Ingegrity and Reactive Security | Data Poisoning | End-point input validation/ filtering | Big data technology can provide fast processing and various types of data analysis. | Adversary may tamper with device or software | Tamper-proof software |
Adversary may clone fake devices | Trust certificate and truste devices | ||||
Adversary may directly control source of data | Analytics to detect outliers | ||||
Adversary may compromise data in transmission | Cryptographic Protocols | ||||
Fraud Detection | Real time security compliance monitoring | Detecting in a real-time manner for anomalous retrieval of personal information. | Security of the infrastructure | Discussed before | |
Security of the monitoring code itself | Secure coding practices | ||||
Security of the input sources | Discussed before | ||||
Adversary may cause data poisoning | Analytics to detect outliers | ||||
Data Privacy | Consumer Data Privacy | Scalable and composable privacy preserving data mining and analytics | User safety will be inproved if scalable and robust privacy preserving data mining algorithm are applied. | Exploiting vulnerability at host | Encryption of data at rest, access control and authorization mechanisms |
Insider threat | Separation of duty principles, clear policy for logging access to datasets | ||||
Outsourcing analytics to untrusted partners | Unintended leakage through sharing of data | ||||
Unintended leakage through sharing of data | |||||
Data Integrity and Privacy | Cryptographically enforced access control and secure communication | To ensure that the most sensitive private data is end-to-end secure and only accessible to the authorized entities, data has to be encrypted based on access control policies. | Enforcing access control | Identity and Attribute-based encryptions | |
Search and filter | Encryption techniques supporting search and filter | ||||
Outsourcing of computation | Fully Homomorphic Encryption | ||||
Integrity of data and preservation of anonymity | Group signatures with trusted third parties | ||||
Data Privacy | Granular access control | The shared data is often swept into a more restrictive category to guarantee sound security. | Keeping track of secrecy requirements of individual data elements | Pick right level of granularity: row level, column level, cell level | |
Maintaining access labels across analytical transformations | At the minimum, conform to lattice of access restrictions. More sophisticated data transforms are being considered in active research |