Privacy and Contextual Integrity: Framework and Applications Adam Barth, Anupam Datta, John C. Mitchell (Stanford) Helen Nissenbaum (NYU)

Slides:



Advertisements
Similar presentations
Policy Auditing over Incomplete Logs: Theory, Implementation and Applications Deepak Garg 1, Limin Jia 2 and Anupam Datta 2 1 MPI-SWS (work done at Carnegie.
Advertisements

Formalization of Health Information Portability and Accountability Act (HIPAA) Simon Berring, Navya Rehani, Dina Thomas.
Declarative Privacy Policy: Finite Models and Attribute-Based Encryption 1 November 2 nd, 2011.
And the finer details of patient privacy TCH Confidential Understanding HIPAA.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
Westbrook Technologies from Document Management’s Role in HIPAA.
Regulatory Issues in Campus Computing Privacy and Security in a Digital World Presented by David Gleason, Esq. University Counsel University of Maryland,
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
© 2004 Property Casualty Insurers Association of America The Alphabet of Federal Legislation Kathleen Jensen Property and Casualty Insurers Association.
IBM Zurich Research Lab © 2004 IBM Corporation PART 5 Enterprise Privacy Policies.
BGS Customer Relationship Management Chapter 13 Privacy and Ethics Considerations Chapter 13 Privacy and Ethics Considerations Thomson Publishing 2007.
Privacy and Contextual Integrity: Framework and Applications Adam Barth, Anupam Datta, John C. Mitchell (Stanford), and Helen Nissenbaum (NYU) TRUST Winter.
TRUST Retreat, October 8-9, 2006 EMR Project Vanderbilt (Sztipanovits, Karsai, Xue) Stanford (Mitchell, Datta, Barth, Sundaram) Berkeley (Bajcsy, Sastry)
Problems with Notice and Consent? Helen Nissenbaum, NYU INCO-TRUST Workshop, May Work supported by: NSF ITR : Sensitive Information in.
Enterprise Privacy Promises and Enforcement Adam Barth John C. Mitchell.
Course Review Anupam Datta CMU Fall A: Foundations of Security and Privacy.
On Privacy and Compliance: Philosophy and Law meets Computer Science Anupam Datta Stanford University Oakland PC Crystal Ball Workshop January 2007.
James Williams – Ontario Telemedicine Network. Objectives: 1. Review policy constraints for EHR systems. 2. Traditional approaches to policies in EHRs.
Contextual Integrity and its Formalization
Policy Languages and Enforcement John Mitchell Stanford 4 th IAPP Privacy Summit February 2004.
Anupam Datta Anupam DattaCMU Joint work with Adam Barth, John Mitchell (Stanford), Helen Nissenbaum (NYU) and Sharada Sundaram (TCS) Privacy and Contextual.
Enterprise Privacy Promises and Enforcement Adam Barth John C. Mitchell.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.
Privacy Challenges and Solutions for Health Information Systems John C Mitchell, Stanford University.
Audumbar Chormale Advisor: Dr. Anupam Joshi M.S. Thesis Defense
Patients Bill of Rights. What is a Patient’s Bill of Rights? A list of patients rights. It offers guidance and protection to patients by stating the responsibilities.
Banks and the Privacy of Medical Information 8 th National HIPAA Summit March 8, 2004 Joy Pritts, JD Health Policy Institute Georgetown University
Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style PRIVACY AS & AND CONTEXTUAL INTEGRITY Helen Nissenbaum.
Contextual Integrity & its Logical Formalization 18739A: Foundations of Security and Privacy Anupam Datta Fall 2009.
6 October 2006NHPRC Electronic Records Symposium Developing the HIPAA-Aware EAD Finding Aid The Concept of HIPAA Awareness Nancy McCall Michael Miers Phoebe.
Quality Integrity Stewardship Courtesy Care Accountability Medical Records ARMA Florida Gulf Coast Chapter Michael Spake Lakeland Regional Medical Center.
Privacy and Security Laws for Health Care Organizations Presented by Robert J. Scott Scott & Scott, LLP
0x1A Great Papers in Computer Security Vitaly Shmatikov CS 380S
Privacy and Contextual Integrity: Framework and Applications Adam Barth, Anupam Datta, John C. Mitchell (Stanford) Helen Nissenbaum (NYU)
Copyright © 2008 Delmar Learning. All rights reserved. Unit 8 Observation, Reporting, and Documentation.
Contextual Integrity as a Normative Guide for Privacy Helen Nissenbaum New York University * School of Information, UC Berkeley April 2, 2008 * Supported.
110/19/2015CS360 AI & Robotics AI Application Areas  Neural Networks and Genetic Algorithms  These model the structure of neurons in the brain  Humans.
Policy-based Dynamic Authorization Framework for Sharing Medical Data Apurva Mohan and Douglas M. Blough, Georgia Institute of Technology Andrew Post,
Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill Chapter 6 The Privacy and Security of Electronic Health Information.
Dimensions of Privacy 18739A: Foundations of Security and Privacy Anupam Datta Fall 2009.
PricewaterhouseCoopers 1 Administrative Simplification: Privacy Audioconference April 14, 2003 William R. Braithwaite, MD, PhD “Doctor HIPAA” HIPAA Today.
Robert Guerra Director, CryptoRights Foundation Implementing Privacy Implementing Privacy: Rules of the Game for Developers Mac-Crypto Conference on Macintosh.
Lightweight Consistency Enforcement Schemes for Distributed Proofs with Hidden Subtrees Adam J. Lee, Kazuhiro Minami, and Marianne Winslett University.
Policies for Information Sharing April 10, 2006 Mark Frisse, MD, MBA, MSc Marcy Wilder, JD Janlori Goldman, JD Joseph Heyman, MD.
IT Security Policy Framework ● Policies ● Standards ● Procedures ● Guidelines.
Ethics/Legal 6.02 Analyze contracts, privileged communications, and HIPPA.
C HAPTER 34 Code Blue Health Sciences Edition 4. Confidentiality of sensitive information is an important issue in healthcare. Breaches of confidentiality.
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Privacy in Context: Contextual Integrity Peter Radics Usable Security – CS 6204.
12/13/20151 Computer Security Security Policies...
1 Canadian Privacy Policy: Customizing E.U. Standards Remarks by Jennifer Stoddart Privacy Commissioner of Canada Privacy Symposium: Summer 2007 August.
Patrick Sulzberger, CPA, CHC Compliance & The Board A Guide to Excellence.
TRUST 2 nd Year Site Visit, March 19 th, 2007 TRUST Knowledge Transfer EMR Project Vanderbilt (Sztipanovits, Karsai, Ledeczi, Xue) Stanford (Mitchell,
Safeguarding Sensitive Information. Agenda Overview Why are we here? Roles and responsibilities Information Security Guidelines Our Obligation Has This.
1 Ethical Issues in Computer Science CSCI 328, Fall 2013 Session 13 Privacy as a Value.
1 XACML for RBAC and CADABRA Constrained Delegation and Attribute-Based Role Assignment Brian Garback © Brian Garback 2005.
Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.
1 Ethics of Computing MONT 113G, Spring 2012 Session 31 Privacy as a value.
Table of Contents. Lessons 1. Introduction to HIPAA Go Go 2. The Privacy Rule Go Go.
Cybersecurity Presentation Insert Name CSIA 412. Agenda 0 Purpose of Legislation 0 Influence of Legislation 0 Legislation vs. Other Regulatory Demands.
© 2016 Cengage Learning ®. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
HIPAA THE PRIVACY RULE Reviewed December HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-
Chapter 7. Hybrid Policies
Paul T. Smith, Esq. Partner, Davis Wright Tremaine LLP
A Policy-Based Security Mechanism for Distributed Health Networks
Privacy Policy the Law….
On Parametric Obligation Policies: Enabling Privacy-aware Information Lifecycle Management in Enterprises IEEE Policy Workshop 2007 Marco Casassa Mont.
18734: Foundations of Privacy
Presentation transcript:

Privacy and Contextual Integrity: Framework and Applications Adam Barth, Anupam Datta, John C. Mitchell (Stanford) Helen Nissenbaum (NYU)

Broad Goal Protect privacy of individuals –Restrict transmission of sensitive data –State restrictions in a formal policy language Precisely express privacy legislation –HIPAA (Medical privacy rule) –GLBA (Financial privacy legislation) –COPPA (Privacy protection for children online)

Framework Overview Privacy model: communicating agents –Agents take on roles –Information abstracted by type –Agent reasoning through computation rules –“Alice gives Bob a type of info about Charlie” Language based on Linear Temporal Logic –Temporal conditions essential for privacy Captures opt-in, opt-out, confidentiality, etc –Standard LTL tools applicable

Policy Relations and Operations Policy compliance crystallizes –Strong compliance Agents can meet future requirements Requires computing LTL satisfiability (PSPACE) –Weak compliance Agents need only meet present requirements Computable efficiently using LTL tableau Policy refinement reduces to implication –Combination: conjunction and disjunction

Applications: Privacy in legislation HIPAA –Hospitals can give protected health information about patients to health care providers GLBA –Financial institutions must notify consumers if they share their non-public personal information with non-affiliated companies, but the notification may occur either before or after the information sharing occurs

Related Work Role-based access control –No subjects, attributes, or temporal conditions XACML –Attributes handled incorrectly (inheritance) –Combination occurs functionally, not logically EPAL –Obligations treated as uninterpreted symbols –Can only enforce week compliance P3P –Contains only simple opt-in / opt-out conditions

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.