Abstract
Threat detection systems collect and analyze a large amount of security data logs for detecting potential attacks. Since log data from enterprise systems may contain sensitive and personal information access should be limited to the data relevant to the task at hand as mandated by data protection regulations. To this end, data need to be pre-processed (anonymized) to eliminate or obfuscate the sensitive information that is not-strictly necessary for the task. Additional security/accountability measures may be also applied to reduce the privacy risk, such as logging the access to the personal data or imposing deletion obligations. Anonymization reduces the privacy risk, but it should be carefully applied and balanced with utility requirements of the different phases of the process: a preliminary analysis may require fewer details than an in-depth investigation on a suspect set of logs. We propose a risk-based privacy-aware access control framework for threat detection systems, where each access request is evaluated by comparing the privacy-risk and the trustworthiness of the request. When the risk is too large compared to the trust level, the framework can apply adaptive adjustment strategies to decrease the risk (e.g., by selectively obfuscating the data) or to increase the trust level to perform a given task (e.g., imposing enforceable obligations to the user). We show how the framework can simultaneously address both the privacy and the utility requirements. The experimental results presented in the paper that the framework leads to meaningful results, and real-time performance, within an industrial threat detection solution.
Parts of this paper have been presented at the International Conference on Future Data and Security Engineering [28]. This paper extends [28] in a number of ways: the theoretical framework has been extended so to include, in particular, explicit deny to data access (cf. Sect. 3.1); the adjustment decision from the authorization standpoint and its effect on the resulting response is now described; a new section (Sect. 4) presenting an architecture for proposed risk-based and privacy-aware access control framework and the data request evaluation workflow using the use case as running example has been added; a sketch of the policies to be used to express the risk-based authorizations (Sect. 5) is given; finally, both the Introduction and Conclusions have been improved.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
We refer to these systems as TDS, to distinguish them from network-level intrusion detection systems (often called IDS or SIEM). We base our description on the SAP Enterprise Threat Detection, but the analysis can be applied to other solutions, including IDS. For a comparison between application- and network-level intrusion detection systems, see [22].
- 2.
Other privacy metrics exist (for example, \(\ell \)-diversity, and t-closeness, see [19] for a survey), but k-anonymity is still a de-facto standard in real-world applications.
- 3.
- 4.
In the XACML3.0 (eXtensible Access Control Markup Language) standard [17] the PDP is the point that evaluates an access request against an authorization policy and issues an access decision and the PEP Policy Enforcement Point is the point that intercepts user’s request call the PDP for an access decision then enforce this decision by allowing or denying the access. The PIP is the point that can be called to provide additional information about the resource, requester or environment.
- 5.
For an analysis of the performance of the model on a benchmark dataset see [4].
References
Ali, M., Bussard, L., Pinsdorf, U.: Obligation language for access control and privacy policies (2010)
Ardagna, C.A., Cremonini, M., De Capitani di Vimercati, S., Samarati, P.: A privacy-aware access control system. J. Comput. Secur. 16(4), 369–397 (2008)
Armando, A., Bezzi, M., Cerbo, F., Metoui, N.: Balancing trust and risk in access control. In: Debruyne, C., Panetto, H., Meersman, R., Dillon, T., Weichhart, G., An, Y., Ardagna, C.A. (eds.) OTM 2015. LNCS, vol. 9415, pp. 660–676. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-26148-5_45
Armando, A., Bezzi, M., Metoui, N., Sabetta, A.: Risk-aware information disclosure. In: Garcia-Alfaro, J., Herrera-Joancomartí, J., Lupu, E., Posegga, J., Aldini, A., Martinelli, F., Suri, N. (eds.) DPM/QASA/SETOP 2014. LNCS, vol. 8872, pp. 266–276. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-17016-9_17
Armando, A., Bezzi, M., Metoui, N., Sabetta, A.: Risk-based privacy-aware information disclosure. Int. J. Secur. Softw. Eng. 6(2), 70–89 (2015)
Baracaldo, N., Joshi, J.: Beyond accountability: using obligations to reduce risk exposure and deter insider attacks. In: Proceedings of the 18th ACM Symposium on Access Control Models and Technologies, SACMAT 2013, pp. 213–224. ACM, New York (2013)
Bettini, C., Jajodia, S., Wang, X.S., Wijesekera, D.: Provisions and obligations in policy management and security applications. In: Proceedings of the 28th International Conference on Very Large Data Bases, VLDB 2002, pp. 502–513. VLDB Endowment (2002)
Bezzi, M.: An information theoretic approach for privacy metrics. Trans. Data Priv. 3(3), 199–215 (2010)
Brickell, J., Shmatikov, V.: The cost of privacy: destruction of data-mining utility in anonymized data publishing. In: Proceedings of the 14th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, KDD 2008, pp. 70–78. ACM, New York (2008)
Chen, L., Crampton, J.: Risk-aware role-based access control. In: Meadows, C., Fernandez-Gago, C. (eds.) STM 2011. LNCS, vol. 7170, pp. 140–156. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-29963-6_11
Chen, L., Crampton, J., Kollingbaum, M.J., Norman, T.J.: Obligations in risk-aware access control. In: Cuppens-Boulahia, N., Fong, P., García-Alfaro, J., Marsh, S., Steghöfer, J. (eds.) PST, pp. 145–152. IEEE (2012)
Cheng, P.-C., Rohatgi, P., Keser, C., Karger, P.A., Wagner, G.M., Reninger, A.S.: Fuzzy multi-level security: an experiment on quantified risk-adaptive access control. In: IEEE Symposium on Security and Privacy, pp. 222–230. IEEE Computer Society (2007)
Ciriani, V., De Capitani di Vimercati, S., Foresti, S., Samarati, P.: Theory of privacy and anonymity. In: Atallah, M., Blanton, M. (eds.) Algorithms and Theory of Computation Handbook, 2nd edn. CRC Press, Boca Raton (2009)
Clifton, C., Tassa, T.: On syntactic anonymity and differential privacy. Trans. Data Priv. 6(2), 161–183 (2013)
Di Cerbo, F., Doliere, F., Gomez, L., Trabelsi, S.: PPL v2.0: uniform data access and usage control on cloud and mobile. In: Proceedings of the 1st International Workshop on TEchnical and LEgal Aspects of Data PRIvacy and SEcurity. IEEE (2015)
Dickens, L., Russo, A., Cheng, P.-C., Lobo, J.: Towards learning risk estimation functions for access control. In: Snowbird Learning Workshop (2010)
eXtensible Access Control Markup Language (XACML) Version 3.0, January 2013. http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.pdf
Friedewald, M., Pohoryles, R.J.: Privacy and Security in the Digital Age: Privacy in the Age of Super-Technologies. Routledge, London (2016)
Fung, B.C.M., Wang, K., Chen, R., Yu, P.S.: Privacy-preserving data publishing: a survey of recent developments. ACM Comput. Surv. 42(4), 4:1–4:153 (2010)
Ghinita, G., Karras, P., Kalnis, P., Mamoulis, N.: Fast data anonymization with low information loss. In: Proceedings of the 33rd International Conference on Very Large Data Bases, pp. 758–769. VLDB Endowment (2007)
Josang, A., Ismail, R., Boyd, C.: A survey of trust and reputation systems for online service provision. Decis. Support Syst. 43(2), 618–644 (2007). Emerging Issues in Collaborative Commerce
Kaempfer, M. (2015). http://scn.sap.com/community/security/blog/2015/03/04/sap-enterprise-threat-detection-and-siem-is-this-not-the-same
Kohlmayer, F., Prasser, F., Eckert, C., Kuhn, K.A.: A flexible approach to distributed data anonymization. J. Biomed. Inform. 50, 62–76 (2014). Special Issue on Informatics Methods in Medical Privacy
Kounine, A., Bezzi, M.: Assessing disclosure risk in anonymized datasets. In: Proceedings of the FloCon Workshop, January 2009
Lakkaraju, K., Slagell, A.: Evaluating the utility of anonymized network traces for intrusion detection. In: Proceedings of the 4th International Conference on Security and Privacy in Communication Netowrks, SecureComm 2008, pp. 17:1–17:8. ACM, New York (2008)
Li, X., Zhou, F., Yang, X.: A multi-dimensional trust evaluation model for large-scale P2P computing. J. Parallel Distrib. Comput. 71(6), 837–847 (2011)
Metoui, N., Bezzi, M.: Differential privacy based access control. In: Debruyne, C., et al. (eds.) OTM 2016. LNCS, vol. 10033, pp. 962–974. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-48472-3_61
Metoui, N., Bezzi, M., Armando, A.: Trust and risk-based access control for privacy preserving threat detection systems. In: Dang, T.K., Wagner, R., Küng, J., Thoai, N., Takizawa, M., Neuhold, E. (eds.) FDSE 2016. LNCS, vol. 10018, pp. 285–304. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-48057-2_20
Mivule, K., Anderson, B.: A study of usability-aware network trace anonymization. In: Science and Information Conference (SAI), pp. 1293–1304. IEEE (2015)
Mont, M.C., Beato, F.: On parametric obligation policies: enabling privacy-aware information lifecycle management in enterprises. In: Eighth IEEE International Workshop on Policies for Distributed Systems and Networks, POLICY 2007, pp. 51–55. IEEE (2007)
Narayanan, A., Huey, J., Felten, E.W.: A precautionary approach to big data privacy. In: Gutwirth, S., Leenes, R., De Hert, P. (eds.) Data Protection on the Move, pp. 357–385. Springer, Dordrecht (2016). https://doi.org/10.1007/978-94-017-7376-8_13
Council of Europe: Handbook on European data protection law. Technical report (2014)
Committee on Strategies for Responsible Sharing of Clinical Trial Data: Sharing Clinical Trial Data: Maximizing Benefits, Minimizing Risk. National Academies Press, Washington, DC (2015)
Oprea, A., Li, Z., Yen, T.-F., Chin, S.H., Alrwais, S.: Detection of early-stage enterprise infection by mining large-scale log data. In: 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 45–56. IEEE (2015)
Pretschner, A., Hilty, M., Basin, D.: Distributed usage control. Commun. ACM 49(9), 39–44 (2006)
Samarati, P.: Protecting respondents’ identities in microdata release. IEEE Trans. Knowl. Data Eng. 13(6), 1010–1027 (2001)
Sandhu, R., Park, J.: Usage control: a vision for next generation access control. In: Gorodetsky, V., Popyack, L., Skormin, V. (eds.) MMM-ACNS 2003. LNCS, vol. 2776, pp. 17–31. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-540-45215-7_2
Scholl, M.A., Stine, K.M., Hash, J., Bowen, P., Johnson, L.A., Smith, C.D., Steinberg, D.I.: SP 800–66 REV. 1. An introductory resource guide for implementing the health insurance portability and accountability act (HIPAA) security rule. Technical report (2008)
Shaikh, R.A., Adi, K., Logrippo, L.: Dynamic risk-based decision methods for access control systems. Comput. Secur. 31(4), 447–464 (2012)
Templ, M., Meindl, B., Kowarik, A.: Introduction to statistical disclosure control (SDC). Project: Relative to the testing of SDC algorithms and provision of practical SDC, data analysis OG (2013)
Ulltveit-Moe, N., Oleshchuk, V.A.: Measuring privacy leakage for IDS rules. CoRR, abs/1308.5421 (2013)
Ulltveit-Moe, N., Oleshchuk, V.A., Køien, G.M.: Location-aware mobile intrusion detection with enhanced privacy in a 5G context. Wirel. Pers. Commun. 57(3), 317–338 (2011)
Vaidya, J., Clifton, C.W., Zhu, Y.M.: Privacy Preserving Data Mining, vol. 19. Springer, Boston (2006). https://doi.org/10.1007/978-0-387-29489-6
XACML Obligation Profile for Healthcare Version 1.0, February 2013. http://docs.oasis-open.org/xacml/xspa-obl/v1.0/csd01/xspa-obl-v1.0-csd01.html
Zuech, R., Khoshgoftaar, T.M., Wald, R.: Intrusion detection and big heterogeneous data: a survey. J. Big Data 2(1), 1–41 (2015)
Acknowledgments
The research leading to these results has received funding from the FP7 EU-funded project SECENTIS (FP7-PEOPLE-2012-ITN, grant no. 317387).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer-Verlag GmbH Germany
About this chapter
Cite this chapter
Metoui, N., Bezzi, M., Armando, A. (2017). Risk-Based Privacy-Aware Access Control for Threat Detection Systems. In: Hameurlain, A., Küng, J., Wagner, R., Dang, T., Thoai, N. (eds) Transactions on Large-Scale Data- and Knowledge-Centered Systems XXXVI. Lecture Notes in Computer Science(), vol 10720. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-56266-6_1
Download citation
DOI: https://doi.org/10.1007/978-3-662-56266-6_1
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-56265-9
Online ISBN: 978-3-662-56266-6
eBook Packages: Computer ScienceComputer Science (R0)