Who has the data ... and will breach the duty of confidence
Who has the data?
... and will breach the duty of conﬁdence!
Imperial College London
Panel: Key Challenges in Distributed Security
22nd IFIP WG 11.3 Working Conference on Data and Applications Security
Body Area Networks for eHealth
Body Area Networks
Personal Area Networks
• Sensory data is continuously captured and aggregated.
• Data is frequently exchanged at device level, at application level and at
• Data is often exchanged through intermediaries which may themselves have
rights to access the data (and aggregate or modify it) and is stored at multiple
• Rights to access data are often determined by context which changes
dynamically (in addition to longer lived attributes e.g., role, competency,...)
• Decisions have to be made with intermittent network access, on devices with
limited computational capabilities and based on incomplete information.
• Retaining control over data usage once data has been exchanged remains an
elusive goal that appears in many application scenarios with varying threats.
• Diﬀerent research topics aim to address variations of the problem: Document
Protection Models, Privacy, UCON, DCON, DRM, ERM, Policy.
• It’s not just about Access Control but includes obligations (both imperative
and deontic), information ﬁltering and/or transformation, monitored
conditions, association between policy and data.
• Access Control models such as RBAC do not easily distribute, scale down or
combine with other concepts such as obligations.
Some lessons from elsewhere (non-security)
• Data processing and device management must be done as close to the origin
as possible. Protection?
• (Constrained) Programmability is the most eﬃcient way of achieving
• Agreements (Contracts) are often desired by all parties.
• This would imply:
• Protect data at source. Add layers e.g. when crossing domain boundaries
• Policies (rules) follow data. Partially? enforced by the recepient; context.
• Establish and enforce Data Sharing Agreements.
• Enforcing privacy policies
on small devices
• Learning privacy policies
from user behaviour