Beruflich Dokumente
Kultur Dokumente
There is no unique division among these topics, but the mechanisms of ensuring
data security, privacy and confidentiality are intertwined.
University of Ljubljana, Faculty of Electrical Engineering BIOMEDICAL INFORMATICS Electrical Engineering, level 2
Laboratory of Imaging Technologies Assoc. Prof. Tomaž Vrtovec, Ph.D. International course
4. Biomedical data security, privacy and confidentiality 3 / 29
DATA SECURITY
What is data security?
University of Ljubljana, Faculty of Electrical Engineering BIOMEDICAL INFORMATICS Electrical Engineering, level 2
Laboratory of Imaging Technologies Assoc. Prof. Tomaž Vrtovec, Ph.D. International course
4. Biomedical data security, privacy and confidentiality 4 / 29
DATA SECURITY
Data security mechanisms
University of Ljubljana, Faculty of Electrical Engineering BIOMEDICAL INFORMATICS Electrical Engineering, level 2
Laboratory of Imaging Technologies Assoc. Prof. Tomaž Vrtovec, Ph.D. International course
4. Biomedical data security, privacy and confidentiality 5 / 29
DATA SECURITY
Risk management
University of Ljubljana, Faculty of Electrical Engineering BIOMEDICAL INFORMATICS Electrical Engineering, level 2
Laboratory of Imaging Technologies Assoc. Prof. Tomaž Vrtovec, Ph.D. International course
4. Biomedical data security, privacy and confidentiality 6 / 29
DATA SECURITY
Risk management (2)
Risk assessment
Risk analysis
Risk evaluation
Risk treatment
Source: ISO 31000 – Risk Management: Principles and Guidelines, International Organization for Standardization, 2009
University of Ljubljana, Faculty of Electrical Engineering BIOMEDICAL INFORMATICS Electrical Engineering, level 2
Laboratory of Imaging Technologies Assoc. Prof. Tomaž Vrtovec, Ph.D. International course
4. Biomedical data security, privacy and confidentiality 7 / 29
DATA SECURITY
Access control
DATA SECURITY
Access control: authentication
DATA SECURITY
Access control: authentication (2)
Examples:
- fingerprint
- hand geometry
- face recognition
- iris scan
- speech recognition
Source: M. Stamp: Information Security – Principles and Practice. Wiley, 2006
University of Ljubljana, Faculty of Electrical Engineering BIOMEDICAL INFORMATICS Electrical Engineering, level 2
Laboratory of Imaging Technologies Assoc. Prof. Tomaž Vrtovec, Ph.D. International course
4. Biomedical data security, privacy and confidentiality 10 / 29
DATA SECURITY
Access control: authorization
Bruce r – x r – x r r – w r – w
Samuel r – w – x r – w – x r r – w r – w
Data writing r – x r – x r – w r – w r
process
r … read; w … write; x … execute
DATA SECURITY
Access control: authorization (2)
2
2
0 1
DATA SECURITY
Access control: authorization (3)
University of Ljubljana, Faculty of Electrical Engineering BIOMEDICAL INFORMATICS Electrical Engineering, level 2
Laboratory of Imaging Technologies Assoc. Prof. Tomaž Vrtovec, Ph.D. International course
4. Biomedical data security, privacy and confidentiality 13 / 29
DATA SECURITY
Data encryption
University of Ljubljana, Faculty of Electrical Engineering BIOMEDICAL INFORMATICS Electrical Engineering, level 2
Laboratory of Imaging Technologies Assoc. Prof. Tomaž Vrtovec, Ph.D. International course
4. Biomedical data security, privacy and confidentiality 14 / 29
DATA PRIVACY
What is data privacy?
Source: B.C.M. Fung et al.: Introduction to Privacy-Preserving Data Publishing: Concepts and Techniques. CRC, 2010
University of Ljubljana, Faculty of Electrical Engineering BIOMEDICAL INFORMATICS Electrical Engineering, level 2
Laboratory of Imaging Technologies Assoc. Prof. Tomaž Vrtovec, Ph.D. International course
4. Biomedical data security, privacy and confidentiality 15 / 29
DATA PRIVACY
Data structure
The data that is communicated between the data holder and user is composed of:
- explicit identifiers (EID) are attributes that explicitly identify the data holder
and are usually removed from private data
- quasi-identifiers (QID) are attributes that could potentially identify the data
holder or limit the selection to a relatively small number of data holders when
combined together
Source: B.C.M. Fung et al.: Introduction to Privacy-Preserving Data Publishing: Concepts and Techniques. CRC, 2010
University of Ljubljana, Faculty of Electrical Engineering BIOMEDICAL INFORMATICS Electrical Engineering, level 2
Laboratory of Imaging Technologies Assoc. Prof. Tomaž Vrtovec, Ph.D. International course
4. Biomedical data security, privacy and confidentiality 16 / 29
DATA PRIVACY
Attack models
Source: B.C.M. Fung et al.: Introduction to Privacy-Preserving Data Publishing: Concepts and Techniques. CRC, 2010
University of Ljubljana, Faculty of Electrical Engineering BIOMEDICAL INFORMATICS Electrical Engineering, level 2
Laboratory of Imaging Technologies Assoc. Prof. Tomaž Vrtovec, Ph.D. International course
4. Biomedical data security, privacy and confidentiality 17 / 29
DATA PRIVACY
Attack model: record linkage
Source: B.C.M. Fung et al.: Introduction to Privacy-Preserving Data Publishing: Concepts and Techniques. CRC, 2010
University of Ljubljana, Faculty of Electrical Engineering BIOMEDICAL INFORMATICS Electrical Engineering, level 2
Laboratory of Imaging Technologies Assoc. Prof. Tomaž Vrtovec, Ph.D. International course
4. Biomedical data security, privacy and confidentiality 18 / 29
DATA PRIVACY
Privacy model: k-anonymity
The privacy model k-anonymity is one of the models that prevent the record
linkage attacks.
A system is k-anonymous, each record is indistinguishable from at least k – 1
other records. If one record has therefore a specific attribute, then at least k – 1
other records also have the same attribute and the probability of linking to a data
holder is at most 1/k.
3-anonymous patient data 4-anonymous published data
Job Gender Age Disease Name Job Gender Age
Professional Male [35-40) Hepatitis Alice Artist Female [30-35)
Professional Male [35-40) Hepatitis Bob Professional Male [35-40)
Professional Male [35-40) Angina Cathy Artist Female [30-35)
Artist Female [30-35) Flu Doug Professional Male [35-40)
Artist Female [30-35) Angina Emily Artist Female [30-35)
Artist Female [30-35) Angina Fred Professional Male [35-40)
Artist Female [30-35) Angina Gladys Artist Female [30-35)
Henry Professional Male [35-40)
Irene Artist Female [30-35)
Source: B.C.M. Fung et al.: Introduction to Privacy-Preserving Data Publishing: Concepts and Techniques. CRC, 2010
University of Ljubljana, Faculty of Electrical Engineering BIOMEDICAL INFORMATICS Electrical Engineering, level 2
Laboratory of Imaging Technologies Assoc. Prof. Tomaž Vrtovec, Ph.D. International course
4. Biomedical data security, privacy and confidentiality 19 / 29
DATA PRIVACY
Attack model: attribute linkage
In the attack of “attribute linkage” the adversary may not precisely identify
the target record, but could infer sensitive information from the published data
based on the set of attributes associated to the group that the data holder
belongs to.
Source: B.C.M. Fung et al.: Introduction to Privacy-Preserving Data Publishing: Concepts and Techniques. CRC, 2010
University of Ljubljana, Faculty of Electrical Engineering BIOMEDICAL INFORMATICS Electrical Engineering, level 2
Laboratory of Imaging Technologies Assoc. Prof. Tomaž Vrtovec, Ph.D. International course
4. Biomedical data security, privacy and confidentiality 20 / 29
DATA PRIVACY
Privacy model: l-diversity
The privacy model l-diversity is one of the models that prevent the attribute
linkage attacks.
A system is l-diverse when each group of records contains at least l different
values. The data table is entropy l-diverse if for every group holds:
− 𝑝 𝐺, 𝑠 𝑙𝑜𝑔 𝑝 𝐺, 𝑠 ≥ 𝑙𝑜𝑔 𝑙 ,
𝑠∈𝑆
DATA PRIVACY
Attack model: table linkage
In the attack of “table linkage” the adversary may, with a high confidence,
infer the presence or the absence of a selected record in the published data,
and consequently infer about the presence or the absence of the selected
record in the private data.
Source: B.C.M. Fung et al.: Introduction to Privacy-Preserving Data Publishing: Concepts and Techniques. CRC, 2010
University of Ljubljana, Faculty of Electrical Engineering BIOMEDICAL INFORMATICS Electrical Engineering, level 2
Laboratory of Imaging Technologies Assoc. Prof. Tomaž Vrtovec, Ph.D. International course
4. Biomedical data security, privacy and confidentiality 22 / 29
DATA PRIVACY
Privacy model: δ-presence
The privacy model δ-presence is one of the models that prevent the table
linkage attacks.
A system is δ-present when the probability of inferring the presence of any
record in the published data is bound within a specified range δ = (δmin, δmax):
𝛿min ≤ 𝑝 𝑠 ∈ 𝑆 ≤ 𝛿max ,
Source: B.C.M. Fung et al.: Introduction to Privacy-Preserving Data Publishing: Concepts and Techniques. CRC, 2010
University of Ljubljana, Faculty of Electrical Engineering BIOMEDICAL INFORMATICS Electrical Engineering, level 2
Laboratory of Imaging Technologies Assoc. Prof. Tomaž Vrtovec, Ph.D. International course
4. Biomedical data security, privacy and confidentiality 23 / 29
DATA PRIVACY
Attack model: probabilistic linkage
Source: B.C.M. Fung et al.: Introduction to Privacy-Preserving Data Publishing: Concepts and Techniques. CRC, 2010
University of Ljubljana, Faculty of Electrical Engineering BIOMEDICAL INFORMATICS Electrical Engineering, level 2
Laboratory of Imaging Technologies Assoc. Prof. Tomaž Vrtovec, Ph.D. International course
4. Biomedical data security, privacy and confidentiality 24 / 29
DATA PRIVACY
Privacy model: ε-differential privacy
The privacy model ε-differential privacy is one of the models that prevent the
probabilistic linkage attacks.
A system is ε-differential when the addition or removal of a single record in the
published data does not significantly affect or increases the risk of disclosing the
data:
𝑝 𝐹 𝑇1 = 𝑠
𝑙𝑛 ≤ 𝜀 ; ∀𝑠 ∈ 𝑆 ,
𝑝 𝐹 𝑇2 = 𝑠
The data holder can, with ε-certainty, assume that the decision of
publishing the selected record will not result in a disclosure of
sensitive data in comparison to the decision of not publishing the
record.
University of Ljubljana, Faculty of Electrical Engineering BIOMEDICAL INFORMATICS Electrical Engineering, level 2
Laboratory of Imaging Technologies Assoc. Prof. Tomaž Vrtovec, Ph.D. International course
4. Biomedical data security, privacy and confidentiality 25 / 29
DATA CONFIDENTIALITY
What is data confidentiality?
University of Ljubljana, Faculty of Electrical Engineering BIOMEDICAL INFORMATICS Electrical Engineering, level 2
Laboratory of Imaging Technologies Assoc. Prof. Tomaž Vrtovec, Ph.D. International course
4. Biomedical data security, privacy and confidentiality 26 / 29
DATA CONFIDENTIALITY
The Hippocratic oath and the Declaration of Geneva
CONCLUSION
Literature
University of Ljubljana, Faculty of Electrical Engineering BIOMEDICAL INFORMATICS Electrical Engineering, level 2
Laboratory of Imaging Technologies Assoc. Prof. Tomaž Vrtovec, Ph.D. International course
4. Biomedical data security, privacy and confidentiality 28 / 29
CONCLUSION
Enabling security, privacy, confidentiality…
University of Ljubljana, Faculty of Electrical Engineering BIOMEDICAL INFORMATICS Electrical Engineering, level 2
Laboratory of Imaging Technologies Assoc. Prof. Tomaž Vrtovec, Ph.D. International course
4. Biomedical data security, privacy and confidentiality 29 / 29
CONCLUSION
Discussion, comments, questions…
University of Ljubljana, Faculty of Electrical Engineering BIOMEDICAL INFORMATICS Electrical Engineering, level 2
Laboratory of Imaging Technologies Assoc. Prof. Tomaž Vrtovec, Ph.D. International course