• No results found

Compliant Sharing of Sensitive Data with Dataverse and Lohpi

N/A
N/A
Info
Nedlasting
Protected

Academic year: 2022

Share "Compliant Sharing of Sensitive Data with Dataverse and Lohpi"

Copied!
23
0
0

Laster.... (Se fulltekst nå)

Last ned nå ( 23 sider )

Fulltekst

(1)

Compliant Sharing of Sensitive Data with Dataverse and Lohpi

Aakash Sharma, Thomas Bye Nilsen, Håvard D. Johansen

UiT The Arctic University of Norway

(2)

Dag Johansen

Håvard D.

Johansen Thomas

Bye Nilsen

Aakash Sharma

Team

Lohpi logo designed by Katja Pauline Czerwinska

(3)

Sharing data is the norm

• 147,000 Datasets

• 38.2 Million downloads

• Social Sciences 30,300 (21%)

• Medicine, Health and Life Sciences 7,420 (5.1%)

https://dataverse.org/metrics

(4)

Sensitive datasets cannot be public

• Trust issues [Bongartz et al. 2017]

• Easy to identify individuals [Salerno et al.

2017, Goodman and Meslin 2014]

• Consent revocations (GDPR, GPDPR)

(5)

Projects are not static

https://rekportalen.no

New

researchers

New threats

New laws

(6)

Opinions change

Sharma, Aakash, et al. "Privacy Perceptions and Concerns in Image-Based Dietary Assessment Systems: Questionnaire-Based Study."

JMIR Human Factors 7.4 (2020): e19085.

Allergies Religion Nationality Financial Status Health Status Identity

% of Responses

0 % 25 % 50 % 75 % 100 %

50 % 36 % 43 %

13 % 17 % 23 %

30 %

36 % 26 %

31 % 30 % 29 %

20 % 28 %

31 %

55 % 53 % 49 %

Not Concerned Somewhat Concerned Very Concerned

(7)

Proposal Approval Collection Analysis Dissemination

A project’s lifecycle

(8)

Proposal Approval Collection Analysis Dissemination

We need system support for dynamic security policies

A project’s lifecycle is non-

trivial

(9)

Sensitive data leads to silos

Tension between

• Open research (Dataverse)

‣ Decentralized research model

‣ Operate on institutional infrastructure

• Privacy risks

‣ Projects operate in silos

‣ Shared computational infrastructure (trusted by all parties, TSD)

https://www.uio.no/english/services/it/research/sensitive-data/

(10)

A distributed metadata layer that enables compliant data sharing.

A dataset’s security policy can be updated in near real-

time.  

Compliant sharing with

Lohpi

(11)

Lohpi workflow

‣ Integrates with existing

authentication services

(12)

Lohpi workflow

‣ Integrates with existing authentication services

‣ Public list of available

datasets (discovery)

(13)

Lohpi workflow

‣ Integrates with existing authentication services

‣ Public list of available datasets (discovery)

‣ Seamless data checkouts

(14)

Lohpi workflow

‣ Integrates with existing authentication services

‣ Public list of available datasets (discovery)

‣ Seamless data checkouts

‣ Up-to-date data security

policies

(15)

Lohpi architecture

Data Storage Network

Sharma, Aakash, et al. "Up-to-the-minute Privacy Policies via gossips in Participatory Epidemiological Studies." Frontiers in big Data 4 (2021).

(16)

Secure dissemination with gossips

Jenkins, Kate, Ken Hopkinson, and Ken Birman. "A gossip protocol for subgroup multicast." Proceedings 21st International Conference on Distributed Computing Systems Workshops. IEEE, 2001.

Johansen, H. D., Renesse, R. V., Vigfusson, Y., & Johansen, D. (2015). Fireflies: A secure and scalable membership and gossip service. ACM Transactions on Computer Systems (TOCS), 33(2), 1-32.

(17)

Remove bottleneck

(18)

Scalability

(19)

What’s in a gossip?

Info

Index

Updates

MessageID ad528370

Signature Algorithm SHA-256 ECDSA

Signature 71 bytes: 30 45 02 20 7E 3C 48 DA B9 A5 B0 2F 5A 31 EC C4 25 6B 04 …

Index version 1.0

Policy ID#1 (0f5fbb8f, 2.23) Policy ID#2 (c5bdaf2f, 2.5) Policy ID#3 (bd9a29dd, 1.3) Policy (0f5fbb8f,

{

Location code: EU-NO,

Authority: REK-NOR-8392, Intents: research-only…

})…

(20)

Ongoing work

• Low-code policy language

• Compliance (formal proofs)

• Policy enforcement (Intel SGX, FUSE)

• Cloud-based service for clients

• Host sensitive datasets (Sports, Fisheries Crime)

(21)

Conclusion

Lohpi

• A distributed infrastructure to support compliant data sharing and analytics.

• Scalable across multiple ethics committees.

• Cloud-based or local infrastructure.

(22)

References

1. Bongartz, H., Rübsamen, N., Raupach-Rosin, H., Akmatov, M. K., & Mikolajczyk, R. T. (2017). Why do people participate in health-related studies?. International journal of public health, 62(9), 1059-1062.

2. Salerno, Jennifer, et al. "Ethics, big data and computing in epidemiology and public health." Annals of Epidemiology 27.5 (2017): 297-301.

3. Goodman, Kenneth W., and Eric M. Meslin. "Ethics, information technology, and public health: duties and challenges in computational epidemiology." Public Health Informatics and Information Systems.

Springer, London, 2014. 191-209.

4. Sharma, Aakash, et al. "Privacy Perceptions and Concerns in Image-Based Dietary Assessment Systems: Questionnaire-Based Study." JMIR Human Factors 7.4 (2020): e19085.

5. Jenkins, Kate, Ken Hopkinson, and Ken Birman. "A gossip protocol for subgroup multicast."

Proceedings 21st International Conference on Distributed Computing Systems Workshops. IEEE, 2001.

6. Johansen, Håvard D., et al. "Fireflies: A secure and scalable membership and gossip service." ACM Transactions on Computer Systems (TOCS) 33.2 (2015): 1-32.

7. Sharma, Aakash, et al. "Up-to-the-minute Privacy Policies via gossips in Participatory Epidemiological Studies." Frontiers in big Data 4 (2021).

(23)

Dag Johansen

Håvard D.

Johansen Thomas

Bye Nilsen

Aakash Sharma

Team

Lohpi logo designed by Katja Pauline Czerwinska

thomas.bye.nilsen

@uit.no

aakash.sharma

@uit.no

dag.johansen

@uit.no

havard.johansen

@uit.no

Referanser

Last ned nå ( PDF - 23 sider - 2.96 MB )

RELATERTE DOKUMENTER

Big data and data sharing in the AEC: Stakeholder priorities, opportunities, and perceived barriers

T his report aims to present the results of a research project carried out with different stakeholders in the Norwegian real estate market, investigating the potential of using

Big Data in Shipping - Challenges and Opportunities

Sensors and data acquisition systems collect large quantities of ship performance and operational data.. Some systems, in particular bridge and performance monitoring can be

20-34

Hvis kvali- teten blir holdt nrinst på dette nivå skulle elet ikke være andre Ønskemål i forh~ndelse med norsk ferskfiskeksport enn at den uhåndterlige helkasse

09-01351

Figure 4.1b) shows the relative noise in the restored scene pixels when the keystone in the recorded data is 1 pixel. The noise at the beginning and at the end of the restored

20-00480

The resulting flow of data goes as follows: the AIS stream from the Coastal Administration is plugged into Kafka using NiFi to split it into a real-time stream and a persisted

05-02600

Figure 8.11 SRTM X-band HEM values plotted for land surface terrain (i.e. excluding void data over water bodies) from the Bykle test site in Norway.. Original histogram plotted

CM_2004_ACE_05.pdf (628.8Kb)

"In concert with the policies of IODE, IGOSS (now JCOMM) and GCOS, and following the data management plan for the World Weather Watch of the WMO, commitment is required by GOOS

Annex (791.8Kb)

"With respect to Atlantic salmon in the NASCO area, pro vide a compilation of microtag, finclip and extemal tag releases by ICES Member Countries in 1998".. Data were