevent completion of inference channels Analysis can’t combine non-sensitive queries to obtain sensitive info
Inference Tool Earlier life: MLS databases –Detect inference channels from unclassified to classified data Now: Privacy-Protection –Detect inference channels from non- sensitive to sensitive data –Example: Select count(name) where gender = female Select avg(grade) where gender = female = 1
Systems Issues Logging –Log classified stuff at third-party sites! –Search through (encrypted) logs to prove abuse. Trust issues –Finally a legitimate use for Palladium! … –This is a big system!