A novel policy-driven reversible anonymisation scheme for XML-based services

This paper proposes a reversible anonymisation scheme for XML messages that supports fine-grained enforcement of XACML-based privacy policies. Reversible anonymisation means that information in XML messages is anonymised, however the information required to reverse the anonymisation is cryptographically protected in the messages. The policy can control access down to octet ranges of individual elements or attributes in XML messages. The reversible anonymisation protocol effectively implements a multi-level privacy and security based approach, so that only authorised stakeholders can disclose confidential information up to the privacy or security level they are authorised for. The approach furthermore supports a shared secret based scheme, where stakeholders need to agree to disclose confidential information. Last, it supports time limited access to private or confidential information. This opens up for improved control of access to private or confidential information in XML messages used by a service oriented architecture. The solution provides horizontally scalable confidentiality protection for certain types of big data applications, like XML databases, secure logging and data retention repositories.

[1]  Nils Ulltveit-Moe,et al.  Decision-cache based XACML authorisation and anonymisation for XML documents , 2012, Comput. Stand. Interfaces.

[2]  Erland Jonsson,et al.  Anomaly-based intrusion detection: privacy concerns and other problems , 2000, Comput. Networks.

[3]  Max Mühlhäuser,et al.  Multilaterally Secure Ubiquitous Auditing , 2010, Intelligent Networking, Collaborative Systems and Applications.

[4]  William Yurcik,et al.  Sharing computer network logs for security and privacy: a motivation for new methodologies of anonymization , 2005, Workshop of the 1st International Conference on Security and Privacy for Emerging Areas in Communication Networks, 2005..

[5]  Amos Fiat,et al.  Broadcast Encryption , 1993, CRYPTO.

[6]  Joachim Biskup,et al.  A Hybrid PKI Model: Application to Secure Mediation , 2002, DBSec.

[7]  Vladimir A. Oleshchuk,et al.  Mobile Security with Location-Aware Role-Based Access Control , 2011, MobiSec.

[8]  Petr Svenda,et al.  Secure Logging of Retained Data for an Anonymity Service , 2009, PrimeLife.

[9]  Vanessa Ayala-Rivera,et al.  Protecting organizational data confidentiality in the cloud using a high-performance anonymization engine , 2013 .

[10]  Hari Balakrishnan,et al.  CryptDB: protecting confidentiality with encrypted query processing , 2011, SOSP.

[11]  Dogan Kesdogan,et al.  Privacy Enhanced Intrusion Detection , 1999 .

[12]  Simone Fischer-Hübner,et al.  Combining Verified and Adaptive System Components Towards More Secure Computer Architectures , 1990, Security and Persistence.

[13]  Ulrich Flegel,et al.  Privacy-Respecting Intrusion Detection (Advances in Information Security) , 2007 .

[14]  Stefan G. Weber Harnessing Pseudonyms with Implicit Attributes for Privacy-Respecting Mission Log Analysis , 2009, 2009 International Conference on Intelligent Networking and Collaborative Systems.

[15]  Marc Langheinrich,et al.  Privacy By Design , 2013, IEEE Pervasive Comput..

[16]  Peter Schaar,et al.  Privacy by Design , 2010 .

[17]  Hervé Debar,et al.  The Intrusion Detection Message Exchange Format (IDMEF) , 2007, RFC.

[18]  Neil M. Richards,et al.  Three Paradoxes of Big Data , 2015 .

[19]  Ulrich Flegel,et al.  Privacy-Respecting Intrusion Detection , 2007, Advances in Information Security.

[20]  George Hsieh,et al.  Supporting Secure Embedded Access Control Policy with XACML+XML Security , 2010, 2010 5th International Conference on Future Information Technology.

[21]  Vern Paxson,et al.  A high-level programming environment for packet trace anonymization and transformation , 2003, SIGCOMM '03.

[22]  Dong Hoon Lee,et al.  PPIDS: Privacy Preserving Intrusion Detection System , 2007, PAISI.

[23]  Hartmut König,et al.  The Intrusion Detection System AID - Architecture, and Experiences in Automated Audit Analysis , 1996, Communications and Multimedia Security.

[24]  Ehud D. Karnin,et al.  On secret sharing systems , 1983, IEEE Trans. Inf. Theory.

[25]  Jeff Hodges,et al.  Assertions and Protocol for the OASIS Security Assertion Markup Language (SAML) V2. 0 , 2001 .

[26]  Jörg Riesmeier,et al.  Reversible Anonymization of DICOM Images Using Automatically Generated Policies , 2009, MIE.