Sciweavers

CSFW
2011
IEEE

Regret Minimizing Audits: A Learning-Theoretic Basis for Privacy Protection

13 years 6 days ago
Regret Minimizing Audits: A Learning-Theoretic Basis for Privacy Protection
Abstract—Audit mechanisms are essential for privacy protection in permissive access control regimes, such as in hospitals where denying legitimate access requests can adversely affect patient care. Recognizing this need, we develop the first principled learning-theoretic foundation for audits. Our first contribution is a game-theoretic model that captures the interaction between the defender (e.g., hospital auditors) and the adversary (e.g., hospital employees). The model takes pragmatic considerations into account, in particular, the periodic nature of audits, a budget that constrains the number of actions that the defender can inspect, and a loss function that captures the economic impact of detected and missed violations on the organization. We assume that the adversary is worst-case as is standard in other areas of computer security. We also formulate a desirable property of the audit mechanism in this model based on the concept of regret in learning theory. Our second contribu...
Jeremiah Blocki, Nicolas Christin, Anupam Datta, A
Added 18 Dec 2011
Updated 18 Dec 2011
Type Journal
Year 2011
Where CSFW
Authors Jeremiah Blocki, Nicolas Christin, Anupam Datta, Arunesh Sinha
Comments (0)