Skip to main content
Log in

A roadmap towards improving managed security services from a privacy perspective

  • Original Paper
  • Published:
Ethics and Information Technology Aims and scope Submit manuscript

Abstract

This paper proposes a roadmap for how privacy leakages from outsourced managed security services using intrusion detection systems can be controlled. The paper first analyses the risk of leaking private or confidential information from signature-based intrusion detection systems. It then discusses how the situation can be improved by developing adequate privacy enforcement methods and privacy leakage metrics in order to control and reduce the leakage of private and confidential information over time. Such metrics should allow for quantifying how much information that is leaking, where these information leakages are, as well as showing what these leakages mean. This includes adding enforcement mechanisms ensuring that operation on sensitive information is transparent and auditable. The data controller or external quality assurance organisations can then verify or certify that the security operation operates in a privacy friendly manner. The roadmap furthermore outlines how privacy-enhanced intrusion detection systems should be implemented by initially providing privacy-enhanced alarm handling and then gradually extending support for privacy enhancing operation to other areas like digital forensics, exchange of threat information and big data analytics based attack detection.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3

Similar content being viewed by others

Notes

  1. There will also be synergies between privacy enhancing technologies and security, as will be discussed later. Aiming for such synergies is recommended by the 4. Privacy by Default principle, which states that one should aim for a win-win situation between privacy and security (Cavoukian et al. 2010).

  2. Web bug definition: http://en.wikipedia.org/wiki/Web_bug

  3. The detailed theory behind this metric is considered beyond the scope of this paper, but interested readers can read the full paper here (Ulltveit-Moe and Oleshchuk 2013).

  4. See: http://www.snort.org/search/sid/1394

References

Download references

Acknowledgments

Thanks to all anonymous reviewers, for challenging questions and good ideas on how to improve the quality of the paper. This work has been partially supported by the project “PRECYSE - Protection, prevention and reaction to cyber-attacks to critical infrastructures”, funded by the European Commission under the FP7 frame programme with contract number FP7-SEC-2012-1-285181 (www.precyse.eu), and partially by Telenor Research and Innovation under the contract DR-2009-1.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Nils Ulltveit-Moe.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Ulltveit-Moe, N. A roadmap towards improving managed security services from a privacy perspective. Ethics Inf Technol 16, 227–240 (2014). https://doi.org/10.1007/s10676-014-9348-3

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10676-014-9348-3

Keywords

Navigation