1 / 28

Towards an end-to-end architecture for handling sensitive data

Towards an end-to-end architecture for handling sensitive data. Hector Garcia-Molina Rajeev Motwani and students. 1. DB Perspective. Performance Preservation Distribution (P2P) Bad Guys: eavesdrop corrupt Trust. DB Perspective. Preservation. goal. +. easy. preservation. easy. -.

juanita-ocampo
Download Presentation

Towards an end-to-end architecture for handling sensitive data

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Towards an end-to-end architecture forhandling sensitive data Hector Garcia-Molina Rajeev Motwani and students 1

  2. DB Perspective • Performance • Preservation • Distribution (P2P) • Bad Guys: • eavesdrop • corrupt • Trust

  3. DB Perspective • Preservation goal + easy preservation easy - - + privacy

  4. Privacy Spectrum • Prevention • Detection • Containment

  5. Prevention: Our Work • Privacy-Preserving OLAP • Distributed Architecture for Secure DBMS (P) • Data Preservation in P2P Systems • P2P Trust and Reputation Management (P) • P2P Privacy Preserving Indexing (P)

  6. Distributed Architecturefor Secure DBMS • Motivation: Outsourcing • Secure Database Provider (SDP) Encrypt ServiceProvider Client

  7. Performance Problem Encrypt ServiceProvider Client Query Q Q’ Client-side Processor Answer “Relevant Data” Problem: Q’ “SELECT *”

  8. The Power of Two DSP1 Client DSP2

  9. Basic Idea { CC# } { CC#, expDate, name } { expDate, name }

  10. Another Example { salary + rand } { salary } { rand }

  11. The Power of Two DSP1 Q1 Query Q Client-side Processor Q2 DSP2 Key: Ensure Cost (Q1)+Cost (Q2)  Cost (Q)

  12. Challenges • Find a decomposition that • Obeys all privacy constraints • Minimizes execution cost for given workload • For given query, find good plan

  13. Most popular queries: • Select on a, b • Select on b, c R1(id, a, b) R2(id, b, c) Example R(id, a, b, c), privacy constraint: { a, b, c } R1(id, a, b) R2(id, b, c) … R1(id, a) R2(id, b, c) R1(id, a, b) R2(id, c) R1(id, a, c) R2(id, b, c)

  14. Detection: Our Work • Simulatable Auditing (P) • k-Anonymity • algorithms and hardness

  15. Containment: Our Work • Paranoid Platform for Privacy Preferences (P) • Entity Resolution

  16. Containment • Trusting • privacy policies • Paranoid

  17. Example: Trusting • Example P3P Policies: • Current purpose: completion and support of the recurring subscription activity • Recipients: DealsRUs and/or entities acting as their agents or entities for whom DealsRUs are acting as an agent... (1) browse policy (2) give info alice (3) cross fingers dealsRus

  18. Example: Email (1) temp a12@w (2) a12@w (3) To:a12@w (4) To: a@z alice’sagent alicea@z dealsRus

  19. API API Strategy/Reference Implementation P4P: Paranoid Platformfor Privacy Preferences Framework Data/Control Types: t1 ... tn

  20. Private Information sharable accountable no integration control no predicate input limited time use complete privacy function copy identifier service handle input to predicate ownership individual organization

  21. Entity Resolution • Applications: • mailing lists, customer files, counter-terrorism, ... e2 e1 N: a A: b CC#: c Ph: e N: a Exp: d Ph: e

  22. 1.0 1.0 0.7 Nm: Alice Ad: 32 Fox Ph: 5551212 Nm: Alice Ad: 32 Fox Ph: 5551212 Nm: Alice Ad: 32 Fox Ph: 5551212 Privacy Alice 1.0 1.0 Nm: Alice Ad: 32 Fox Nm: Alice Ad: 32 Fox Ph: 5551212 Ad: 14 Cat Bob

  23. 1.0 0.7 Nm: Alice Ad: 32 Fox Ph: 5551212 Nm: Alice Ad: 32 Fox Ph: 5550000 Leakage Alice Bob L = 0.6 (between 0 and 1)

  24. 1.0 Nm: Alice Ad: 32 Fox Ph: 5551212 Multi-Record Leakage Alice r1, L = 0.9 r2, L = 0.8 r3, L = 0.7 Bob LL = 0.9 (between 0 and 1, e.g., max L)

  25. Q1: Added Vulnerability? p Alice r1 r2 r3 r4 Bob r4 may cause Bob’s records to snap together! ΔLL = ??

  26. Q2: Disinformation? p Alice r1 r2 r3 r4 (lies) Bob What is most cost effective disinformation? ΔLL = ??

  27. Q3: Verification? p Alice hypothesis h (0.6) r1, 0.9 r2, 0.8 r3, 0.7 ... Bob What is best fact to verify to increase confidence in hypothesis?

  28. Privacy Spectrum • Prevention • Detection • Containment

More Related