Presentation is loading. Please wait.

Presentation is loading. Please wait.

Privacy and Contextual Integrity: Framework and Applications Adam Barth, Anupam Datta, John C. Mitchell (Stanford) Helen Nissenbaum (NYU)

Published byJemimah White Modified over 8 years ago

Similar presentations

Presentation on theme: "Privacy and Contextual Integrity: Framework and Applications Adam Barth, Anupam Datta, John C. Mitchell (Stanford) Helen Nissenbaum (NYU)"— Presentation transcript:

1 Privacy and Contextual Integrity: Framework and Applications Adam Barth, Anupam Datta, John C. Mitchell (Stanford) Helen Nissenbaum (NYU)

2 Privacy in Health Care Patient DoctorSpecialist Electronic Health Record Patient Portal Insurer HIPAA Compliance

3 Broad Goal Protect privacy –Can a banker tell a marketer a customer’s address? Express policy precisely –Enterprise privacy policies –Privacy provisions from legislation Analyze privacy policies –Action complies with policy? –Policy enforces law?

4 Approach Privacy model –Agents communicating about each other Logic over model –Linear temporal logic Policies as logical formulas –Control expressive power Apply logical tools –Leverage LTL research

5 Contextual Integrity Philosophical account of privacy –Transfer of personal information –Describes what people care about Flow governed by norms –Agents act in roles in social contexts –Rejects public/private dichotomy Principles of transmission –Confidentiality, reciprocity, dessert, etc

6 Privacy Model for CI AliceBob Charlie’s SSN is 078-05-1120 Restrict messages –Messages about subjects Judgments over traces –Past and future relevant Agents reason about attributes

7 Access Control vs. Privacy Access control –Subject (= actor) –Object –Action Stateless –Except Chinese wall Discrete elements Privacy policies –Sender –Recipient –Subject (of message) –Attribute –Transmission principle Temporal –Past: Opt-in / opt-out –Future: Notification Structured attributes

8 Syntax Grammar for logic –  ::= send(p 1,p 2,m)p 1 sends p 2 message m | contains(m, q, t)m contains attrib t about q | inrole(p, r)p is active in role r | incontext(p, c)p is active in context c | t  t’Attrib t is part of attrib t’ |    |  |  x: .  Classical operators |  U  |  S  | O  Temporal operators Policies use a restricted class of formulas

9 CI Norms and Policies Policy consists of norms (+)inrole(p 1, r 1 )  inrole(p 2, r 2 )  inrole(q, r)  t  t’     (  )inrole(p 1, r 1 )  inrole(p 2, r 2 )  inrole(q, r)  t  t’     –  is an agent constraint –  is a temporal condition Norms assembled into policy formula –  p 1,p 2,q:P.  m:M.  t:T.incontext(p 1, c)  send(p 1, p 2, m)  contains(m, q, t)   {  + |  +  norms + (c) }   {   |    norms  (c) }

10 Sender roleSubject roleAttribute Transmission principle Gramm-Leach-Bliley Example Recipient role Financial institutions must notify consumers if they share their non-public personal information with non- affiliated companies, but the notification may occur either before or after the information sharing occurs

11 Expressiveness of CI Evaluated on privacy laws –HIPAA, GLBA, and COPPA Captured most privacy provisions –Missed de-identified health info in HIPAA Laws used most features –Roughly as expressive as required

12 Structure of Attributes Health Information Psychotherapy Notes Date of Birth AgeZodiac SignTest Results Heath care providers can tell patients their health information Heath care providers can tell patients their psychotherapy notes only if a psychiatrist has approved Sender roleRecipient roleSubject roleAttribute Health Information Psychotherapy NotesTest Results Health Information Psychotherapy Notes

13 Extensional vs. Intentional Extensional semantics –Equates policies with judgments –Ignores why judgments reached Intentional semantics –Policies as list of rules –Reason for judgment preserved Extensional combination tricky –Attribute inheritance

14 Difficulties in Combination Date of Birth AgeZodiac Sign Age AND= Date of Birth AgeZodiac Sign Date of Birth AgeZodiac Sign Age OR= Date of Birth AgeZodiac Sign Date of Birth

15 Refinement and Combination Policy refinement –Basic policy relation –Does hospital policy enforce HIPAA? P 1 refines P 2 if P 1  P 2 –Requires careful handling of attribute inheritance Combination becomes logical conjunction –Defined in terms of refinement

16 Compliance Strong compliance –Future requirements after action can be met –PSPACE Weak compliance –Present requirements met by action –Polynomial time Policy History Contemplated Action Judgment Future Reqs

17 Related Languages ModelSenderRecipientSubjectAttributesPastFutureCombination RBACRoleIdentity  XACMLFlexible o  o  EPALFixedRoleFixed  o  P3PFixedRoleFixed  o  o CIRole  Legend:  unsupported opartially supported  full supported CI fully supports attributes and combination

18 Conclusions Privacy about agents communicating –Different model than access control Sender, recipient, subject, attribute, transmission principle –Past and future important CI: A language for privacy policies –Based on linear temporal logic –Expresses most privacy laws Combination and compliance tractable

19 Questions?

20

Download ppt "Privacy and Contextual Integrity: Framework and Applications Adam Barth, Anupam Datta, John C. Mitchell (Stanford) Helen Nissenbaum (NYU)"

Similar presentations

Policy Auditing over Incomplete Logs: Theory, Implementation and Applications Deepak Garg 1, Limin Jia 2 and Anupam Datta 2 1 MPI-SWS (work done at Carnegie.

Policy Auditing over Incomplete Logs: Theory, Implementation and Applications Deepak Garg 1, Limin Jia 2 and Anupam Datta 2 1 MPI-SWS (work done at Carnegie.
Formalization of Health Information Portability and Accountability Act (HIPAA) Simon Berring, Navya Rehani, Dina Thomas.

Formalization of Health Information Portability and Accountability Act (HIPAA) Simon Berring, Navya Rehani, Dina Thomas.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.

HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) 252-9321; Victoria Nemerson.

HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
Privacy Laws & Higher Education. Agenda 1.Five Privacy Laws a.FERPA b.HIPAA c.GLB d.FACTA Disposal Rule e.CAN-SPAM 2.Overview of the Laws a.What does.

Privacy Laws & Higher Education. Agenda 1.Five Privacy Laws a.FERPA b.HIPAA c.GLB d.FACTA Disposal Rule e.CAN-SPAM 2.Overview of the Laws a.What does.
HIPAA Health Insurance Portability and Accountability Act 1.

HIPAA Health Insurance Portability and Accountability Act 1.
HIPAA Basics A Matter of Integrity. Introduction “A Matter of Integrity” defines HIPAA and protecting patient health information. Success depends on our.

HIPAA Basics A Matter of Integrity. Introduction “A Matter of Integrity” defines HIPAA and protecting patient health information. Success depends on our.
 Original Intent: ◦ Act passed in 1996 with two main goals: 1.Ensure individuals would be able to maintain their health insurance between jobs (the “portability”

 Original Intent: ◦ Act passed in 1996 with two main goals: 1.Ensure individuals would be able to maintain their health insurance between jobs (the “portability”
© 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2.5 HIPAA Legislation and its Impact on Physician Practices 2-15 The Health Insurance Portability.

© 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2.5 HIPAA Legislation and its Impact on Physician Practices 2-15 The Health Insurance Portability.
Are you ready for HIPPO??? Welcome to HIPAA

Are you ready for HIPPO??? Welcome to HIPAA
HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.

HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.
Health Insurance Portability and Accountability Act (HIPAA)

Health Insurance Portability and Accountability Act (HIPAA)
Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.
Privacy and Contextual Integrity: Framework and Applications Adam Barth, Anupam Datta, John C. Mitchell (Stanford), and Helen Nissenbaum (NYU) TRUST Winter.

Privacy and Contextual Integrity: Framework and Applications Adam Barth, Anupam Datta, John C. Mitchell (Stanford), and Helen Nissenbaum (NYU) TRUST Winter.
Www.oaic.gov.au Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.

Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.
Problems with Notice and Consent? Helen Nissenbaum, NYU INCO-TRUST Workshop, May 3-5 2010 Work supported by: NSF ITR-0331542: Sensitive Information in.

Problems with Notice and Consent? Helen Nissenbaum, NYU INCO-TRUST Workshop, May Work supported by: NSF ITR : Sensitive Information in.
On Privacy and Compliance: Philosophy and Law meets Computer Science Anupam Datta Stanford University Oakland PC Crystal Ball Workshop January 2007.

On Privacy and Compliance: Philosophy and Law meets Computer Science Anupam Datta Stanford University Oakland PC Crystal Ball Workshop January 2007.

Similar presentations

Ads by Google