Skip to main content Accessibility help

We use cookies to distinguish you from other users and to provide you with a better experience on our websites. Close this message to accept cookies or find out how to manage your cookie settings.

Close cookie message
×
Hostname: page-component-5cf477f64f-xc2pj Total loading time: 0 Render date: 2025-04-08T11:01:19.081Z Has data issue: false hasContentIssue false

10 - Engineered Controls for Dealing with Big Data

Published online by Cambridge University Press:  05 July 2014

By
Carl Landwehr
Edited by
Julia Lane ,
Victoria Stodden ,
Stefan Bender  and
Helen Nissenbaum
Carl Landwehr
Affiliation:
George Washington University
Julia Lane
Affiliation:
American Institutes for Research, Washington DC
Victoria Stodden
Affiliation:
Columbia University, New York
Stefan Bender
Affiliation:
Institute for Employment Research of the German Federal Employment Agency
Helen Nissenbaum
Affiliation:
New York University
Get access

Summary

Introduction

It is one thing for a patient to trust a physician with a handwritten record that is expected to stay in the doctor’s office. It’s quite another for the patient to consent to place their comprehensive electronic health record in a repository that may be open to researchers anywhere on the planet. The potentially great payoffs from (for example) being able to find a set of similar patients who have suffered from the same condition as oneself and to review their treatment choices and outcomes will likely be unavailable unless people can be persuaded that their individual data will be handled properly in such a system. Agreeing on an effective set of institutional controls (see Chapter 9) is an essential prerequisite, but equally important is the question of whether the agreed upon policies can be enforced by controls engineered into the system. Without sound technical enforcement, incidents of abuse, misuse, theft of data, and even invalid scientific conclusions based on undetectably altered data can be expected. While technical controls can limit the occurrence of such incidents substantially, some will inevitably occur. When they do, the ability of the system to support accountability will be crucial, so that abusers can be properly identified and penalized and systems can be appropriately reinforced or amended.

Questions to ask about the engineered controls include:

  • How are legitimate system users identified and authenticated?

  • What mechanisms are employed to distinguish classes of users and to limit their actions to those authorized by the relevant policies?

  • What mechanisms limit the authorities of system administrators?

  • How is the system software installed, configured, and maintained? How are user and administrator actions logged?

  • Can the logs be effectively monitored for policy violations?

  • When policy violations are detected, what mechanisms can be used to identify violators and hold them to account?

Type
Chapter
Information
Privacy, Big Data, and the Public Good
Frameworks for Engagement
 , pp. 211 - 233
Publisher: Cambridge University Press
Print publication year: 2014

Access options

Get access to the full version of this content by using one of the access options below. (Log in options will check for institutional or personal access. Content may require purchase if you do not have access.)

References

Abbadi, Imad M., and Lyle, John. 2011. Challenges for Provenance in Cloud Computing. In Proc. TaPP ’11, 3rd USENIX Workshop on the Theory and Practice of Provenance, June. Available at (accessed December 28, 2013).
Accumulo. 2013. Apache Accumulo User Manual 1.5. Available at (accessed December 28, 2013).
Akinyele, J. A., Pagano, M. W., Green, M. D., Lehmann, C. U., Peterson, Z. N. J., and Rubin, A. D.. 2011. Securing Electronic Medical Records Using Attribute-Based Encryption on Mobile Devices. In ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices, Chicago, October. Available at (accessed December 28, 2013).Google Scholar
Anderson, James P. 1972. Computer Security Technology Planning Study. ESD-TR-73-51, vol II, ESD/AFSC, Hanscom AFB, Bedford, MA, October. Available at (accessed December 18, 2013).
Birrell, Eleanor, and Schneider, Fred B.. 2013. Federated Identity Management Systems: A Privacy-based Characterization. IEEE Security & Privacy Magazine 11, no. 5 (September–October): 36–48.CrossRefGoogle Scholar
Boneh, Dan, Sahai, Amit, and Waters, Brent. 2011. Functional Encryption: Definitions and Challenges. In Proc. IACR 8th Theory of Cryptography Conference 2011, LNCS 6597, 253–257. Heidelberg: Springer.Google Scholar
Bonneau, Joseph. 2012. The Science of Guessing: Analyzing an Anonymized Corpus of 70 Million Passwords. In Proc. 2012 IEEE Symposium on Security and Privacy, 538–552.
Buneman, Peter, Khanna, Sanjeev, and Tan, Wang-Chiew. 2001. Why and Where: A Characterization of Data Provenance. In Proc. International Conference on Database Theory (ICOT) 2001, 316–330. Heidelberg: Springer.
Corbato, Fernando J., and Vyssotsky, Victor A.. 1965. Introduction and Overview of the MULTICS System. In Proc. AFIPS Fall Joint Computer Conference 1965, 185–197. Available at (accessed December 28, 2013).
DARPA (Defense Advanced Research Projects Agency). 2010. Broad Agency Announcement (BAA) Programming Computation on Encrypted Data (PROCEED). July. Available at (accessed December 28, 2013).
De Capitani di Vimercati, Sabrina, Foresti, Sara, and Samarati, Pierangela. 2012. Managing and Accessing Data in the Cloud: Privacy Risks and Approaches. In Proc. 7th International Conference on Risk and Security of Internet and Systems (CRiSIS), 1–9.
DSB (U.S. Department of Defense, Defense Science Board). 2013. Task Force Report: Cyber Security and Reliability in a Digital Cloud. OUSD AT&L, January. Available at (accessed December 28, 2013).
Garfinkel, Simson. 2013. Digital Forensics. American Scientist 101, no. 5 (September–October): 370ff.CrossRefGoogle Scholar
Gentry, Craig. 2009. Fully Homomorphic Encryption Using Ideal Lattices. In Proc. ACM Symposium on Theory of Computing (STOC) 2009, 169–178.
Goyal, V., Sahai, A., Pandey, O., and Waters, B.. 2006. Attribute-based Encryption for Fine-Grained Access Control of Encrypted Data. In ACM Conference on Computer and Communications Security 2006, 89–98.
Gunter, Carl A., Leibovitz, David M., and Malin, Bradley. 2011. Experience-based Access Management: A Life-Cycle Framework for Identity and Access Management Systems. IEEE Security & Privacy Magazine 9, no. 5 (September–October): 48–55.CrossRefGoogle ScholarPubMed
IARPA (Intelligence Advanced Research Projects Activity). 2011. Security and Privacy Assurance Research (SPAR) Program. IARPA-BAA-11-01. Available at (accessed December 28, 2013).
Kahn, David. 1996. The Codebreakers: The Comprehensive History of Secret Communication from Ancient Times to the Internet, revised edition. New York: Scribner.Google Scholar
King, S. T., Chen, P. M., Wang, Y.-M., Verbowski, C., Wang, H. J., and Lorch, J. R.. 2006. SubVirt: Implementing Malware with Virtual Machines. In Proc. 2006 IEEE Symposium on Security and Privacy, 314–327.
Kocher, Paul, Jaffe, Joshua, and Jun, Benjamin. 1999. Differential power analysis. In Advances in Cryptology—CRYPTO ’99, 388–397. Heidelberg: Springer.CrossRefGoogle Scholar
Landwehr, Carl E. 1981. Formal Models for Computer Security. ACM Computing Surveys 13, no. 3 (September): 247–278.CrossRefGoogle Scholar
Landwehr, Carl E., Heitmeyer, Constance L., and McLean, John D.. 1984. A Security Model for Military Message Systems. ACM Transactions on Computer Systems 2, no. 3 (August): 198–222.CrossRefGoogle Scholar
Martin, Andrew, Lyle, John, and Namiluko, Cornelius. 2012. Provenance as a Security Control. In TaPP ’12, Proc. 4th UNIX Workshop on Theory and Practice of Provenance, June. Available at (accessed December 28, 2013).
McLean, John D. 1994. A General Theory of Composition for Trace Sets Closed under Selective Interleaving Functions. In Proc. 1994 IEEE Symposium on Security and Privacy, 79–93.
Microsoft. 2010. Cybersecurity for Open Government, June. Available at (accessed December 27, 2013).
Muniswamy-Reddy, K., Holland, D., Braun, U., and Seltzer, M.. 2006. Provenance-Aware Storage Systems. In Proc. 2006 USENIX Annual Technical Conference, June. Available at (accessed December 28, 2013).
Muniswamy-Reddy, K.-K., Macko, P., and Seltzer, M.. 2010. Provenance for the Cloud. In Proc. FAST ’10, 8th USENIX Conference on File and Storage Technologies. Available at (accessed December 28, 2013).
NIST (U.S. National Institutes of Standards and Technology). 2012. Guidelines for Media Sanitization, by Richard Kissel, Matthew Scholl, Steven Skolochenko, and Xing Li. Draft NIST Special Publication 800-88, Revision 1. Available at ↰ (accessed December 28, 2013).
NIST (U.S. National Institutes of Standards and Technology). 2013. Improving Critical Infrastructure Cybersecurity, Executive Order 13636: Preliminary Cybersecurity Framework, October. Available at (accessed December 27, 2013).
Ni, Qun, Xu, Shouhuai, Bertino, Elisa, Sandhu, Ravi, and Han, Weili. 2009. An Access Control Language for a General Provenance Model. In Proc. Secure Data Management (SDM) 2009, LNCS 5779, 68–88. Heidelberg: Springer.Google Scholar
Park, Jaehong, and Sandhu, Ravi. 2004. The UCONABC Usage Control Model. ACM Transactions on Information and System Security 7, no. 1 (February): 128–174.CrossRefGoogle Scholar
Piretti, Matthew, Traynor, Patrick, McDaniel, Patrick, and Waters, Brent. 2006. Secure Attribute-Based Systems. In ACM Conference on Computer and Communications Security 2006, 99–112. Available at (accessed December 28, 2013).
Samarati, Pierangela, and De Capitani di Vimercati, Sabrina. 2010. Data Protection in Outsourcing Scenrios: Issues and Directions. In Proc. ACM AsiaCCS 2010. Available at spdp.di.unimi.it/papers/sd-asiaccs10.pdf (accessed December 28, 2013).
Sandhu, Ravi. 1996. Role-based Access Control Models. IEEE Computer 29, no. 2 (February): 38–47.CrossRefGoogle Scholar
Schneider, Fred B. 2000. Enforceable Security Policies. ACM Transactions on Information and System Security 3, no. 1 (February): 30–50.CrossRefGoogle Scholar
Strang, Thomas J. K. 1996. Preventing Infestations: Control Strategies and Detection Methods. Canadian Conservation Institute. CCI Notes 3/1. Available at (accessed December 17, 2013).
TBC (Treasury Board of Canada). 2006. Operational Security Standard, Management of Information Technology Security (MITS), Sec. 16–18. Available at (accessed December 17, 2013).
Tschantz, Michael C., Datta, Anupam, and Wing, Jeannette M.. 2012. Formalizing and Enforcing Purpose Restrictions in Privacy Policies. In Proc. 2012 IEEE Symposium on Security and Privacy, May.
Vavilapalli, V. K., Murthy, A. C., Douglas, C., Agarwal, S., Konar, M., Evans, R., Graves, T., Lowe, J., Shah, H., Seth, S., Saha, B., Curino, C., O’Malley, O., Radia, S., Reed, B., and Baldeschwieler, E.. 2013. Apache Hadoop YARN: Yet Another Resource Negotiator. In Proc. ACM Symposium on Cloud Computing, October. Available at (accessed December 28, 2013).
Verizon, Inc. 2013. 2013 Data Breach Investigations Report, April. Available at (accessed December 29, 2013).
Weir, Matt, Aggarwal, Sudhir, Collins, Michael, and Stern, Henry. 2010. Testing Metrics for Password Creation Policies Using Large Sets of Revealed Passwords. In Proc. ACM Conference on Computer and Communications Security.
Wu, Zhenyu, Zhang, Xu, and Wang, Haining. 2012. Whispers in the Hyper-Space: High-Speed Covert Channel Attacks in the Cloud. In Proc. USENIX Security Conference 2012. Available at (accessed December 28, 2013).

Save book to Kindle

To save this book to your Kindle, first ensure [email protected] is added to your Approved Personal Document E-mail List under your Personal Document Settings on the Manage Your Content and Devices page of your Amazon account. Then enter the ‘name’ part of your Kindle email address below. Find out more about saving to your Kindle.

Note you can select to save to either the @free.kindle.com or @kindle.com variations. ‘@free.kindle.com’ emails are free but can only be saved to your device when it is connected to wi-fi. ‘@kindle.com’ emails can be delivered even when you are not connected to wi-fi, but note that service fees apply.

Find out more about the Kindle Personal Document Service.

Available formats
×

Save book to Dropbox

To save content items to your account, please confirm that you agree to abide by our usage policies. If this is the first time you use this feature, you will be asked to authorise Cambridge Core to connect with your account. Find out more about saving content to Dropbox.

Available formats
×

Save book to Google Drive

To save content items to your account, please confirm that you agree to abide by our usage policies. If this is the first time you use this feature, you will be asked to authorise Cambridge Core to connect with your account. Find out more about saving content to Google Drive.

Available formats
×