A Workflow Checking Approach for Inherent Privacy Awareness in Network Monitoring

  • Maria N. Koukovini
  • Eugenia I. Papagiannakopoulou
  • Georgios V. Lioudakis
  • Dimitra I. Kaklamani
  • Iakovos S. Venieris
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7122)


Despite the usefulness of network monitoring for the operation, maintenance, control and protection of communication networks, as well as law enforcement, network monitoring activities are surrounded by serious privacy implications. The inherent “leakage-proneness” is harshened due to the increasing complexity of the monitoring procedures and infrastructures, that include multiple traffic observation points, distributed mitigation mechanisms and even inter-operator cooperation. In this paper, an innovative approach aiming at realising the “privacy by design” principle in the area of network monitoring is presented; it relies on service-orientation primitives and abstractions, in order to verify and, when needed, to adjust network monitoring workflows, so that they become inherently privacy-aware before being deployed for execution.


Network monitoring privacy protection access control workflow verification service decomposition 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Alam, M., Hafner, M., Breu, R.: Constraint based role based access control in the sectet-framework a model-driven approach. Journal of Computer Security 16(2), 223–260 (2008)Google Scholar
  2. 2.
    Ardagna, C.A., Camenisch, J., Kohlweiss, M., Leenes, R., Neven, G., Priem, B., Samarati, P., Sommer, D., Verdicchio, M.: Exploiting cryptography for privacy-enhanced access control: A result of the prime project. Journal of Computer Security 18(1), 123–160 (2010)Google Scholar
  3. 3.
    Ayed, S., Cuppens-Boulahia, N., Cuppens, F.: Managing access and flow control requirements in distributed workflows. In: AICCSA 2008: IEEE/ACS International Conference on Computer Systems and Applications, pp. 702–710 (April 2008)Google Scholar
  4. 4.
    Ayed, S., Cuppens-Boulahia, N., Cuppens, F.: Deploying security policy in intra and inter workflow management systems. In: International Conference on Availability Reliability and Security, pp. 58–65 (2009)Google Scholar
  5. 5.
    Burkhart, M., Schatzmann, D., Trammell, B., Boschi, E., Plattner, B.: The role of network trace anonymization under attack. SIGCOMM Computer Communications Review 40(1), 5–11 (2010)Google Scholar
  6. 6.
    Cuppens, F., Cuppens-Boulahia, N.: Modeling Contextual Security Policies. International Journal of Information Security 7(4), 285–305 (2008)CrossRefGoogle Scholar
  7. 7.
    Fan, J., Xu, J., Ammar, M.H., Moon, S.B.: Prefix-preserving IP address anonymization. Computer Networks 46(2), 253–272 (2004)zbMATHCrossRefGoogle Scholar
  8. 8.
    Gogoulos, F., Antonakopoulou, A., Lioudakis, G.V., Mousas, A.S., Kaklamani, D.I., Venieris, I.S.: Privacy-aware access control and authorization in passive network monitoring infrastructures. In: CIT 2010: Proceedings of the 10th IEEE International Conference on Computer and Information Technology (2010)Google Scholar
  9. 9.
    Koukis, D., Antonatos, S., Antoniades, D., Markatos, E., Trimintzios, P.: A generic anonymization framework for network traffic. In: IEEE International Conference on Communications, ICC 2006, vol. 5, pp. 2302–2309 (June 2006)Google Scholar
  10. 10.
    Lioudakis, G.V., Gaudino, F., Boschi, E., Bianchi, G., Kaklamani, D.I., Venieris, I.S.: Legislation-aware privacy protection in passive network monitoring. In: Portela, I.M., Cruz-Cunha, M.M. (eds.) Information Communication Technology Law, Protection and Access Rights: Global Approaches and Issues, ch. 22, pp. 363–383. IGI Global (2010)Google Scholar
  11. 11.
    Menzel, M., Meinel, C.: SecureSOA. In: IEEE International Conference on Services Computing, pp. 146–153 (2010)Google Scholar
  12. 12.
  13. 13.
    Ni, Q., Bertino, E., Lobo, J., Brodie, C., Karat, C.M., Karat, J., Trombetta, A.: Privacy-aware role-based access control. ACM Transactions on Information and System Security 13(3), 1–31 (2010)CrossRefGoogle Scholar
  14. 14.
    Pang, R., Allman, M., Paxson, V., Lee, J.: The devil and packet trace anonymization. Computer Communication Review (CCR) 36(1), 29–38 (2006)CrossRefGoogle Scholar
  15. 15.
    Papagiannakopoulou, E.I., Koukovini, M.N., Lioudakis, G.V., Garcia-Alfaro, J., Kaklamani, D.I., Venieris, I.S.: A Contextual Privacy-Aware Access Control Model for Network Monitoring Workflows: Work in Progress. In: Garcia-Alfaro, J. (ed.) FPS 2011. LNCS, vol. 6888, pp. 208–217. Springer, Heidelberg (2011)Google Scholar
  16. 16.
    Papazoglou, M.P., Heuvel, W.J.: Service oriented architectures: approaches, technologies and research issues. The VLDB Journal 16, 389–415 (2007)CrossRefGoogle Scholar
  17. 17.
    Preda, S., Cuppens, F., Cuppens-Boulahia, N., Garcia-Alfaro, J., Toutain, L.: Dynamic deployment of context-aware access control policies for constrained security devices. J. Syst. Softw. 84, 1144–1159 (2011)CrossRefGoogle Scholar
  18. 18.
    Russell, N., Ter Hofstede, A.H.M., van der Aalst, W.M., Mulyar, N.: Workflow control-flow patterns: A revised view. Tech. Rep. BPM-06-22, BPM Center (2006)Google Scholar
  19. 19.
    Sicker, D.C., Ohm, P., Grunwald, D.: Legal issues surrounding monitoring during network research. In: IMC 2007: Proceedings of the 7th ACM SIGCOMM Conference on Internet Measurement, pp. 141–148. ACM, New York (2007)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Maria N. Koukovini
    • 1
  • Eugenia I. Papagiannakopoulou
    • 1
  • Georgios V. Lioudakis
    • 1
  • Dimitra I. Kaklamani
    • 1
  • Iakovos S. Venieris
    • 1
  1. 1.School of Electrical and Computer EngineeringNational Technical University of AthensAthensGreece

Personalised recommendations