[plug] preventing data "theft"

Michael Holland myk at myk.id.au
Mon Dec 11 17:31:26 WST 2006


On Mon, 11 Dec 2006, Denis Brown wrote:

> Principal researcher also wants to make data available for analysis by
> others who have accounts on the server but without any possibility of the
> data leaving the server - assistants should not be able to copy the

You need to set permissions on the data files so that the users cannot
directly read them. But the stats program will run Set-GID, so it can.
  This only works if the stats program has been designed to hide its input
data from users, and not trust them. Very unlikely.

  If you don't trust the users, or the software, then you will need
padlocks and strip-searches :-)

> One thought I had was to set file permissions on the data area to prevent
> access by assistants - but they need to be able to drill down to
> directories and pass filenames into the stats package(s) for
> analysis.

No problem there. they just need permission to read the directories, not
the files.

>    I cannot NOT set them for read permissions
> because the data DOES need to be read by the statistics suites.

Use set-uid/gig to grant extra permission to trusted programs.

> falling into the Wrong Hands (tm) might lead to out-of-context analyses,

So not just the data, but the analysis is sensitive?
This must be very political.  Maybe you could use codes in the data,
replacing the ethnic group, location, or other sensitive item with a
code. The assistants should not need to know the code to do their analysis.

Mike.



More information about the plug mailing list