New tool to audit the use of private data
A prototype will soon be available for a new method to audit the use of private data which has been developed by ECS computer scientists.
Recent and recurrent leaks of highly confidential information prompted Professor Luc Moreau and Rocio Aldeco-Perez of the School of Electronics and Computer Science to take a concept which is more commonly used in the art world and derive a tool that operates on private data.
In a paper entitled 'Provenance-based Auditing of Private Data Use' just published in the 'BCS International Academic Research Conference - Visions of Computer Science', the academics describe how a tool called Provenance can be applied to personal and confidential information. This enables an audit trail which can be analysed to see where the information has come from, how it is being used, and how it can be made secure.
As part of their research, the academics developed a case study based on private data in a university and the requirements of the Data Protection Act.
'Provenance is a term which comes from diverse areas such as art, archaeology and palaeontology, and describes the history of an object since its creation,' said Professor Moreau. 'Its main focus is to establish that the object has not been forged or altered, and we have found that we can now do the same audit with private data.'
According to Professor Moreau, who extended the concept of Provenance to service-oriented architectures when he embarked on the EU Provenance Project in 2005, the auditing capabilities of this tool will make it possible to redesign systems so that they incorporate secure auditing strategies and are therefore more robust and trusted.
'At the moment when data is leaked, there is no systematic way to analyse the scenario,' said Professor Moreau. 'We are now working towards the first prototype capable of auditing this data.'
Posted by Joyce Lewis on 05 Dec 2008.