Data Security and Privacy: Concepts, Approaches, and Research Directions

Data are today an asset more critical than ever for all organizations we may think of. Recent advances and trends, such as sensor systems, IoT, cloud computing, and data analytics, are making possible to pervasively, efficiently, and effectively collect data. However for data to be used to their full power, data security and privacy are critical. Even though data security and privacy have been widely investigated over the past thirty years, today we face new difficult data security and privacy challenges. Some of those challenges arise from increasing privacy concerns with respect to the use of data and from the need of reconciling privacy with the use of data for security in applications such as homeland protection, counterterrorism, and health, food and water security. Other challenges arise because the deployments of new data collection and processing devices, such as those used in IoT systems, increase the data attack surface. In this paper, we discuss relevant concepts and approaches for data security and privacy, and identify research challenges that must be addressed by comprehensive solutions to data security and privacy.

[1]  Peter J. Denning,et al.  Linear queries in statistical databases , 1979, ACM Trans. Database Syst..

[2]  Barbara Carminati,et al.  Security and Trust in Online Social Networks , 2013, Security and Trust in Online Social Networks.

[3]  Elisa Bertino,et al.  Node or Link? Fine-Grained Analysis of Packet-Loss Attacks in Wireless Sensor Networks , 2016, TOSN.

[4]  Carlo Batini,et al.  Data and Information Quality , 2016, Data-Centric Systems and Applications.

[5]  Panos Kalnis,et al.  Private queries in location based services: anonymizers are not necessary , 2008, SIGMOD Conference.

[6]  Elisa Bertino,et al.  Views and Security in Distributed Database Management Systems , 1988, EDBT.

[7]  Elisa Bertino,et al.  Efficient k -Anonymization Using Clustering Techniques , 2007, DASFAA.

[8]  Elisa Bertino,et al.  Building Sensor-Based Big Data Cyberinfrastructures , 2015, IEEE Cloud Computing.

[9]  Jorge Lobo,et al.  Automating role-based provisioning by learning from examples , 2009, SACMAT '09.

[10]  Jorge Lobo,et al.  Privacy-Aware Role-Based Access Control , 2007, IEEE Security & Privacy.

[11]  Elisa Bertino,et al.  DBSAFE—An Anomaly Detection System to Protect Databases From Exfiltration Attempts , 2017, IEEE Systems Journal.

[12]  Attila A. Yavuz,et al.  HAA: Hardware-Accelerated Authentication for internet of things in mission critical vehicular networks , 2015, MILCOM 2015 - 2015 IEEE Military Communications Conference.

[13]  Shouhuai Xu,et al.  An Access Control Language for a General Provenance Model , 2009, Secure Data Management.

[14]  Kartik Nayak,et al.  Oblivious Data Structures , 2014, IACR Cryptol. ePrint Arch..

[15]  Aaron Roth,et al.  The Algorithmic Foundations of Differential Privacy , 2014, Found. Trends Theor. Comput. Sci..

[16]  Elisa Bertino,et al.  pCLSC-TKEM: a Pairing-free Certificateless Signcryption-tag Key Encapsulation Mechanism for a Privacy-Preserving IoT , 2016, Trans. Data Priv..

[17]  Elisa Bertino,et al.  The PROBE Framework for the Personalized Cloaking of Private Locations , 2010, Trans. Data Priv..

[18]  Elisa Bertino,et al.  MAVR: Code Reuse Stealthy Attacks and Mitigation on Unmanned Aerial Vehicles , 2015, 2015 IEEE 35th International Conference on Distributed Computing Systems.

[19]  Elisa Bertino Data Trustworthiness - Approaches and Research Challenges , 2014, DPM/SETOP/QASA.

[20]  Elisa Bertino,et al.  GEO-RBAC: a spatially aware RBAC , 2005, SACMAT '05.

[21]  Elisa Bertino,et al.  TRBAC: a temporal role-based access control model , 2000, RBAC '00.

[22]  V. Terzieva,et al.  BIG DATA – OPPORTUNITIES AND CHALLENGES FOR EDUCATION , 2015 .

[23]  Anna Cinzia Squicciarini,et al.  WWW 2009 MADRID! Track: Security and Privacy / Session: Web Privacy Collective Privacy Management in Social Networks , 2022 .

[24]  Michael T. Goodrich,et al.  Accountable Storage , 2014, ACNS.

[25]  Elisa Bertino,et al.  Strategic Security Resource Allocation for Internet of Things , 2016, 2016 IEEE 36th International Conference on Distributed Computing Systems (ICDCS).

[26]  Elisa Bertino,et al.  Data Protection from Insider Threats , 2012, Data Protection from Insider Threats.

[27]  Elisa Bertino,et al.  DBMask: Fine-Grained Access Control on Encrypted Relational Databases , 2015, Trans. Data Priv..

[28]  Elisa Bertino,et al.  A Distributed System for The Management of Fine-grained Provenance , 2015, J. Database Manag..

[29]  Elisa Bertino,et al.  DetAnom: Detecting Anomalous Database Transactions by Insiders , 2015, CODASPY.

[30]  Bruce Schneier,et al.  Cryptography Is Harder than It Looks , 2016, IEEE Secur. Priv..

[31]  Elisa Bertino Security with Privacy-Opportunities and Challenges , 2016 .

[32]  Jorge Lobo,et al.  EXAM: a comprehensive environment for the analysis of access control policies , 2010, International Journal of Information Security.

[33]  Elisa Bertino,et al.  A hybrid private record linkage scheme: Separating differentially private synopses from matching records , 2015, 2015 IEEE 31st International Conference on Data Engineering.

[34]  L. Nelson Data, data everywhere. , 1997, Critical care medicine.

[35]  Elisa Bertino,et al.  Privacy Preserving Policy-Based Content Sharing in Public Clouds , 2013, IEEE Transactions on Knowledge and Data Engineering.

[36]  Elisa Bertino,et al.  IdentiDroid: Android can finally Wear its Anonymous Suit , 2014, Trans. Data Priv..

[37]  Elisa Bertino,et al.  Big Data -- Opportunities and Challenges Panel Position Paper , 2013, 2013 IEEE 37th Annual Computer Software and Applications Conference.

[38]  Elisa Bertino,et al.  An Efficient Certificateless Encryption for Secure Data Sharing in Public Clouds , 2014, IEEE Transactions on Knowledge and Data Engineering.

[39]  Elisa Bertino,et al.  Data Security and Privacy in the IoT , 2016, EDBT.

[40]  Anna Cinzia Squicciarini,et al.  PriMa: an effective privacy protection mechanism for social networks , 2010, ASIACCS '10.

[41]  Murat Kantarcioglu,et al.  Vigiles: Fine-Grained Access Control for MapReduce Systems , 2014, 2014 IEEE International Congress on Big Data.

[42]  Elisa Bertino,et al.  Big Data - Security and Privacy , 2015, 2015 IEEE International Congress on Big Data.

[43]  Elisa Bertino,et al.  DisARM: Mitigating Buffer Overflow Attacks on Embedded Devices , 2015, NSS.

[44]  Elisa Bertino,et al.  Purpose based access control of complex data for privacy protection , 2005, SACMAT '05.

[45]  Peter J. Denning,et al.  The tracker: a threat to statistical database security , 1979, TODS.

[46]  Lujo Bauer,et al.  More than skin deep: measuring effects of the underlying model on access-control system usability , 2011, CHI.

[47]  J. Manyika,et al.  Disruptive technologies: Advances that will transform life, business, and the global economy , 2013 .

[48]  Elisa Bertino,et al.  A Secure Communication Protocol for Drones and Smart Objects , 2015, AsiaCCS.

[49]  Pg Scholar,et al.  Privacy Preserving Delegated Access Control in Public Clouds , 2014 .

[50]  Elisa Bertino,et al.  Database security - concepts, approaches, and challenges , 2005, IEEE Transactions on Dependable and Secure Computing.

[51]  Elisa Bertino,et al.  Access Control for Databases: Concepts and Systems , 2011, Found. Trends Databases.

[52]  Elisa Bertino,et al.  Privacy-Preserving and Content-Protecting Location Based Queries , 2012, 2012 IEEE 28th International Conference on Data Engineering.

[53]  Peter J. Denning,et al.  Data Security , 1979, CSUR.

[54]  Elisa Bertino Security with Privacy -- Opportunities and Challenges: Panel Position Paper , 2014, 2014 IEEE 38th Annual Computer Software and Applications Conference.