for inherent privacy awareness
play

for Inherent Privacy Awareness in Network Monitoring Maria N. - PowerPoint PPT Presentation

Mar 19, 2024 •181 likes •475 views

A Workflow Checking Approach for Inherent Privacy Awareness in Network Monitoring Maria N. Koukovini Eugenia I. Papagiannakopoulou GeorgiosV. Lioudakis Dimitra I. Kaklamani Iakovos S. Venieris The 6 th International Workshop on Data Privacy

  1. A Workflow Checking Approach for Inherent Privacy Awareness in Network Monitoring Maria N. Koukovini Eugenia I. Papagiannakopoulou GeorgiosV. Lioudakis Dimitra I. Kaklamani Iakovos S. Venieris The 6 th International Workshop on Data Privacy Management (DPM-2011) Leuven, Belgium, September 15 – 16, 2011

  2. Passive Network Monitoring  Inspection of the actual network traffic using special software and/or hardware equipment  Range of applications:  Operation and management of communication networks  Identification of performance bottlenecks  Network security (IDS, ADS, …)  Network planning  Accounting and billing of network services  Validation of SLAs  Observation and fine-tuning of QoS parameters  Internet research based on collected traffic traces  Law enforcement (data retention, lawful interception, …) DPM-2011 Leuven, Belgium, Sep 15, 2011

  3. Passive Network Monitoring  Serious drawback: privacy implications!  Relies natively on personal data collection and processing  Various documented privacy violation mishaps  Passive Network Monitoring special characteristics:  Privacy-sensitive information exceeds payload and spans across various protocol headers and other communication metadata  Too much personal information can be inferred and extracted using advanced processing techniques (statistical analysis, fingerprinting, …)  Specific regulations govern the underlying services and data  Very high data rates and consequent performance requirements  Distributed and cooperative nature of operations and infrastructures  Intra-domain  Inter-domain DPM-2011 Leuven, Belgium, Sep 15, 2011

  4. Privacy-Preserving Network Monitoring: Regulatory Requirements   Lawfulness of data processing Information to and rights of the data subject  Purposes for which data are  processed Consent of the data subject   Necessity, adequacy and Data security measures proportionality of the data  Special categories of data processed  Coordination with competent  Quality of the data processed data protection Authority  Minimal use of personal  Supervision and sanctions identification data  Communications confidentiality  Storage of personal data and lawful interception  Data retention  Flexibility and adaptability of legal  Access limitation compliance provisions DPM-2011 Leuven, Belgium, Sep 15, 2011

  5. Fundamental Principles of the Approach Realisation of Privacy by Design  Privacy-aware information flows  Enforcement of privacy-aware access control across the flows  Contextual behaviour of the system  Automatic integration of protection means  Anonymisation, pseudonymisation, aggregation modules  Complementary actions  Consideration of the semantics of various concepts, such as:  Data  Roles  Operational processes  Purposes for data collection and processing DPM-2011 Leuven, Belgium, Sep 15, 2011

  6. Architecture Overview Reasoner Workflow <?xml version="1.0"?> Model <rdf:RDF xmlns:xsp=http://www.owl- … … … … Planning Checker Phase Policies WF Planning Capabilities Matching Environment Capabilities Bus Orchestration Interface Orchestration Layer Execution Orchestrator Orchestrator Orchestrator Phase Components Interface Components Layer Agent Agent Agent Agent Agent Context Bus Control Message Bus DPM-2011 Leuven, Belgium, Sep 15, 2011

  7. Architecture Overview Reasoner Workflow <?xml version="1.0"?> Model <rdf:RDF xmlns:xsp=http://www.owl- … … … … Planning Checker Phase Policies WF Planning Capabilities Matching Environment Capabilities Bus Orchestration Interface Orchestration Layer Execution Orchestrator Orchestrator Orchestrator Phase Components Interface Components Layer Agent Agent Agent Agent Agent Context Bus Control Message Bus DPM-2011 Leuven, Belgium, Sep 15, 2011

  8. Workflows  Workflows and other important parameters…  w = ⟨ t 1 , t 2 , ..., t n ⟩ , where t i = ⟨ a i , op i , res i ⟩ w  a i : actor  op i : operation  res i : resource + a declared purpose pu , e.g., NetworkSecurity + User role(s) r , e.g., NetworkAdministrator  Overall… ⟨ w, ⟨ r ⟩ k , pu ⟩  or maybe…  ⟨ w, ⟨ r ⟩ k , ⟨ pu ⟩ m ⟩ , stored workflow template DPM-2011 Leuven, Belgium, Sep 15, 2011

  9. Workflow Verification Mechanism  Ensures that the user-specified workflow is rendered privacy compliant before entering the execution phase  A three steps procedure: 1. Purpose Verification: Checks regarding purpose compliance (relevance, consistency, etc.) 2. Skin Task Verification: User-specified tasks checked individually and in relation to each other 3. Decomposition: Composite skin tasks’ refinement and evaluation, until the level of atomic tasks  Relies on a policy-based access control model  Core components: Model Checker and Reasoner DPM-2011 Leuven, Belgium, Sep 15, 2011

  10. Step 1: Purpose Verification  Based on two types of associations contained in / implied by the Policy Model:  role-purpose : not all roles can initiate a workflow serving a given purpose  NetworkAdministrator relevant to NetworkSecurity  Accountant not relevant to NetworkSecurity  task-purpose : not all tasks make sense to be used for serving a purpose  DetectSYNFlood is relevant with NetworkSecurity  InterceptCommunications has nothing to do with NetworkSecurity DPM-2011 Leuven, Belgium, Sep 15, 2011

  11. Step 2: Skin Task Verification  Requirements checked:  The initiator must have the right to include the task in the workflow.  The task ⟨ a i , op i , res i ⟩ w must be valid, i.e., the actor a i must have the right to perform the operation op i on the resource res i .  Each task must not conflict with precedent and subsequent tasks.  Potentially required complementary tasks must be present.  The system must be able “by definition” to offer the respective capability.  Approach: for each skin task t i of w , the Model Checker 1. checks the task’s availability by the system 2. asks the Reasoner about task’s acceptability DPM-2011 Leuven, Belgium, Sep 15, 2011

  12. Step 2: Skin Task Verification Possible results: 1. Unconditional acceptance, aka no changes are needed 2. Conditionally accept with task addition: ok, but some extra tasks are required Solution: required tasks addition e.g., MitigateDDoS requires InformSecurityOfficer DPM-2011 Leuven, Belgium, Sep 15, 2011

  13. Step 2: Skin Task Verification More possible results: 3. Conditionally accept provided some conflicts with other tasks are resolved Solution: task removal, substitution, task insertion 4. Conditionally accept, subject to contextual parameters Solution: conditional branching Special case:  actor, operation, resource  inter-dependencies   Can be combined with all the above 5. Conditionally accept, subject to history-related conditions  Contextual constraints are a priori resolved by the flow itself, or  History creates additional contextual constraints Solution: conditional branching DPM-2011 Leuven, Belgium, Sep 15, 2011

  14. Step 2: Skin Task Verification More possible results: 6. Task is not acceptable due to invalid ⟨ a i , op i , res i ⟩ w combination Solution: task removal, substitution, task insertion  e.g., a role may require aggregated results, therefore, AggregateResults is inserted before ReportToGUI DPM-2011 Leuven, Belgium, Sep 15, 2011

  15. Step 3: Decomposition  3 types of decomposition  AND: all subtasks will be executed  all tasks must be acceptable  XOR: exactly one subtask will be executed, depending on:  Context  Capabilities availability  Prioritisation  Flow constraints  at least one task must be acceptable  Subworkflow: worklet implementation  all subtasks must be acceptable DPM-2011 Leuven, Belgium, Sep 15, 2011

  16. Step 3: Decomposition  Approach: For each skin task t i of w, the Model Checker asks the Reasoner for a decomposition  Input: ⟨⟨ a i , op i , res i ⟩ w , r, pu ⟩  Output: a decomposition that  is valid as a standalone structure, but  there may be constraints  Possibly many levels of decomposition  Iterative procedure  Combined depth-first/ breadth-first verification  If there is no valid decomposition (conflicts, other parameters), the parent task is rejected DPM-2011 Leuven, Belgium, Sep 15, 2011

  17. Decomposition Constraints  Contextual constraints:  The aggregated contextual constraints of its subtasks  XOR: each subtask applicable under a different context  Complementary required tasks:  The aggregated subtasks’ requirements  XOR: each subtask requires different complementary tasks DPM-2011 Leuven, Belgium, Sep 15, 2011

  18. Decomposition Constraints  Conflicts:  AND / Subworkflow: no subtask must conflict with other workflow tasks  XOR: at least one subtask must not conflict with other workflow tasks  Conflict resolution: removal, addition, substitution e.g., CaptureTraffic conflicts with tuple_parser  Anonymise task is inserted for conflict resolution DPM-2011 Leuven, Belgium, Sep 15, 2011

  19. Decomposition Procedure Example Flow Decomposition Start T1 T2 End DPM-2011 Leuven, Belgium, Sep 15, 2011

  20. Decomposition Procedure Example Flow Decomposition Start T1 T2 End check Start T1.1 T1.2 T2 End DPM-2011 Leuven, Belgium, Sep 15, 2011

Recommend

A Privacy Awareness System for Ubicomp Marc Langheinrich ETH Zurich, Switzerland Motivation !

A Privacy Awareness System for Ubicomp Marc Langheinrich ETH Zurich, Switzerland Motivation !

A Privacy Awareness System for Ubicomp Marc Langheinrich ETH Zurich, Switzerland Motivation ! Ubicomp features real-world electronic services, often without user interface Privacy Awareness System ! Automated data transfer facilitates

593 views • 10 slides
Privacy and Anonymity 1 Privacy Privacy and society Basic individual right &amp; desire

Privacy and Anonymity 1 Privacy Privacy and society Basic individual right &amp; desire

CS 134 Privacy and Anonymity 1 Privacy Privacy and society Basic individual right &amp; desire (Image from geekologie.com) Relevant to corporations &amp; government agencies Recently increased awareness However, general public

171 views • 16 slides
CS 525M Mobile and Ubiquitous Computing: The Wi Fi Privacy Ticker: Improving Awareness &amp;

CS 525M Mobile and Ubiquitous Computing: The Wi Fi Privacy Ticker: Improving Awareness &amp;

CS 525M Mobile and Ubiquitous Computing: The Wi Fi Privacy Ticker: Improving Awareness &amp; Control of Personal Information Exposure on Wi Fi Shengwen Han Computer Science Dept. Worcester Polytechnic Institute (WPI) 1 Abstract

375 views • 24 slides
Data Awareness: Privacy and Safety First half of 2019 saw 3800+ publicized data breaches in US

Data Awareness: Privacy and Safety First half of 2019 saw 3800+ publicized data breaches in US

Data Awareness: Privacy and Safety First half of 2019 saw 3800+ publicized data breaches in US 142 privacy breaches in Alberta this year as of Aug 21 2019: https://www.oipc.ab.ca/decisions/breach-notification-decisions.aspx Digital Se Digital

78 views • 3 slides
University of Hawaii Family Educational Rights System and Privacy Act (FERPA) FERPA Awareness

University of Hawaii Family Educational Rights System and Privacy Act (FERPA) FERPA Awareness

University of Hawaii Family Educational Rights System and Privacy Act (FERPA) FERPA Awareness Training Also known as the Buckley Amendment June 26-28, 2018 Statute: 20 U.S.C. 1232(g) Regulations: 34 CFR Part 99 Primary Rights of

316 views • 5 slides
The Varieties of Self- Awareness David Chalmers Self-Awareness n Self-awareness = awareness

The Varieties of Self- Awareness David Chalmers Self-Awareness n Self-awareness = awareness

The Varieties of Self- Awareness David Chalmers Self-Awareness n Self-awareness = awareness of oneself n One is self-aware if one stands in a relation of awareness to oneself and/or one s properties n There are many different ways of

336 views • 29 slides
$ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that

$ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that

Presentation Slides $ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that involves the rights of individuals in relation to information about them that is circulating in society. why privacy is an

318 views • 13 slides
Phonemic Awareness Phonological Awareness Phonological awareness is ones sensitivity

Phonemic Awareness Phonological Awareness Phonological awareness is ones sensitivity

Phonemic Awareness Phonological Awareness Phonological awareness is ones sensitivity to, or explicit awareness of, the phonological structure of ones language.... It involves the ability to notice, think about, or manipulate the

393 views • 11 slides
Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in vehicular networks; Security and Cooperation in Wireless Networks Georg-August University Gttingen Chapter outline 1 Important privacy related

1.12k views • 33 slides
Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy -

Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy -

CISPA Center for IT Security, Privacy and Accountabiltiy Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals, groups, or institutions to determine for themselves when,

573 views • 26 slides
$ Lesson Fourteen Consumer Privacy 04/09 privacy and information information privacy: privacy

$ Lesson Fourteen Consumer Privacy 04/09 privacy and information information privacy: privacy

Presentation Slides $ Lesson Fourteen Consumer Privacy 04/09 privacy and information information privacy: privacy that involves the rights of individuals in relation to information about them that is circulating in society. why privacy is an

429 views • 13 slides
CS305 Topic Privacy Concept Evolution Rights to Privacy Privacy and Technologies

CS305 Topic Privacy Concept Evolution Rights to Privacy Privacy and Technologies

CS305 Topic Privacy Concept Evolution Rights to Privacy Privacy and Technologies US Privacy Laws Sources: Baase: A Gift of Fire and Quinn: Ethics for the Information Age Ethics Spring 2010 Privacy 1 Privacy The original

725 views • 45 slides
Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals,

Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals,

Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is

1.01k views • 76 slides
Safeguarding Adults Training The Inherent Jurisdiction 14 February 2020 ELIZA SHARRON KINGS

Safeguarding Adults Training The Inherent Jurisdiction 14 February 2020 ELIZA SHARRON KINGS

Safeguarding Adults Training The Inherent Jurisdiction 14 February 2020 ELIZA SHARRON KINGS CHAMBERS, BIRMINGHAM The relevant Practical statutory duties considerations INHERENT The Scope of the JURISDICTION Injunctions IJ (IJ)

828 views • 44 slides
Data privacy: an introduction (part 1) Klara Stokes What is privacy? Privacy has been defined in

Data privacy: an introduction (part 1) Klara Stokes What is privacy? Privacy has been defined in

Data privacy: an introduction (part 1) Klara Stokes What is privacy? Privacy has been defined in many ways over the years. Usually privacy is concerned with the individual human being. We may talk about privacy as the control over your own

230 views • 21 slides
Engineering privacy by design Privacy by Design Let's have it! Information and Privacy

Engineering privacy by design Privacy by Design Let's have it! Information and Privacy

Engineering privacy by design Privacy by Design Let's have it! Information and Privacy Commissioner of Ontario https://www.ipc.on.ca/images/resources/7foundationalprinciples.pdf Privacy by Design Let's have it! Article 25 European

1.32k views • 118 slides
Anonymity &amp; Privacy Alice Privacy EU directives (e.g. 95/46/EC) to protect privacy.

Anonymity &amp; Privacy Alice Privacy EU directives (e.g. 95/46/EC) to protect privacy.

Anonymity &amp; Privacy Alice Privacy EU directives (e.g. 95/46/EC) to protect privacy. College Bescherming Persoonsgegevens (CBP) What is privacy? Users must be able to determine for themselves when, how, to what extent and

798 views • 45 slides
Privacy Enhancing Technologies Spring 2006 Outline Privacy Overview Course Topics

Privacy Enhancing Technologies Spring 2006 Outline Privacy Overview Course Topics

ECE598NB Privacy Enhancing Technologies Spring 2006 Outline Privacy Overview Course Topics Course Structure Privacy Define privacy Privacy History Privacy has always existed Cities / large populations have made

173 views • 14 slides
SELF-AWARENESS OR, LOVING THE ALIEN IDENTITY Self- awareness encompasses perceptions,

SELF-AWARENESS OR, LOVING THE ALIEN IDENTITY Self- awareness encompasses perceptions,

SELF-AWARENESS OR, LOVING THE ALIEN IDENTITY Self- awareness encompasses perceptions, sensations, attitudes, intentions, emotions, and public self-aspects, e.g. behaviour&quot; In the autistic person, awareness can be heightened in

399 views • 14 slides
Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance Engineering &amp; Public Policy Lorrie Faith Cranor November 11, 2014 y &amp; c S a e v c i u r P r i t e y l b L a a s

555 views • 21 slides
Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance Engineering &amp; Public Policy Lorrie Faith Cranor October 29, 2013 y &amp; c S a e v c i u r P r i t e y l b L a a s

245 views • 20 slides
Bridging Privacy Definitions: Differential Privacy and Concepts from Privacy Law &amp; Policy

Bridging Privacy Definitions: Differential Privacy and Concepts from Privacy Law &amp; Policy

Bridging Privacy Definitions: Differential Privacy and Concepts from Privacy Law &amp; Policy Alexandra Wood Berkman Klein Center for Internet &amp; Society at Harvard University DIMACS/Northeast Big Data Hub Workshop on Overcoming Barriers to

964 views • 54 slides
PRIVACY IN UBIQUITOUS PRIVACY IN UBIQUITOUS Understanding Privacy Technical Approaches

PRIVACY IN UBIQUITOUS PRIVACY IN UBIQUITOUS Understanding Privacy Technical Approaches

Marc Langheinrich: Privacy in Ubiquitous Computing 5/29/2010 Todays Menu PRIVACY IN UBIQUITOUS PRIVACY IN UBIQUITOUS Understanding Privacy Technical Approaches COMPUTING Definitions Challenges 1. History and legal aspects 1.

264 views • 13 slides
IED AWARENESS IED AWARENESS for first responders Presented By Gary Nel Instructor Bio San

IED AWARENESS IED AWARENESS for first responders Presented By Gary Nel Instructor Bio San

IED Awareness Training IED AWARENESS IED AWARENESS for first responders Presented By Gary Nel Instructor Bio San Antonio Police Department IEDD/EOD Technician (British Army) 7 Tours in Iraq 2 Tours in Afghanistan 2 Tours in

479 views • 14 slides

More recommend