Now Available:

line

Featured Resources:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Rebecca.

« How Encryption Supports Compliance | Main | How Often are National Security Letters Really Used? »

Penn State Creates the Privacy-preserving Access Control Toolkit (PACT) That Utilizes Encryption For Database Access Control

An interesting but short story was just published by the Malaysia Sun, and some other worldwide publications, "Penn State develops security software."  My interest piqued, I looked on the Penn State site, and yes, there was more information released about it there today.

"University Park, Pa. -- Penn State researchers have developed software that allows databases to "talk to each other" automatically without compromising the security of the data and metadata because the queries, data communicated and other information are encrypted.  The Privacy-preserving Access Control Toolkit (PACT) acts like a filter but is resilient to eavesdropping or other attacks because of the encryption.  "The software automatically regulates access to data, so some information can be exchanged while other data remains confidential and private," said Prasenjit Mitra, assistant professor of information sciences and technology and member of the research team that developed the software. "Often when we implement security, we decide not to give access to data. This tool preserves security while allowing permitted access."

Organizations like government agencies, non-profits and corporations frequently need to access data belonging to other organizations. But sharing data is difficult because databases are typically constructed using different terms or vocabularies.  Consequently, in order to share data, organizations have to develop special-purpose applications. But organizations also need to protect sources, intellectual property and competitive advantages, so the applications must address security.  In addition to being time consuming to develop, such applications are expensive as they have limited use.  Unlike those special-purpose applications, PACT is more generic. That means it can be applied to a wide range of scenarios, Mitra said. It addresses security concerns through encryption and access control.

PACT is described in a paper, "Privacy-preserving Semantic Interoperation and Access Control of Heterogeneous Databases," given at ACM's recent Symposium on Information, Communication and Computer Security in Taiwan. The authors include Mitra, a faculty member in the Penn State College of Information Sciences and Technology (IST); Chi-Chun Pan, a graduate student in Penn State's industrial and manufacturing engineering department; Peng Liu, assistant professor, Penn State's IST; and Vijay Atluri, associate professor, Rutgers University.

According to the researchers, PACT is the first software to provide a framework that protects metadata while enabling "semantic interoperation" or sharing of information. Additionally, results from the researchers' experiments demonstrate that PACT can easily be extended to large database systems in practical applications, Mitra said.  Future research involving PACT will focus on performance enhancements for query processing and development of a new rule language for improving interoperability, Mitra said.""

Wow...sounds interesting and very promising! 

So...now...to find the paper... 

Yes!  Here it is, ""Privacy-preserving Semantic Interoperation and Access Control of Heterogeneous Databases."  Quite interesting indeed!

Technorati Tags





 Email This!  Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold on May 1, 2006 9:46 PM |

TrackBack

TrackBack URL for this entry:
http://www.realtime-itcompliance.com/type/mt-tb.cgi/73

Listed below are links to weblogs that reference Penn State Creates the Privacy-preserving Access Control Toolkit (PACT) That Utilizes Encryption For Database Access Control:

» Google fears IE7 (and teddy shotgun wedding) from Computerworld Blogs
Ay carumba! It's IT Blogwatch, in which Google worries about Microsoft's browser dominance. Not to mention a wedding gun that fires a parachuting teddy instead of confetti or rice... [Read More]

Tracked on May 3, 2006 8:09 AM

Post a comment

(All comments are approved by site leader before appearing here. Thanks for commenting!)

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Rebecca Herold's Bio:

Rebecca Herold,CISSP, CIPP, CISM, CISA, FLMI, has been providing information security, privacy and regulatory assistance and services to organizations from a wide range of industries for over 18 years. Rebecca was instrumental in building the information security and privacy program while at Principal Financial Group, which was awarded the CSI Information Security Program of the Year Award in 1998. IT Security ranked Rebecca as one of the top 59 IT security influencers, and Computerworld put Rebecca their list of the 25 top privacy experts and on their list of the 9 best privacy consulting firms. Rebecca has been CPO for two consulting organizations, and has had her own information privacy, security and compliance business since 2004. Rebecca has written chapters for several books, dozens of articles, and has been writing a monthly privacy column for the CSI Alert newsletter since the beginning of 2001, and is working on her 11th book. Some of her other books include The Privacy Papers, Managing an Information Security and Privacy Awareness and Training Program, The Definitive Guide to Security Inside the Perimeter (Realtime Publishers), The Shortcut Guide to Improving IT Service Support through ITIL (Realtime Publishers), and The Practical Guide to HIPAA Privacy and Security Compliance. In addition, Rebecca is the leader of The Realtime IT Compliance Community where she posts to her IT Compliance weblog. You can contact Rebecca at: rebecca_herold@realtimepublishers.net.