Privacy

In order to support data-driven innovation, we need to record, collect, share and process vast amounts of data. That data, however, are frequently sensitive.

Therefore, when handling them, there is a risk that sensitive information about individuals and organisations will leak, causing emotional distress, reputational damage, disclosure of trade secrets and financial repercussions.

Our research involves the detection of information and data leakage risks in modern systems, recording and quantifying the leakage, and mitigating it with appropriate techniques (such as data obfuscation).

Aims

• Elicit privacy requirements from stakeholders (individuals, organisations with large data collections).
• Detect privacy leakage in existing systems.
• Develop practical sociotechnical solutions for preserving privacy without degrading data/application quality.
• Disseminate and deploy privacy solutions and recommendations to influence policy and innovation.
• Inter-disciplinary collaboration on human, social, legal, and business aspects of privacy.
• Provide advice on creating and developing systems that are private by design.

Projects

Recent and ongoing projects:

Privacy-Aware Cloud Ecosystems (PACE)

This project was funded by EPSRC and led by:

• Professor Omer Rana (Principal investigator)
• George Theodorakopoulos (Co-investigator)
• Pete Burnap (Co-investigator).

With increasing take up of externally provisioned and managed services (from government, finance, entertainment), often hosted over cloud computing infrastructure, there is a realisation that online electronic services can involve an interlinked range of providers. As more people move online globally over the next decade, both opportunities and threats grow. Consider, for instance, a coffee chain that initially provided wifi services to customers, now working in collaboration with data centre providers to offer additional services to users (such as edge data storage, multimedia caching, etc).

This project addresses security and privacy requirements of such environments, where multiple cloud computing providers need to work collaboratively to offer services to a user. Users of these services only interact with a web interface rather than the larger distributed service ecosystem, and are often unfamiliar with the ecosystem of providers that are involved in offering them a particular capability. Their visibility beyond the first service provider is often missing, requiring them to trust the provider in handling and managing their data. This is a significant challenge, and often deters the use of online services (especially for data providers which are new in the market place).

We aim to improve transparency, enable an audit trail of providers and facilitate greater trust between users and service providers. We propose a technological solution in the form of a mobile software "container" that will ensure that all access instances are securely logged on a blockchain, where they can be checked for compliance against the permissions the user has given.