Analysis%20of%20privacy%20risks%20and%20measurement%20of%20privacy%20protection%20in%20Web%20Services%20complying%20with%20privacy%20policy - PowerPoint PPT Presentation

About This Presentation
Title:

Analysis%20of%20privacy%20risks%20and%20measurement%20of%20privacy%20protection%20in%20Web%20Services%20complying%20with%20privacy%20policy

Description:

ON, Canada. 10/31/09. WS Privacy. 2. Outline. Introduction. Motivation ... Example of user/provider privacy policies (Online pharmacy) Collector: Drugs Dept. ... – PowerPoint PPT presentation

Number of Views:71
Avg rating:3.0/5.0
Slides: 35
Provided by: adn51
Category:

less

Transcript and Presenter's Notes

Title: Analysis%20of%20privacy%20risks%20and%20measurement%20of%20privacy%20protection%20in%20Web%20Services%20complying%20with%20privacy%20policy


1
Analysis of privacy risks and measurement of
privacy protection in Web Services complying with
privacy policy
  • Prepared by
  • Ashif Adnan, Omair Alam, Aktar-uz-zaman
  • School of Computer Science
  • University of Windsor
  • ON, Canada

2
Outline
  • Introduction
  • Motivation
  • Goal
  • Related works
  • Our observations
  • Our modified method
  • Strength and weakness
  • Conclusion and future works
  • Acknowledgment
  • References

3
Introduction
  • Web Services
  • According to web services are self-contained,
    modular applications that can be described,
    published, located, and invoked over a network,
    generally, the World Wide Web.
  • Extended definition
  • Web services can evolve or be adapted to other
    platforms
  • Emerging WS can employ
  • XML (eXtensible Markup Language)
  • WSDL (Web Service Definition Language)
  • SOAP (Simple Object Access Protocol)
  • UDDI (Universal Description, Discovery, and
    Integration)
  • Web browsers interacting with web servers

4
Motivation
  • WS targets
  • Consumers
  • WS applications
  • Banking
  • Shopping
  • Learning
  • Healthcare
  • Government online
  • WS requires consumers personal information

Here concerns privacy
5
Goal
  • Protection of personal information
  • Ability to
  • Analyze privacy risks
  • Measure privacy protection
  • Develop Privacy policy compliant System (PPCS)
  • Improved architecture of PPCS

6
Related works
  1. Privacy and web services
  2. WS privacy risk analysis
  3. WS privacy protection measurement
  4. Privacy policy compliant WS

7
Related works (contd)
  • Privacy and web services
  • Privacy - ability of individuals to control the
    collection, use, retention, and distribution of
    information about themselves.
  • privacy policy - a statement that expresses the
    users desired control over a web services
    collection, use, retention, and distribution of
    information about the user.
  • privacy risk - potential occurrence of any action
    or circumstance that will result in a violation
    of a users privacy policy.

8
Related works(contd)
  • Example of user/provider privacy policies (Online
    pharmacy)

Policy Use Pharmacy Owner Alice Buyer Valid unlimited Privacy Use Pharmacy Owner A-Z Drugs Inc. Valid unlimited
Collector A-Z Drugs Inc. What name, address, tel Purposes identification Retention Time unlimited Disclose-To none Collector A-Z Drugs Inc. What drug name Purposes purchase Retention Time 2 years Disclose-To none Collector Drugs Dept. What name, address, tel Purposes identification Retention Time 1 year Disclose-To none Collector Drugs Dept. What drug name Purposes sale Retention Time 1 year Disclose-To none
Figure 1. Example user (left) and provider
(right)
9
Related works (contd)
  • Web service privacy risk analysis
  • Web service personal information model (WSPIM)
  • Need of users personal information
  • Exchange of privacy policy
  • Obtain users personal information
  • Comply with the users privacy policy
  • Make use of the information

10
Related works (contd)
  • Method for privacy risk analysis
  • Determine all the possible locations
  • Find out the way of violating privacy policy

11
Related works (contd)
  • Determine all the possible locations
  • Example of Personal Information Map (Book seller
    web service)

Figure 2. PIM for a book seller web service
12
Related works (contd)
  • Find out the ways of violating privacy policy

Field Risk Questions
Collector How can the PII be received by an unintended collector either in addition to or in place of the intended collector?
What How can the user be asked for other PII, either intentionally or inadvertently?
Purpose How can the PII be used for other purposes?
Retention time How can the PII retention time be violated?
Disclose-to How can the PII be disclosed either intentionally or inadvertently to an unintended recipient?
Table 1. Risk questions
13
Related works (contd)
  • Privacy risk table

(PIIs / locations) Privacy Risks
(1,2,3 / path into A) (2 / path into D) ( 3/ path into E) Man-in-the-middle attack violates collector, purposes, and disclose to for path into A, user could be asked for personal information that violates what
(1, 2, 3 / A, B) (1 /C) (2 / D) (3 / E) Trojan horse, hacker, or SQL attack (for B) violates collector, purposes, and disclose-to for B, information could be kept past retention time
Figure 2. PIM for a book seller web service
Table 2. Partial Privacy Risks Table
corresponding to Figure 2
14
Related works (contd)
  • WS privacy protection measurement
  • Privacy violations
  • Internal Violations (IV)
  • External Violations (EV)

15
Related works (contd)
  • Now lets define the measures
  • Let M denote the measure of how well a service
    provider protects consumer privacy.
  • It will have 2 components
  • mi to account for the provisions used against IV
  • me, to account for the provisions used against
    EV.
  • So M as a matrix can be expressed as
  • M (mi, me)

16
Related works (contd)
  • Then for a service provider that has implemented
    combination k, of provisions to lessen IV
  • mi pk , 0 lt pk lt 1
  • For EV, we carry out a threat analysis, and we
    identify
  • No of security weaknesses n
  • No of weaknesses that have countermeasures in
    place q, then
  • me q/n , if ngt 0, so that 0 lt me lt 1
  • 1, if n0

17
Related works (contd)
  • On a scale of 1 to 10,
  • M10 (10.pk , 10.q/n), if ngt0
  • (10.pk , 10), if n0
  • The minimum acceptable thresholds ti and te are
    set for 10.mi and 10.me

Figure 2. service providers provisions for IV
and EV
18
Related works (contd)
  • Calculation of the measures
  • Calculation of mi
  • The below table gives examples of internal
    violations provision combinations

Table 3. Example IV provision combinations
19
Related works (contd)
  • Calculation of me
  • Identify threats on the users data.
  • Create attack trees for the system.
  • Apply weights to the leaves
  • Prune the tree so that only exploitable leaves
    remain. Count the number of such leaves or
    vulnerabilities.
  • Count the countermeasures are in place for the
    vulnerabilities.
  • After performing the above steps, both q and n
    are available for calculating me

20
Related works (contd)
  • Privacy policy compliant WS (PPCS)
  • The Privacy Policy Compliance System for WS which
    will provide consumer with a promising approach
    to measure of control over his/her private
    information through the use of a PPCS (Private
    Policy Compliance system).
  • The policies of consumer and provider should
    match

21
Related works(contd)
  • Privacy Legislation
  • Accountability
  • Identify purpose
  • Consent
  • Limiting collection
  • Limiting use, disclosure and retention
  • Accuracy
  • Safeguard
  • Openness
  • Individual Access
  • Challenging compliance
  • Note Those are also the requirements for PPCS

22
Related works (contd)
  • An Architecture of PPCS

Figure 3. Privacy policy compliance system
architecture
23
Our observations
  1. Privacy policy proposed by the author is not
    complete which leads to incomplete set of risks
    questions giving the consumer less confidence to
    do the transaction.
  2. There are no provisions for consumers to set up
    the measuring standards.
  3. Following points need to be considered to build
    for more effective PPCS for WS
  4. Damaged protection
  5. Children protection
  6. Right to transfer
  7. Right to opt in /opt out
  8. Lack of scalability
  9. Lack of knowledge
  10. Data tempering
  11. Cost

24
Our modified method
  • Web service risk analysis extended method
  • New fields we have found for privacy policy
  • Safeguard Security safeguards by the provider
    appropriate to the sensitivity of the
    information.
  • Individual access Access by the individual to
    his/her personal information.
  • Challenging compliance Ability of individuals to
    address a challenge.
  • Certificate Authority Access Certificate
    Authorities to offer consumers a compliance
    verification service.

25
Our modified method (contd)
  • Online pharmacy example with new fields

Policy Use Pharmacy Owner Alice Buyer Valid unlimited Privacy Use Pharmacy Owner A-Z Drugs Inc. Valid unlimited
Collector A-Z Drugs Inc. What name, address, tel Purposes identification Retention Time unlimited Disclose-To none Safeguards Yes Individual access Yes Challenging compliance Yes Certificate Authority SB Inc. Collector A-Z Drugs Inc. What drug name Purposes purchase Retention Time 2 years Disclose-To none Safeguards Yes Individual access Yes Challenging compliance Yes Certificate Authority SB Inc. Collector Drugs Dept. What name, address, tel Purposes identification Retention Time 1 year Disclose-To none Safeguards Yes Individual access Yes Challenging compliance Yes Certificate Authority SB Inc Collector Drugs Dept. What drug name Purposes sale Retention Time 1 year Disclose-To none Safeguards Yes Individual access Yes Challenging compliance Yes Certificate Authority SB Inc
Figure 4. Modified example user (left) and
provider (right) privacy policies
26
Our modified method (contd)
  • Extended Risk questions

Field Risk Questions
...
Safeguards How can the security safeguard appropriate for PII be affected?
Individual access How can the personal information by inappropriate individual be accessed?
Challenging compliance How can the compliance regarding Privacy principles associated with PII be changed intentionally or unintentionally?
Certificate authority How can the secured logs passed by the certificate authority to customer be accessed by unintended recipient in addition to the intended customer?
Table 5. Extended Risk questions
27
Our modified method (contd)
  • Privacy measurement customization of standards
  • Instead of the standard bodies recommending the
    percentage rating of the effectiveness of the
    provisions, the user and the provider determine
    the provisions that could be used to measure the
    security of the privacy of the web services.
  • In this way the user and the provider can decide
    on some secure ways of transmission, by getting
    the measures and later on come with a PPCS system
    which satisfies all of the users requirements.

28
Our modified method (contd)
  • Privacy Policy Compliance System (PPCS) with
    compliance verification

Fig 5 Modified PPCS Architecture
29
Weakness and Strengths
  • Strength
  • Consumer will now have the full confidence to do
    a transaction with the service provider.
  • Privacy measurement standards can be customized
    to make transactions more secured.
  • The consumer who does not bother or doesnt know
    how to check log file to verify the compliancy,
    they can easily do so by Certified Authority
  • Weakness
  • PPCS for web service is semi automated, in some
    cases we need to
  • notify respected officers for the non
    compliance matters, which are not automated.
  • Cost of PPCS can not be controlled because it
    depends on the combination of hardware, software
    and storage.

30
Conclusion and Future Works
  • Observed steps
  • Understanding how to analyze the risks to privacy
  • Understanding how to measure privacy protection
    and
  • Understanding a privacy policy compliant web
    service.
  • Steps for our new PPCS system
  • WS risk analysis with extended privacy policy
  • WS privacy protection measurement with customized
    standards
  • PPCS with compliance verification

31
Conclusion and Future Works (contd)
  • Plans for future research include
  • Programming the graphical notation to be machine
    readable
  • Protecting the system from occurring damage due
    to shared personal information
  • Protecting children from getting affected by
    shared information by others
  • Improving the procedure for threat analysis by
    automating it and making it more foolproof
  • Investigating other possible methods of privacy
    protection effectiveness

32
Acknowledgement
  • We would like to thank our professor for his
    great support and giving us the opportunity to
    learn privacy and security in internet
  • We would like to thank our audience for listening
    our presentation

33
References
  • 1 G. Yee, Visual Analysis of Privacy Risks in
    Web Services, Proceedings, 2007 IEEE
    International Conference on Web Services (ICWS
    2007), July 9- 13, 2007, pp. 671-678.
  • 2 G. Yee, Measuring Privacy Protection in Web
    Services, Proceedings, 2006 IEEE International
    Conference on Web Services (ICWS 2006), Sept. ,
    2006, pp. 647-654.
  • 3 G. Yee, L. Korba, Privacy policy compliance
    for Web services, Proceedings, 2004 IEEE Intrnati
    on-al Conference on Web Services (ICWS 2004),
    July, 2006, pp. 158-165.
  • 4 I. Goldberg, D. Wagner, and E. Brewer,
    Privacy-Enhancing Technologies for the
    Internet, IEEE COMPCON97, 1997, pp.
    103-109.    
  • 5 Canadian Standards Association, Model Code
    for the Protection of Personal Information,
    retrieved Sept. 5, 2003 from http//www.csa.ca/st
    andards/privacy/code/Default.asp?articleID5286la
    nguageEnglish

34
The End
  • Questions ?
Write a Comment
User Comments (0)
About PowerShow.com