Information about individuals and organizations is increasingly collected in massive databases, sent over public networks and shared across organizational boundaries. This presents serious threats to privacy: even if individual pieces of data are cryptographically protected, sensitive information may still leak out due to mismatches between privacy policies of different components. This project aims to develop tools and techniques for protecting privacy of sensitive data, focusing on three main research thrusts. The first thrust is protection of public databases containing individual information such as medical records, transactions, and preferences. This includes design of provably secure methods for enforcing access policies directly in published data, development of analysis tools for finding privacy vulnerabilities, and evaluation on real-world data. The second thrust is design and implementation of formal methods for checking privacy policy compliance in order to ensure that data processing applications do not violate the stated privacy policies of the enteprise. The third thrust is development of new methods for analyzing privacy-preserving communication networks. Protecting data privacy is important not only for individuals, but also for businesses and organizations that deal with individual data. New technologies developed as part of this project will help detect potential privacy violations and enforce privacy policies. They will enable applications dealing with sensitive personal and organizational data to be executed in open computing environments and support many socially important tasks such as multi-institution medical trials that do not violate patients' privacy and collaborative analysis of Internet security threats.
CAREER: Protecting Privacy in Untrusted Environments