A Situation-Aware Access Control Framework for Contact Tracing

Led by Zhiyuan Chen, Ph. D.

Zhiyuan Chen is currently a Professor in the Department of Information Systems at University of Maryland Baltimore County. The goal of his research is to help the society better utilize and protect data and information, and mitigate the increasing risks introduced by technologies that collect and analyze massive data. He has been working on the following four areas recently: 1) privacy-preserving data mining where he proposes domain specific privacy preserving techniques, especially for anonymizing network trace data and healthcare data; 2) cyber security where he proposes situation-aware access control in federated systems and methods making machine-learning algorithms more robust to adversary attacks; 3) data navigation and exploration where he investigates novel machine learning based search and navigation techniques to help users find relevant information; 4) big data where he proposes novel methods to tune and optimize complex big data applications.


The goal of the REU project is to develop a situation-aware access control framework for contact tracing of a contagious disease such as Covid-19. Contact tracing is extremely important but often falls short due to lack of available contact tracers. Thus there is a great need to automate parts of the contact tracing process to save required human resources. However automatic contact tracing requires collaboration of multiple organizations to share highly sensitive data such as location data, financial transactions, passenger lists that can help identify people in close contact with someone diagnosed with the disease. Strong privacy protection is essential for success of such efforts. Traditional privacy protection methods such as differential privacy focus on hiding identities of individuals but preserve aggregated patterns or statistics, but contact tracing requires preserving some sort of identities of individuals (e.g., whom the person is in close contact with). Individual organizations often have their own privacy protection techniques but such solution is piecemeal and ignores collaboration between organizations. Dr. Chen plans to address one essential issue in this challenge: a situation-aware access control framework in such collaborative environment. There are three novelties of the proposed approach: (i) The solution is flexible as access control decisions are made based on dynamic situations (e.g., whether and when a person is tested positive or whether a person displays certain symptoms); (ii) Proposed solution can be easily deployed (crucial as fighting disease is time critical) and tightly integrated with widely used SPAQRQL federated query interface by dynamically rewriting federated queries; (iii) The solution is highly scalable over possibly poor network connection. This work is built on a paper accepted at a top conference. Dr. Chen plans to supervise an undergraduate student to achieve two aims in 10 weeks: (a) build a more complete ontology that represents contact tracing tasks. The ontology will be general enough that it can extended to multiple diseases, (b) Improve efficiency of a preliminary system by implementing caching (crucial for poor network connection) and more advanced query optimization. At the end of the study the student will also have domain experts to validate the ontology and test performance of improved system.