Privacy-enhanced network monitoring
Doctoral thesis, Peer reviewed
Date
2013Metadata
Show full item recordCollections
- Doctoral Dissertations [421]
Abstract
This PhD dissertation investigates two necessary means that are required for
building privacy-enhanced network monitoring systems: a policy-based privacy
or confidentiality enforcement technology; and metrics measuring leakage
of private or confidential information to verify and improve these policies.
The privacy enforcement mechanism is based on fine-grained access
control and reversible anonymisation of XML data to limit or control access
to sensitive information from the monitoring systems.
The metrics can be used to support a continuous improvement process, by
quantifying leakages of private or confidential information, locating where
they are, and proposing how these leakages can be mitigated. The planned
actions can be enforced by applying a reversible anonymisation policy, or
by removing the source of the information leakages. The metrics can subsequently
verify that the planned privacy enforcement scheme works as intended.
Any significant deviations from the expected information leakage can
be used to trigger further improvement actions. The most significant results
from the dissertation are:
a privacy leakage metric based on the entropy standard deviation of
given data (for example IDS alarms), which measures how much sensitive
information that is leaking and where these leakages occur;
a proxy offering policy-based reversible anonymisation of information
in XML-based web services. The solution supports multi-level security,
so that only authorised stakeholders can get access to sensitive information;
a methodology which combines privacy metrics with the reversible anonymisation
scheme to support a continuous improvement process with reduced
leakage of private or confidential information over time.
This can be used to improve management of private or confidential information
where managed security services have been outsourced to semi-trusted
parties, for example for outsourced managed security services monitoring
health institutions or critical infrastructures. The solution is based on relevant
standards to ensure backwards compatibility with existing intrusion detection
systems and alarm databases.
Description
Doktorgradsavhandling i informasjons- og kommunikasjonsteknologi, Universitetet i Agder, 2014