Browse

A Comprehensive Policy-Driven Framework for Online Privacy Protection: Integrating IT, Human, Legal and Economic Perspectives

Principal Investigator(s): Elisa Bertino; Victor Raskin; Robert Proctor; Melissa Dark; Ninghui Li

Privacy is increasingly a major concern that prevents the exploitation of the Internet’s full potential. Consumers are concerned about the trustworthiness of the websites to which they entrust their sensitive information. Although significant industry efforts are seeking to better protect sensitive information online, existing solutions are still fragmented and far from satisfactory. Specifically, existing languages for specifying privacy policies lack a formal and unambiguous semantics, are limited in expressive power and lack enforcement as well as auditing support. Moreover, existing privacy management tools aimed at increasing end-users’ control over their privacy are limited in capability or difficult to use. This project seeks to provide a comprehensive framework for protecting online privacy, covering the entire privacy policy life cycle. This cycle includes enterprise policy creation, enforcement, analysis and auditing, as well as end user agent presentation and privacy policy processing. The project integrates privacy-relevant human, legal and economic perspectives in the proposed framework. This project will develop an expressive, semantics-based formal language for specifying privacy policies, an access control and auditing language for enforcing privacy policies in applications, as well as theory and tools for verifying privacy policies. Additionally, experiments and surveys will be conducted to better understand the axes of users’ privacy concerns and protection objectives. Results from this empirical work will be used to develop an effective paradigm for specifying privacy preferences and methods to present privacy policies to end users in an accurate and accessible way.

A Computational Model for High-assurance Dynamic Information Systems

Principal Investigator(s): Jan Vitek

A Context-Driven Security Framework for Distributed Healthcare Domain

Principal Investigator(s): Arif Ghafoor

The primary objective of the Personal Health Record (PHR) initiative is to empower users (patients) to control their own private medical information not only in terms of management and access but also allowing the sharing of their information with others in a private, secure, and confidential environment. Generally, disclosure of personal information depends on the circumstances of access including the privacy concerns of the individual patient. In particular, for using EHR/PHR technology the overriding public concern is ensuring security and privacy of their health care information, which is a serious technological challenge for the PHR technology developer. Following are the two key barriers to a wider use of PHR.

(a) Inability of a patient to compose consistent and context-aware disclosure policies for his/her collection of Electronic Health Records (HER). These records can be maintained by various heterogeneous health care and government enterprises. The challenge is to provide an intelligent user-friendly and patient-centered environment empowering the user to control access privileges relevant to various contexts.

(b) Secure and privacy-aware interoperability and data sharing among independent healthcare enterprises. The challenge is how to ensure secure sharing of data among multiple health-care enterprises, with potentially diverse security policies and guarantee privacy-preserving data integration among such enterprises.

The objective of this project is to develop a healthcare prototype on NIST’s Policy Machine (PM) for exhibiting our newly developed context-driven policy framework. For the demo, a PHR multimedia database is being implemented which consists of text, images, audio and video data whereby fine-grained access to individual multimedia objects will be implemented based on the roles across multiple healthcare domains.

A Framework for Managing the Assured Information Sharing Lifecycle

Principal Investigator(s): Elisa Bertino, Chris Clifton, Ninghui Li, Eugene Spafford

AISL is a five year MURI project sponsored by the Air Force Office of Scientific Research focused on developing an integrated framework to support assured information sharing. This collaborative research project comprises researchers from UMBC, Purdue University, and the Universities of Illinois, Michigan, Texas at Dallas, and Texas at San Antonio.

Our research is framed by a set of requirements relevant to applications found in the DoD, Government and industry. Significant research contributions will include the definition of an AIS lifecycle (AISL) that is driven by the 4Vs — volume, veracity, velocity, vector — as well as cross-cutting requirements. Within the overarching lifecycle perspective we will focus on the development of:

  1. a software framework based on a secure semantic event-based service oriented architecture to realize the life cycle,
  2. novel policy languages, reasoning engines and negotiation strategies,
  3. techniques for information integration, analysis and quality,
  4. secure knowledge management for AISL based on risk and incentives, and
  5. techniques to exploit social networks to enhance AISL.

For each of these areas, we will contribute to the underlying theory and algorithms as well as build prototypes of software components and systems. The resulting concepts and technology will be demonstrated and evaluated through prototype applications developed in collaboration with partners in Government and industry. The end result will be concepts, algorithms and technologies that will enhance the DoD.s ability to implement and deploy systems that are capable of sharing information securely with greater assurance.

A High Assurance, High Capacity Platform for Information Operations

Principal Investigator(s): Eugene Spafford

Contracted research from Lockheed Martin

A Holistic Approach to Reliable Pervasive Systems

Principal Investigator(s): Patrick Eugster

A Multi-site Study of How Medical Surgical Medical Nurses Spend Their Time: a Baseline

Principal Investigator(s): Bill Cleveland, Chris Clifton

A Novel Approach to Robust, Secured, and Cancellable Biometrics

Principal Investigator(s): Xukai Zou

Biometrics is to automatically identify or verify a person using physical, biological, and behavior characteristics, which include face, iris, fingerprints, hand geometry, voice, and etc. Compared to the traditional identification and verification methods (such as, some paper, plastic ID card, or password), biometrics is more convenient for users, reduces fraud, and can be more secure. Biometrics is becoming an important ally of security, intelligence, and law enforcement.

However, there are concerns about biometrics for daily life applications, such as security issues, privacy issues, standards, and etc. Among them, the biggest concern is the security of the biometric data. Unlike traditional identity methods, it is very hard, sometimes impossible, to re-issue a person’s biometric data. If biometric data is obtained, for example compromised due to identity theft, the user will lose control over them forever and lose his/her identity.

Some researchers proposed to encrypt biometric data. They are using quite standard methods such as Advanced Encryption Standard (AES) and Public key cryptosystem RSA and cryptographic hash functions. The main issue related to them is key and key management, which has been studied independently from biometrics. As a result, there is a lack of research on the dependent relation between biometrics and encryption/integrity/key management and on comprehensive mechanisms involving authentication, encryption, data integrity, and key management.

Recently, some biometric researchers have proposed cancellable biometrics, which allows the system to re-issue the biometric for a user. The key idea of the cancellable biometrics is to distort the biometric image/signal/features before matching. The distortion parameters can be easily changed, which provides the cancelable nature of the scheme.

However, few if any have combined encryption and cancellable biometrics together to ensure the security of biometric data in storage, transmission, and identification. The simple and naïve approach is to put them together by designing a cancellable biometric method and applying encryption. This approach does not take consideration of the characteristics of biometrics and would not be applicable to real-life scenarios.

In this project, we propose a robust, secured, and cancellable biometrics method, which incorporates the encryption/key/key management into the cancellable biometric method design to provide the optimum solution. The PIs are experts in the field of biometrics, security, and network administration, which are essential for the success of this project.

A Survivable Information Infrastructure for National Civilian BioDefense

Principal Investigator(s): Cristina Nita-Rotaru

This project focuses on the theoretical foundation and the protocols that facilitate a survivable information infrastructure that meets the critical requirements of a national emergency response system. Specifically, the project will address the following challenges: (1) expand the existing theoretical framework to analyze the behavior of malicious and colluding participants; (2) design and construct a scalable survivable messaging system that operates correctly under a strong adversarial model that includes insider threat and denial of service attacks; (3) design and construct information access protocols that protect against compromised database servers providing incorrect data or servers that deny access to legitimate users; and (4) prevent malicious users from learning unauthorized information. The domain of application for this work is the Clinicians’ Biodefense Network (CBN), a nationwide Internet-based information exchange system designed to provide clinicians with critical information in the aftermath of a bioterrorist attack. The CBN is designed to mitigate benign Internet faults and to resist a physical attack on one location. However, it is not able to correctly operate under a stronger threat model that includes insider attacks. Solutions for this stronger threat model are not currently available and present a major research challenge. This project will construct a prototype survivable system based on the CBN, and from it draw general principles. It will develop a solid theoretical foundation and novel system tools to facilitate building national emergency networks that are resilient against cyber-attacks in crisis situations, when those networks are most urgently needed.

A Systematic Defensive Framework for Combating Botnets

Principal Investigator(s): Eugene Spafford, Elisa Bertino, Ninghui Li, Dongyan Xu