skip to main content

Title: Role-Based Ecosystem for the Design, Development, and Deployment of Secure Multi-Party Data Analytics Applications
Software applications that employ secure multi-party computation (MPC) can empower individuals and organizations to benefit from privacy-preserving data analyses when data sharing is encumbered by confidentiality concerns, legal constraints, or corporate policies. MPC is already being incorporated into software solutions in some domains; however, individual use cases do not fully convey the variety, extent, and complexity of the opportunities of MPC. This position paper articulates a role-based perspective that can provide some insight into how future research directions, infrastructure development and evaluation approaches, and deployment practices for MPC may evolve. Drawing on our own lessons from existing real-world deployments and the fundamental characteristics of MPC that make it a compelling technology, we propose a role-based conceptual framework for describing MPC deployment scenarios. Our framework acknowledges and leverages a novel assortment of roles that emerge from the fundamental ways in which MPC protocols support federation of functionalities and responsibilities. Defining these roles using the new opportunities for federation that MPC enables in turn can help identify and organize the capabilities, concerns, incentives, and trade-offs that affect the entities (software engineers, government regulators, corporate executives, end-users, and others) that participate in an MPC deployment scenario. This framework can not only guide the more » development of an ecosystem of modular and composable MPC tools, but can make explicit some of the opportunities that researchers and software engineers (and any organizations they form) have to differentiate and specialize the artifacts and services they choose to design, develop, and deploy. We demonstrate how this framework can be used to describe existing MPC deployment scenarios, how new opportunities in a scenario can be observed by disentangling roles inhabited by the involved parties, and how this can motivate the development of MPC libraries and software tools that specialize not by application domain but by role. « less
Authors:
; ; ; ; ; ;
Award ID(s):
1718135 1739000
Publication Date:
NSF-PAR ID:
10165776
Journal Name:
IEEE SecDev
Volume:
2019
Page Range or eLocation-ID:
129 - 140
Sponsoring Org:
National Science Foundation
More Like this
  1. To facilitate the adoption of cloud by organizations, Cryptographic Access Control (CAC) is the obvious solution to control data sharing among users while preventing partially trusted Cloud Service Providers (CSP) from accessing sensitive data. Indeed, several CAC schemes have been proposed in the literature. Despite their differences, available solutions are based on a common set of entities—e.g., a data storage service or a proxy mediating the access of users to encrypted data—that operate in different (security) domains—e.g., on-premise or the CSP. However, the majority of these CAC schemes assumes a fixed assignment of entities to domains; this has security and usability implications that are not made explicit and can make inappropriate the use of a CAC scheme in certain scenarios with specific trust assumptions and requirements. For instance, assuming that the proxy runs at the premises of the organization avoids the vendor lock-in effect but may give rise to other security concerns (e.g., malicious insiders attackers). To the best of our knowledge, no previous work considers how to select the best possible architecture (i.e., the assignment of entities to domains) to deploy a CAC scheme for the trust assumptions and requirements of a given scenario. In this article, we proposemore »a methodology to assist administrators in exploring different architectures for the enforcement of CAC schemes in a given scenario. We do this by identifying the possible architectures underlying the CAC schemes available in the literature and formalizing them in simple set theory. This allows us to reduce the problem of selecting the most suitable architectures satisfying a heterogeneous set of trust assumptions and requirements arising from the considered scenario to a decidable Multi-objective Combinatorial Optimization Problem (MOCOP) for which state-of-the-art solvers can be invoked. Finally, we show how we use the capability of solving the MOCOP to build a prototype tool assisting administrators to preliminarily perform a “What-if” analysis to explore the trade-offs among the various architectures and then use available standards and tools (such as TOSCA and Cloudify) for automated deployment in multiple CSPs.« less
  2. Enterprise software updates depend on the interaction between user and developer organizations. This interaction becomes especially complex when a single developer organization writes software that services hundreds of different user organizations. Miscommunication during patching and deployment efforts lead to insecure or malfunctioning software installations. While developers oversee the code, the update process starts and ends outside their control. Since developer test suites may fail to capture buggy behavior finding and fixing these bugs starts with user generated bug reports and 3rd party disclosures. The process ends when the fixed code is deployed in production. Any friction between user, and developer results in a delay patching critical bugs. Two common causes for friction are a failure to replicate user specific circumstances that cause buggy behavior and incompatible software releases that break critical functionality. Existing test generation techniques are insufficient. They fail to test candidate patches for post-deployment bugs and to test whether the new release adversely effects customer workloads. With existing test generation and deployment techniques, users can't choose (nor validate) compatible portions of new versions and retain their previous version's functionality. We present two new technologies to alleviate this friction. First, Test Generation for Ad Hoc Circumstances transforms buggy executionsmore »into test cases. Second, Binary Patch Decomposition allows users to select the compatible pieces of update releases. By sharing specific context around buggy behavior and developers can create specific test cases that demonstrate if their fixes are appropriate. When fixes are distributed by including extra context users can incorporate only updates that guarantee compatibility between buggy and fixed versions. We use change analysis in combination with binary rewriting to transform the old executable and buggy execution into a test case including the developer's prospective changes that let us generate and run targeted tests for the candidate patch. We also provide analogous support to users, to selectively validate and patch their production environments with only the desired bug-fixes from new version releases. This paper presents a new patching workflow that allows developers to validate prospective patches and users to select which updates they would like to apply, along with two new technologies that make it possible. We demonstrate our technique constructs tests cases more effectively and more efficiently than traditional test case generation on a collection of real world bugs compared to traditional test generation techniques, and provides the ability for flexible updates in real world scenarios.« less
  3. The topic of engineering identity is neither new nor complete in its coverage within current literature. In fact, although this body of work predates the last ten years, researchers have argued that some of the most significant burgeoning in this area has occurred in the last decade. By applying both quantitative and qualitative lenses to this inquiry, researchers have concluded that, much like a STEM identity, an engineering identity describes how students see themselves, their competence and potential for success in the academic and career context of the field. To further examine the latter component i.e. potential for academic and career success, we attend to an emerging concept of an entrepreneurial engineering identity. This preliminary work unfolded organically; the authors’ primary goal involved a larger Interpretative Phenomenological Analysis (IPA) study that investigated persistence and advanced degree aspirations among 20 Black male engineering undergraduate students from a variety of institutional settings. While we did not intentionally seek to examine this emerging component of engineering identity, our preliminary analysis of participants’ interview data led us down this path. What we observed was a latent phenomenon of interest among participants: these Black male engineering undergraduates recurringly articulated clear intentions for academic and careermore »opportunities that integrated business components into their engineering realities. Kegan’s (1984, 1994) Theory of Meaning-Making provided a framework for understanding how participants perceived the development of business acumen as a strategy for ascending existing corporate/organizational structures, creating new business pathways, and promoting corporate social responsibility. Based on these findings, authors were inspired to explore the conceptual development of an entrepreneurial engineering identity and its practical application to engineering degree (re)design, student academic advisory and career planning.« less
  4. Benjamin, L ; Henderson, J A ; Hines, E M (Ed.)
    The topic of engineering identity is neither new nor complete in its coverage within current literature. In fact, although this body of work predates the last ten years, researchers have argued that some of the most significant burgeoning in this area has occurred in the last decade. By applying both quantitative and qualitative lenses to this inquiry, researchers have concluded that, much like a STEM identity, an engineering identity describes how students see themselves, their competence and potential for success in the academic and career context of the field. To further examine the latter component i.e. potential for academic and career success, we attend to an emerging concept of an entrepreneurial engineering identity. This preliminary work unfolded organically; the authors’ primary goal involved a larger Interpretative Phenomenological Analysis (IPA) study that investigated persistence and advanced degree aspirations among 20 Black male engineering undergraduate students from a variety of institutional settings. While we did not intentionally seek to examine this emerging component of engineering identity, our preliminary analysis of participants’ interview data led us down this path. What we observed was a latent phenomenon of interest among participants: these Black male engineering undergraduates recurringly articulated clear intentions for academic and careermore »opportunities that integrated business components into their engineering realities. Kegan’s (1984, 1994) Theory of Meaning-Making provided a framework for understanding how participants perceived the development of business acumen as a strategy for ascending existing corporate/organizational structures, creating new business pathways, and promoting corporate social responsibility. Based on these findings, the authors were inspired to explore the conceptual development of an entrepreneurial engineering identity and its practical application to engineering degree (re)design, student academic advisory and career planning.« less
  5. Process safety is at the heart of operation of many chemical processing companies. However, the Chemical Safety Board (CSB) has still documented over 800 investigations of process safety failures since the year 2000. While not all of these incidents were severe, some did lead to employee injuries or death and environmental harm. As a result, chemical engineering companies are increasingly dedicated to process safety through training programs and detailed vigilance as part of their operations practice. AIChE and OSHA also offer courses in process safety to help support the industry. These efforts illustrate the paramount importance that chemical engineering graduates have an appreciation and understanding of process safety as they transition from their degree program into industrial positions. Previous studies have shown that despite difficulties due to course load constraints, process safety has been incorporated into chemical engineering curriculum through either the addition of new courses, incorporation of the content within existing classes, or a combination of the two methods. A review performed in Process Safety Progress suggested that a key step for departments moving forward is to perform an assessment of the process safety culture within their institution in order to determine how faculty and students view process safety.more »An issue with completing this task is the lack of assessment tools that can be used to determine how students are developing their understanding of process safety decision making. This observation led to the development of the Engineering Process Safety Research Instrument (EPSRI). This instrument is modeled after the Defining Issues Test version 2 (DIT2) and the Engineering Ethical Reasoning Instrument (EERI). Similar to these instruments, the EPSRI provides dilemmas, three decisions, and 12 additional considerations that individuals must rate based on their relative importance to their decision making process. The dilemmas developed in the EPSRI are based on case studies and investigations from process safety failures that have occurred in industry to provide a realistic context for the decision making decisions that engineers may be faced with upon employment. The considerations provided after the scenario are derived to reflect pre-conventional, conventional, and post-conventional decision making thinking as described by Kohlberg’s Moral Development Theory. Pre-conventional decision making thinking focuses particularly on what is right/wrong or good/bad from an individual level, whereas post-conventional thinking seeks to determine what is correct from moral and value perspectives at the society level. This WIP paper describes the content validity study conducted while developing the EPSRI. Dilemmas were examined by context experts including professionals in the process industry, chemical engineering departments, and learning sciences field. Content experts reviewed the dilemmas and determined whether they represented accurate examples of process safety decision making that individuals may face in real-world engineering settings. The experts also reviewed the 12 considerations for each dilemma for their accuracy in capturing pre-conventional, conventional and post-conventional thinking. This work represents the first step in the overall instrument validation that will take place over the next academic year.« less