Risk-Based Privacy-Aware Access Control for Threat Detection Systems

Part of the Lecture Notes in Computer Science book series (LNCS, volume 10720)


Threat detection systems collect and analyze a large amount of security data logs for detecting potential attacks. Since log data from enterprise systems may contain sensitive and personal information access should be limited to the data relevant to the task at hand as mandated by data protection regulations. To this end, data need to be pre-processed (anonymized) to eliminate or obfuscate the sensitive information that is not-strictly necessary for the task. Additional security/accountability measures may be also applied to reduce the privacy risk, such as logging the access to the personal data or imposing deletion obligations. Anonymization reduces the privacy risk, but it should be carefully applied and balanced with utility requirements of the different phases of the process: a preliminary analysis may require fewer details than an in-depth investigation on a suspect set of logs. We propose a risk-based privacy-aware access control framework for threat detection systems, where each access request is evaluated by comparing the privacy-risk and the trustworthiness of the request. When the risk is too large compared to the trust level, the framework can apply adaptive adjustment strategies to decrease the risk (e.g., by selectively obfuscating the data) or to increase the trust level to perform a given task (e.g., imposing enforceable obligations to the user). We show how the framework can simultaneously address both the privacy and the utility requirements. The experimental results presented in the paper that the framework leads to meaningful results, and real-time performance, within an industrial threat detection solution.


Trust Risk Privacy Utility Privacy-preserving threat detection 



The research leading to these results has received funding from the FP7 EU-funded project SECENTIS (FP7-PEOPLE-2012-ITN, grant no. 317387).


  1. 1.
    Ali, M., Bussard, L., Pinsdorf, U.: Obligation language for access control and privacy policies (2010)Google Scholar
  2. 2.
    Ardagna, C.A., Cremonini, M., De Capitani di Vimercati, S., Samarati, P.: A privacy-aware access control system. J. Comput. Secur. 16(4), 369–397 (2008)CrossRefGoogle Scholar
  3. 3.
    Armando, A., Bezzi, M., Cerbo, F., Metoui, N.: Balancing trust and risk in access control. In: Debruyne, C., Panetto, H., Meersman, R., Dillon, T., Weichhart, G., An, Y., Ardagna, C.A. (eds.) OTM 2015. LNCS, vol. 9415, pp. 660–676. Springer, Cham (2015). CrossRefGoogle Scholar
  4. 4.
    Armando, A., Bezzi, M., Metoui, N., Sabetta, A.: Risk-aware information disclosure. In: Garcia-Alfaro, J., Herrera-Joancomartí, J., Lupu, E., Posegga, J., Aldini, A., Martinelli, F., Suri, N. (eds.) DPM/QASA/SETOP 2014. LNCS, vol. 8872, pp. 266–276. Springer, Cham (2015). Google Scholar
  5. 5.
    Armando, A., Bezzi, M., Metoui, N., Sabetta, A.: Risk-based privacy-aware information disclosure. Int. J. Secur. Softw. Eng. 6(2), 70–89 (2015)CrossRefGoogle Scholar
  6. 6.
    Baracaldo, N., Joshi, J.: Beyond accountability: using obligations to reduce risk exposure and deter insider attacks. In: Proceedings of the 18th ACM Symposium on Access Control Models and Technologies, SACMAT 2013, pp. 213–224. ACM, New York (2013)Google Scholar
  7. 7.
    Bettini, C., Jajodia, S., Wang, X.S., Wijesekera, D.: Provisions and obligations in policy management and security applications. In: Proceedings of the 28th International Conference on Very Large Data Bases, VLDB 2002, pp. 502–513. VLDB Endowment (2002)Google Scholar
  8. 8.
    Bezzi, M.: An information theoretic approach for privacy metrics. Trans. Data Priv. 3(3), 199–215 (2010)MathSciNetGoogle Scholar
  9. 9.
    Brickell, J., Shmatikov, V.: The cost of privacy: destruction of data-mining utility in anonymized data publishing. In: Proceedings of the 14th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, KDD 2008, pp. 70–78. ACM, New York (2008)Google Scholar
  10. 10.
    Chen, L., Crampton, J.: Risk-aware role-based access control. In: Meadows, C., Fernandez-Gago, C. (eds.) STM 2011. LNCS, vol. 7170, pp. 140–156. Springer, Heidelberg (2012). CrossRefGoogle Scholar
  11. 11.
    Chen, L., Crampton, J., Kollingbaum, M.J., Norman, T.J.: Obligations in risk-aware access control. In: Cuppens-Boulahia, N., Fong, P., García-Alfaro, J., Marsh, S., Steghöfer, J. (eds.) PST, pp. 145–152. IEEE (2012)Google Scholar
  12. 12.
    Cheng, P.-C., Rohatgi, P., Keser, C., Karger, P.A., Wagner, G.M., Reninger, A.S.: Fuzzy multi-level security: an experiment on quantified risk-adaptive access control. In: IEEE Symposium on Security and Privacy, pp. 222–230. IEEE Computer Society (2007)Google Scholar
  13. 13.
    Ciriani, V., De Capitani di Vimercati, S., Foresti, S., Samarati, P.: Theory of privacy and anonymity. In: Atallah, M., Blanton, M. (eds.) Algorithms and Theory of Computation Handbook, 2nd edn. CRC Press, Boca Raton (2009)Google Scholar
  14. 14.
    Clifton, C., Tassa, T.: On syntactic anonymity and differential privacy. Trans. Data Priv. 6(2), 161–183 (2013)MathSciNetGoogle Scholar
  15. 15.
    Di Cerbo, F., Doliere, F., Gomez, L., Trabelsi, S.: PPL v2.0: uniform data access and usage control on cloud and mobile. In: Proceedings of the 1st International Workshop on TEchnical and LEgal Aspects of Data PRIvacy and SEcurity. IEEE (2015)Google Scholar
  16. 16.
    Dickens, L., Russo, A., Cheng, P.-C., Lobo, J.: Towards learning risk estimation functions for access control. In: Snowbird Learning Workshop (2010)Google Scholar
  17. 17.
    eXtensible Access Control Markup Language (XACML) Version 3.0, January 2013.
  18. 18.
    Friedewald, M., Pohoryles, R.J.: Privacy and Security in the Digital Age: Privacy in the Age of Super-Technologies. Routledge, London (2016)Google Scholar
  19. 19.
    Fung, B.C.M., Wang, K., Chen, R., Yu, P.S.: Privacy-preserving data publishing: a survey of recent developments. ACM Comput. Surv. 42(4), 4:1–4:153 (2010)CrossRefGoogle Scholar
  20. 20.
    Ghinita, G., Karras, P., Kalnis, P., Mamoulis, N.: Fast data anonymization with low information loss. In: Proceedings of the 33rd International Conference on Very Large Data Bases, pp. 758–769. VLDB Endowment (2007)Google Scholar
  21. 21.
    Josang, A., Ismail, R., Boyd, C.: A survey of trust and reputation systems for online service provision. Decis. Support Syst. 43(2), 618–644 (2007). Emerging Issues in Collaborative CommerceCrossRefGoogle Scholar
  22. 22.
  23. 23.
    Kohlmayer, F., Prasser, F., Eckert, C., Kuhn, K.A.: A flexible approach to distributed data anonymization. J. Biomed. Inform. 50, 62–76 (2014). Special Issue on Informatics Methods in Medical PrivacyCrossRefGoogle Scholar
  24. 24.
    Kounine, A., Bezzi, M.: Assessing disclosure risk in anonymized datasets. In: Proceedings of the FloCon Workshop, January 2009Google Scholar
  25. 25.
    Lakkaraju, K., Slagell, A.: Evaluating the utility of anonymized network traces for intrusion detection. In: Proceedings of the 4th International Conference on Security and Privacy in Communication Netowrks, SecureComm 2008, pp. 17:1–17:8. ACM, New York (2008)Google Scholar
  26. 26.
    Li, X., Zhou, F., Yang, X.: A multi-dimensional trust evaluation model for large-scale P2P computing. J. Parallel Distrib. Comput. 71(6), 837–847 (2011)CrossRefzbMATHGoogle Scholar
  27. 27.
    Metoui, N., Bezzi, M.: Differential privacy based access control. In: Debruyne, C., et al. (eds.) OTM 2016. LNCS, vol. 10033, pp. 962–974. Springer, Cham (2016). CrossRefGoogle Scholar
  28. 28.
    Metoui, N., Bezzi, M., Armando, A.: Trust and risk-based access control for privacy preserving threat detection systems. In: Dang, T.K., Wagner, R., Küng, J., Thoai, N., Takizawa, M., Neuhold, E. (eds.) FDSE 2016. LNCS, vol. 10018, pp. 285–304. Springer, Cham (2016). CrossRefGoogle Scholar
  29. 29.
    Mivule, K., Anderson, B.: A study of usability-aware network trace anonymization. In: Science and Information Conference (SAI), pp. 1293–1304. IEEE (2015)Google Scholar
  30. 30.
    Mont, M.C., Beato, F.: On parametric obligation policies: enabling privacy-aware information lifecycle management in enterprises. In: Eighth IEEE International Workshop on Policies for Distributed Systems and Networks, POLICY 2007, pp. 51–55. IEEE (2007)Google Scholar
  31. 31.
    Narayanan, A., Huey, J., Felten, E.W.: A precautionary approach to big data privacy. In: Gutwirth, S., Leenes, R., De Hert, P. (eds.) Data Protection on the Move, pp. 357–385. Springer, Dordrecht (2016). CrossRefGoogle Scholar
  32. 32.
    Council of Europe: Handbook on European data protection law. Technical report (2014)Google Scholar
  33. 33.
    Committee on Strategies for Responsible Sharing of Clinical Trial Data: Sharing Clinical Trial Data: Maximizing Benefits, Minimizing Risk. National Academies Press, Washington, DC (2015)Google Scholar
  34. 34.
    Oprea, A., Li, Z., Yen, T.-F., Chin, S.H., Alrwais, S.: Detection of early-stage enterprise infection by mining large-scale log data. In: 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 45–56. IEEE (2015)Google Scholar
  35. 35.
    Pretschner, A., Hilty, M., Basin, D.: Distributed usage control. Commun. ACM 49(9), 39–44 (2006)CrossRefGoogle Scholar
  36. 36.
    Samarati, P.: Protecting respondents’ identities in microdata release. IEEE Trans. Knowl. Data Eng. 13(6), 1010–1027 (2001)CrossRefGoogle Scholar
  37. 37.
    Sandhu, R., Park, J.: Usage control: a vision for next generation access control. In: Gorodetsky, V., Popyack, L., Skormin, V. (eds.) MMM-ACNS 2003. LNCS, vol. 2776, pp. 17–31. Springer, Heidelberg (2003). CrossRefGoogle Scholar
  38. 38.
    Scholl, M.A., Stine, K.M., Hash, J., Bowen, P., Johnson, L.A., Smith, C.D., Steinberg, D.I.: SP 800–66 REV. 1. An introductory resource guide for implementing the health insurance portability and accountability act (HIPAA) security rule. Technical report (2008)Google Scholar
  39. 39.
    Shaikh, R.A., Adi, K., Logrippo, L.: Dynamic risk-based decision methods for access control systems. Comput. Secur. 31(4), 447–464 (2012)CrossRefGoogle Scholar
  40. 40.
    Templ, M., Meindl, B., Kowarik, A.: Introduction to statistical disclosure control (SDC). Project: Relative to the testing of SDC algorithms and provision of practical SDC, data analysis OG (2013)Google Scholar
  41. 41.
    Ulltveit-Moe, N., Oleshchuk, V.A.: Measuring privacy leakage for IDS rules. CoRR, abs/1308.5421 (2013)Google Scholar
  42. 42.
    Ulltveit-Moe, N., Oleshchuk, V.A., Køien, G.M.: Location-aware mobile intrusion detection with enhanced privacy in a 5G context. Wirel. Pers. Commun. 57(3), 317–338 (2011)CrossRefGoogle Scholar
  43. 43.
    Vaidya, J., Clifton, C.W., Zhu, Y.M.: Privacy Preserving Data Mining, vol. 19. Springer, Boston (2006). zbMATHGoogle Scholar
  44. 44.
    XACML Obligation Profile for Healthcare Version 1.0, February 2013.
  45. 45.
    Zuech, R., Khoshgoftaar, T.M., Wald, R.: Intrusion detection and big heterogeneous data: a survey. J. Big Data 2(1), 1–41 (2015)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag GmbH Germany 2017

Authors and Affiliations

  1. 1.DISIUniversity of TrentoTrentoItaly
  2. 2.SAP Labs France, Security ResearchSophia-AntipolisFrance
  3. 3.DIBRISUniversity of GenovaGenoaItaly

Personalised recommendations