Team for Research in
Ubiquitous Secure Technology

Managing Information Leakage
Steven Whang

Citation
Steven Whang. "Managing Information Leakage". Talk or presentation, 11, November, 2010.

Abstract
We explore the problem of managing information leakage by connecting two hitherto disconnected topics: entity resolution (ER) and data privacy (DP). As more of our sensitive data gets exposed to a variety of merchants, health care providers, employers, social sites and so on, there is a higher chance that an adversary can “connect the dots” and piece together our information, leading to even more loss of privacy. For instance, suppose that Alice has a social networking profile with her name and photo and a web homepage containing her name and address. An adversary Eve may be able to link the profile and homepage to connect the photo and address of Alice and thus glean more personal information. The better Eve is at linking the information, the more vulnerable is Alice's privacy. Thus in order to gain DP, one must try to prevent important bits of information being resolved by ER. In this paper, we formalize information leakage and list several challenges both in ER and DP. We also propose using disinformation as a tool for containing information leakage.

Electronic downloads

Citation formats  
  • HTML
    Steven Whang. <a
    href="http://www.truststc.org/pubs/769.html"
    ><i>Managing Information
    Leakage</i></a>, Talk or presentation,  11,
    November, 2010.
  • Plain text
    Steven Whang. "Managing Information Leakage". Talk
    or presentation,  11, November, 2010.
  • BibTeX
    @presentation{Whang10_ManagingInformationLeakage,
        author = {Steven Whang},
        title = {Managing Information Leakage},
        day = {11},
        month = {November},
        year = {2010},
        abstract = {We explore the problem of managing information
                  leakage by connecting two hitherto disconnected
                  topics: entity resolution (ER) and data privacy
                  (DP). As more of our sensitive data gets exposed
                  to a variety of merchants, health care providers,
                  employers, social sites and so on, there is a
                  higher chance that an adversary can âconnect the
                  dotsâ and piece together our information,
                  leading to even more loss of privacy. For
                  instance, suppose that Alice has a social
                  networking profile with her name and photo and a
                  web homepage containing her name and address. An
                  adversary Eve may be able to link the profile and
                  homepage to connect the photo and address of Alice
                  and thus glean more personal information. The
                  better Eve is at linking the information, the more
                  vulnerable is Alice's privacy. Thus in order to
                  gain DP, one must try to prevent important bits of
                  information being resolved by ER. In this paper,
                  we formalize information leakage and list several
                  challenges both in ER and DP. We also propose
                  using disinformation as a tool for containing
                  information leakage.},
        URL = {http://www.truststc.org/pubs/769.html}
    }
    

Posted by Larry Rohrbough on 7 Dec 2010.
Groups: trust
For additional information, see the Publications FAQ or contact webmaster at www truststc org.

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.