Engineered Controls for Dealing with Big Data

doi:10.1017/CBO9781107590205.013

10 - Engineered Controls for Dealing with Big Data

Published online by Cambridge University Press: 05 July 2014

Carl Landwehr

Edited by

Julia Lane ,

Victoria Stodden ,

Stefan Bender and

Helen Nissenbaum

Show author details

Carl Landwehr: Affiliation:
George Washington University
Julia Lane: Affiliation:
American Institutes for Research, Washington DC
Victoria Stodden: Affiliation:
Columbia University, New York
Stefan Bender: Affiliation:
Institute for Employment Research of the German Federal Employment Agency
Helen Nissenbaum: Affiliation:
New York University

Book contents

Get access

Summary

Introduction

It is one thing for a patient to trust a physician with a handwritten record that is expected to stay in the doctor’s office. It’s quite another for the patient to consent to place their comprehensive electronic health record in a repository that may be open to researchers anywhere on the planet. The potentially great payoffs from (for example) being able to find a set of similar patients who have suffered from the same condition as oneself and to review their treatment choices and outcomes will likely be unavailable unless people can be persuaded that their individual data will be handled properly in such a system. Agreeing on an effective set of institutional controls (see Chapter 9) is an essential prerequisite, but equally important is the question of whether the agreed upon policies can be enforced by controls engineered into the system. Without sound technical enforcement, incidents of abuse, misuse, theft of data, and even invalid scientific conclusions based on undetectably altered data can be expected. While technical controls can limit the occurrence of such incidents substantially, some will inevitably occur. When they do, the ability of the system to support accountability will be crucial, so that abusers can be properly identified and penalized and systems can be appropriately reinforced or amended.

Questions to ask about the engineered controls include:

How are legitimate system users identified and authenticated?
What mechanisms are employed to distinguish classes of users and to limit their actions to those authorized by the relevant policies?
What mechanisms limit the authorities of system administrators?
How is the system software installed, configured, and maintained? How are user and administrator actions logged?
Can the logs be effectively monitored for policy violations?
When policy violations are detected, what mechanisms can be used to identify violators and hold them to account?

Type: Chapter
Information: Privacy, Big Data, and the Public Good
Frameworks for Engagement
, pp. 211 - 233

DOI: https://doi.org/10.1017/CBO9781107590205.013 [Opens in a new window]

Publisher: Cambridge University Press

Print publication year: 2014

Access options

Get access to the full version of this content by using one of the access options below. (Log in options will check for institutional or personal access. Content may require purchase if you do not have access.)

Book purchase

Temporarily unavailable

References

Abbadi, Imad M., and Lyle, John. 2011. Challenges for Provenance in Cloud Computing. In Proc. TaPP ’11, 3rd USENIX Workshop on the Theory and Practice of Provenance, June. Available at (accessed December 28, 2013).

Accumulo. 2013. Apache Accumulo User Manual 1.5. Available at (accessed December 28, 2013).

Akinyele, J. A., Pagano, M. W., Green, M. D., Lehmann, C. U., Peterson, Z. N. J., and Rubin, A. D.. 2011. Securing Electronic Medical Records Using Attribute-Based Encryption on Mobile Devices. In ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices, Chicago, October. Available at (accessed December 28, 2013).Google Scholar

Anderson, James P. 1972. Computer Security Technology Planning Study. ESD-TR-73-51, vol II, ESD/AFSC, Hanscom AFB, Bedford, MA, October. Available at (accessed December 18, 2013).

Birrell, Eleanor, and Schneider, Fred B.. 2013. Federated Identity Management Systems: A Privacy-based Characterization. IEEE Security & Privacy Magazine 11, no. 5 (September–October): 36–48.CrossRef Google Scholar

Boneh, Dan, Sahai, Amit, and Waters, Brent. 2011. Functional Encryption: Definitions and Challenges. In Proc. IACR 8th Theory of Cryptography Conference 2011, LNCS 6597, 253–257. Heidelberg: Springer.Google Scholar

Bonneau, Joseph. 2012. The Science of Guessing: Analyzing an Anonymized Corpus of 70 Million Passwords. In Proc. 2012 IEEE Symposium on Security and Privacy, 538–552.

Buneman, Peter, Khanna, Sanjeev, and Tan, Wang-Chiew. 2001. Why and Where: A Characterization of Data Provenance. In Proc. International Conference on Database Theory (ICOT) 2001, 316–330. Heidelberg: Springer.

Corbato, Fernando J., and Vyssotsky, Victor A.. 1965. Introduction and Overview of the MULTICS System. In Proc. AFIPS Fall Joint Computer Conference 1965, 185–197. Available at (accessed December 28, 2013).

DARPA (Defense Advanced Research Projects Agency). 2010. Broad Agency Announcement (BAA) Programming Computation on Encrypted Data (PROCEED). July. Available at (accessed December 28, 2013).

De Capitani di Vimercati, Sabrina, Foresti, Sara, and Samarati, Pierangela. 2012. Managing and Accessing Data in the Cloud: Privacy Risks and Approaches. In Proc. 7th International Conference on Risk and Security of Internet and Systems (CRiSIS), 1–9.

DSB (U.S. Department of Defense, Defense Science Board). 2013. Task Force Report: Cyber Security and Reliability in a Digital Cloud. OUSD AT&L, January. Available at (accessed December 28, 2013).

Garfinkel, Simson. 2013. Digital Forensics. American Scientist 101, no. 5 (September–October): 370ff.CrossRef Google Scholar

Gentry, Craig. 2009. Fully Homomorphic Encryption Using Ideal Lattices. In Proc. ACM Symposium on Theory of Computing (STOC) 2009, 169–178.

Goyal, V., Sahai, A., Pandey, O., and Waters, B.. 2006. Attribute-based Encryption for Fine-Grained Access Control of Encrypted Data. In ACM Conference on Computer and Communications Security 2006, 89–98.

Gunter, Carl A., Leibovitz, David M., and Malin, Bradley. 2011. Experience-based Access Management: A Life-Cycle Framework for Identity and Access Management Systems. IEEE Security & Privacy Magazine 9, no. 5 (September–October): 48–55.CrossRef Google Scholar PubMed

IARPA (Intelligence Advanced Research Projects Activity). 2011. Security and Privacy Assurance Research (SPAR) Program. IARPA-BAA-11-01. Available at (accessed December 28, 2013).

Kahn, David. 1996. The Codebreakers: The Comprehensive History of Secret Communication from Ancient Times to the Internet, revised edition. New York: Scribner.Google Scholar

King, S. T., Chen, P. M., Wang, Y.-M., Verbowski, C., Wang, H. J., and Lorch, J. R.. 2006. SubVirt: Implementing Malware with Virtual Machines. In Proc. 2006 IEEE Symposium on Security and Privacy, 314–327.

Kocher, Paul, Jaffe, Joshua, and Jun, Benjamin. 1999. Differential power analysis. In Advances in Cryptology—CRYPTO ’99, 388–397. Heidelberg: Springer.CrossRef Google Scholar

Landwehr, Carl E. 1981. Formal Models for Computer Security. ACM Computing Surveys 13, no. 3 (September): 247–278.CrossRef Google Scholar

Landwehr, Carl E., Heitmeyer, Constance L., and McLean, John D.. 1984. A Security Model for Military Message Systems. ACM Transactions on Computer Systems 2, no. 3 (August): 198–222.CrossRef Google Scholar

Martin, Andrew, Lyle, John, and Namiluko, Cornelius. 2012. Provenance as a Security Control. In TaPP ’12, Proc. 4th UNIX Workshop on Theory and Practice of Provenance, June. Available at (accessed December 28, 2013).

McLean, John D. 1994. A General Theory of Composition for Trace Sets Closed under Selective Interleaving Functions. In Proc. 1994 IEEE Symposium on Security and Privacy, 79–93.

Microsoft. 2010. Cybersecurity for Open Government, June. Available at (accessed December 27, 2013).

Muniswamy-Reddy, K., Holland, D., Braun, U., and Seltzer, M.. 2006. Provenance-Aware Storage Systems. In Proc. 2006 USENIX Annual Technical Conference, June. Available at (accessed December 28, 2013).

Muniswamy-Reddy, K.-K., Macko, P., and Seltzer, M.. 2010. Provenance for the Cloud. In Proc. FAST ’10, 8th USENIX Conference on File and Storage Technologies. Available at (accessed December 28, 2013).

NIST (U.S. National Institutes of Standards and Technology). 2012. Guidelines for Media Sanitization, by Richard Kissel, Matthew Scholl, Steven Skolochenko, and Xing Li. Draft NIST Special Publication 800-88, Revision 1. Available at ↰ (accessed December 28, 2013).

NIST (U.S. National Institutes of Standards and Technology). 2013. Improving Critical Infrastructure Cybersecurity, Executive Order 13636: Preliminary Cybersecurity Framework, October. Available at (accessed December 27, 2013).

Ni, Qun, Xu, Shouhuai, Bertino, Elisa, Sandhu, Ravi, and Han, Weili. 2009. An Access Control Language for a General Provenance Model. In Proc. Secure Data Management (SDM) 2009, LNCS 5779, 68–88. Heidelberg: Springer.Google Scholar

Park, Jaehong, and Sandhu, Ravi. 2004. The UCONABC Usage Control Model. ACM Transactions on Information and System Security 7, no. 1 (February): 128–174.CrossRef Google Scholar

Piretti, Matthew, Traynor, Patrick, McDaniel, Patrick, and Waters, Brent. 2006. Secure Attribute-Based Systems. In ACM Conference on Computer and Communications Security 2006, 99–112. Available at (accessed December 28, 2013).

Samarati, Pierangela, and De Capitani di Vimercati, Sabrina. 2010. Data Protection in Outsourcing Scenrios: Issues and Directions. In Proc. ACM AsiaCCS 2010. Available at spdp.di.unimi.it/papers/sd-asiaccs10.pdf (accessed December 28, 2013).

Sandhu, Ravi. 1996. Role-based Access Control Models. IEEE Computer 29, no. 2 (February): 38–47.CrossRef Google Scholar

Schneider, Fred B. 2000. Enforceable Security Policies. ACM Transactions on Information and System Security 3, no. 1 (February): 30–50.CrossRef Google Scholar

Strang, Thomas J. K. 1996. Preventing Infestations: Control Strategies and Detection Methods. Canadian Conservation Institute. CCI Notes 3/1. Available at (accessed December 17, 2013).

TBC (Treasury Board of Canada). 2006. Operational Security Standard, Management of Information Technology Security (MITS), Sec. 16–18. Available at (accessed December 17, 2013).

Tschantz, Michael C., Datta, Anupam, and Wing, Jeannette M.. 2012. Formalizing and Enforcing Purpose Restrictions in Privacy Policies. In Proc. 2012 IEEE Symposium on Security and Privacy, May.

Vavilapalli, V. K., Murthy, A. C., Douglas, C., Agarwal, S., Konar, M., Evans, R., Graves, T., Lowe, J., Shah, H., Seth, S., Saha, B., Curino, C., O’Malley, O., Radia, S., Reed, B., and Baldeschwieler, E.. 2013. Apache Hadoop YARN: Yet Another Resource Negotiator. In Proc. ACM Symposium on Cloud Computing, October. Available at (accessed December 28, 2013).

Verizon, Inc. 2013. 2013 Data Breach Investigations Report, April. Available at (accessed December 29, 2013).

Weir, Matt, Aggarwal, Sudhir, Collins, Michael, and Stern, Henry. 2010. Testing Metrics for Password Creation Policies Using Large Sets of Revealed Passwords. In Proc. ACM Conference on Computer and Communications Security.

Wu, Zhenyu, Zhang, Xu, and Wang, Haining. 2012. Whispers in the Hyper-Space: High-Speed Covert Channel Attacks in the Cloud. In Proc. USENIX Security Conference 2012. Available at (accessed December 28, 2013).