Privacy Communication Privacy

Confidentiality Access Policies Systems

Crypto Enforced

Computing on Encrypted Data Searching and Reporting

Fully Homomorphic Encryption

Secure Data Aggregation

Key Management

Provenance End-point Input Validation

Communication Integrity

Authenticated Computations on Data Trusted Platforms

Crypto Enforced

Granular Audits

Control of Valuable Assets Lifecycle Management

Retention, Disposition, Hold

Digital Rights Management

System Health

Security against DoS Construction of cryptographic protocols proactively resistant to DoS

Big Data for Security Analytics for Security Intelligence

Data-driven Abuse Detection

Large-scale and Streaming Data Analysis

Event Detection

Forensics

Technical

Architectural

Sources

Transformation

Uses

Data Infrastructure

End-Point Input ValidationReal Time Security MonitoringData Discovery and ClassificationSecure Data Aggregation

Privacy preserving data analytics and disseminationCompliance with regulations such as HIPAAGovt access to data and freedom of expression concerns

Data Centric Security such as identity/policy-based encryptionPolicy management for access control

Computing on the encrypted data: searching/filtering/deduplicate/fully homomorphic encryptionGranular auditsGranular access control

Securing Data Storage and Transaction logsKey ManagementSecurity Best Practices for non-relational data storesSecurity against DoS attacksData Provenance

Analytics for security intelligence

Event detection

Forensics

Follow the Data• Resolve ownership of data at source

– Optional integrity• Digital signatures

– Roles• The attributes that an entity should have to access data

– Content• Derive an access control policy

– Could be part of a contract– Encrypted Data

• Optional Capabilities: Search, Computation• Crypto-enforced policy-based access control

– Plaintext Data • Data available to the collecting entity• Understanding of dissemination guarantees