Skip to main content
SpringerLink
Log in

A Contextual Privacy-Aware Access Control Model for Network Monitoring Workflows: Work in Progress

  • Conference paper
Foundations and Practice of Security (FPS 2011)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 6888))

Included in the following conference series:

Abstract

Network monitoring activities are surrounded by serious privacy implications. The inherent leakage-proneness is harshened due to the increasing complexity of the monitoring procedures and infrastructures, that may include multiple traffic observation points, distributed mitigation mechanisms and even inter-operator cooperation. In this paper, we report a work in progress policy model that aims at addressing these concernes, by verifying access requests from network monitoring workflows, with privacy features already contained since their specification phase. We survey related work, outline some of their limitations, and describe an early version of our proposal.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 54.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 69.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Hippocratic databases. In: VLDB 2002: Proceedings of the 28th International Conference on Very Large Data Bases, pp. 143–154. VLDB Endowment (2002)

    Google Scholar 

  2. Ajam, N., Cuppens-Boulahia, N., Cuppens, F.: Contextual Privacy Management in Extended Role Based Access Control Model. In: Garcia-Alfaro, J., Navarro-Arribas, G., Cuppens-Boulahia, N., Roudier, Y. (eds.) DPM 2009. LNCS, vol. 5939, pp. 121–135. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  3. Alam, M., Hafner, M., Breu, R.: Constraint based role based access control in the sectet-framework a model-driven approach. Journal of Computer Security 16(2), 223–260 (2008)

    Article  Google Scholar 

  4. Antonakopoulou, A., Lioudakis, G.V., Gogoulos, F., Kaklamani, D.I., Venieris, I.S.: Leveraging access control for privacy protection: A survey. In: Yee, G. (ed.) Privacy Protection Measures and Technologies in Business Organizations: Aspects and Standards. IGI Global (2011)

    Google Scholar 

  5. Ardagna, C.A., Camenisch, J., Kohlweiss, M., Leenes, R., Neven, G., Priem, B., Samarati, P., Sommer, D., Verdicchio, M.: Exploiting cryptography for privacy-enhanced access control: A result of the prime project. Journal of Computer Security 18(1), 123–160 (2010)

    Article  Google Scholar 

  6. Ayed, S., Cuppens-Boulahia, N., Cuppens, F.: Deploying security policy in intra and inter workflow management systems. In: International Conference on Availability, Reliability and Security, pp. 58–65 (2009)

    Google Scholar 

  7. Bellovin, S.M.: A technique for counting NATted hosts. In: IMW 2002: Proceedings of the 2nd ACM SIGCOMM Workshop on Internet Measurment, pp. 267–272. ACM, New York (2002)

    Chapter  Google Scholar 

  8. Burkhart, M., Schatzmann, D., Trammell, B., Boschi, E., Plattner, B.: The role of network trace anonymization under attack. SIGCOMM Computer Communications Review 40(1), 5–11 (2010)

    Article  Google Scholar 

  9. Byun, J.W., Li, N.: Purpose based access control for privacy protection in relational database systems. The VLDB Journal 17(4), 603–619 (2008)

    Article  Google Scholar 

  10. Cuppens, F., Cuppens-Boulahia, N.: Modeling Contextual Security Policies. International Journal of Information Security 7(4), 285–305 (2008)

    Article  MATH  Google Scholar 

  11. European Parliament and Council: Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. Official Journal of the European Communities L 281, 31–50 (November 1995)

    Google Scholar 

  12. European Parliament and Council: Directive 2002/58/EC of the European Parliament and of the Council concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications). Official Journal of the European Communities L 201, 37–47 (July 2002)

    Google Scholar 

  13. European Parliament and Council: Directive 2006/24/EC of the European Parliament and of the Council of 15, March 2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC. Official Journal of the European Communities L 105, 54–63 (April 2006)

    Google Scholar 

  14. Fan, J., Xu, J., Ammar, M.H., Moon, S.B.: Prefix-preserving IP address anonymization. Computer Networks 46(2), 253–272 (2004)

    Article  MATH  Google Scholar 

  15. Foukarakis, M., Antoniades, D., Antonatos, S., Markatos, E.: Flexible and high-performance anonymization of NetFlow records using anontool. In: SECURECOMM Conference (2007)

    Google Scholar 

  16. Gogoulos, F., Antonakopoulou, A., Lioudakis, G.V., Mousas, A.S., Kaklamani, D.I., Venieris, I.S.: Privacy-aware access control and authorization in passive network monitoring infrastructures. In: CIT 2010: Proceedings of the 10th IEEE International Conference on Computer and Information Technology (2010)

    Google Scholar 

  17. Koukis, D., Antonatos, S., Antoniades, D., Markatos, E., Trimintzios, P.: A generic anonymization framework for network traffic. In: IEEE International Conference on Communications, ICC 2006, vol. 5, pp. 2302–2309 (2006)

    Google Scholar 

  18. Li, Y., Slagell, A., Luo, K., Yurcik, W.: Canine: A combined conversion and anonymization tool for processing netflows for security. In: International Conference on Telecommunication Systems Modeling and Analysis (2005)

    Google Scholar 

  19. Lioudakis, G.V., Gaudino, F., Boschi, E., Bianchi, G., Kaklamani, D.I., Venieris, I.S.: Legislation-aware privacy protection in passive network monitoring. In: Portela, I.M., Cruz-Cunha, M.M. (eds.) Information Communication Technology Law, Protection and Access Rights: Global Approaches and Issues, ch. 22, pp. 363–383. IGI Global (2010)

    Google Scholar 

  20. Lioudakis, G.V., Gogoulos, F., Antonakopoulou, A., Mousas, A.S., Venieris, I.S., Kaklamani, D.I.: An access control approach for privacy-preserving passive network monitoring. In: ICITST 2009: Proceedings of the 4th International Conference for Internet Technology and Secured Transactions (November 2009)

    Google Scholar 

  21. Masoumzadeh, A., Joshi, J.: Purbac: Purpose-Aware Role-Based Access Control. In: Meersman, R., Tari, Z. (eds.) OTM 2008. LNCS, vol. 5332, pp. 1104–1121. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  22. Massacci, F., Mylopoulos, J., Zannone, N.: Hierarchical hippocratic databases with minimal disclosure for virtual organizations. The VLDB Journal 15, 370–387 (2006)

    Article  Google Scholar 

  23. Menzel, M., Meinel, C.: SecureSOA. In: IEEE International Conference on Services Computing, pp. 146–153 (2010)

    Google Scholar 

  24. Minshall, G.: Tcpdpriv, http://ita.ee.lbl.gov/html/contrib/tcpdpriv.html

  25. Ni, Q., Bertino, E., Lobo, J., Brodie, C., Karat, C.M., Karat, J., Trombetta, A.: Privacy-aware role-based access control. ACM Transactions on Information and System Security 13(3), 1–31 (2010)

    Article  Google Scholar 

  26. Pang, R., Allman, M., Paxson, V., Lee, J.: The devil and packet trace anonymization. Computer Communication Review (CCR) 36(1), 29–38 (2006)

    Article  Google Scholar 

  27. Preda, S., Cuppens, F., Cuppens-Boulahia, N., Garcia-Alfaro, J., Toutain, L.: Dynamic deployment of context-aware access control policies for constrained security devices. J. Syst. Softw. 84, 1144–1159 (2011)

    Article  Google Scholar 

  28. Russello, G., Dong, C., Dulay, N.: A workflow-based access control framework for e-health applications. In: WAINA 2008: Proceedings of the 22nd International Conference on Advanced Information Networking and Applications Workshops, pp. 111–120. IEEE Computer Society, Washington, DC (2008), http://portal.acm.org/citation.cfm?id=1395080.1395523

    Google Scholar 

  29. Sicker, D.C., Ohm, P., Grunwald, D.: Legal issues surrounding monitoring during network research. In: IMC 2007: Proceedings of the 7th ACM SIGCOMM Conference on Internet Measurement, pp. 141–148. ACM, New York (2007)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Electrical and Computer Engineering, National Technical University of Athens, Athens, Greece

    Eugenia I. Papagiannakopoulou, Maria N. Koukovini, Georgios V. Lioudakis, Dimitra I. Kaklamani & Iakovos S. Venieris

  2. Institut TELECOM, TELECOM Bretagne, CS 17607, 35576, Cesson-Sévigné, Rennes, France

    Joaquin Garcia-Alfaro

Authors
  1. Eugenia I. Papagiannakopoulou
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Maria N. Koukovini
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Georgios V. Lioudakis
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Joaquin Garcia-Alfaro
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Dimitra I. Kaklamani
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Iakovos S. Venieris
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. TELECOM-Bretagne, Campus de Rennes, 2, rue de la Châtaigneraie, 35512, Cesson Sévigné Cedex, France

    Joaquin Garcia-Alfaro

  2. Université Joseph Fourier, Laboratoire Verimag, Centre Equation, 2 avenue de Vignate, 38610, Gires, France

    Pascal Lafourcade

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Papagiannakopoulou, E.I., Koukovini, M.N., Lioudakis, G.V., Garcia-Alfaro, J., Kaklamani, D.I., Venieris, I.S. (2012). A Contextual Privacy-Aware Access Control Model for Network Monitoring Workflows: Work in Progress. In: Garcia-Alfaro, J., Lafourcade, P. (eds) Foundations and Practice of Security. FPS 2011. Lecture Notes in Computer Science, vol 6888. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-27901-0_16

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-27901-0_16

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-27900-3

  • Online ISBN: 978-3-642-27901-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation