The WITDOM first project presentation has been updated to include a summary of the results corresponding to the first 18 months of the project. The presentation includes a high-level overview of the project scenarios, methodologies to elicit requirements and to formalize them into technical requirements, as well as the initial architecture.
Unraveling Multimodality with Large Language Models.pdf
Witdom overview 2016
1. empoWering prIvacy and securiTy in
non-trusteD envirOnMents
Project Presentation 2016
witdom.eu
https://twitter.com/W1TD0M
https://www.linkedin.com/groups/8257514
2. 22empoWering prIvacy and securiTy in non-trusteD envirOnMents
Content
1) Project Facts
2) Value Proposition
3) Main innovations
4) Sought impact
5) Main Scenarios:
eHealth and FS
6) Project roadmap
7) WITDOM requirements
8) WITDOM Architecture
9) WITDOM platform
10) Project structure
3. WITDOM: “empoWering prIvacy and securiTy in
non-trusteD envirOnMents”.
Research and Innovation Action.
Call 1 of the H2020-ICT-2014-1
ICT-32-2014 - topic of Cybersecurity, Trustworthy ICT
Project No. 644371
Started in January 2015
Duration: 36 months
Overall project budget: 4 million euro.
WITDOM consortium: 7 different organizations from
5 European countries
Project Facts
4. WITDOM value proposition
Storage/
Data processing
CLOUD PROVIDER
Untrusted domain
(i.e: public cloud)
Trusted domain
(i.e: private cloud)
End-users
Public Institution
Regulator
3rd parties
IT DEPARTMENT
Operations
Internal users
Protected
data
Requests
External
users
5. WITDOM value proposition (II)
Framework for end-to-end protection of outsourced
data in untrusted ICT-based environments.
Framework
Protection Building blocks
Reference
Implementations
Guidelines
Platform
Scenarios
Metrics
General Outcomes Practical Level Implementation Level
6. 6
Main innovations
Privacy Enhancing
Techniques,
perturbation
mechanisms and privacy
metrics
Privacy-
preserving
cryptograph
ic
techniques
supporting
encrypted
processing
Cryptographic
techniques for Integrity
and Verifiability of
outsourced processes
European
Legal
Landscape
Privacy metrics for
sensitive outsourced
data and quantifiable
leakage and traces
– Efficient HE
– Current limitations in
terms of full
anonymisation
– Produce efficient data
processing techniques.
– Integrity and consistency
guarantees
– Overcome current
restrictions to simple
storage services
– Overcomes limitations in
concurrent operation
Evolution of the EU data
protection regulation
Holistic vision,
with
interrelated
and entangled
advance in all
areas
7. Macro level:
• New paradigm for design and implementation of ICT
• Measurably higher level of security and privacy at marginal
additional cost
• Products compliant with EU Data Protection legislation
Societal level
• Increased user trust in ICT services and protection of user privacy
• Improved ability to detect breaches in security
• More resilient critical infrast. and services with built-in
trustworthiness
Research & Innovation level
• Simplified crypto primitives implementation, easy-to-manage
security (reduced complexity of security infrast.)
• Provable improved security than traditionally designed ICT
• User empowerment over data and trust relations (user-centric
tools to define / automatically enforce privacy preferences)
Sought Impacts
8. Outcomes for Europe’s ICT Market Players
A cloudified version of the platform, ready to be
deployed in most notable cloud platforms:
Amazon, Google, Openstack…
A set of PETs, secure primitives and other
building blocks (e.g. authorization) which can be
combined, extended or re-arranged to address
other scenarios.
The knowledge of deploying and implementing
the framework in two privacy-sensitive pilot test
settings.
9. WITDOM Scenarios: overview
Concept eHealth Financial
Scope Genetic/proteomic
databases protection, shared
for large-scale research
analyses and outsourced
individual clinical analyses.
Protection of large-scale
outsourced financial data storage
and processing.
Processes • Reads alignment
• Variants annotations
• Data remote access
• Credit card transaction fraud
detection and prevention
• Credit risk scoring
• Cash flow forecasting
Data size Big files (GB) Small records (<1KB)
Data quantity A few files per user
(Medical reports, list of
variants, raw genomic data)
Many records per users
(personal info + transactions +
customer portfolio)
Access to data A few access Many access
Computation Batch computation Batch & Real-time computations
12. Other Areas of Application
Smart grid: efficiently and securely process
housholds’ consumption data in order to
a) adjust the energy provisioning, and
b) accurately bill the customer without invading their
privacy.
Public transportation: People using public
transportation means (train, buses, underground) may
share their personal data about their daily journeys in
order to help the companies to improve their services.
Environment analysis: image processing from optical
instruments and visual recording systems in order to
locate hazardous events, locate missing people, or
analyse people behaviour.
13. Towards an E2E security framework
WITDOM scenarios
Requirements: scenario, legal, technical
Common architecture
Preliminary toolset & platform
Use-case architectures
Preliminary prototypes
Prototypes evaluation
Final prototypes and platform
Y1
(2015)
Y2
(2016)
Y3
(2017)
14. User-centered design philosophy
Co-creation + SPbD methodology
Key: exploit feared events
• Description of “bad scenarios” is easier
o I do not want “them” to do research on my DNA!
• Driven by known privacy/security principles
o LINDDUN, STRIDE, etc.
Requirements methodology SPACE
18. Data types DPD/GDPR General/sensitive
Anonymous
Pseudonymous Varies
Health data Sensitive
Genetic data Sensitive
Medical data Sensitive
Health related data Sensitive
Data which allows for health related conclusions Sensitive
Financial data General
Legal and Ethical Requirements
Approach:
Focus on general character of the WITDOM system: analysis of general
requirements.
Focus on complementarity and diversity in WITDOM scenarios: analysis of
sector specific requirements.
Focus on future oriented approach of WITDOM: analysis of the changing
international requirements.
19. Legal and Ethical requirements (II)
Concept eHealth Financial
Legal
Requirements
• Outsourcing
• Genetic data protection
• Provision of care
• Clinical trials (consent)
• Further use for research
purposes
• Outsourcing
• Fraud scoring
• Cash-flow prediction
• Data protection: 4 Data
quality principles
(Transparency,
Proportionality, Finality and
Lawfulness)
Ethical
Principles
• Respect for Persons/Principle
of Autonomy
• Non-maleficence
• Beneficence
• Justice
• Dignity
• Responsibility
• Accountability
• Non-maleficence
• Wrongful discrimination
• Transparency
• Accountability
20. Research challenges in WITDOM
Secure and efficient cryptographic building blocks
• Efficient SHE, no bootstrapping
• HW-mediated FHE
• Function optimization
• Security Analysis
• Implementation in HELib
Applied Cryptography for efficient processing in the Encrypted
Domain
• Primitive redesign
• Signal and data pre-coding/SPED
• Combination of PETs and crypto
• Trade-off analysis
• Scalability
• Masking approaches
Non-cryptographic Privacy Enhancing Techniques
• Unlinkability through
anonymization/pseudonimization
techniques
• Applicability of perturbation techniques
• Link to applied metrics and privacy-
utility trade-offs
• Scenario-specifics for achievable privacy
and adequate PETs-based approach
Integrity and Verifiability of Outsourced Processes
• Increase efficiency
• Advance in complex system models
• Generalization of verification methods
• Violation recovery
• Integration with privacy-preservation
General framework, combined advances in all research areas
21. Functional requirements drive development of secure processing tools
(protection components).
Methodology for formalization and assessment of privacy-related
technical requirements
Difficult but possible interplay between cryptographic and privacy
guarantees.
Challenge: Optimize Utility-Efficiency-Privacy tradeoff
Technological requirements and
assessment methodology
Requirements
Elicitation
Privacy
Property Metric Threshold Validation
Dialogue with
scenarios
Iterative with
scenarios
Dialogue with
scenarios
Supervised by
scenarios
23. Each protection component will be able to deploy over specified IaaS
Deployment mechanism:
WITDOM platform
Trusted domain Untrusted domain
Chef
server
Cloudify manager
WITDOM Platform
OS1 OS2 AWS
DEB/RPM
packages
Chef scripts
Blueprint/TOSCA
document
Deployment on
trusted domain/local
infrastructure
Trusted and cloud
environment
Cloud
environment
27. Partners
Contact
Elsa Prieto (Atos)
WITDOM coordinator
elsa.prieto@atos.net
This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant
agreement No. 64437. This work was supported in part by the Swiss State Secretariat for Education, Research and Innovation
under contract No. 15.0098. The opinions expressed and arguments employed herein do not necessarily reflect the official
views of the European Commission or the Swiss Government.
witdom.eu
https://twitter.com/W1TD0M
https://www.linkedin.com/groups/8257514