Data Security and Privacy

Our work in data security and privacy has had a significant impact in the information assurance community; specifically in developing confidentiality protection mechanisms for statistical databases (SDB), markets for private information, secure workflow design, and applications to healthcare industry. A SDB is a special type of relational database that is designed to answer aggregate queries such as mean and standard deviation, but not queries that derive individual information. There are competing goals in SDBs of making information available by answering queries, while protecting against the deduction of individual confidential information by inference.

Our researchers have concentrated on developing protection mechanisms that combine different approaches to reduce the risk of disclosure and maximize the value of the statistical information. These mechanisms are applicable to SDBs handle by national organizations such as the US Census Bureau and by the private sector in protecting medical, financial, and credit databases. Faculty and doctoral students have written several papers and given talks on protection mechanisms such as interval protection, query restriction, data perturbation, and k-anonymity. Some of our faculty draw their research from their military experience in security services. Our researchers have also studied the financial implications of implementing information protection mechanisms and establishing secure electronic markets for private information. We have also established research tracks on designing secure workflows in the context of business applications, and on applications of information security to the healthcare industry. Our research is widely cited by other researchers working in these areas. Faculty members have served and are actively participating as editors and referees for top-ranked journals with tracks in information assurance such as Management Science, Operations Research, and Information Systems Research among others; and in international conferences such as WITS, INFORMS, and AIS/ICIS among others. Some of the papers have received national recognition, for instance, the paper entitled -Y´Secure electronic markets for private information¡ by Gopal et al won the best paper award in the Thirty-Ninth Hawaii International Conference on System Sciences (HICSS-39), Hawaii, January 2006. Our Department is currently working on extending the work on information security to the design of secure workflows which can impact the way information is protected in online transactions.

Key Faculty

Robert Garfinkel (OPIM)

Ram D. Gopal (OPIM)

Aggelos Kiayias (CSE)

Manuel Nunez (OPIM)

Dmitry Zhdanov (OPIM)


  • Book Chapters
    • R. Garfinkel, R. D. Gopal, M. Nunez, and D.O. Rice, “Information Systems Security and Statistical Databases: Preserving Confidentiality through Camouflage,” Handbooks of Information Systems Volume 3 Series on Business Computing, Emerald Group Publishing Limited, Bingley, UK, pages 319-346, 2009.
  • Peer-Reviewed Journals
    • R. Kumar, R. Gopal, and R. Garfinkel, “Freedom of Privacy: Anonymous Data Collection with Respondent-Defined Privacy Protection,” to appear in Journal on Computing
    • M. Nunez, R. Garfinkel, and R.D. Gopal, “Stochastic Protection of Confidential Information in Statistical Databases: A Hybrid of Query Restriction and Data Perturbation.” Operations Research 55, 890-908 (2007). Chosen as Operations Research Featured Article in December 2007.
    • R. Garfinkel, R. Gopal, and S. Thompson, “Releasing Individually Identifiable Microdata with Privacy Protection against Stochastic Threat: An Application to Health Information.” Information Systems Research 18, 23-41 (2007)
    • R. Garfinkel, R. Gopal, and P. Goes, “Privacy Protection of Binary Confidential Data against Deterministic, Stochastic, and Insider Threat,” Management Science 48, 749-764, (2002)
    • R. Garfinkel, R. Gopal, and P. Goes, “Confidentiality Via Camouflage: The CVC Approach to Disclosure Limitation when Answering Queries to Databases”. Operations Research 50, 501-516 May-June 2002
    • R. Gopal, P. Goes, and R. Garfinkel, “Interval Protection of Confidential Information in a Database,” INFORMS Journal on Computing 10, 309-322, (1998)
  • Peer-Reviewed Conference Papers
    • A. Kiayias, B. Yener, and M. Yung, “Privacy-Preserving Information Markets for Computing Statistical Data,” in Financial Cryptography and Data Security, 13th International Conference, FC 2009, Accra Beach, Barbados, February 23-26, 2009. Revised Selected Papers. Lecture Notes in Computer Science 5628 Springer Feb. 2009 pp. 32—50.
    • D. Zhdanov, “Design of Security Constrained Workflows”, INFORMS Annual Meeting, Washington, DC, October 2008
    • A. Kiayias, S. Xu, and M. Yung, “Privacy Preserving Data Mining within Anonymous Credentials,” In 6th Conference on Security and Cryptography for Networks, SCN 2008. Amalfi, September 10-12, 2008. Lecture Notes in Computer Science, Springer, 2008.
    • D. Zhdanov, “The Role of Fairness in Insider Compliance with Information Security Policies”, Workshop on Information Systems Economics (WISE-2007), Montréal, Canada, December 8-9, 2007
    • D. Zhdanov, “Growth and Sustainability of MSSP Networks”, Workshop on Economics of Information Security (WEIS-2007), Pittsburgh, PA, June 7-8, 2007
    • D. Zhdanov, “Trust and Fairness as Incentives for Compliance With Information Security Policies”, WITS-2006, Milwaukee, WI, December 9-10, 2006
    • D. Zhdanov, “The Role Of Performance Incentives In Compliance With Information Security Policies”, CIST-2006, Pittsburgh, PA, November 4-5, 2006
    • R. Garfinkel, R. D. Gopal, and D.O. Rice, “New Approaches to Disclosure Limitation While Answering Queries to a Database: Protecting Numerical Confidential Data Against Insider Threat Based on Data or Algorithms,” Proceedings of the 39th Hawaii International Conference on System Sciences, HICSS-39, January 2006.
    • M. Nunez, R. Garfinkel, and R. D. Gopal, “Sample Design in the Context of Data Security,” Proceedings of the European Conference on Quality and Methodology in Official Statistics (Q2004), May 2004.
    • R. Garfinkel, R. Gopal, and P. Goes, “The CVC Approach to Data Security: Binary Confidential Data and Insider Threat”, Proceedings of Computational Statistics (COMPSTAT) 2000, Utrecht, the Netherlands, Eds. W. Jansen and J. Bethtehem, Statistics Netherlands, August 2000, pp. 31-32.
    • R. Gopal, P. Goes, and R. Garfinkel, “Confidentiality via Camouflage: CVC Approach to Database Query Management,” Proceedings of the Statistical Data Protection Conference, Portugal, pp.1-8, March 1998.
    • R. Gopal, P. Goes, and R. Garfinkel, “A Database Security Model to Provide Interval Protection of Confidential Data,” Proceedings of the Workshop on Information Technology, pp. 155-164, 1994.
  • Dissertations
    • R. Kumar, “Hiding in Plain Sight: Anonymity and Privacy Preserving Mechanisms for Data Collection and Collaboration,” (Advisors: R.D Gopal, R. Garfinkel), September 2009.
    • S. Thompson, ´Releasing Individually Identifiable Microdata,¡ chapter in Essays on Healthcare Information Systems,” (Advisor: M. Nunez), May 2005 PDF
    • D.O. Rice, “Advanced models for the protection of numerical information in databases: Providing security and flexibility in markets for private information,” (Advisor: R. Garfinkel), 2004. PDF