Collaborative Research: SaTC: CORE: Medium: Compliance as a Service (CaSe): A Reflective Approach to Enforcing User Privacy Regulations

Project: Research project

Project Details

Description

This project seeks to enable transforming existing data infrastructures to comply with user data protection legislation and regulations. The project's novelties are its formal model of data protection policy compliance that helps system designers to reason about regulations and demonstrate systems’ compliance with them. The project's broader significance is its potential to address consumer privacy and data security concerns associated with emerging technologies, such as the Internet of Things and cloud computing. As recent events involving corporate use of consumer data have demonstrated, privacy and data security issues are increasingly connected in the modern information age to concerns about democracy, equality, national security, and freedom, all of which carrying implications for both individuals and society. The benefits of this work include managing cyber threats and addressing data privacy and policy concerns in applications that utilize personal and sensitive data. The work also includes educational outreach efforts targeting community college and high school students, as well as students from underrepresented groups in computing with the goal to expose them to research with community benefits.The project consists of four research thrusts. The first provides a grounding of data protection legislation and regulation to provide a system design-centric formal model of policy compliance. This involves studying the implications of developing a formal model in terms of validating and proving compliance with regulations. The second thrust tackles the challenges in managing policies of transformed data sent across different system components, which involves designing data abstractions that express the data and policy transformation. The third thrust includes methods that allow efficient and fast adaptation of existing and legacy data systems to policy changes. This includes designing data structures that are sharded based on policies, enabling isolation of the data shards impacted by policy changes. The fourth thrust provides a scalable distributed logging system to cater to the auditing requirements of data protection regulations.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
StatusActive
Effective start/end date7/15/23 → 6/30/26

Funding

  • National Science Foundation: $60,925.00

Fingerprint

Explore the research topics touched on by this project. These labels are generated based on the underlying awards/grants. Together they form a unique fingerprint.