analysis of privacy risks and measurement of privacy protection in web services complying with...
Post on 18-Dec-2015
220 views
TRANSCRIPT
Analysis of privacy risks and measurement of privacy
protection in Web Services complying with privacy policy
Prepared by
Ashif Adnan, Omair Alam, Aktar-uz-zaman
School of Computer ScienceUniversity of Windsor
ON, Canada
04/18/23 WS Privacy 2
Outline Introduction Motivation Goal Related works Our observations Our modified method Strength and weakness Conclusion and future works Acknowledgment References
04/18/23 WS Privacy 3
Introduction Web Services
According to “web services are self-contained, modular applications that can be described, published, located, and invoked over a network, generally, the World Wide Web.”
Extended definition… Web services can evolve or be adapted to other
platforms Emerging WS can employ
XML (eXtensible Markup Language) WSDL (Web Service Definition Language) SOAP (Simple Object Access Protocol) UDDI (Universal Description, Discovery, and
Integration) Web browsers interacting with web servers
04/18/23 WS Privacy 4
Motivation WS targets
Consumers
WS applications Banking Shopping Learning Healthcare Government online
WS requires consumer’s personal information
Here concerns privacy
04/18/23 WS Privacy 5
Goal Protection of personal information
Ability to Analyze privacy risks Measure privacy protection Develop Privacy policy compliant System (PPCS)
Improved architecture of PPCS
04/18/23 WS Privacy 6
Related works1. Privacy and web services
2. WS privacy risk analysis
3. WS privacy protection measurement
4. Privacy policy compliant WS
04/18/23 WS Privacy 7
Related works (cont’d) Privacy and web services
• Privacy - ability of individuals to control the collection, use, retention, and distribution of information about themselves.
• privacy policy - a statement that expresses the user’s desired control over a web service’s collection, use, retention, and distribution of information about the user.
• privacy risk - potential occurrence of any action or circumstance that will result in a violation of a user’s privacy policy.
04/18/23 WS Privacy 8
Related works(cont’d) Example of user/provider privacy policies (Online pharmacy)
Policy Use: PharmacyOwner: Alice BuyerValid: unlimited
Privacy Use: PharmacyOwner: A-Z Drugs Inc.Valid: unlimited
Collector: A-Z Drugs Inc.What: name, address, telPurposes: identificationRetention Time: unlimitedDisclose-To: none
Collector: A-Z Drugs Inc.What: drug namePurposes: purchaseRetention Time: 2 yearsDisclose-To: none
Collector: Drugs Dept.What: name, address, telPurposes: identificationRetention Time: 1 yearDisclose-To: none
Collector: Drugs Dept.What: drug namePurposes: saleRetention Time: 1 yearDisclose-To: none
Figure 1. Example user (left) and provider (right)
04/18/23 WS Privacy 9
Related works (cont’d) Web service privacy risk analysis
1. Web service personal information model (WSPIM)
Need of user’s personal information
Exchange of privacy policy
Obtain user’s personal information
Comply with the user’s privacy policy
Make use of the information
04/18/23 WS Privacy 10
Related works (cont’d)2. Method for privacy risk analysis
Determine all the possible locations
Find out the way of violating privacy policy
04/18/23 WS Privacy 11
Related works (cont’d) Determine all the possible locations
Example of Personal Information Map (Book seller web service)
Figure 2. PIM for a book seller web service
04/18/23 WS Privacy 12
Related works (cont’d) Find out the ways of violating privacy policy
Field Risk Questions
Collector How can the PII be received by an unintended collector either in addition to or in place of the intended collector?
What How can the user be asked for other PII, either intentionally or inadvertently?
Purpose How can the PII be used for other purposes?
Retention time How can the PII retention time be violated?
Disclose-to How can the PII be disclosed either intentionally or inadvertently to an unintended recipient?
Table 1. Risk questions
04/18/23 WS Privacy 13
Related works (cont’d)
Table 2. Partial Privacy Risks Table corresponding to Figure 2
(PIIs / locations) Privacy Risks
(1,2,3 / path into A); (2 / path into D); ( 3/ path into E)
Man-in-the-middle attack violates collector, purposes, and disclose to; for path into A, user could be asked for personal information that violates what
(1, 2, 3 / A, B); (1 /C); (2 / D); (3 / E)
Trojan horse, hacker, or SQL attack (for B) violates collector,purposes, and disclose-to; for B, information could be kept past retention time
Figure 2. PIM for a book seller web service
Privacy risk table
04/18/23 WS Privacy 14
Related works (cont’d) WS privacy protection measurement
Privacy violations
Internal Violations (IV)
External Violations (EV)
04/18/23 WS Privacy 15
Related works (cont’d)Now lets define the measures
Let M denote the measure of how well a service provider protects consumer privacy.
It will have 2 components
mi to account for the provisions used against IV
me, to account for the provisions used against EV.
So M as a matrix can be expressed as M = (mi, me)
04/18/23 WS Privacy 16
Related works (cont’d) Then for a service provider that has implemented combination
k, of provisions to lessen IV mi = pk , 0 <= pk <= 1
For EV, we carry out a threat analysis, and we identify
No of security weaknesses – n
No of weaknesses that have countermeasures in place – q, thenme = q/n , if n> 0, so that 0 <= me <= 1
= 1, if n=0
04/18/23 WS Privacy 17
Related works (cont’d) On a scale of 1 to 10,
M10 = (10.pk , 10.q/n), if n>0
= (10.pk , 10), if n=0
The minimum acceptable thresholds ti and te are set for 10.mi and 10.me
Figure 2. service provider’s provisions for IV and EV
04/18/23 WS Privacy 18
Related works (cont’d) Calculation of the measures
1. Calculation of mi
2. The below table gives examples of internal violations provision combinations
Table 3. Example IV provision combinations
04/18/23 WS Privacy 19
Related works (cont’d) Calculation of me
1. Identify threats on the user’s data.2. Create attack trees for the system.3. Apply weights to the leaves 4. Prune the tree so that only exploitable leaves remain. Count the
number of such leaves or vulnerabilities.5. Count the countermeasures are in place for the vulnerabilities.
After performing the above steps, both q and n are available for calculating me
04/18/23 WS Privacy 20
Related works (cont’d) Privacy policy compliant WS (PPCS)
The Privacy Policy Compliance System for WS which will provide consumer with a promising approach to measure of control over his/her private information through the use of a PPCS (Private Policy Compliance system).
The policies of consumer and provider should match
04/18/23 WS Privacy 21
Related works(cont’d) Privacy Legislation
1. Accountability2. Identify purpose3. Consent 4. Limiting collection 5. Limiting use, disclosure and retention6. Accuracy7. Safeguard8. Openness9. Individual Access10. Challenging compliance
Note: Those are also the requirements for PPCS
04/18/23 WS Privacy 22
Related works (cont’d) An Architecture of PPCS
Figure 3. Privacy policy compliance system architecture
04/18/23 WS Privacy 23
Our observations1. Privacy policy proposed by the author is not complete which
leads to incomplete set of risks questions giving the consumer less confidence to do the transaction.
2. There are no provisions for consumers to set up the measuring standards.
3. Following points need to be considered to build for more effective PPCS for WS:
1. Damaged protection2. Children protection3. Right to transfer4. Right to opt in /opt out5. Lack of scalability6. Lack of knowledge7. Data tempering8. Cost
04/18/23 WS Privacy 24
Our modified method Web service risk analysis – extended method
New fields we have found for privacy policy
Safeguard: Security safeguards by the provider appropriate to the sensitivity of the information.
Individual access: Access by the individual to his/her personal information.
Challenging compliance: Ability of individuals to address a challenge.
Certificate Authority Access: Certificate Authorities to offer consumers a compliance verification service.
04/18/23 WS Privacy 25
Our modified method (cont’d) Online pharmacy example with new fields
Policy Use: PharmacyOwner: Alice BuyerValid: unlimited
Privacy Use: PharmacyOwner: A-Z Drugs Inc.Valid: unlimited
Collector: A-Z Drugs Inc.What: name, address, telPurposes: identificationRetention Time: unlimitedDisclose-To: noneSafeguards: YesIndividual access: YesChallenging compliance: YesCertificate Authority: SB Inc.
Collector: A-Z Drugs Inc.What: drug namePurposes: purchaseRetention Time: 2 yearsDisclose-To: noneSafeguards: YesIndividual access: YesChallenging compliance: YesCertificate Authority: SB Inc.
Collector: Drugs Dept.What: name, address, telPurposes: identificationRetention Time: 1 yearDisclose-To: noneSafeguards: YesIndividual access: YesChallenging compliance: YesCertificate Authority: SB Inc
Collector: Drugs Dept.What: drug namePurposes: saleRetention Time: 1 yearDisclose-To: none Safeguards: YesIndividual access: YesChallenging compliance: YesCertificate Authority: SB Inc
Figure 4. Modified example user (left) and provider (right) privacy policies
04/18/23 WS Privacy 26
Our modified method (cont’d) Extended Risk questions
Field Risk Questions
... …
Safeguards How can the security safeguard appropriate for PII be affected?
Individual access
How can the personal information by inappropriate individual be accessed?
Challenging compliance
How can the compliance regarding Privacy principles associated with PII be changed intentionally or unintentionally?
Certificate authority
How can the secured logs passed by the certificate authority to customer be accessed by unintended recipient in addition to the intended customer?
Table 5. Extended Risk questions
04/18/23 WS Privacy 27
Our modified method (cont’d) Privacy measurement – customization of
standards
Instead of the standard bodies recommending the percentage rating of the effectiveness of the provisions, the user and the provider determine the provisions that could be used to measure the security of the privacy of the web services.
In this way the user and the provider can decide on some secure ways of transmission, by getting the measures and later on come with a PPCS system which satisfies all of the user’s requirements.
04/18/23 WS Privacy 28
Our modified method (cont’d) Privacy Policy Compliance System (PPCS) – with
compliance verification
Web Interface Privacy Controller
Private Data import/export
Database Controller
Customer Informatin
Consumer Information
Log File
•Service Process
From/To Other PPCS
ppcs
•Certificate Authority
•CA Interface
Fig 5: Modified PPCS Architecture
04/18/23 WS Privacy 29
Weakness and Strengths Strength
Consumer will now have the full confidence to do a transaction with the service provider.
Privacy measurement standards can be customized to make transactions more secured.
The consumer who does not bother or doesn’t know how to check log file to verify the compliancy, they can easily do so by Certified Authority
Weakness PPCS for web service is semi automated, in some cases we need
to
notify respected officers for the non compliance matters, which are not automated.
Cost of PPCS can not be controlled because it depends on the combination of hardware, software and storage.
04/18/23 WS Privacy 30
Conclusion and Future Works Observed steps
Understanding how to analyze the risks to privacy Understanding how to measure privacy protection and Understanding a privacy policy compliant web service.
Steps for our new PPCS system WS risk analysis with extended privacy policy WS privacy protection measurement with customized
standards PPCS with compliance verification
04/18/23 WS Privacy 31
Conclusion and Future Works (cont’d) Plans for future research include
Programming the graphical notation to be machine readable
Protecting the system from occurring damage due to shared personal information
Protecting children from getting affected by shared information by others
Improving the procedure for threat analysis by automating it and making it more foolproof
Investigating other possible methods of privacy protection effectiveness
04/18/23 WS Privacy 32
Acknowledgement We would like to thank our professor for his great support and
giving us the opportunity to learn privacy and security in internet
We would like to thank our audience for listening our presentation
04/18/23 WS Privacy 33
References[1] G. Yee, “Visual Analysis of Privacy Risks in Web Services”, Proceedings, 2007
IEEE International Conference on Web Services (ICWS 2007), July 9- 13, 2007, pp. 671-678.
[2] G. Yee, “Measuring Privacy Protection in Web Services”, Proceedings, 2006 IEEE International Conference on Web Services (ICWS 2006), Sept. , 2006, pp. 647-654.
[3] G. Yee, L. Korba, “Privacy policy compliance for Web services”, Proceedings, 2004 IEEE Intrnation-al Conference on Web Services (ICWS 2004), July, 2006, pp. 158-165.
[4] I. Goldberg, D. Wagner, and E. Brewer, “Privacy-Enhancing Technologies for the Internet”, IEEE COMPCON’97, 1997, pp. 103-109.
[5] Canadian Standards Association, “Model Code for the Protection of Personal Information”, retrieved Sept. 5, 2003 from: http://www.csa.ca/standards/privacy/code/Default.asp?articleID=5286&language=English