A Contextual Privacy-Aware Access Control Model for Network Monitoring Workflows: Work in Progress

  • Eugenia I. Papagiannakopoulou
  • Maria N. Koukovini
  • Georgios V. Lioudakis
  • Joaquin Garcia-Alfaro
  • Dimitra I. Kaklamani
  • Iakovos S. Venieris
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6888)


Network monitoring activities are surrounded by serious privacy implications. The inherent leakage-proneness is harshened due to the increasing complexity of the monitoring procedures and infrastructures, that may include multiple traffic observation points, distributed mitigation mechanisms and even inter-operator cooperation. In this paper, we report a work in progress policy model that aims at addressing these concernes, by verifying access requests from network monitoring workflows, with privacy features already contained since their specification phase. We survey related work, outline some of their limitations, and describe an early version of our proposal.


Network monitoring access control privacy context workflows 


  1. 1.
    Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Hippocratic databases. In: VLDB 2002: Proceedings of the 28th International Conference on Very Large Data Bases, pp. 143–154. VLDB Endowment (2002)Google Scholar
  2. 2.
    Ajam, N., Cuppens-Boulahia, N., Cuppens, F.: Contextual Privacy Management in Extended Role Based Access Control Model. In: Garcia-Alfaro, J., Navarro-Arribas, G., Cuppens-Boulahia, N., Roudier, Y. (eds.) DPM 2009. LNCS, vol. 5939, pp. 121–135. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  3. 3.
    Alam, M., Hafner, M., Breu, R.: Constraint based role based access control in the sectet-framework a model-driven approach. Journal of Computer Security 16(2), 223–260 (2008)CrossRefGoogle Scholar
  4. 4.
    Antonakopoulou, A., Lioudakis, G.V., Gogoulos, F., Kaklamani, D.I., Venieris, I.S.: Leveraging access control for privacy protection: A survey. In: Yee, G. (ed.) Privacy Protection Measures and Technologies in Business Organizations: Aspects and Standards. IGI Global (2011)Google Scholar
  5. 5.
    Ardagna, C.A., Camenisch, J., Kohlweiss, M., Leenes, R., Neven, G., Priem, B., Samarati, P., Sommer, D., Verdicchio, M.: Exploiting cryptography for privacy-enhanced access control: A result of the prime project. Journal of Computer Security 18(1), 123–160 (2010)CrossRefGoogle Scholar
  6. 6.
    Ayed, S., Cuppens-Boulahia, N., Cuppens, F.: Deploying security policy in intra and inter workflow management systems. In: International Conference on Availability, Reliability and Security, pp. 58–65 (2009)Google Scholar
  7. 7.
    Bellovin, S.M.: A technique for counting NATted hosts. In: IMW 2002: Proceedings of the 2nd ACM SIGCOMM Workshop on Internet Measurment, pp. 267–272. ACM, New York (2002)CrossRefGoogle Scholar
  8. 8.
    Burkhart, M., Schatzmann, D., Trammell, B., Boschi, E., Plattner, B.: The role of network trace anonymization under attack. SIGCOMM Computer Communications Review 40(1), 5–11 (2010)CrossRefGoogle Scholar
  9. 9.
    Byun, J.W., Li, N.: Purpose based access control for privacy protection in relational database systems. The VLDB Journal 17(4), 603–619 (2008)CrossRefGoogle Scholar
  10. 10.
    Cuppens, F., Cuppens-Boulahia, N.: Modeling Contextual Security Policies. International Journal of Information Security 7(4), 285–305 (2008)CrossRefMATHGoogle Scholar
  11. 11.
    European Parliament and Council: Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. Official Journal of the European Communities L 281, 31–50 (November 1995)Google Scholar
  12. 12.
    European Parliament and Council: Directive 2002/58/EC of the European Parliament and of the Council concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications). Official Journal of the European Communities L 201, 37–47 (July 2002)Google Scholar
  13. 13.
    European Parliament and Council: Directive 2006/24/EC of the European Parliament and of the Council of 15, March 2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC. Official Journal of the European Communities L 105, 54–63 (April 2006)Google Scholar
  14. 14.
    Fan, J., Xu, J., Ammar, M.H., Moon, S.B.: Prefix-preserving IP address anonymization. Computer Networks 46(2), 253–272 (2004)CrossRefMATHGoogle Scholar
  15. 15.
    Foukarakis, M., Antoniades, D., Antonatos, S., Markatos, E.: Flexible and high-performance anonymization of NetFlow records using anontool. In: SECURECOMM Conference (2007)Google Scholar
  16. 16.
    Gogoulos, F., Antonakopoulou, A., Lioudakis, G.V., Mousas, A.S., Kaklamani, D.I., Venieris, I.S.: Privacy-aware access control and authorization in passive network monitoring infrastructures. In: CIT 2010: Proceedings of the 10th IEEE International Conference on Computer and Information Technology (2010)Google Scholar
  17. 17.
    Koukis, D., Antonatos, S., Antoniades, D., Markatos, E., Trimintzios, P.: A generic anonymization framework for network traffic. In: IEEE International Conference on Communications, ICC 2006, vol. 5, pp. 2302–2309 (2006)Google Scholar
  18. 18.
    Li, Y., Slagell, A., Luo, K., Yurcik, W.: Canine: A combined conversion and anonymization tool for processing netflows for security. In: International Conference on Telecommunication Systems Modeling and Analysis (2005)Google Scholar
  19. 19.
    Lioudakis, G.V., Gaudino, F., Boschi, E., Bianchi, G., Kaklamani, D.I., Venieris, I.S.: Legislation-aware privacy protection in passive network monitoring. In: Portela, I.M., Cruz-Cunha, M.M. (eds.) Information Communication Technology Law, Protection and Access Rights: Global Approaches and Issues, ch. 22, pp. 363–383. IGI Global (2010)Google Scholar
  20. 20.
    Lioudakis, G.V., Gogoulos, F., Antonakopoulou, A., Mousas, A.S., Venieris, I.S., Kaklamani, D.I.: An access control approach for privacy-preserving passive network monitoring. In: ICITST 2009: Proceedings of the 4th International Conference for Internet Technology and Secured Transactions (November 2009)Google Scholar
  21. 21.
    Masoumzadeh, A., Joshi, J.: Purbac: Purpose-Aware Role-Based Access Control. In: Meersman, R., Tari, Z. (eds.) OTM 2008. LNCS, vol. 5332, pp. 1104–1121. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  22. 22.
    Massacci, F., Mylopoulos, J., Zannone, N.: Hierarchical hippocratic databases with minimal disclosure for virtual organizations. The VLDB Journal 15, 370–387 (2006)CrossRefGoogle Scholar
  23. 23.
    Menzel, M., Meinel, C.: SecureSOA. In: IEEE International Conference on Services Computing, pp. 146–153 (2010)Google Scholar
  24. 24.
  25. 25.
    Ni, Q., Bertino, E., Lobo, J., Brodie, C., Karat, C.M., Karat, J., Trombetta, A.: Privacy-aware role-based access control. ACM Transactions on Information and System Security 13(3), 1–31 (2010)CrossRefGoogle Scholar
  26. 26.
    Pang, R., Allman, M., Paxson, V., Lee, J.: The devil and packet trace anonymization. Computer Communication Review (CCR) 36(1), 29–38 (2006)CrossRefGoogle Scholar
  27. 27.
    Preda, S., Cuppens, F., Cuppens-Boulahia, N., Garcia-Alfaro, J., Toutain, L.: Dynamic deployment of context-aware access control policies for constrained security devices. J. Syst. Softw. 84, 1144–1159 (2011)CrossRefGoogle Scholar
  28. 28.
    Russello, G., Dong, C., Dulay, N.: A workflow-based access control framework for e-health applications. In: WAINA 2008: Proceedings of the 22nd International Conference on Advanced Information Networking and Applications Workshops, pp. 111–120. IEEE Computer Society, Washington, DC (2008), http://portal.acm.org/citation.cfm?id=1395080.1395523 Google Scholar
  29. 29.
    Sicker, D.C., Ohm, P., Grunwald, D.: Legal issues surrounding monitoring during network research. In: IMC 2007: Proceedings of the 7th ACM SIGCOMM Conference on Internet Measurement, pp. 141–148. ACM, New York (2007)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Eugenia I. Papagiannakopoulou
    • 1
  • Maria N. Koukovini
    • 1
  • Georgios V. Lioudakis
    • 1
  • Joaquin Garcia-Alfaro
    • 2
  • Dimitra I. Kaklamani
    • 1
  • Iakovos S. Venieris
    • 1
  1. 1.School of Electrical and Computer EngineeringNational Technical University of AthensAthensGreece
  2. 2.Institut TELECOM, TELECOM BretagneCesson-Sévigné, RennesFrance

Personalised recommendations