Automated Privacy Policy Compliance
Omar Chowdhury, Purdue University
12:00pm Monday, 7 March 2016, ITE 325b
Privacy regulations often govern data sharing and data use practices of organizations that collect personally identifiable information from their clients. For instance, in the US, healthcare organizations must comply with the federally mandated Health Insurance Portability and Accountability Act (HIPAA). Monetary penalties for non-compliance are high. The current practice of manual auditing for privacy violation is error-prone, cumbersome, and it does not scale well. It is thus crucial for the research community to develop automated tools and techniques to aid organizations in checking privacy policy compliance.
Within this context, I will first present encryption schemes that enable an organization to outsource the storage of audit logs and the computation of compliance checking to an untrusted cloud without completely giving up on privacy. Next, I will present an efficient compliance checker called précis, which leverages techniques from runtime verification and logic programming. Finally, I will conclude with a discussion of some remaining obstacles to practical deployment.
Omar Chowdhury is a Post-Doctoral Research Associate in the Department of Computer Science at Purdue University. Before joining Purdue, he was a Post-Doctoral Research Associate in Cylab at Carnegie Mellon University. He received his Ph.D. in Computer Science from the University of Texas at San Antonio. His research interest broadly lies in investigating practically relevant problems of Computer Security and Privacy. His current research focuses on leveraging formal verification and program analysis techniques to check compliance of a system implementation, against well-defined policies and properties. He won the best paper award at the ACM SACMAT’2012. He has also served as a program committee member of ACM SACMAT and ACM CCS.