A Workflow Checking Approach for Inherent Privacy Awareness in Network Monitoring

Despite the usefulness of network monitoring for the operation, maintenance, control and protection of communication networks, as well as law enforcement, network monitoring activities are surrounded by serious privacy implications. The inherent "leakage-proneness" is harshened due to the increasing complexity of the monitoring procedures and infrastructures, that include multiple traffic observation points, distributed mitigation mechanisms and even inter-operator cooperation. In this paper, an innovative approach aiming at realising the "privacy by design" principle in the area of network monitoring is presented; it relies on service-orientation primitives and abstractions, in order to verify and, when needed, to adjust network monitoring workflows, so that they become inherently privacy-aware before being deployed for execution.

[1]  Nora Cuppens-Boulahia,et al.  Dynamic deployment of context-aware access control policies for constrained security devices , 2011, J. Syst. Softw..

[2]  Evangelos P. Markatos,et al.  A Generic Anonymization Framework for Network Traffic , 2006, 2006 IEEE International Conference on Communications.

[3]  Christoph Meinel,et al.  SecureSOA Modelling Security Requirements for Service-Oriented Architectures , 2010, 2010 IEEE International Conference on Services Computing.

[4]  Nora Cuppens-Boulahia,et al.  Deploying Security Policy in Intra and Inter Workflow Management Systems , 2009, 2009 International Conference on Availability, Reliability and Security.

[5]  Mostafa Ammar,et al.  Prefix-preserving IP address anonymization , 2004 .

[6]  Jason Lee,et al.  The devil and packet trace anonymization , 2006, CCRV.

[7]  Mike P. Papazoglou,et al.  Service oriented architectures: approaches, technologies and research issues , 2007, The VLDB Journal.

[8]  van der Wmp Wil Aalst,et al.  Workflow control-flow patterns : a revised view , 2006 .

[9]  Jorge Lobo,et al.  Privacy-aware role-based access control , 2010 .

[10]  Nora Cuppens-Boulahia,et al.  Managing access and flow control requirements in distributed workflows , 2008, 2008 IEEE/ACS International Conference on Computer Systems and Applications.

[11]  Dirk Grunwald,et al.  Legal issues surrounding monitoring during network research , 2007, IMC '07.

[12]  Bernhard Plattner,et al.  The role of network trace anonymization under attack , 2010, CCRV.

[13]  Dimitra I. Kaklamani,et al.  Privacy-Aware Access Control and Authorization in Passive Network Monitoring Infrastructures , 2010, 2010 10th IEEE International Conference on Computer and Information Technology.

[14]  Pierangela Samarati,et al.  Exploiting cryptography for privacy-enhanced access control: A result of the PRIME Project , 2010, J. Comput. Secur..

[15]  Nora Cuppens-Boulahia,et al.  Modeling contextual security policies , 2008, International Journal of Information Security.

[16]  Dimitra I. Kaklamani,et al.  A Contextual Privacy-Aware Access Control Model for Network Monitoring Workflows: Work in Progress , 2011, FPS.

[17]  Dimitra I. Kaklamani,et al.  Legislation-Aware Privacy Protection in Passive Network Monitoring , 2010 .

[18]  Sabrina De Capitani di Vimercati,et al.  Guest Editorial: Special Issue on Computer and Communications Security , 2008, TSEC.

[19]  Ruth Breu,et al.  Constraint based role based access control in the SECTET-frameworkA model-driven approach , 2008, J. Comput. Secur..