Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Are “Trusted Systems” Useful for Privacy Protection? Joan Feigenbaum PORTIA Workshop Stanford Univ., July 8-9, 2004.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Are “Trusted Systems” Useful for Privacy Protection? Joan Feigenbaum PORTIA Workshop Stanford Univ., July 8-9, 2004."— Presentation transcript:

1 1 Are “Trusted Systems” Useful for Privacy Protection? Joan Feigenbaum http://www.cs.yale.edu/~jf PORTIA Workshop Stanford Univ., July 8-9, 2004

2 2 General Problem: It is Hard to Exercise “Remote Control” over Sensitive Data  Many machine-readable permissions systems –Rights-management languages –Privacy policies –Software licenses  None is now technologically enforceable. –All software-only permissions systems can be circumvented. –Once data are transferred, control is lost.

3 3 Proposed Solution: “Trusted Systems”  We need definition(s) of “trusted systems.” Key feature: hardware-based, cryptographic support for proofs that remote machines are running approved software stacks  Useful feature –Leads to interesting theory? –Feasible to build and deploy?  Solves practical problems?

4 4 Trusted Systems for the Distribution of Entertainment Content  Content providers’ problem is piracy. Approved software stacks would implement “draconian DRM.” –No unauthorized use of content –No unauthorized access to or transfer of content  Unclear whether these goals, especially the second, can be achieved. See, e.g., –Biddle et al. 2002: “Darknet” creates unauthorized access and transfer. –Haber et al. 2003: Technological weaknesses  If these goals were achieved, the piracy problem would be (at least partly) solved.

5 5 Dan Geer at YLS: “DRM ≡ Privacy”  What (and whose) privacy problem is being addressed?  What is the approved software stack required to do?  Are these technical requirements achievable?  If they were achieved, would the privacy problem be solved? This claim is made often and disputed often in the trusted-system context. Is it true?

6 6 Example: Privacy of Medical Data  Individual data subject –Often, he or she is not the entity that creates the data or the one that must demand proof from a potential data recipient. –Different from DRM for entertainment content.  Institution Hospital, drs’ office, insurance co., etc. Whose problem?

7 7 Privacy of Medical Data, cont.  Targeted attack on specific data subject. Trusted systems won’t prevent this disclosure! –Small data objects (some only one bit) abound. Attacker can disclose them without computers. General fact about trusted systems (but not applicable to DRM for entertainment) –Data objects obtainable by other means. General fact (sometimes applicable to DRM for entertainment, as in “Darknet” )  General disregard for or misunderstanding of rules What problem? Example: Compliance with HIPAA rules about when personal medical data may be disclosed.

8 8 General (Untargeted) HIPAA-Compliant Privacy  Medical-privacy logic is incomplete. Complying with it requires good human judgment. –“Life-threatening situation” –“Public-health emergency” –“Poses a threat to himself or others” Trusted systems can’t fully solve this problem!  This is a general fact about trusted systems; they can’t solve problems that are inherently unsolvable by computers. –Not necessarily relevant to draconian DRM –Relevant to the more general problem of copyright compliance, which includes fair use

9 9 Conclusion: Trusted Systems Cannot Ensure Privacy of Personal Medical Data  Circumvention of privacy-protection mechanisms is not the most pressing threat to medical-data privacy.  More generally, trusted systems will be ineffective when –There are alternative ways to obtain the sensitive data (or accomplish the attacker’s goals). –The relevant policy is not conveniently expressible as a program.  When will trusted systems be effective?

10 10 Policy-Enforcement Mechanisms in MS Products (BAL/cs155/03-25-03)  MS DRM for eBooks  MS DRM for Windows Media  Windows Rights Management Services Office 2003 Information Rights Management  License servers for Terminal Services, File & Print Services, etc.  Xbox (anti-repurposing)  Ultimate TV/eHome (digital storage of video)  File system ACLs  Enterprise policy management Group policy in domains  Partially trusted code policies (.NET Framework)  NGSCB

11 11 Which Attributes are Relevant?  Number of data sources?  Number of data recipients?  Need to retransmit data?  Stability of policies?  Third-party certifiers? When could trusted systems help?

12 12 Whenever “The Program is the Policy?”  Organizations mandate the use of particular software environments for a variety of reasons, some objectionable.  Are there benign reasons to do so? –Absence of particular serious flaws –Mission-critical properties, e.g., Maintains audit trails Does not maintain audit trails –Protection against subversion and misrepresentation (analogy with copy-left licenses)  What else are trusted systems good for?

Download ppt "1 Are “Trusted Systems” Useful for Privacy Protection? Joan Feigenbaum PORTIA Workshop Stanford Univ., July 8-9, 2004."

Similar presentations

Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.

Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.
Operating System Security

Operating System Security
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
Privacy: Accountability and Enforceability Jamie Yoo April 11, 2006 CPSC 457: Sensitive Information in a Wired World.

Privacy: Accountability and Enforceability Jamie Yoo April 11, 2006 CPSC 457: Sensitive Information in a Wired World.
CALEA Compliance in 2006 H. Michael Warren Vice President, Fiduciary Services NeuStar, Inc February 2006.

CALEA Compliance in 2006 H. Michael Warren Vice President, Fiduciary Services NeuStar, Inc February 2006.
Complying with Privacy to Enable Innovation & Research

Complying with Privacy to Enable Innovation & Research
Access Control Methodologies

Access Control Methodologies
Title of Selected Paper: Design and Implementation of Secure Embedded Systems Based on Trustzone Authors: Yan-ling Xu, Wei Pan, Xin-guo Zhang Presented.

Title of Selected Paper: Design and Implementation of Secure Embedded Systems Based on Trustzone Authors: Yan-ling Xu, Wei Pan, Xin-guo Zhang Presented.
HIPAA Security Standards What’s happening in your office?

HIPAA Security Standards What’s happening in your office?
Information Security Policies and Standards

Information Security Policies and Standards
A Credential Based Approach to Managing Exceptions in Digital Rights Management Systems Jean-Henry Morin University of Geneva – CUI.

A Credential Based Approach to Managing Exceptions in Digital Rights Management Systems Jean-Henry Morin University of Geneva – CUI.
The Downside to DRM. What is DRM? “Digital Rights Management” Software used to control access to copyrighted material Protect company from piracy.

The Downside to DRM. What is DRM? “Digital Rights Management” Software used to control access to copyrighted material Protect company from piracy.
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Seven.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Seven.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.

HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.
XACML Gyanasekaran Radhakrishnan. Raviteja Kadiyam.

XACML Gyanasekaran Radhakrishnan. Raviteja Kadiyam.
Microsoft ® Official Course Module 9 Configuring Applications.

Microsoft ® Official Course Module 9 Configuring Applications.
Auditing Logical Access in a Network Environment Presented By, Eric Booker and Mark Ren New York State Comptroller’s Office Network Security Unit.

Auditing Logical Access in a Network Environment Presented By, Eric Booker and Mark Ren New York State Comptroller’s Office Network Security Unit.
Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.

Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.

Similar presentations

Ads by Google