SlideShare a Scribd company logo
1 of 36
Dr Tyrone W A Grandison
All opinions expressed herein are my own and do not reflect the
opinions of of anyone that I work with (or have worked with) or
any organization that am or have been affiliated with.
• Jamaican
Education
• BSc Hons Computer Studies, UWI-Mona.
• MSc Software Engineering, UWI-Mona
• PhD Computer Science, Imperial College –
London
• MBA Finance, IBM Academy
Experience
• 10 years leading Quest team at IBM
• 2 years working in startups
• 3 years running companies and consulting
• Now, working for the White House
Recognition
• Fellow, British Computer Society (BCS)
• Fellow, Healthcare Information and Management
Systems Society (HIMSS)
• Pioneer of the Year (2009), National Society of
Black Engineers (NSBE)
• IEEE Technical Achievement Award (2010) for
“Pioneering Contributions to Secure and Private
Data Management".
• Modern Day Technology Leader (2009), Minority in
Science Trailblazer (2010), Science Spectrum
Trailblazer (2012, 2013). Black Engineer of the
Year Award Board
• IBM Master Inventor
• Distinguished Engineer, Association of Computing
Machinery (ACM)
• Senior Member, Institute of Electrical and
Electronics Engineers (IEEE)
Record
• Over 100 technical papers, over 47 patents and 2
books.
• The Fundamentals
• Auditing
• Privacy
• Cloud Computing
• Why Do We Need A&P in
Clouds
• The Current State of the
World
• Potential Research Areas
• Guiding Principles
• Considerations
• Research Roadmap
• Task 1
• Task 2
• Starting Point
• Small step 1
• Other Steps
• Conclusion
The process of collecting and evaluating evidence to determine whether
a computer system safeguards assets, maintains data integrity, achieves
organizational goals effectively and consumes resources efficiently
- Information Systems Control and Audit, Ron Weber (1998).
generates examined
by
Audit Log/Trail
Auditor
An individual’s right to control, edit, manage, and delete information
about them[selves] and decide when, how, and to what extent
information is communicated to others
 Privacy and Freedom. Alan F. Westin. (1967).
My Data
create
I authorize my doctor to view my
test results for diagnosis purposes only
My insurance company
is not authorized
to see any of my data
Cloud computing is a model for enabling ubiquitous, convenient, on-
demand network access to a shared pool of configurable computing
resources (e.g., networks, servers, storage, applications, and services)
that can be rapidly provisioned and released with minimal management
effort or service provider interaction.
- NIST Special Publication 800-145, Mell & Grance (2011).
 Public Trust
Conjunctive not Disjunctive
 Forensics
 CyberThreats
Developer
Gmail User
Interested
Government
(Agency)
Blackhat
Startup
Cloud
infiltrates
compromises
 Currently, cloud clients trust too much
 Real-time detection of an attack only possible in simplest, most obvious
cases
 Real-time notification is the exception (when possible) not the rule
 Due to cloud delivery model and cloud deployment model, the artifact
that any particular person is using may be different.
 Cloudy specifics on cloud, e.g. location of instances, mechanisms in
place, etc.
 For advanced auditing scenarios, details of the cloud operations,
communications with clients and client-based cloud operations need to
be known
1. Creating Privacy-Preserving Logs
 Assumes that the cloud user does not have full confidence in the
cloud provider or their affiliated ecosystem.
1. Enabling Auditing in a Privacy-Preserving Manner
 Assumes there is not complete trust in the auditor and the service
provider.
 Seamless:
 Integrate into the current mode of operation with minimal to no significant.
 Transparent:
 It should be clear to the cloud service user what the purpose of the mechanism is and when it
is functioning.
 Elastic:
 Be able to scale to dynamically handle the request loads placed on the cloud service provider.
 Low Impact:
 Inclusion of the mechanism should have a minor impact on the storage and performance of
the cloud environment.
 Verifiable:
 An independent third party should prove the veracity of the actions of the mechanism.
 The Mechanism Injection Point (MIP)
 The mechanism injection point refers to the location of the A&P controls. This is the location
where enforcement of the auditing and privacy rules will be performed and the
supplementary mechanisms, such as data structures are situated.
 The Nature of the Cloud Service Employed
 Cloud Model being used, i.e. Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS)
and Infrastructure-as-a-Service (IaaS), etc.
 The Transaction Attack Vector
 The transaction attack vector refers to the class of transactions that are evaluated in the
process of assessing a possible threat.
 There are two types of transaction attack vectors: Requests and Consequences.
 The Threat Determination Point
 The threat determination point refers to the location where the analysis of the recorded
privacy and audit events occurs, i.e. the location where breach detection and notification
happens.
 Create the big picture
 Identify the basic problems
 Efficient Auditing Mechanisms
 Time Synchronization of Logs
 Creating Processing-Friendly, Privacy-Preserving Data
 Processing of Encrypted Log Data
 Mechanisms for Basic Cloud Forensics
 Solve the core problems
 Scale up to the big picture
User Cloud Service Provider (CSP)
Privacy-PreservingAPI
Public Key Infrastructure
NativeAPI
Pseudonym
Request/
Consequence
Parser
Resources
…..
…..
…..
…..
…..
App1
Appn
Privacy-PreservingAPI
C2: signed API request, with user ID
C2: API response/consequence
Auditor
C1
C2
C3
Public Key Infrastructure
Cloud Service Provider (CSP)User
Data
Tables
2004-02…
2004-02…
Timestamp
publicTelemarketingJohnSelect …2
OursCurrentJaneSelect …1
RecipientPurposeUserQueryID
Query Audit Log
Database
Layer
Query with purpose, recipient
Generate audit record
for each query
Updates, inserts, deletes
Backlog
Database triggers track
updates to base tables
Audit
Database
Layer
Audit query
IDs of log queries having
accessed data specified by the
audit query
• Audits whether particular data has
been disclosed in violation of the
specified policies
• Audit expression specifies what
potential data disclosures need
monitoring
• Identifies logged queries that
accessed the specified data
• Analyze circumstances of the
violation
• Make necessary corrections to
procedures, policies, security
Jane complains to the department of Health and Human Services saying that she
had opted out of the doctor sharing her medical information with pharmaceutical
companies for marketing purposes
The doctor must now review disclosures
of Jane’s information in order to
understand the circumstances of the
disclosure, and take appropriate action
Sometime later, Jane receives
promotional literature from a
pharmaceutical company,
proposing over the counter
diabetes tests
Jane has not been feeling well and decides to consult her doctor
The doctor uncovers that Jane’s blood sugar level is high and suspects
diabetes
audit T.disease
from Customer C, Treatment T
where C.cid=T.pcid and C.name =‘Jane’
Who has accessed Jane’s disease information?
Given
A log of queries executed over a data system
An audit expression specifying sensitive data
Precisely identify
Those queries that accessed the data specified by the audit
expression
 “Candidate” query
 Logged query that accesses all columns specified by the audit expression
 “Indispensable” tuple (for a query)
 A tuple whose omission makes a difference to the result of a query
 “Suspicious” query
 A candidate query that shares an indispensable tuple with the audit
expression
Query Q: Addresses of people with diabetes
Audit A: Jane’s diagnosis
Jane’s tuple is indispensable for both;
hence query Q is“suspicious” with respect to A
s PA(s PQ(T ´ R´ S)) ¹j
))((
))((
STA
RTQ
AOA
QOQ
PC
PC




Theorem - A candidate query Q is suspicious with respect to an audit expression A iff:
The candidate query Q and the audit expression A are of the form:
Query Graph Modeler (QGM) rewrites Q and A into:
)))((("" SRTQAi PPQ 
Data
Tables
2004-02…
2004-02…
Timestamp
publicTelemarketingJohnSelect …2
OursCurrentJaneSelect …1
RecipientPurposeUserQueryID
Query Audit Log
Database
Layer
Query with purpose, recipient
Generate audit record
for each query
Updates, inserts, delete
Backlog
Database triggers track
updates to base tables
Audit
Database
Layer
Audit expression
IDs of log queries having
accessed data specified by the
audit query
Static analysis
Generate audit
query
ID Timestamp Query User Purpose Recipient
1 2004-02… Select … James Current Ours
2 2004-02… Select … John Telemarketing public
Query Log
Audit expression
Filter Queries
Candidate queries
Eliminate queries that could
not possibly have violated the
audit expression
Accomplished by examining
only the queries themselves
(i.e., without running the
queries)
OAQ CC 
Merge logged queries and audit expression into a single query graph
Customer
c, n, …, t
audit expression := T.p=C.c and C.n=
‘Jane’
T.s
Select := T.s=‘diabetes’ and T.p=C.c
C.n, C.a, C.z
C
C
Treatment
p, r, …, t
T
T
Customer
c, n, …, t
audit expression := X.n= ‘Jane’
‘Q1’
Select := T.s=‘diabetes’ and C.c=T.p
C.n
View of Customer (Treatment) is a temporal view at
the time of the query was executed
The audit expression now ranges over the logged
query. If the logged query is suspicious, the audit
query will output the id of the logged query
Treatment
p, r, ..., t
X
C
T
0
50
100
150
200
250
5 20 35 50
# of versions per tuple
Time(minutes)
Composite
Simple
No Index
No Triggers
7x if all tuples are updates
3x if a single tuple is updated
Negligible
by using
Recovery
Log to build
Backlog tables
1
10
100
1000
Time(msec.)
# versions per tuple
Simple-I
Simple-C
Composite-I
Composite-C
Time Synchronization of Logs
Processing of Encrypted Log Data
Complete initial solutions for basic problems
 Show their importance (in other domains)
 Integrate into bigger picture.
 Demonstrate applicability to cloud environment
 Partner with Cloud providers to prototype and iron out kinks.
Focus on Cloud Forensics
 Privacy-Preserving Protocols
 Chain of Evidence
 Authenticity
Iterate on initial vision given the current state.
This space has a lot of difficult (and fundamental)
problems.
These specific questions need more researchers
focusing on them
Applicable not only to privacy and auditing in clouds
Translate to fundamental impact to basic Computer
Systems Research.
This is just my view and should never be thought to
be complete and definitive.
Twitter: @tyrgr
Email: tgrandison@proficiencylabs.com
Privacy and Auditing in Clouds
Privacy and Auditing in Clouds

More Related Content

What's hot

Cluster Based Access Privilege Management Scheme for Databases
Cluster Based Access Privilege Management Scheme for DatabasesCluster Based Access Privilege Management Scheme for Databases
Cluster Based Access Privilege Management Scheme for Databases
Editor IJMTER
 
Dx31599603
Dx31599603Dx31599603
Dx31599603
IJMER
 
Final review m score
Final review m scoreFinal review m score
Final review m score
azhar4010
 
Centralized Data Verification Scheme for Encrypted Cloud Data Services
Centralized Data Verification Scheme for Encrypted Cloud Data ServicesCentralized Data Verification Scheme for Encrypted Cloud Data Services
Centralized Data Verification Scheme for Encrypted Cloud Data Services
Editor IJMTER
 
Adaptive Real Time Data Mining Methodology for Wireless Body Area Network Bas...
Adaptive Real Time Data Mining Methodology for Wireless Body Area Network Bas...Adaptive Real Time Data Mining Methodology for Wireless Body Area Network Bas...
Adaptive Real Time Data Mining Methodology for Wireless Body Area Network Bas...
acijjournal
 

What's hot (18)

Cluster Based Access Privilege Management Scheme for Databases
Cluster Based Access Privilege Management Scheme for DatabasesCluster Based Access Privilege Management Scheme for Databases
Cluster Based Access Privilege Management Scheme for Databases
 
Knowing me, knowing you, knowing your disease
Knowing me, knowing you, knowing your diseaseKnowing me, knowing you, knowing your disease
Knowing me, knowing you, knowing your disease
 
Dx31599603
Dx31599603Dx31599603
Dx31599603
 
IRJET- Recommendation System for Electronic Products using BigData
IRJET- Recommendation System for Electronic Products using BigDataIRJET- Recommendation System for Electronic Products using BigData
IRJET- Recommendation System for Electronic Products using BigData
 
Enabling Public Audit Ability and Data Dynamics for Storage Security in Clou...
Enabling Public Audit Ability and Data Dynamics for Storage  Security in Clou...Enabling Public Audit Ability and Data Dynamics for Storage  Security in Clou...
Enabling Public Audit Ability and Data Dynamics for Storage Security in Clou...
 
IRJET - Data Mining and Machine Learning for Cyber Security
IRJET - Data Mining and Machine Learning for Cyber SecurityIRJET - Data Mining and Machine Learning for Cyber Security
IRJET - Data Mining and Machine Learning for Cyber Security
 
Scalable policy-aware Linked Data architecture for prIvacy, transparency and ...
Scalable policy-aware Linked Data architecture for prIvacy, transparency and ...Scalable policy-aware Linked Data architecture for prIvacy, transparency and ...
Scalable policy-aware Linked Data architecture for prIvacy, transparency and ...
 
Software Bug Detection Algorithm using Data mining Techniques
Software Bug Detection Algorithm using Data mining TechniquesSoftware Bug Detection Algorithm using Data mining Techniques
Software Bug Detection Algorithm using Data mining Techniques
 
Cloud assisted privacy preserving and data integrity for mobile health monito...
Cloud assisted privacy preserving and data integrity for mobile health monito...Cloud assisted privacy preserving and data integrity for mobile health monito...
Cloud assisted privacy preserving and data integrity for mobile health monito...
 
Final review m score
Final review m scoreFinal review m score
Final review m score
 
A SECURE SCHEMA FOR RECOMMENDATION SYSTEMS
A SECURE SCHEMA FOR RECOMMENDATION SYSTEMSA SECURE SCHEMA FOR RECOMMENDATION SYSTEMS
A SECURE SCHEMA FOR RECOMMENDATION SYSTEMS
 
C3602021025
C3602021025C3602021025
C3602021025
 
Benchmarks for Evaluating Anomaly Based Intrusion Detection Solutions
Benchmarks for Evaluating Anomaly Based Intrusion Detection SolutionsBenchmarks for Evaluating Anomaly Based Intrusion Detection Solutions
Benchmarks for Evaluating Anomaly Based Intrusion Detection Solutions
 
Security patterns and model driven architecture
Security patterns and model driven architectureSecurity patterns and model driven architecture
Security patterns and model driven architecture
 
Centralized Data Verification Scheme for Encrypted Cloud Data Services
Centralized Data Verification Scheme for Encrypted Cloud Data ServicesCentralized Data Verification Scheme for Encrypted Cloud Data Services
Centralized Data Verification Scheme for Encrypted Cloud Data Services
 
Adaptive Real Time Data Mining Methodology for Wireless Body Area Network Bas...
Adaptive Real Time Data Mining Methodology for Wireless Body Area Network Bas...Adaptive Real Time Data Mining Methodology for Wireless Body Area Network Bas...
Adaptive Real Time Data Mining Methodology for Wireless Body Area Network Bas...
 
Extensive Security and Performance Analysis Shows the Proposed Schemes Are Pr...
Extensive Security and Performance Analysis Shows the Proposed Schemes Are Pr...Extensive Security and Performance Analysis Shows the Proposed Schemes Are Pr...
Extensive Security and Performance Analysis Shows the Proposed Schemes Are Pr...
 
Comparison of Data Mining Techniques used in Anomaly Based IDS
Comparison of Data Mining Techniques used in Anomaly Based IDS  Comparison of Data Mining Techniques used in Anomaly Based IDS
Comparison of Data Mining Techniques used in Anomaly Based IDS
 

Viewers also liked

Bilişim teknolojileri öğretmenliği meslek etiği
Bilişim teknolojileri öğretmenliği meslek etiğiBilişim teknolojileri öğretmenliği meslek etiği
Bilişim teknolojileri öğretmenliği meslek etiği
betulword
 
WSO2 Stratos 2010 September Workshop
WSO2 Stratos 2010 September WorkshopWSO2 Stratos 2010 September Workshop
WSO2 Stratos 2010 September Workshop
Afkham Azeez
 
Managing A Cloud Environment: How To Get Started And Which Way To Go
Managing A Cloud Environment: How To Get Started And Which Way To Go Managing A Cloud Environment: How To Get Started And Which Way To Go
Managing A Cloud Environment: How To Get Started And Which Way To Go
talemadi
 
Concerns with cloud computing
Concerns with cloud computingConcerns with cloud computing
Concerns with cloud computing
Ulf Mattsson
 

Viewers also liked (20)

Cloud Security - Security Aspects of Cloud Computing
Cloud Security - Security Aspects of Cloud ComputingCloud Security - Security Aspects of Cloud Computing
Cloud Security - Security Aspects of Cloud Computing
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
 
Bilişim teknolojileri öğretmenliği meslek etiği
Bilişim teknolojileri öğretmenliği meslek etiğiBilişim teknolojileri öğretmenliği meslek etiği
Bilişim teknolojileri öğretmenliği meslek etiği
 
Architectures For The Cloud
Architectures For The CloudArchitectures For The Cloud
Architectures For The Cloud
 
PERFORMANCE FACTORS OF CLOUD COMPUTING DATA CENTERS USING [(M/G/1) : (∞/GDM O...
PERFORMANCE FACTORS OF CLOUD COMPUTING DATA CENTERS USING [(M/G/1) : (∞/GDM O...PERFORMANCE FACTORS OF CLOUD COMPUTING DATA CENTERS USING [(M/G/1) : (∞/GDM O...
PERFORMANCE FACTORS OF CLOUD COMPUTING DATA CENTERS USING [(M/G/1) : (∞/GDM O...
 
Cloud computing doing more with less
Cloud computing doing more with lessCloud computing doing more with less
Cloud computing doing more with less
 
WSO2 Stratos 2010 September Workshop
WSO2 Stratos 2010 September WorkshopWSO2 Stratos 2010 September Workshop
WSO2 Stratos 2010 September Workshop
 
Managing A Cloud Environment: How To Get Started And Which Way To Go
Managing A Cloud Environment: How To Get Started And Which Way To Go Managing A Cloud Environment: How To Get Started And Which Way To Go
Managing A Cloud Environment: How To Get Started And Which Way To Go
 
Cloud Computing: A New Trend in IT
Cloud Computing: A New Trend in ITCloud Computing: A New Trend in IT
Cloud Computing: A New Trend in IT
 
Making Things Simpler: How Primitives Help Integrate BPM and Enterprise Archi...
Making Things Simpler: How Primitives Help Integrate BPM and Enterprise Archi...Making Things Simpler: How Primitives Help Integrate BPM and Enterprise Archi...
Making Things Simpler: How Primitives Help Integrate BPM and Enterprise Archi...
 
JPJ1410 PACK: Prediction-Based Cloud Bandwidth and Cost Reduction System
JPJ1410  PACK: Prediction-Based Cloud Bandwidth and Cost Reduction SystemJPJ1410  PACK: Prediction-Based Cloud Bandwidth and Cost Reduction System
JPJ1410 PACK: Prediction-Based Cloud Bandwidth and Cost Reduction System
 
Cloud101-Introduction to cloud
Cloud101-Introduction to cloud Cloud101-Introduction to cloud
Cloud101-Introduction to cloud
 
Cloud roadmap
Cloud roadmapCloud roadmap
Cloud roadmap
 
Managing Trade-offs among Architectural Tactics using Feature models and Feat...
Managing Trade-offs among Architectural Tactics using Feature models and Feat...Managing Trade-offs among Architectural Tactics using Feature models and Feat...
Managing Trade-offs among Architectural Tactics using Feature models and Feat...
 
Is your infrastructure holding you back?
Is your infrastructure holding you back?Is your infrastructure holding you back?
Is your infrastructure holding you back?
 
Comparative Analysis of SOA and Cloud Computing Architectures using Fact Base...
Comparative Analysis of SOA and Cloud Computing Architectures using Fact Base...Comparative Analysis of SOA and Cloud Computing Architectures using Fact Base...
Comparative Analysis of SOA and Cloud Computing Architectures using Fact Base...
 
How to move to the cloud
How to move to the cloudHow to move to the cloud
How to move to the cloud
 
Concerns with cloud computing
Concerns with cloud computingConcerns with cloud computing
Concerns with cloud computing
 
The shortest path to cloud success - your roadmap
The shortest path to cloud success - your roadmapThe shortest path to cloud success - your roadmap
The shortest path to cloud success - your roadmap
 
Building Cloud Tools for Netflix
Building Cloud Tools for NetflixBuilding Cloud Tools for Netflix
Building Cloud Tools for Netflix
 

Similar to Privacy and Auditing in Clouds

Recording and Reasoning Over Data Provenance in Web and Grid Services
Recording and Reasoning Over Data Provenance in Web and Grid ServicesRecording and Reasoning Over Data Provenance in Web and Grid Services
Recording and Reasoning Over Data Provenance in Web and Grid Services
Martin Szomszor
 
Corporate Public Investigations
Corporate Public InvestigationsCorporate Public Investigations
Corporate Public Investigations
CTIN
 
In this assignment, you will propose a quality improvement initiat.docx
In this assignment, you will propose a quality improvement initiat.docxIn this assignment, you will propose a quality improvement initiat.docx
In this assignment, you will propose a quality improvement initiat.docx
pauline234567
 
Running Head 2Week #8 MidTerm Assignment .docx
Running Head    2Week #8 MidTerm Assignment               .docxRunning Head    2Week #8 MidTerm Assignment               .docx
Running Head 2Week #8 MidTerm Assignment .docx
healdkathaleen
 
The Federal Information Security Management Act
The Federal Information Security Management ActThe Federal Information Security Management Act
The Federal Information Security Management Act
Michelle Singh
 
Information Technology Security Is Vital For The Success...
Information Technology Security Is Vital For The Success...Information Technology Security Is Vital For The Success...
Information Technology Security Is Vital For The Success...
Brianna Johnson
 

Similar to Privacy and Auditing in Clouds (20)

The Role of Audit Analysis in CyberSecurity
The Role of Audit Analysis in CyberSecurityThe Role of Audit Analysis in CyberSecurity
The Role of Audit Analysis in CyberSecurity
 
Simultaneously Supporting Privacy and Auditing in Cloud Computing Systems
Simultaneously Supporting Privacy and Auditing in Cloud Computing SystemsSimultaneously Supporting Privacy and Auditing in Cloud Computing Systems
Simultaneously Supporting Privacy and Auditing in Cloud Computing Systems
 
Lowlands Unite NL 2017 - ATA to Z
Lowlands Unite NL 2017 - ATA to ZLowlands Unite NL 2017 - ATA to Z
Lowlands Unite NL 2017 - ATA to Z
 
Why IAM is the Need of the Hour
Why IAM is the Need of the HourWhy IAM is the Need of the Hour
Why IAM is the Need of the Hour
 
Recording and Reasoning Over Data Provenance in Web and Grid Services
Recording and Reasoning Over Data Provenance in Web and Grid ServicesRecording and Reasoning Over Data Provenance in Web and Grid Services
Recording and Reasoning Over Data Provenance in Web and Grid Services
 
Corporate Public Investigations
Corporate Public InvestigationsCorporate Public Investigations
Corporate Public Investigations
 
In this assignment, you will propose a quality improvement initiat.docx
In this assignment, you will propose a quality improvement initiat.docxIn this assignment, you will propose a quality improvement initiat.docx
In this assignment, you will propose a quality improvement initiat.docx
 
Running Head 2Week #8 MidTerm Assignment .docx
Running Head    2Week #8 MidTerm Assignment               .docxRunning Head    2Week #8 MidTerm Assignment               .docx
Running Head 2Week #8 MidTerm Assignment .docx
 
The Federal Information Security Management Act
The Federal Information Security Management ActThe Federal Information Security Management Act
The Federal Information Security Management Act
 
CAAT ppt.pptx (Computer Asstt. Technique)
CAAT ppt.pptx (Computer Asstt. Technique)CAAT ppt.pptx (Computer Asstt. Technique)
CAAT ppt.pptx (Computer Asstt. Technique)
 
Microsoft Avanced Threat Analytics
Microsoft Avanced Threat AnalyticsMicrosoft Avanced Threat Analytics
Microsoft Avanced Threat Analytics
 
Vulenerability Management.pptx
Vulenerability Management.pptxVulenerability Management.pptx
Vulenerability Management.pptx
 
Cyber review-guide
Cyber review-guideCyber review-guide
Cyber review-guide
 
Information Technology Security Is Vital For The Success...
Information Technology Security Is Vital For The Success...Information Technology Security Is Vital For The Success...
Information Technology Security Is Vital For The Success...
 
Data Services Marketplace
Data Services MarketplaceData Services Marketplace
Data Services Marketplace
 
Data Quality Challenges & Solution Approaches in Yahoo!’s Massive Data
Data Quality Challenges & Solution Approaches in Yahoo!’s Massive DataData Quality Challenges & Solution Approaches in Yahoo!’s Massive Data
Data Quality Challenges & Solution Approaches in Yahoo!’s Massive Data
 
Application Security 101 (OWASP DC)
Application Security 101 (OWASP DC)Application Security 101 (OWASP DC)
Application Security 101 (OWASP DC)
 
Nguyễn Tấn Vi - office of the CISO
Nguyễn Tấn Vi - office of the CISONguyễn Tấn Vi - office of the CISO
Nguyễn Tấn Vi - office of the CISO
 
Next Gen Clinical Data Sciences
Next Gen Clinical Data SciencesNext Gen Clinical Data Sciences
Next Gen Clinical Data Sciences
 
BDVe Webinar Series - Ocean Protocol – Why you need to care about how you sha...
BDVe Webinar Series - Ocean Protocol – Why you need to care about how you sha...BDVe Webinar Series - Ocean Protocol – Why you need to care about how you sha...
BDVe Webinar Series - Ocean Protocol – Why you need to care about how you sha...
 

More from Tyrone Grandison

Global Scientific Research as a Tool to Unlock and Engage Talent and Expand t...
Global Scientific Research as a Tool to Unlock and Engage Talent and Expand t...Global Scientific Research as a Tool to Unlock and Engage Talent and Expand t...
Global Scientific Research as a Tool to Unlock and Engage Talent and Expand t...
Tyrone Grandison
 

More from Tyrone Grandison (20)

Global Scientific Research as a Tool to Unlock and Engage Talent and Expand t...
Global Scientific Research as a Tool to Unlock and Engage Talent and Expand t...Global Scientific Research as a Tool to Unlock and Engage Talent and Expand t...
Global Scientific Research as a Tool to Unlock and Engage Talent and Expand t...
 
Learning From the COViD-19 Global Pandemic
Learning From the COViD-19 Global PandemicLearning From the COViD-19 Global Pandemic
Learning From the COViD-19 Global Pandemic
 
Systemic Barriers in Technology: Striving for Equity and Access
Systemic Barriers in Technology: Striving for Equity and AccessSystemic Barriers in Technology: Striving for Equity and Access
Systemic Barriers in Technology: Striving for Equity and Access
 
COVID and the Ederly
COVID and the EderlyCOVID and the Ederly
COVID and the Ederly
 
Are There Ethical Limits to What Science Can Achieve or Should Pursue?
Are There Ethical Limits to What Science Can Achieve or Should Pursue?Are There Ethical Limits to What Science Can Achieve or Should Pursue?
Are There Ethical Limits to What Science Can Achieve or Should Pursue?
 
Using Data and Computing for the Greater Good
Using Data and Computing for the Greater GoodUsing Data and Computing for the Greater Good
Using Data and Computing for the Greater Good
 
How to effectively collaborate with your IT Departments to Develop Secure IA ...
How to effectively collaborate with your IT Departments to Develop Secure IA ...How to effectively collaborate with your IT Departments to Develop Secure IA ...
How to effectively collaborate with your IT Departments to Develop Secure IA ...
 
DOES innovation Lab Launch
DOES innovation Lab LaunchDOES innovation Lab Launch
DOES innovation Lab Launch
 
Creating Chandler's IT Strategic Plan
Creating Chandler's IT Strategic PlanCreating Chandler's IT Strategic Plan
Creating Chandler's IT Strategic Plan
 
Inventing with Purpose, Intention and Focus
Inventing with Purpose, Intention and FocusInventing with Purpose, Intention and Focus
Inventing with Purpose, Intention and Focus
 
Becoming a Nation of Innovation
Becoming a Nation of InnovationBecoming a Nation of Innovation
Becoming a Nation of Innovation
 
Running Mixed Workloads on Kubernetes at IHME
Running Mixed Workloads on Kubernetes at IHMERunning Mixed Workloads on Kubernetes at IHME
Running Mixed Workloads on Kubernetes at IHME
 
The Power Of Open
The Power Of OpenThe Power Of Open
The Power Of Open
 
ISPAB Presentation - The Commerce Data Service
ISPAB Presentation - The Commerce Data ServiceISPAB Presentation - The Commerce Data Service
ISPAB Presentation - The Commerce Data Service
 
Building APIs in Government for Social Good
Building APIs in Government for Social GoodBuilding APIs in Government for Social Good
Building APIs in Government for Social Good
 
Strategies and Tactics for Accelerating IT Modernization
Strategies and Tactics for Accelerating IT ModernizationStrategies and Tactics for Accelerating IT Modernization
Strategies and Tactics for Accelerating IT Modernization
 
The Creative Economy within the United States of America
The Creative Economy within the United States of AmericaThe Creative Economy within the United States of America
The Creative Economy within the United States of America
 
Enabling Data-Driven Private-Public Collaborations
Enabling Data-Driven Private-Public CollaborationsEnabling Data-Driven Private-Public Collaborations
Enabling Data-Driven Private-Public Collaborations
 
Creating a Data-Driven Government: Big Data With Purpose
Creating a Data-Driven Government: Big Data With PurposeCreating a Data-Driven Government: Big Data With Purpose
Creating a Data-Driven Government: Big Data With Purpose
 
Security and Privacy in Healthcare
Security and Privacy in HealthcareSecurity and Privacy in Healthcare
Security and Privacy in Healthcare
 

Recently uploaded

Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for Success
UXDXConf
 

Recently uploaded (20)

Designing for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at ComcastDesigning for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at Comcast
 
Intro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджераIntro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджера
 
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfLinux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
 
10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka Doktorová10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka Doktorová
 
AI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří KarpíšekAI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří Karpíšek
 
Google I/O Extended 2024 Warsaw
Google I/O Extended 2024 WarsawGoogle I/O Extended 2024 Warsaw
Google I/O Extended 2024 Warsaw
 
A Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System StrategyA Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System Strategy
 
The UX of Automation by AJ King, Senior UX Researcher, Ocado
The UX of Automation by AJ King, Senior UX Researcher, OcadoThe UX of Automation by AJ King, Senior UX Researcher, Ocado
The UX of Automation by AJ King, Senior UX Researcher, Ocado
 
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdfWhere to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
 
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
 
AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101
 
Speed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in MinutesSpeed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in Minutes
 
THE BEST IPTV in GERMANY for 2024: IPTVreel
THE BEST IPTV in  GERMANY for 2024: IPTVreelTHE BEST IPTV in  GERMANY for 2024: IPTVreel
THE BEST IPTV in GERMANY for 2024: IPTVreel
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for Success
 
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
 
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
 
How we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfHow we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdf
 
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdfThe Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
 
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
 
Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityOptimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through Observability
 

Privacy and Auditing in Clouds

  • 1. Dr Tyrone W A Grandison
  • 2. All opinions expressed herein are my own and do not reflect the opinions of of anyone that I work with (or have worked with) or any organization that am or have been affiliated with.
  • 3. • Jamaican Education • BSc Hons Computer Studies, UWI-Mona. • MSc Software Engineering, UWI-Mona • PhD Computer Science, Imperial College – London • MBA Finance, IBM Academy Experience • 10 years leading Quest team at IBM • 2 years working in startups • 3 years running companies and consulting • Now, working for the White House Recognition • Fellow, British Computer Society (BCS) • Fellow, Healthcare Information and Management Systems Society (HIMSS) • Pioneer of the Year (2009), National Society of Black Engineers (NSBE) • IEEE Technical Achievement Award (2010) for “Pioneering Contributions to Secure and Private Data Management". • Modern Day Technology Leader (2009), Minority in Science Trailblazer (2010), Science Spectrum Trailblazer (2012, 2013). Black Engineer of the Year Award Board • IBM Master Inventor • Distinguished Engineer, Association of Computing Machinery (ACM) • Senior Member, Institute of Electrical and Electronics Engineers (IEEE) Record • Over 100 technical papers, over 47 patents and 2 books.
  • 4. • The Fundamentals • Auditing • Privacy • Cloud Computing • Why Do We Need A&P in Clouds • The Current State of the World • Potential Research Areas • Guiding Principles • Considerations • Research Roadmap • Task 1 • Task 2 • Starting Point • Small step 1 • Other Steps • Conclusion
  • 5. The process of collecting and evaluating evidence to determine whether a computer system safeguards assets, maintains data integrity, achieves organizational goals effectively and consumes resources efficiently - Information Systems Control and Audit, Ron Weber (1998). generates examined by Audit Log/Trail Auditor
  • 6. An individual’s right to control, edit, manage, and delete information about them[selves] and decide when, how, and to what extent information is communicated to others  Privacy and Freedom. Alan F. Westin. (1967). My Data create I authorize my doctor to view my test results for diagnosis purposes only My insurance company is not authorized to see any of my data
  • 7. Cloud computing is a model for enabling ubiquitous, convenient, on- demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. - NIST Special Publication 800-145, Mell & Grance (2011).
  • 8.  Public Trust Conjunctive not Disjunctive  Forensics  CyberThreats
  • 10.  Currently, cloud clients trust too much  Real-time detection of an attack only possible in simplest, most obvious cases  Real-time notification is the exception (when possible) not the rule  Due to cloud delivery model and cloud deployment model, the artifact that any particular person is using may be different.  Cloudy specifics on cloud, e.g. location of instances, mechanisms in place, etc.  For advanced auditing scenarios, details of the cloud operations, communications with clients and client-based cloud operations need to be known
  • 11. 1. Creating Privacy-Preserving Logs  Assumes that the cloud user does not have full confidence in the cloud provider or their affiliated ecosystem. 1. Enabling Auditing in a Privacy-Preserving Manner  Assumes there is not complete trust in the auditor and the service provider.
  • 12.  Seamless:  Integrate into the current mode of operation with minimal to no significant.  Transparent:  It should be clear to the cloud service user what the purpose of the mechanism is and when it is functioning.  Elastic:  Be able to scale to dynamically handle the request loads placed on the cloud service provider.  Low Impact:  Inclusion of the mechanism should have a minor impact on the storage and performance of the cloud environment.  Verifiable:  An independent third party should prove the veracity of the actions of the mechanism.
  • 13.  The Mechanism Injection Point (MIP)  The mechanism injection point refers to the location of the A&P controls. This is the location where enforcement of the auditing and privacy rules will be performed and the supplementary mechanisms, such as data structures are situated.  The Nature of the Cloud Service Employed  Cloud Model being used, i.e. Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS) and Infrastructure-as-a-Service (IaaS), etc.  The Transaction Attack Vector  The transaction attack vector refers to the class of transactions that are evaluated in the process of assessing a possible threat.  There are two types of transaction attack vectors: Requests and Consequences.  The Threat Determination Point  The threat determination point refers to the location where the analysis of the recorded privacy and audit events occurs, i.e. the location where breach detection and notification happens.
  • 14.  Create the big picture  Identify the basic problems  Efficient Auditing Mechanisms  Time Synchronization of Logs  Creating Processing-Friendly, Privacy-Preserving Data  Processing of Encrypted Log Data  Mechanisms for Basic Cloud Forensics  Solve the core problems  Scale up to the big picture
  • 15. User Cloud Service Provider (CSP) Privacy-PreservingAPI Public Key Infrastructure NativeAPI Pseudonym Request/ Consequence Parser Resources ….. ….. ….. ….. ….. App1 Appn Privacy-PreservingAPI C2: signed API request, with user ID C2: API response/consequence
  • 17.
  • 18.
  • 19. Data Tables 2004-02… 2004-02… Timestamp publicTelemarketingJohnSelect …2 OursCurrentJaneSelect …1 RecipientPurposeUserQueryID Query Audit Log Database Layer Query with purpose, recipient Generate audit record for each query Updates, inserts, deletes Backlog Database triggers track updates to base tables Audit Database Layer Audit query IDs of log queries having accessed data specified by the audit query • Audits whether particular data has been disclosed in violation of the specified policies • Audit expression specifies what potential data disclosures need monitoring • Identifies logged queries that accessed the specified data • Analyze circumstances of the violation • Make necessary corrections to procedures, policies, security
  • 20. Jane complains to the department of Health and Human Services saying that she had opted out of the doctor sharing her medical information with pharmaceutical companies for marketing purposes The doctor must now review disclosures of Jane’s information in order to understand the circumstances of the disclosure, and take appropriate action Sometime later, Jane receives promotional literature from a pharmaceutical company, proposing over the counter diabetes tests Jane has not been feeling well and decides to consult her doctor The doctor uncovers that Jane’s blood sugar level is high and suspects diabetes
  • 21. audit T.disease from Customer C, Treatment T where C.cid=T.pcid and C.name =‘Jane’ Who has accessed Jane’s disease information?
  • 22. Given A log of queries executed over a data system An audit expression specifying sensitive data Precisely identify Those queries that accessed the data specified by the audit expression
  • 23.  “Candidate” query  Logged query that accesses all columns specified by the audit expression  “Indispensable” tuple (for a query)  A tuple whose omission makes a difference to the result of a query  “Suspicious” query  A candidate query that shares an indispensable tuple with the audit expression Query Q: Addresses of people with diabetes Audit A: Jane’s diagnosis Jane’s tuple is indispensable for both; hence query Q is“suspicious” with respect to A
  • 24. s PA(s PQ(T ´ R´ S)) ¹j ))(( ))(( STA RTQ AOA QOQ PC PC     Theorem - A candidate query Q is suspicious with respect to an audit expression A iff: The candidate query Q and the audit expression A are of the form: Query Graph Modeler (QGM) rewrites Q and A into: )))((("" SRTQAi PPQ 
  • 25. Data Tables 2004-02… 2004-02… Timestamp publicTelemarketingJohnSelect …2 OursCurrentJaneSelect …1 RecipientPurposeUserQueryID Query Audit Log Database Layer Query with purpose, recipient Generate audit record for each query Updates, inserts, delete Backlog Database triggers track updates to base tables Audit Database Layer Audit expression IDs of log queries having accessed data specified by the audit query Static analysis Generate audit query
  • 26. ID Timestamp Query User Purpose Recipient 1 2004-02… Select … James Current Ours 2 2004-02… Select … John Telemarketing public Query Log Audit expression Filter Queries Candidate queries Eliminate queries that could not possibly have violated the audit expression Accomplished by examining only the queries themselves (i.e., without running the queries) OAQ CC 
  • 27. Merge logged queries and audit expression into a single query graph Customer c, n, …, t audit expression := T.p=C.c and C.n= ‘Jane’ T.s Select := T.s=‘diabetes’ and T.p=C.c C.n, C.a, C.z C C Treatment p, r, …, t T T
  • 28. Customer c, n, …, t audit expression := X.n= ‘Jane’ ‘Q1’ Select := T.s=‘diabetes’ and C.c=T.p C.n View of Customer (Treatment) is a temporal view at the time of the query was executed The audit expression now ranges over the logged query. If the logged query is suspicious, the audit query will output the id of the logged query Treatment p, r, ..., t X C T
  • 29. 0 50 100 150 200 250 5 20 35 50 # of versions per tuple Time(minutes) Composite Simple No Index No Triggers 7x if all tuples are updates 3x if a single tuple is updated Negligible by using Recovery Log to build Backlog tables
  • 30. 1 10 100 1000 Time(msec.) # versions per tuple Simple-I Simple-C Composite-I Composite-C
  • 31. Time Synchronization of Logs Processing of Encrypted Log Data
  • 32. Complete initial solutions for basic problems  Show their importance (in other domains)  Integrate into bigger picture.  Demonstrate applicability to cloud environment  Partner with Cloud providers to prototype and iron out kinks. Focus on Cloud Forensics  Privacy-Preserving Protocols  Chain of Evidence  Authenticity Iterate on initial vision given the current state.
  • 33. This space has a lot of difficult (and fundamental) problems. These specific questions need more researchers focusing on them Applicable not only to privacy and auditing in clouds Translate to fundamental impact to basic Computer Systems Research. This is just my view and should never be thought to be complete and definitive.