Yuji Yamaoka

Cozilet: transparent encapsulation to prevent abuse of trusted applets

We have developed a mechanism which prevents abuse of trusted Java applets, such as digitally signed applets. A signed applet is usually permitted by a user to perform certain functions. However, an attacker may improperly recompose the signed applet to include malicious components and harm the user by abusing such functions of a signed applet. In this paper, we call this a malicious recomposition attack and propose an innovative mechanism to solve the problem of such attacks. Before deployment, a target signed applet is encapsulated into a special signed applet, called a cozilet, in an indecomposable format. On its execution, the cozilet isolates the classes and resources of the encapsulated applet by assigning a special class loader unique to the applet. It also enforces applet-document binding so that it is never executed from untrusted HTML documents. The mechanism is easily applicable to target signed applets because it is transparent not only to target applets, but also to current Java VM implementations. Therefore, the mechanism can easily protect both applets developed in the future and the applets currently in use. We have implemented this mechanism for Sun Java VM. In this paper, we describe its basic architecture and implementation details.

Ice and Fire: Quantifying the Risk of Re-identification and Utility in Data Anonymization

Data anonymization is required before a big-data business can run effectively without compromising the privacy of personal information it uses. It is not trivial to choose the best algorithm to anonymize some given data securely for a given purpose. In accurately assessing the risk of data being compromised, there needs to be a balance between utility and security. Therefore, using common pseudo microdata, we propose a competition for the best anonymization and re-identification algorithm. The paper addresses the aim of the competition, the target microdata, sample algorithms, utility and security metrics. The design of an evaluation platform is also considered.

Secret Sharing Scheme with Efficient Keyword Search for Cloud Storage

Confidential data should be encrypted in out-souring services in cloud computing environment in order to minimise the risk of data revealing. There have been many schemes, classified as searchable encryption, which provides capabilities to securely search over encrypted data through keywords without decryption key. In this paper, we try to combine the technique of searchable encryption with a secret sharing scheme that allows us to retrieve the portion of confidential data without recovering data.

A Study from the Data Anonymization Competition Pwscup 2015

Data anonymization is required before a big-data business can run effectively without compromising the privacy of the personal information it uses. It is not trivial to choose the best algorithm to anonymize some given data securely for a given purpose. In accurately assessing the risk of data being compromised, there should be a balance between utility and security. Therefore, using common pseudo microdata, we proposed a competition for the best anonymization and re-identification algorithms. This paper reports the results of the competition and the analysis of the effectiveness of the anonymization techniques. The competition results show that there is a trade-off between utility and security, and 20.9 % of records were reidentified on average.

How to Handle Excessively Anonymized Datasets

Many companies and organizations have been collecting personal data with the aim of sharing it with partners. To prevent re-identification, the data should be anonymized before being shared. Although many anonymization methods have been proposed thus far, choosing one from them is not trivial since there is no widely accepted criteria. To overcome this situation, we have been conducting a data anonymization and re-identification competition, called PWS CUP, in Japan. In this paper, we introduce a problem appeared at the competition, named an excessive anonymization, and show how to formally handle it.

Privacy-Preserving Distributed Decision Tree Learning with Boolean Class Attributes

This paper studies a privacy-preserving decision tree learning protocol (PPDT) for vertically partitioned datasets. In the vertically partitioned datasets, a single class (target) attribute are shared by both parities or carefully treated by either party in the existing studies. The proposed scheme allows both parties to have independent class attributes in secure way and to combine multiple class attributes in arbitrary boolean function, which gives parties a flexibility in data-mining. Our proposed PPDT protocol reduces the CPU intensive computation of logarithm by approximating with the piecewise linear function defined by light-weight fundamental operations of addition and constant-multiplication so that information gain for attribute can be evaluated in the secure function evaluation scheme. Using the UCI Machine Learning dataset and the synthesized dataset, the proposed protocol is evaluated in terms of the accuracy and the size of tree.