Managing Information Leakage
نویسندگان
چکیده
We explore the problem of managing information leakage by connecting two hitherto disconnected topics: entity resolution (ER) and data privacy (DP). As more of our sensitive data gets exposed to a variety of merchants, health care providers, employers, social sites and so on, there is a higher chance that an adversary can “connect the dots” and piece together our information, leading to even more loss of privacy. For instance, suppose that Alice has a social networking profile with her name and photo and a web homepage containing her name and address. An adversary Eve may be able to link the profile and homepage to connect the photo and address of Alice and thus glean more personal information. The better Eve is at linking the information, the more vulnerable is Alice’s privacy. Thus in order to gain DP, one must try to prevent important bits of information being resolved by ER. In this paper, we formalize information leakage and list several challenges both in ER and DP. We also propose using disinformation as a tool for containing information leakage.
منابع مشابه
Managing the Intertwining among Users, Roles, Permissions, and User Relationships in an Information Flow Control Model
Information flow control prevents information leakage during the execution of an application. Many information flow control models are available and they offer useful features. In the past years, we identified that managing the intertwining among users, roles, permissions, and user relationships is essential. Since we cannot identify a model that manages the intertwining, we developed a new mod...
متن کاملCS 730 R : Topics in Data and Information Management – Big Data Analytics
The paper presents two concepts: entity resolution (ER, record linkage) and data privacy (DP). Authors presented a sketch of a framework for managing information leakage, and studied how the framework can be used to answer a variety of questions related to ER and DP. In the paper they studied the problems of measuring the incremental leakage of critical information. The framework bases on defin...
متن کاملAccess Control and Declassification
We integrate programming constructs for managing confidentiality in an ML-like imperative and higher-order programming language, dealing with both access control and information flow control. Our language includes in particular a construct for declassifying information, and constructs for granting, restricting or testing the read access level of a program. We introduce a type and effect system ...
متن کاملAn Access Control Model for Workflows Offering Dynamic Features and Interoperability Ability
Workflow management systems (WFMS) are useful in designing and evolving processes such as business processes. Recently, workflow security has been recognized as important. Workflow security issues include network security, authentication, access control, and so on. Our research focuses on access control. This paper proposes a model WfRBAC (role-based access control within workflows) for workflo...
متن کاملInformation flow in the pharmaceutical supply chain
Managing the supply chain plays an important role in creating competitive advantages for companies. Adequate information flow in supply chain is one of the most important issues in SCM. Therefore, using certain Information Systems can have a significant role in managing and integrating data and information within the supply chain. Pharmaceutical supply chain is more complex than many other supp...
متن کامل