Elisa Bertino - Purdue University
Jan 27, 2016
Download: MP4 Video
Watch in your Browser
Watch on YouTube
"Big Data Security and Privacy"
Technological advances and novel applications, such as
sensors, cyber-physical systems, smart mobile devices, cloud systems, data analytics, and social networks, are making possible to capture, and to quickly process and analyze huge amounts of data from which to extract information critical for security-related tasks. In the area of cyber security, such tasks include user authentication, access control, anomaly detection, user monitoring, and protection from insider threat. By analyzing and integrating data collected on the Internet and Web one can identify connections and relationships among individuals that may in turn help with homeland protection. By collecting and mining data concerning user travels and disease outbreaks one can predict disease spreading across geographical areas. And those are just a few examples; there are certainly many other domains where data technologies can play a major role in enhancing security. The use of data for security tasks is however raising major privacy concerns. Collected data, even if anonymized by removing identifiers such as names or social security numbers, when linked with other data may lead to re-identify the individuals to which specific data items are related to. Also, as organizations, such as governmental agencies, often need to collaborate on security tasks, data sets are exchanged across different organizations, resulting in these data sets being available to many different parties. Apart from the use of data for analytics, security tasks such as authentication and access control may require detailed information about users. An example is multi-factor authentication that may require, in addition to a password or a certificate, user biometrics. Recently proposed continuous authentication techniques extend access control system. This information if misused or stolen can lead to privacy breaches.
It would then seem that in order to achieve security we must give up
privacy. However this may not be necessarily the case. Recent advances in cryptography are making possible to work on encrypted data – for example for performing analytics on encrypted data. However much more needs to be done as the specific data privacy techniques to use heavily depend on the specific use of data and the security tasks at hand. Also current techniques are not still able to meet the efficiency requirement for use with big data sets.
In this talk we will discuss methods and techniques to make this reconciliation possible and identify research directions.
About the Speaker
Elisa Bertino is professor of computer science at Purdue University
and serves as Research Director of the Center for Information and
Research in Information Assurance and Security (CERIAS). She is also
an adjunct professor of Computer Science & Info tech at RMIT. Prior
to joining Purdue in 2004, she was a professor and department head at
the Department of Computer Science and Communication of the University
of Milan. She has been a visiting researcher at the IBM Research
Laboratory (now Almaden) in San Jose, at the Microelectronics and
Computer Technology Corporation, at Rutgers University, at Telcordia
Technologies. Her recent research focuses on database security,
digital identity management, policy systems, and security for web
services. She is a Fellow of ACM and of IEEE. She received the IEEE
Computer Society 2002 Technical Achievement Award and the IEEE
Computer Society 2005 Kanai Award. She is currently serving as EiC of
IEEE Transactions on Dependable and Secure Computing
Unless otherwise noted, the security seminar is held on Wednesdays at 4:30P.M.
STEW G52 (Suite 050B), West Lafayette Campus. More information...