A privacy-aware access control model for distributed network monitoring

► An innovative access control model is proposed for network monitoring workflows. ► The model drives a verification procedure resulting in privacy-aware workflows. ► The model considers both concrete and abstract levels for entities’ representation. ► The approach provides for a holistic view of ac...

Full description

Saved in:
Bibliographic Details
Published in:Computers & electrical engineering 2013-10, Vol.39 (7), p.2263-2281
Main Authors: Papagiannakopoulou, Eugenia I., Koukovini, Maria N., Lioudakis, Georgios V., Garcia-Alfaro, Joaquin, Kaklamani, Dimitra I., Venieris, Iakovos S., Cuppens, Frédéric, Cuppens-Boulahia, Nora
Format: Article
Language:English
Subjects:
Access control
Binding
Computer Science
Computer simulation
Cryptography and Security
Legislation
Monitoring
Networks
Policies
Privacy
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:► An innovative access control model is proposed for network monitoring workflows. ► The model drives a verification procedure resulting in privacy-aware workflows. ► The model considers both concrete and abstract levels for entities’ representation. ► The approach provides for a holistic view of access control across processes. In this paper, we introduce a new access control model that aims at addressing the privacy implications surrounding network monitoring. In fact, despite its importance, network monitoring is natively leakage-prone and, moreover, this is exacerbated due to the complexity of the highly dynamic monitoring procedures and infrastructures, that may include multiple traffic observation points, distributed mitigation mechanisms and even inter-operator cooperation. Conceived on the basis of data protection legislation, the proposed approach is grounded on a rich in expressiveness information model, that captures all the underlying monitoring concepts along with their associations. The model enables the specification of contextual authorisation policies and expressive separation and binding of duty constraints. Finally, two key innovations of our work consist in the ability to define access control rules at any level of abstraction and in enabling a verification procedure, which results in inherently privacy-aware workflows, thus fostering the realisation of the Privacy by Design vision.
ISSN:0045-7906
1879-0755
DOI:10.1016/j.compeleceng.2012.08.003