Natural immune systems protect animals from dangerous foreign pathogens, including bacteria, viruses, parasites, and toxins. Their role in the body is analogous to that of computer security systems in computing. Although there are many differences between living organisms and computer systems, this article argues that the similarities are compelling and could point the way to improved computer security. Improvements can be achieved by designing computer immune systems that have some of the important properties illustrated by natural immune systems. These include multi-layered protection, highly distributed detection and memory systems, diversity of detection ability across individuals, inexact matching strategies, and sensitivity to most new foreign patterns. We first give an overview of how the immune system relates to computer security. We then illustrate these ideas with two examples.

In this paper we present a method for reasoning about privacy using the concepts of exchangeability and deFinetti’s theorem. We illustrate the usefulness of this technique by using it to attack a popular data sanitization scheme known as Anatomy. We stress that Anatomy is not the only sanitization scheme that is vulnerable to this attack. In fact, any scheme that uses the random worlds model, i.i.d. model, or tuple-independent model needs to be re-evaluated. The difference between the attack presented here and others that have been proposed in the past is that we do not need extensive background knowledge. An attacker only needs to know the nonsensitive attributes of one individual in the data, and can carry out this attack just by building a machine learning model over the sanitized data. The reason this attack is successful is that it exploits a subtle flaw in the way prior work computed the probability of disclosure of a sensitive attribute. We demonstrate this theoretically, empirically, and with intuitive examples. We also discuss how this generalizes to many other privacy schemes.

Abstract—Sensor networks involving human participants will require privacy protection before wide deployment is feasible. This paper proposes and evaluates a set of protocols that enable anonymous data collection in a sensor network. Sensor nodes, instead of transmitting their actual data, transmit a sample of the data complement to a basestation. The basestation then uses the negative samples to reconstruct a histogram of the original sensor readings. These protocols, collectively defined as a negative survey, are computationally simple and do not increase communication overhead. Thus, the negative survey can be implemented efficiently on existing sensor network platforms. We analyze the accuracy of the negative survey under a variety of conditions and define a range of parameter values for which it is practical. We also describe an example traffic monitoring application that uses the negative survey to classify traffic behavior. We demonstrate that for reasonable traffic scenarios, the system accurately classifies traffic behavior without revealing private information. I.

A negative database is a representation of all elements not contained in a given database. A negative database can enhance the privacy of sensitive information without resorting to encryption. This can be useful in settings where encryption is too expensive, e.g., some sensor networks, or for applications where searches or other operations on stored data are desired. The original negative database framework supported only authentication queries and operations for modifying data, such as insert and delete. This paper extends that work by defining a set of relational operators for negative representations. For each relational operator, the corresponding negative operator is defined such that the result of the negative operator applied to a negative representation is equivalent to the positive version applied to the positive representation. Algorithms for each relational operator are described and compared to its positive counterpart. This work enhances the practicality of negative databases and expands their range of application. 1.

While there is a plethora of mechanisms to ensure lawful access to privacy-protected data, additional research is required in order to reassure individuals that their personal data is being used for the purpose that they consented to. This is particularly important in the context of new data mining approaches, as used, for instance, in biomedical research and commercial data mining. We argue for the use of computational workflows to ensure and enforce appropriate use of sensitive personal data. Computational workflows describe in a declarative manner the data processing steps and the expected results of complex data analysis processes such as data mining (Gil et al. 2007b; Taylor et al. 2006). We see workflows as an artifact that captures, among other things, how data is being used and for what purpose. Existing frameworks for computational workflows need to be extended to incorporate privacy policies that can govern the use of data.

Abstract. A negative database is a privacy-preserving storage system that allows to efficiently test if an entry is present, but makes it hard to enumerate all encoded entries. We improve significantly over previous work presented at ISC 2006 by Esponda et al. [9], by showing constructions for negative databases reducible to the security of well understood primitives, such as cryptographic hash functions or the hardness of the Discrete-Logarithm problem. Our constructions require only O(m) storage in the number m of entries in the database, and linear query time (compared to O(l · m) storage and O(l · m) query time, where l is a security parameter.) Our claims are supported by both proofs of security and experimental performance measurements. 1

One of the tasks of the immune system is to protect the organism from disease—to detect pathogens and clear them from the body.

We present a probabilistic method for change detection in text documents based on the biologically motivated principle of negative selection. Compared to standard checksumbased analysis, our statistical approach is able to locate and approximate the magnitude of changes. Further, the detection process can be distributed to any number of independent nodes resulting in a fault tolerant system. The negative representation of information also makes it possible to protect the privacy of the analyzed data due to the difficulty of reversing the information of the non-self detectors. An experiment with a collection of Wikipedia articles is used to analyze the length of the required negative description compared to the length of the document. 1.

Abstract-In today’s Information warfare providing Data Security to Web based databases is a critical issue. Existing techniques to protect Database content are not sufficient to extend for web based databases. Hence there is a huge requirement for developing algorithms, which deals with data protection against intruders. Developing Negative Databases will solve such problem. A Negative Database is a Database which holds original data as well as forged data (i.e. counterfeit data). Intruders may be able to get access to such databases, then they will access data blocks which holds forged data along with original data. In this paper we try to present a framework to protect and improve the retrieval of data in the databases by negative data representations.