Presentation is loading. Please wait.

Presentation is loading. Please wait.

Policy Auditing over Incomplete Logs: Theory, Implementation and Applications Deepak Garg 1, Limin Jia 2 and Anupam Datta 2 1 MPI-SWS (work done at Carnegie.

Published byShirley Collicott Modified over 10 years ago

Similar presentations

Presentation on theme: "Policy Auditing over Incomplete Logs: Theory, Implementation and Applications Deepak Garg 1, Limin Jia 2 and Anupam Datta 2 1 MPI-SWS (work done at Carnegie."— Presentation transcript:

1 Policy Auditing over Incomplete Logs: Theory, Implementation and Applications Deepak Garg 1, Limin Jia 2 and Anupam Datta 2 1 MPI-SWS (work done at Carnegie Mellon University) 2 Carnegie Mellon University

2 Privacy Personal information collected and used to provide services (census statistics, health care & financial services, targeted advertisements, social network services) Organizational goals and individual privacy goals conflict

3 Privacy Legislation Regulate use and disclosure of personal information, but allow organizational work to proceed Examples: HIPAA (medical information), GLBA (financial information)

4 Research Goal Build a principled system for enforcing practical privacy policies Non-trivial due to complexity of practical privacy policies

5 Example from HIPAA Privacy Rule A covered entity may disclose an individuals protected health information (phi) to law-enforcement officials for the purpose of identifying an individual if the individual made a statement admitting participating in a violent crime that the covered entity believes may have caused serious physical harm to the victim Concepts in privacy policies Actions: send(p1, p2, m) Roles: inrole(p2, law-enforcement) Data attributes: attr_in(prescription, phi) Temporal constraints: in-the-past(state(q, m)) Purposes: purp_in(u, id-criminal)) Beliefs: believes-crime-caused-serious-harm(p, q, m) Black-and- white concepts Grey concepts Pre-emptive enforcement (access control or runtime monitoring) does not suffice Must rely on after-the-fact audit

6 Audit-Based Approach Privacy law Computer-readable privacy policy in first-order logic Organizational audit log Detect policy violations Audit Prior work This paper Collected by organizational databases

7 Outline of Talk Introduction Overview of Audit Algorithm Details of Audit Algorithm Formal Properties Conclusion

8 Challenge for Enforcement Audit Logs are Incomplete Future: store only past and current events Example: Timely data breach notification refers to future event Subjective: no grey information Example: May not records evidence for purposes and beliefs Spatial: remote logs may be inaccessible Example: Logs distributed across different departments of a hospital

9 Abstract Model of Incomplete Logs Model all incomplete logs uniformly as 3-valued structures Define semantics (meanings of formulas) over 3-valued structures

10 An Iterative Algorithm Check as much policy as possible on current log and output a residual policy. Iterate when log is extended with more information. Grey concepts checked by human auditor at any time.

11 Reduce: The Iterative Algorithm reduce ( L, φ ) = φ' φ0φ0 φ0φ0 φ1φ1 φ1φ1 φ2φ2 φ2φ2 reducereduce reducereduce reducereduce reducereduce Logs Policy Time

12 Example { p1 UPMC, p2 allegeny-police, m M2, q Bob, u id-bank-robber, t date-of-treatment } purp_in(id-bank-robber, id-criminal) { m M1 } is-admission-of-crime(M1) believes-crime-caused-serious-harm(UPMC, M1) Log Jan 1, 2011 state(Bob, M1) Jan 5, 2011 send(UPMC, allegeny-police, M2) tagged(M2, Bob, date-of-treatment, id-bank-robber) T φ' = 12

13 Reduce: Formal Definition c is a formula for which satisfying substitutions of x can be computed Initial policy must also pass a one-time, linear check called a mode check We have verified that the entire HIPAA and GLBA Privacy Rules pass this check

14 Formal Properties of Reduce Correctness

15 Formal Properties of Reduce Complexity

16 Formal Properties of Reduce Minimality of Output

17 Implementation and evaluation over simulated audit logs for compliance with all disclosure- related clauses of HIPAA Privacy Rule Performance: Average time for checking compliance of each disclosure of protected health information is 0.16s for a 15MB log Mechanical enforcement: Reduce can automatically check 80% of all the atomic predicates Implementation and Case Study

18 Other Applications of Reduce Runtime monitoring For policies that do not mention future obligations or grey concepts Advisory tool: Is an action allowed? Run reduce on hypothetical log containing the action

19 Closely Related Work Runtime monitoring in MFOTL [Basin et al 10] Pre-emptive enforcement Efficient implementation Assumes past-completeness of logs Less expressive mode checking

20 Closely Related Work Iterative Model Checking [Thati, Rosu 05] Propositional logic Cannot express privacy legislation

21 Conclusion Iterative, interactive algorithm for policy audit Checks as much policy as possible Outputs residual policy Provably correct, efficient, optimal Works with incomplete logs Expressive for real privacy laws

22 Questions?

23 The Case for Audit Run-time access control mechanisms are not sufficient to enforce privacy policies Purposes & beliefs (grey concepts on previous slide) And also future obligations (e.g., notice of data breach should go out within 30 days) Human input is essential for resolving grey concepts

Download ppt "Policy Auditing over Incomplete Logs: Theory, Implementation and Applications Deepak Garg 1, Limin Jia 2 and Anupam Datta 2 1 MPI-SWS (work done at Carnegie."

Similar presentations

H = P = A = HIPAA DEFINED HIPAA … A Federal Law Created in 1996 Health

H = P = A = HIPAA DEFINED HIPAA … A Federal Law Created in 1996 Health
April 7, BDIM 2006 Vancouver, Canada - Frederick Yip – University of New South Wales Enforcing Business Rules and Information Security Policies through.

April 7, BDIM 2006 Vancouver, Canada - Frederick Yip – University of New South Wales Enforcing Business Rules and Information Security Policies through.
QUN NI 1, SHOUHUAI XU 2, ELISA BERTINO 1, RAVI SANDHU 2, AND WEILI HAN 3 1 PURDUE UNIVERSITY USA 2 UT SAN ANTONIO USA 3 FUDAN UNIVERSITY CHINA PRESENTED.

QUN NI 1, SHOUHUAI XU 2, ELISA BERTINO 1, RAVI SANDHU 2, AND WEILI HAN 3 1 PURDUE UNIVERSITY USA 2 UT SAN ANTONIO USA 3 FUDAN UNIVERSITY CHINA PRESENTED.
HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
Todd Frech Ocius Medical Informatics 6650 Rivers Ave, Suite 137 North Charleston, SC 29406 843-576-1426 Health Insurance Portability.

Todd Frech Ocius Medical Informatics 6650 Rivers Ave, Suite 137 North Charleston, SC Health Insurance Portability.
Auto-Generation of Test Cases for Infinite States Reactive Systems Based on Symbolic Execution and Formula Rewriting Donghuo Chen School of Computer Science.

Auto-Generation of Test Cases for Infinite States Reactive Systems Based on Symbolic Execution and Formula Rewriting Donghuo Chen School of Computer Science.
University Data Classification Table* Level 5Level 4 Information that would cause severe harm to individuals or the University if disclosed. Level 5 information.

University Data Classification Table* Level 5Level 4 Information that would cause severe harm to individuals or the University if disclosed. Level 5 information.
HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.

HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.
PRESENTATION ON MONDAY 7 TH AUGUST, 2006 BY SUDHIR VARMA FCA; CIA(USA) FOR THE INSTITUTE OF INTERNAL AUDITORS – INDIA, DELHI CHAPTER.

PRESENTATION ON MONDAY 7 TH AUGUST, 2006 BY SUDHIR VARMA FCA; CIA(USA) FOR THE INSTITUTE OF INTERNAL AUDITORS – INDIA, DELHI CHAPTER.
Formalization of Health Information Portability and Accountability Act (HIPAA) Simon Berring, Navya Rehani, Dina Thomas.

Formalization of Health Information Portability and Accountability Act (HIPAA) Simon Berring, Navya Rehani, Dina Thomas.
1 The Health Insurance Portability and Accountability Act (HIPAA) A guided tutorial for GVSU employees.

1 The Health Insurance Portability and Accountability Act (HIPAA) A guided tutorial for GVSU employees.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
Changes to HIPAA (as they pertain to records management) Health Information Technology for Economic Clinical Health Act (HITECH) – federal regulation included.

Changes to HIPAA (as they pertain to records management) Health Information Technology for Economic Clinical Health Act (HITECH) – federal regulation included.
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
1 Louisiana Department of Health and Hospitals Basic HIPAA Privacy Training: Policies and Procedures 01/09/2009 0.

1 Louisiana Department of Health and Hospitals Basic HIPAA Privacy Training: Policies and Procedures 01/09/
CHAPTER © 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2 The Use of Health Information Technology in Physician Practices.

CHAPTER © 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2 The Use of Health Information Technology in Physician Practices.
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
© 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2.5 HIPAA Legislation and its Impact on Physician Practices 2-15 The Health Insurance Portability.

© 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2.5 HIPAA Legislation and its Impact on Physician Practices 2-15 The Health Insurance Portability.

Similar presentations

Ads by Google