Trust and Risk-Based Access Control for Privacy Preserving Threat Detection Systems

  • Nadia MetouiEmail author
  • Michele Bezzi
  • Alessandro Armando
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10018)


Intrusion and threat detection systems analyze large amount of security-related data logs for detecting potentially harmful patterns. However, log data often contain sensitive and personal information, and their access and processing should be minimized. Anonymization can provide the technical mean to reduce the privacy risk, but it should carefully applied and balanced with utility requirements of the different phases of the process: a first exploration analysis needs less details than an investigation on a suspect set of logs. As a result, a complex access control framework has to be put in place to, simultaneously, address privacy and utility requirements. In this paper we propose a trust- and risk-aware access control framework for Threat Detection Systems, where each access request is evaluated by comparing the privacy-risk and the trustworthiness of the request. When the risk is too large compared to the trust level, the framework can apply adaptive adjustment strategies to decrease the risk (e.g., by selectively obfuscating the data) or to increase the trust level to perform a given task. We show how this model can provide meaningful results, and real-time performance, for an industrial threat detection solution.


Trust Risk Privacy Utility Privacy-preserving threat detection 



The research leading to these results has received funding from the FP7 EU-funded project SECENTIS (FP7-PEOPLE-2012-ITN, grant no. 317387) and EU-funded project TOREADOR (contract n. H2020-688797).


  1. 1.
    Armando, A., Bezzi, M., Cerbo, F., Metoui, N.: Balancing trust and risk in access control. In: Debruyne, C., Panetto, H., Meersman, R., Dillon, T., Weichhart, G., An, Y., Ardagna, C.A. (eds.) OTM 2015. LNCS (ISAIH), vol. 9415, pp. 660–676. Springer, Heidelberg (2015). doi: 10.1007/978-3-319-26148-5_45 Google Scholar
  2. 2.
    Armando, A., Bezzi, M., Metoui, N., Sabetta, A.: Risk-aware information disclosure. In: Garcia-Alfaro, J., Herrera-Joancomartí, J., Lupu, E., Posegga, J., Aldini, A., Martinelli, F., Suri, N. (eds.) DPM/QASA/SETOP -2014. LNCS, vol. 8872, pp. 266–276. Springer, Heidelberg (2015). doi: 10.1007/978-3-319-17016-9_17 Google Scholar
  3. 3.
    Armando, A., Bezzi, M., Metoui, N., Sabetta, A.: Risk-based privacy-aware information disclosure. Int. J. Secur. Softw. Eng. 6(2), 70–89 (2015). CrossRefGoogle Scholar
  4. 4.
    Bezzi, M.: An information theoretic approach for privacy metrics. Trans. Data Priv. 3(3), 199–215 (2010)MathSciNetGoogle Scholar
  5. 5.
    Brickell, J., Shmatikov, V.: The cost of privacy: destruction of data-mining utility in anonymized data publishing. In: Proceedings of the 14th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, KDD 2008, pp. 70–78. ACM, NewYork (2008).
  6. 6.
    Chen, L., Crampton, J.: Risk-aware role-based access control. In: Meadows, C., Fernandez-Gago, C. (eds.) STM 2011. LNCS, vol. 7170, pp. 140–156. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-29963-6_11 CrossRefGoogle Scholar
  7. 7.
    Chen, L., Crampton, J., Kollingbaum, M.J., Norman, T.J.: Obligations in risk-aware access control. In: Cuppens-Boulahia, N., Fong, P., García-Alfaro, J., Marsh, S., Steghöfer, J. (eds.) PST, pp. 145–152. IEEE (2012).
  8. 8.
    Cheng, P.C., Rohatgi, P., Keser, C., Karger, P.A., Wagner, G.M., Reninger, A.S.: Fuzzy multi-level security: an experiment on quantified risk-adaptive access control. In: IEEE Symposium on Security and Privacy, pp. 222–230. IEEE Computer Society (2007). 2007.html#ChengRKKWR07
  9. 9.
    Ciriani, V., De Capitani di Vimercati, S., Foresti, S., Samarati, P.: Theory of privacy and anonymity. In: Atallah, M., Blanton, M. (eds.) Algorithms and Theory of Computation Handbook, 2nd edn. CRC Press (2009)Google Scholar
  10. 10.
    Clifton, C., Tassa, T.: On syntactic anonymity and differential privacy. Trans. Data Priv. 6(2), 161–183 (2013). MathSciNetGoogle Scholar
  11. 11.
    Committee on Strategies for Responsible Sharing of Clinical Trial Data: Sharing Clinical Trial Data: Maximizing Benefits, Minimizing Risk. National Academies Press (US), Washington (DC) (2015)Google Scholar
  12. 12.
    Dickens, L., Russo, A., Cheng, P.C., Lobo, J.: Towards learning risk estimation functions for access control. In: Snowbird Learning Workshop (2010).
  13. 13.
    FRA and the Council of Europe: handbook on european data protection law. Technical report (2014)Google Scholar
  14. 14.
    Friedewald, M., Pohoryles, R.J.: Privacy and Security in the Digital Age: Privacy in the Age of Super-Technologies. Routledge, Abingdon (2016)Google Scholar
  15. 15.
    Fung, B.C.M., Wang, K., Chen, R., Yu, P.S.: Privacy-preserving data publishing: a survey of recent developments. ACM Comput. Surv. 42(4), 14:1–14:53 (2010). CrossRefGoogle Scholar
  16. 16.
    Ghinita, G., Karras, P., Kalnis, P., Mamoulis, N.: Fast data anonymization with low information loss. In: Proceedings of the 33rd International Conference on Very Large Data Bases, pp. 758–769 (2007). VLDB EndowmentGoogle Scholar
  17. 17.
    Josang, A., Ismail, R., Boyd, C.: A survey of trust and reputation systems for online service provision. Decision Support Systems 43(2), 618–644 (2007). Emerging issues in Collaborative Commerce. CrossRefGoogle Scholar
  18. 18.
  19. 19.
    Kohlmayer, F., Prasser, F., Eckert, C., Kuhn, K.A.: A flexible approach to distributed data anonymization. J. Biomed. Inform. 50, 62–76 (2014). Special issue on Informatics Methods in Medical PrivacyCrossRefGoogle Scholar
  20. 20.
    Kounine, A., Bezzi, M.: Assessing disclosure risk in anonymized datasets. In: Proceedings of the FloCon Workshop, January 2009Google Scholar
  21. 21.
    Lakkaraju, K., Slagell, A.: Evaluating the utility of anonymized network traces for intrusion detection. In: Proceedings of the 4th International Conference on Security and Privacy in Communication Netowrks, SecureComm 2008, pp. 17:1–17:8. ACM, NewYork (2008).
  22. 22.
    Li, X., Zhou, F., Yang, X.: A multi-dimensional trust evaluation model for large-scale p2p computing. J. Parallel Distrib. Comput. 71(6), 837–847 (2011)CrossRefzbMATHGoogle Scholar
  23. 23.
    Mivule, K., Anderson, B.: A study of usability-aware network trace anonymization. In: Science and Information Conference (SAI), 2015, pp. 1293–1304. IEEE (2015)Google Scholar
  24. 24.
    Narayanan, A., Huey, J., Felten, E.W.: A precautionary approach to big data privacy. In: Gutwirth, S., Leenes, R., De Hert, P. (eds.) Data Protection on the Move, vol. 24, pp. 357–385. Springer, Dordrecht (2016)CrossRefGoogle Scholar
  25. 25.
    Oprea, A., Li, Z., Yen, T.F., Chin, S.H., Alrwais, S.: Detection of early-stage enterprise infection by mining large-scale log data. In: 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 45–56. IEEE (2015)Google Scholar
  26. 26.
    Samarati, P.: Protecting respondents’ identities in microdata release. IEEE Trans. Knowl. Data Eng. 13(6), 1010–1027 (2001)CrossRefGoogle Scholar
  27. 27.
    Scholl, M.A., Stine, K.M., Hash, J., Bowen, P., Johnson, L.A., Smith, C.D., Steinberg, D.I.: Spp. 800–66 rev. 1. an introductory resource guide for implementing the health insurance portability and accountability act (hipaa) security rule. Technical report (2008)Google Scholar
  28. 28.
    Shaikh, R.A., Adi, K., Logrippo, L.: Dynamic risk-based decision access control systems. Comput. Secur. 31(4), 447–464 (2012)CrossRefGoogle Scholar
  29. 29.
    Templ, M., Meindl, B., Kowarik, A.: Introduction to statistical disclosure control (sdc). Project: Relative to the testing of SDC algorithms and provision of practical SDC, data analysis OG (2013)Google Scholar
  30. 30.
    Ulltveit-Moe, N., Oleshchuk, V.A.: Measuring privacy leakage for IDS rules. CoRR abs/1308.5421.
  31. 31.
    Ulltveit-Moe, N., Oleshchuk, V.A., Køien, G.M.: Location-aware mobile intrusion detection with enhanced privacy in a 5G context. Wireless Pers. Commun. 57(3), 317–338 (2011)CrossRefGoogle Scholar
  32. 32.
    Vaidya, J., Clifton, C.W., Zhu, Y.M.: Privacy Preserving Data Mining, vol. 19. Springer, New York (2006)zbMATHGoogle Scholar
  33. 33.
    Zuech, R., Khoshgoftaar, T.M., Wald, R.: Intrusion detection and big heterogeneous data: a survey. J. Big Data 2(1), 1–41 (2015)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG 2016

Authors and Affiliations

  • Nadia Metoui
    • 1
    • 2
    Email author
  • Michele Bezzi
    • 3
  • Alessandro Armando
    • 1
    • 4
  1. 1.Security and Trust Unit, FBK-IrstTrentoItaly
  2. 2.DISI, University of TrentoTrentoItaly
  3. 3.SAP Labs France, Security ResearchSophia-AntipolisFrance
  4. 4.DIBRIS, University of GenovaGenoaItaly

Personalised recommendations