NotesFAQContact Us
Collection
Advanced
Search Tips
ERIC Number: ED556168
Record Type: Non-Journal
Publication Date: 2010
Pages: 148
Abstractor: As Provided
Reference Count: N/A
ISBN: 978-1-3035-4620-4
ISSN: N/A
Secure and Privacy-Preserving Distributed Information Brokering
Li, Fengjun
ProQuest LLC, Ph.D. Dissertation, The Pennsylvania State University
As enormous structured, semi-structured and unstructured data are collected and archived by organizations in many realms ranging from business to health networks to government agencies, the needs for efficient yet secure inter-organization information sharing naturally arise. Unlike early information sharing approaches that only involve a small number of databases, new information sharing applications are often assumed to be built atop a large volume of geographically distributed databases. Moreover, with increasing concerns on protecting the sensitive and/or proprietary data, the organizations prefer sharing data in a more secure and privacy-preserving manner, instead of establishing a purely full trust relationship and releasing the control over the shared data. In this dissertation, we explore new information sharing infrastructures to address the new challenges on "security," "privacy", and "scalability." We first explore access control deployment strategies in distributed information sharing and the impacts of different deployment strategies on system-wide performance and security. From our study, we are motivated to enforce in-network access control by combining query security checking function with query routing function in "Query Brokers." We introduce a new efficient yet secure distributed information brokering system (IBS) with in-network access control enforcement. It is a mediator-based overlay atop a number of loosely-federated databases, providing unified on-demand data access to authorized users. Then, we turn our focus to privacy protection. We analyze the privacy of different stakeholders in this on-demand data access process, and present two types of privacy attacks. In distributed IBS, "Query Broker" with information-rich metadata becomes the most vulnerable target of privacy attacks. To protect "Query Brokers" from being abused by insiders or comprised by outside attackers, a fundamental solution is to equip each "Query Broker" with only least yet necessary metadata so that any leakage will not cause meaningful privacy disclosure. We propose a new privacy-preserving information brokering infrastructure, with a core idea of "automaton segmentation." Original "Query Broker," which is a non-deterministic finite automaton, is split into multiple segments so that compromising one or a small number of segments will not cause severe privacy loss. Another important type of privacy that needs to be protected is the identity of the users who ask the query. While common privacy enhancing techniques such as encryption can partially solve the problem, we still need more powerful tools for better protection. In this second part of this dissertation, we study the anonymous communication systems, and propose a new node-failure-resilient protocol that better suits the distributed IBS scenario. [The dissertation citations contained here are published with the permission of ProQuest LLC. Further reproduction is prohibited without permission. Copies of dissertations may be obtained by Telephone (800) 1-800-521-0600. Web page: http://www.proquest.com/en-US/products/dissertations/individuals.shtml.]
ProQuest LLC. 789 East Eisenhower Parkway, P.O. Box 1346, Ann Arbor, MI 48106. Tel: 800-521-0600; Web site: http://www.proquest.com/en-US/products/dissertations/individuals.shtml
Publication Type: Dissertations/Theses - Doctoral Dissertations
Education Level: N/A
Audience: N/A
Language: English
Sponsor: N/A
Authoring Institution: N/A