McKelvey Engineering researcher to develop privacy protection framework
Everything we do on the internet creates data, from sending an email, doing a simple Google search or looking up directions. With numerous high-profile data breaches over the past few years and new government regulations such as General Data Protection Regulation (GDPR), both individual users and governments are becoming more concerned about who has access to their data and how they can protect it.
Ning Zhang, assistant professor of computer science & engineering at Washington University in St. Louis, is developing a novel user privacy protection framework that will give users full privacy control over their data. The framework, known as PrivacyGuard, will allow users to enforce that their data can only be used by programs they approve.
The work is funded by a four-year, collaborative, $1.2 million grant from the National Science Foundation. Zhang is collaborating with Wenjing Lou, the W. C. English Professor of Computer Science, and Thomas Hou, Bradley Distinguished Professor of Electrical and Computer Engineering, both at Virginia Polytechnic Institute and State University.
"Privacy is always contextual," said Zhang, who joined the McKelvey School of Engineering in 2018 after an 11-year career in cybersecurity at Raytheon.
"There are things that I would be comfortable releasing for a specific reason, such as releasing my genetic data for the sole purpose of conducting medical research, but not for any other applications. To enable control of such context, we not only need to specify who has access to our data, but also how they can access our data."
Zhang's PrivacyGuard would integrate two technologies: smart contracts, or computer programs, that are stored in blockchain, a public, digital ledger of transactions; and attested trust execution environment (TEE), a trusted, protected area within a processor. Ultimately, Zhang expects to integrate all research components of the work to develop and open-source framework prototype that could be used by individuals or industry.
"We hope to make this platform a transparent platform such that anybody who uses our data will have a nonrepudiable recording of what they have done that's backed by blockchain," he said. "We don't just want to say, 'Yes, you can use my data,' and your data is protected. We also want to say 'Yes, you can use my data,' but this is the way specifically you can use it inside this trust environment."
Click on the topics below for more stories in those areas
Faculty in this story