Abstract
In the context of authorization in distributed systems, security and privacy often seem at odds. Privacy goals motivate the use of privacy-enhanced forms of authorization such as attribute-based, anonymous authorization; the need to identify misbehaving users calls for either identity-based authorization or identity escrow allowing re-identification of users.
We propose a risk-driven design approach for maximizing privacy of users while satisfying security requirements of an application. In this approach, a security measure such as authentication or identity escrow is introduced only if it addresses a concrete risk. The approach helps to identify privacy-friendly solutions as well as trade-offs between privacy and cost considerations. We illustrate our approach with an example application using anonymous credentials.
Chapter PDF
References
T. Aura and C. Ellison. Privacy and accountability in certificate systems. Research Report HUT-TCS-A61, Helsinki University of Technology Laboratory for Theoretical Computer Science, 2000.
M. Blaze, J. Feigenbaum, and A. D. Keromytis. Keynote: Trust management for public-key infrastructures (position paper). In Proc. 1998 Security Protocols Workshop, volume 1550 of Lecture Notes in Computer Science, pages 59–63. Springer-Verlag, 1998.
J. Camenisch and E. Van Herreweghen. Design and implementation of the idemix anonymous credential system. In Proc. 2002 ACM Conference on Computer and Communications Security. ACM Press, 2002.
D. Chaum and J.-H. Evertse. A secure and privacy-protecting protocol for transmitting personal information between organizations. In Advances in Cryptology-CRYPTO’ 86, volume 263 of Lecture Notes in Computer Science, pages 118–167. Springer-Verlag, 1987.
D. L. Chaum. Security without identification: transaction systems to make big brother obsolete. Communications of the ACM, 28(10): 1030–1044, 1985.
L. Chen. Access with pseudonyms. In Cryptography: Policy and Algorithms, volume 1029 of Lecture Notes in Computer Science, pages 232–243. Springer Verlag, 1995.
I. B. Damgård. Payment systems and credential mechanism with provable security against abuse by individuals. In Advances in Cryptology-CRYPTO volume 403 of Lecture Notes in Computer Science, pages 328–335, 1990.
C. Ellison, B. Frantz, B. Lampson, R. Rivest, B. Thomas, and T. Ylonen. SPKI certificate theory. RFC 2693, Sept. 1999.
International TelecommunicationUnion. ITU-T recommendation x.509-the directory: Authentication framework, Aug. 1997.
S. Konrad, B. Cheng, L. Campbell, and R. Wassermann. Using security patterns to model and analyze security requirements. In International Workshop on Requirements for High Assurance Systems (RHAS), 2003.
N. Li, B. Grosof, and J. Feigenbaum. A practically implementable and tractable delegation logic. In Proc. 2000 IEEE Symposium on Research in Security and Privacy, pages 27–42. IEEE Computer Society Press, 2000.
A. Lysyanskaya, R. Rivest, A. Sahai, and S. Wolf. Pseudonym systems. In Selected Areas in Cryptography, volume 1758 of Lecture Notes in Computer Science. Springer-Verlag, 1999.
The Open Group. Technical guide: Security design patterns, Apr. 2004.
E. Van Herreweghen. Designing anonymous applications with accountability using anonymous credentials. Research Report RZ 3526, IBM Research Division, Jan. 2004.
A. van Lamsweerde. Goal-oriented requirements engineering: A guided tour. In Proc. IEEE International Symposium on Requirements Engineering, pages 249–262, 2001.
E. Yu and L. Cysneiros. Designing for privacy and other competing requirements. In 2nd Symposium on Requirements Engineering for Information Security (SREIS’02), Raleigh, North Carolina, Oct. 2002.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer Science + Business Media, Inc.
About this paper
Cite this paper
Van Herreweghen, E. (2004). A Risk-Driven Approach to Designing Privacy-Enhanced Secure Applications. In: Deswarte, Y., Cuppens, F., Jajodia, S., Wang, L. (eds) Information Security Management, Education and Privacy. IFIP International Federation for Information Processing, vol 148. Springer, Boston, MA. https://doi.org/10.1007/1-4020-8145-6_21
Download citation
DOI: https://doi.org/10.1007/1-4020-8145-6_21
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4020-8144-6
Online ISBN: 978-1-4020-8145-3
eBook Packages: Springer Book Archive