Ingegrity and Reactive Security

Data Poisoning

End-point input validation/ filtering

Big data technology can provide fast processing and various types of data analysis.

Adversary may tamper with device or software

Tamper-proof software

Adversary may clone fake devices

Trust certificate and truste devices

Adversary may directly control source of data

Analytics to detect outliers

Adversary may compromise data in transmission

Cryptographic Protocols

Fraud Detection

Real time security compliance monitoring

Detecting in a real-time manner for anomalous retrieval of personal information.

Security of the infrastructure

Discussed before

Security of the monitoring code itself

Secure coding practices

Security of the input sources

Discussed before

Adversary may cause data poisoning

Analytics to detect outliers

Data Privacy

Consumer Data Privacy

Scalable and composable privacy preserving data mining and analytics

User safety will be inproved if scalable and robust privacy preserving data mining algorithm are applied.

Exploiting vulnerability at host

Encryption of data at rest, access control and authorization mechanisms

Insider threat

Separation of duty principles, clear policy for logging access to datasets

Outsourcing analytics to untrusted partners

Unintended leakage through sharing of data

Unintended leakage through sharing of data

Data Integrity and Privacy

Cryptographically enforced access control and secure communication

To ensure that the most sensitive private data is end-to-end secure and only accessible to the authorized entities, data has to be encrypted based on access control policies.

Enforcing access control

Identity and Attribute-based encryptions

Search and filter

Encryption techniques supporting search and filter

Outsourcing of computation

Fully Homomorphic Encryption

Integrity of data and preservation of anonymity

Group signatures with trusted third parties

Data Privacy

Granular access control

The shared data is often swept into a more restrictive category to guarantee sound security.

Keeping track of secrecy requirements of individual data elements

Pick right level of granularity: row level, column level, cell level

Maintaining access labels across analytical transformations

At the minimum, conform to lattice of access restrictions. More sophisticated data transforms are being considered in active research