Abstract
Intrusion and threat detection systems analyze large amount of security-related data logs for detecting potentially harmful patterns. However, log data often contain sensitive and personal information, and their access and processing should be minimized. Anonymization can provide the technical mean to reduce the privacy risk, but it should carefully applied and balanced with utility requirements of the different phases of the process: a first exploration analysis needs less details than an investigation on a suspect set of logs. As a result, a complex access control framework has to be put in place to, simultaneously, address privacy and utility requirements. In this paper we propose a trust- and risk-aware access control framework for Threat Detection Systems, where each access request is evaluated by comparing the privacy-risk and the trustworthiness of the request. When the risk is too large compared to the trust level, the framework can apply adaptive adjustment strategies to decrease the risk (e.g., by selectively obfuscating the data) or to increase the trust level to perform a given task. We show how this model can provide meaningful results, and real-time performance, for an industrial threat detection solution.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
We refer to these systems as TDS, to distinguish them from network level intrusion detection systems (often called IDS or SIEM). Moreover, we base our description on the SAP Enterprise Threat Detection, but the analysis could be applied to other solutions, including IDS. For a comparison between application and network level intrusion detection systems, see [18].
- 2.
In most cases the dependency of risk from permission is mediated by roles. For the sake of simplicity, we do not consider here roles, for an extension of this model including roles, we can follow the lines of the models described in [6].
- 3.
Other privacy metrics exist (for example, \(\ell \)-diversity, and t-closeness, see [15] ), but k-anonymity is still a de-facto standard in real applications.
References
Armando, A., Bezzi, M., Cerbo, F., Metoui, N.: Balancing trust and risk in access control. In: Debruyne, C., Panetto, H., Meersman, R., Dillon, T., Weichhart, G., An, Y., Ardagna, C.A. (eds.) OTM 2015. LNCS (ISAIH), vol. 9415, pp. 660–676. Springer, Heidelberg (2015). doi:10.1007/978-3-319-26148-5_45
Armando, A., Bezzi, M., Metoui, N., Sabetta, A.: Risk-aware information disclosure. In: Garcia-Alfaro, J., Herrera-JoancomartÃ, J., Lupu, E., Posegga, J., Aldini, A., Martinelli, F., Suri, N. (eds.) DPM/QASA/SETOP -2014. LNCS, vol. 8872, pp. 266–276. Springer, Heidelberg (2015). doi:10.1007/978-3-319-17016-9_17
Armando, A., Bezzi, M., Metoui, N., Sabetta, A.: Risk-based privacy-aware information disclosure. Int. J. Secur. Softw. Eng. 6(2), 70–89 (2015). http://dx.doi.org/10.4018/IJSSE.2015040104
Bezzi, M.: An information theoretic approach for privacy metrics. Trans. Data Priv. 3(3), 199–215 (2010)
Brickell, J., Shmatikov, V.: The cost of privacy: destruction of data-mining utility in anonymized data publishing. In: Proceedings of the 14th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, KDD 2008, pp. 70–78. ACM, NewYork (2008). http://doi.acm.org/10.1145/1401890.1401904
Chen, L., Crampton, J.: Risk-aware role-based access control. In: Meadows, C., Fernandez-Gago, C. (eds.) STM 2011. LNCS, vol. 7170, pp. 140–156. Springer, Heidelberg (2012). doi:10.1007/978-3-642-29963-6_11
Chen, L., Crampton, J., Kollingbaum, M.J., Norman, T.J.: Obligations in risk-aware access control. In: Cuppens-Boulahia, N., Fong, P., GarcÃa-Alfaro, J., Marsh, S., Steghöfer, J. (eds.) PST, pp. 145–152. IEEE (2012). http://ieeexplore.ieee.org/xpl/mostRecentIssue.jsp?punumber=6287257
Cheng, P.C., Rohatgi, P., Keser, C., Karger, P.A., Wagner, G.M., Reninger, A.S.: Fuzzy multi-level security: an experiment on quantified risk-adaptive access control. In: IEEE Symposium on Security and Privacy, pp. 222–230. IEEE Computer Society (2007). http://dblp.uni-trier.de/db/conf/sp/sp. 2007.html#ChengRKKWR07
Ciriani, V., De Capitani di Vimercati, S., Foresti, S., Samarati, P.: Theory of privacy and anonymity. In: Atallah, M., Blanton, M. (eds.) Algorithms and Theory of Computation Handbook, 2nd edn. CRC Press (2009)
Clifton, C., Tassa, T.: On syntactic anonymity and differential privacy. Trans. Data Priv. 6(2), 161–183 (2013). http://dl.acm.org/citation.cfm?id=2612167.2612170
Committee on Strategies for Responsible Sharing of Clinical Trial Data: Sharing Clinical Trial Data: Maximizing Benefits, Minimizing Risk. National Academies Press (US), Washington (DC) (2015)
Dickens, L., Russo, A., Cheng, P.C., Lobo, J.: Towards learning risk estimation functions for access control. In: Snowbird Learning Workshop (2010). https://www.usukitacs.com/papers/6006/TA2_22_Dickens_learning_risk_estimation.pdf
FRA and the Council of Europe: handbook on european data protection law. Technical report (2014)
Friedewald, M., Pohoryles, R.J.: Privacy and Security in the Digital Age: Privacy in the Age of Super-Technologies. Routledge, Abingdon (2016)
Fung, B.C.M., Wang, K., Chen, R., Yu, P.S.: Privacy-preserving data publishing: a survey of recent developments. ACM Comput. Surv. 42(4), 14:1–14:53 (2010). http://doi.acm.org/10.1145/1749603.1749605
Ghinita, G., Karras, P., Kalnis, P., Mamoulis, N.: Fast data anonymization with low information loss. In: Proceedings of the 33rd International Conference on Very Large Data Bases, pp. 758–769 (2007). VLDB Endowment
Josang, A., Ismail, R., Boyd, C.: A survey of trust and reputation systems for online service provision. Decision Support Systems 43(2), 618–644 (2007). Emerging issues in Collaborative Commerce. http://www.sciencedirect.com/science/article/B6V8S-4GJK82P-1/2/a9a6e96414fa04641c1d31a57989618d
Kaempfer, M.: (2015). http://scn.sap.com/community/security/blog/2015/03/04/sap-enterprise-threat-detection-and-siem-is-this-not-the-same
Kohlmayer, F., Prasser, F., Eckert, C., Kuhn, K.A.: A flexible approach to distributed data anonymization. J. Biomed. Inform. 50, 62–76 (2014). Special issue on Informatics Methods in Medical Privacy
Kounine, A., Bezzi, M.: Assessing disclosure risk in anonymized datasets. In: Proceedings of the FloCon Workshop, January 2009
Lakkaraju, K., Slagell, A.: Evaluating the utility of anonymized network traces for intrusion detection. In: Proceedings of the 4th International Conference on Security and Privacy in Communication Netowrks, SecureComm 2008, pp. 17:1–17:8. ACM, NewYork (2008). http://doi.acm.org/10.1145/1460877.1460899
Li, X., Zhou, F., Yang, X.: A multi-dimensional trust evaluation model for large-scale p2p computing. J. Parallel Distrib. Comput. 71(6), 837–847 (2011)
Mivule, K., Anderson, B.: A study of usability-aware network trace anonymization. In: Science and Information Conference (SAI), 2015, pp. 1293–1304. IEEE (2015)
Narayanan, A., Huey, J., Felten, E.W.: A precautionary approach to big data privacy. In: Gutwirth, S., Leenes, R., De Hert, P. (eds.) Data Protection on the Move, vol. 24, pp. 357–385. Springer, Dordrecht (2016)
Oprea, A., Li, Z., Yen, T.F., Chin, S.H., Alrwais, S.: Detection of early-stage enterprise infection by mining large-scale log data. In: 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 45–56. IEEE (2015)
Samarati, P.: Protecting respondents’ identities in microdata release. IEEE Trans. Knowl. Data Eng. 13(6), 1010–1027 (2001)
Scholl, M.A., Stine, K.M., Hash, J., Bowen, P., Johnson, L.A., Smith, C.D., Steinberg, D.I.: Spp. 800–66 rev. 1. an introductory resource guide for implementing the health insurance portability and accountability act (hipaa) security rule. Technical report (2008)
Shaikh, R.A., Adi, K., Logrippo, L.: Dynamic risk-based decision access control systems. Comput. Secur. 31(4), 447–464 (2012)
Templ, M., Meindl, B., Kowarik, A.: Introduction to statistical disclosure control (sdc). Project: Relative to the testing of SDC algorithms and provision of practical SDC, data analysis OG (2013)
Ulltveit-Moe, N., Oleshchuk, V.A.: Measuring privacy leakage for IDS rules. CoRR abs/1308.5421. http://arxiv.org/abs/1308.5421(2013)
Ulltveit-Moe, N., Oleshchuk, V.A., Køien, G.M.: Location-aware mobile intrusion detection with enhanced privacy in a 5G context. Wireless Pers. Commun. 57(3), 317–338 (2011)
Vaidya, J., Clifton, C.W., Zhu, Y.M.: Privacy Preserving Data Mining, vol. 19. Springer, New York (2006)
Zuech, R., Khoshgoftaar, T.M., Wald, R.: Intrusion detection and big heterogeneous data: a survey. J. Big Data 2(1), 1–41 (2015)
Acknowledgments
The research leading to these results has received funding from the FP7 EU-funded project SECENTIS (FP7-PEOPLE-2012-ITN, grant no. 317387) and EU-funded project TOREADOR (contract n. H2020-688797).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing AG
About this paper
Cite this paper
Metoui, N., Bezzi, M., Armando, A. (2016). Trust and Risk-Based Access Control for Privacy Preserving Threat Detection Systems. In: Dang, T., Wagner, R., Küng, J., Thoai, N., Takizawa, M., Neuhold, E. (eds) Future Data and Security Engineering. FDSE 2016. Lecture Notes in Computer Science(), vol 10018. Springer, Cham. https://doi.org/10.1007/978-3-319-48057-2_20
Download citation
DOI: https://doi.org/10.1007/978-3-319-48057-2_20
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-48056-5
Online ISBN: 978-3-319-48057-2
eBook Packages: Computer ScienceComputer Science (R0)