Boffins develop data provenance app to prevent breaches

gallery

University of Southampton researchers have put their heads together to develop an application to track the use and security of private data, in order to rebuild public trust in organisations holding sensitive information.

Recent – and rather frequent – government data breaches prompted Professors Luc Moreau and Rocio Aldeco-Perez at the university's school of electronics and computer science to examine how auditing of the processes surrounding the collection, encryption and use of private data can be used to keep information secure. The pair came up with the idea of using the concept of “provenance” – an idea based on finding the origins of a piece of art.

“Provenance is a term which comes from diverse areas such as art, archaeology and palaeontology and describes the history of an object since its creation,” said Professor Moreau in a statement. “Its main focus is to establish that the object has not been forged or altered, we have found that we can now do the same audit with private data.”

The idea of provenance has been used previously – by Moreau and others – as a way of ensuring data is correct. Here, the researchers are applying it to the Data Protection Act.

The essential idea is to use an application to track a piece of data as it moves through the system, so its origins and use can be examined, such as following a data breach. “At the moment when data is leaked, there is no systematic way to analyse the scenario,” said Professor Moreau.

It could also be used in a more preventative form, according to the paper the pair published at a British Computer Society (BCS) conference.

Enforcement agencies – such as the Information Commissioner’s Office – could use auditing to check compliance with the Data Protection Act, while businesses could monitor themselves and set up alarms for when policies are breached and a leak is possible.

Essentially, embedding provenance technology into IT systems or with an add-on application could let organisations monitor their policies are being adhered to – key in the battle against such breaches, as many are caused by employees breaking company guidelines.

With that in mind, the pair developed a tool to tack onto systems to securely audit such data. A prototype of the tool will be available within six months, the university said.

The researchers plan to examine the potential to use middleware to track data. “Part of this work is to develop a provenance-based generic middleware to audit the processing of private information that can be used in applications independently of platforms and programming languages,” the paper said.

Click here to read the top 11 lessons we all should have learned from a year of data breaches.

Email to a friend

Print this page