摘要 :
The evolution of the Information and Communication Technology has radically changed our electronic lives, making information the key driver for today's society. Every action we perform requires the collection, elaboration, and dis...
展开
The evolution of the Information and Communication Technology has radically changed our electronic lives, making information the key driver for today's society. Every action we perform requires the collection, elaboration, and dissemination of personal information. This situation has clearly brought a tremendous exposure of private and sensitive information to privacy breaches.In this chapter, we describe how the techniques developed for protecting data have evolved in the years. We start by providing an overview of the first privacy definitions (k-anonymity, l-diversity, t-closeness, and their extensions) aimed at ensuring proper data protection against identity and attribute disclosures. We then illustrate how changes in the underlying assumptions lead to scenarios characterized by different and more complex privacy requirements. In particular, we show the impact on privacy when considering multiple releases of the same data or dynamic data collections, fine-grained privacy definitions, generic privacy constraints, and the external knowledge that a potential adversary may exploit for inferring sensitive information. We also briefly present the concept of differential privacy that has recently emerged as an alternative privacy definition.
收起
摘要 :
Cloud computing has emerged as a successful paradigm allowing individual users as well as companies to resort to external providers for storing/processing data or making them available to others. Together with the many benefits, c...
展开
Cloud computing has emerged as a successful paradigm allowing individual users as well as companies to resort to external providers for storing/processing data or making them available to others. Together with the many benefits, cloud computing introduces however new security and privacy risks. A major issue is that the data owner, storing data at external providers, loses control over them, leaving them potentially exposed to improper access, use, or dissemination. In this chapter, we consider the problem of protecting confidentiality of sensitive information when relying on external cloud providers for storing and processing data. We introduce confidentiality requirements and then illustrate encryption and data fragmentation as possible protection techniques. In particular, we discuss different approaches that have been proposed using encryption (with indexing) and fragmentation, either by themselves or in combination, to satisfy confidentiality requirements.
收起
摘要 :
Cloud computing has emerged as a successful paradigm allowing individual users as well as companies to resort to external providers for storing/processing data or making them available to others. Together with the many benefits, c...
展开
Cloud computing has emerged as a successful paradigm allowing individual users as well as companies to resort to external providers for storing/processing data or making them available to others. Together with the many benefits, cloud computing introduces however new security and privacy risks. A major issue is that the data owner, storing data at external providers, loses control over them, leaving them potentially exposed to improper access, use, or dissemination. In this chapter, we consider the problem of protecting confidentiality of sensitive information when relying on external cloud providers for storing and processing data. We introduce confidentiality requirements and then illustrate encryption and data fragmentation as possible protection techniques. In particular, we discuss different approaches that have been proposed using encryption (with indexing) and fragmentation, either by themselves or in combination, to satisfy confidentiality requirements.
收起
摘要 :
Recent enhancements in location technologies reliability and precision are fostering the development of a new wave of applications that make use of the location information of users. Such applications in-troduces new aspects of ac...
展开
Recent enhancements in location technologies reliability and precision are fostering the development of a new wave of applications that make use of the location information of users. Such applications in-troduces new aspects of access control which should be addressed. On the one side, precise location information may play an important role and can be used to develop Location-based Access Control (LBAC) systems that integrate traditional access control mechanisms with conditions based on the physical position of users. On the other side, location information of users can be considered sensitive and access control solutions should be developed to protect it against unauthorized accesses and disclosures. In this chapter, we address these two aspects related to the use and protec-tion of location information, discussing existing solutions, open issues, and some research directions.
收起
摘要 :
Internet provides unprecedented opportunities for the collection and sharing of privacy-sensitive information from and about users. Information about users is collected every day, as they join associations or groups, shop for groc...
展开
Internet provides unprecedented opportunities for the collection and sharing of privacy-sensitive information from and about users. Information about users is collected every day, as they join associations or groups, shop for groceries, or execute most of their common daily activities. Such information is subsequently processed, exchanged and shared between different parties; with users often having little control over their personal information once it has been disclosed to third parties. Privacy is then becoming an increasing concern. In this paper we discuss some problems to be addressed in the protection of information in our electronic society, surveying ongoing work and open issues to be investigated.
收起
摘要 :
Internet provides unprecedented opportunities for the collection and sharing of privacy-sensitive information from and about users. Information about users is collected every day, as they join associations or groups, shop for groc...
展开
Internet provides unprecedented opportunities for the collection and sharing of privacy-sensitive information from and about users. Information about users is collected every day, as they join associations or groups, shop for groceries, or execute most of their common daily activities. Such information is subsequently processed, exchanged and shared between different parties; with users often having users have often little control over their personal information once it has been disclosed to third parties. Privacy is then becoming an increasing concern. In this paper we discuss some problems to be addressed in the protection of information in our electronic society, surveying ongoing work and open issues to be investigated.
收起
摘要 :
The availability of a multitude of data sources has naturally increased the need for subjects to collaborate for distributed computations, aimed at combining different data collections for their elaboration and analysis. Due to th...
展开
The availability of a multitude of data sources has naturally increased the need for subjects to collaborate for distributed computations, aimed at combining different data collections for their elaboration and analysis. Due to the quick pace at which collected data grow, often the authorities collecting and owning such datasets resort to external third parties (e.g., cloud providers) for their storage and management. Data under the control of different authorities are autonomously encrypted (using a different encryption scheme and key) for their external storage. This makes distributed computations combining these sources hard. In this paper, we propose an approach enabling collaborative computations over data encrypted in storage, selectively involving also subjects that might not be authorized for accessing the data in plaintext when it is considered economically convenient.
收起
摘要 :
The availability of a multitude of data sources has naturally increased the need for subjects to collaborate for distributed computations, aimed at combining different data collections for their elaboration and analysis. Due to th...
展开
The availability of a multitude of data sources has naturally increased the need for subjects to collaborate for distributed computations, aimed at combining different data collections for their elaboration and analysis. Due to the quick pace at which collected data grow, often the authorities collecting and owning such datasets resort to external third parties (e.g., cloud providers) for their storage and management. Data under the control of different authorities are autonomously encrypted (using a different encryption scheme and key) for their external storage. This makes distributed computations combining these sources hard. In this paper, we propose an approach enabling collaborative computations over data encrypted in storage, selectively involving also subjects that might not be authorized for accessing the data in plaintext when it is considered economically convenient.
收起
摘要 :
The shuffle index provides confidentiality guarantees for accesses to externally outsourced data. In this paper, we extend the shuffle index with support for access control, that is, for enforcing authorizations on data. Our appro...
展开
The shuffle index provides confidentiality guarantees for accesses to externally outsourced data. In this paper, we extend the shuffle index with support for access control, that is, for enforcing authorizations on data. Our approach bases on the use of selective encryption and on the organization of data and authorizations in two shuffle indexes. Our proposal enables owners to regulate access to their data supporting authorizations allowing different users access to different portions of the data, while at the same time guaranteeing confidentiality of access.
收起
摘要 :
The shuffle index provides confidentiality guarantees for accesses to externally outsourced data. In this paper, we extend the shuffle index with support for access control, that is, for enforcing authorizations on data. Our appro...
展开
The shuffle index provides confidentiality guarantees for accesses to externally outsourced data. In this paper, we extend the shuffle index with support for access control, that is, for enforcing authorizations on data. Our approach bases on the use of selective encryption and on the organization of data and authorizations in two shuffle indexes. Our proposal enables owners to regulate access to their data supporting authorizations allowing different users access to different portions of the data, while at the same time guaranteeing confidentiality of access.
收起