New software protects confidentiality of data while enabling access and sharing
Penn State researchers have developed software that allows databases to "talk to each other" automatically without compromising the security of the data and metadata because the queries, data communicated and other information are encrypted.
The Privacy-preserving Access Control Toolkit (PACT) acts like a filter but is resilient to eavesdropping or other attacks because of the encryption.
"The software automatically regulates access to data, so some information can be exchanged while other data remains confidential and private," said Prasenjit Mitra, assistant professor of information sciences and technology and member of the research team that developed the software. "Often when we implement security, we decide not to give access to data. This tool preserves security while allowing permitted access."
Organizations like government agencies, non-profits and corporations frequently need to access data belonging to other organizations. But sharing data is difficult because databases are typically constructed using different terms or vocabularies.
Consequently, in order to share data, organizations have to develop special-purpose applications. But organizations also need to protect sources, intellectual property and competitive advantages, so the applications must address security.
In addition to being time consuming to develop, such applications are expensive as they have limited use.
Unlike those special-purpose applications, PACT is more generic. That means it can be applied to a wide range of scenarios, Mitra said. It addresses security concerns through encryption and access control.
PACT is described in a paper, "Privacy-preserving Semantic Interoperation and Access Control of Heterogeneous Databases," given at ACM's recent Symposium on Information, Communication and Computer Security in Taiwan. The authors include Mitra, a faculty member in the Penn State College of Information Sciences and Technology (IST); Chi-Chun Pan, a graduate student in Penn State's industrial and manufacturing engineering department; Peng Liu, assistant professor, Penn State's IST; and Vijay Atluri, associate professor, Rutgers University.
According to the researchers, PACT is the first software to provide a framework that protects metadata while enabling "semantic interoperation" or sharing of information. Additionally, results from the researchers' experiments demonstrate that PACT can easily be extended to large database systems in practical applications, Mitra said.
Future research involving PACT will focus on performance enhancements for query processing and development of a new rule language for improving interoperability, Mitra said.
Source: Penn State