Loading…
A privacy-aware access control model for distributed network monitoring
► An innovative access control model is proposed for network monitoring workflows. ► The model drives a verification procedure resulting in privacy-aware workflows. ► The model considers both concrete and abstract levels for entities’ representation. ► The approach provides for a holistic view of ac...
Saved in:
| Published in: | Computers & electrical engineering 2013-10, Vol.39 (7), p.2263-2281 |
|---|---|
| Main Authors: | , , , , , , , |
| Format: | Article |
| Language: | English |
| Subjects: | |
| Citations: | Items that this one cites Items that cite this one |
| Online Access: | Get full text |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| cited_by | cdi_FETCH-LOGICAL-c472t-71654b2c595d6114c6933294062fcde8b75faba9c5888ec050245ebff067685b3 |
|---|---|
| cites | cdi_FETCH-LOGICAL-c472t-71654b2c595d6114c6933294062fcde8b75faba9c5888ec050245ebff067685b3 |
| container_end_page | 2281 |
| container_issue | 7 |
| container_start_page | 2263 |
| container_title | Computers & electrical engineering |
| container_volume | 39 |
| creator | Papagiannakopoulou, Eugenia I. Koukovini, Maria N. Lioudakis, Georgios V. Garcia-Alfaro, Joaquin Kaklamani, Dimitra I. Venieris, Iakovos S. Cuppens, Frédéric Cuppens-Boulahia, Nora |
| description | ► An innovative access control model is proposed for network monitoring workflows. ► The model drives a verification procedure resulting in privacy-aware workflows. ► The model considers both concrete and abstract levels for entities’ representation. ► The approach provides for a holistic view of access control across processes.
In this paper, we introduce a new access control model that aims at addressing the privacy implications surrounding network monitoring. In fact, despite its importance, network monitoring is natively leakage-prone and, moreover, this is exacerbated due to the complexity of the highly dynamic monitoring procedures and infrastructures, that may include multiple traffic observation points, distributed mitigation mechanisms and even inter-operator cooperation. Conceived on the basis of data protection legislation, the proposed approach is grounded on a rich in expressiveness information model, that captures all the underlying monitoring concepts along with their associations. The model enables the specification of contextual authorisation policies and expressive separation and binding of duty constraints. Finally, two key innovations of our work consist in the ability to define access control rules at any level of abstraction and in enabling a verification procedure, which results in inherently privacy-aware workflows, thus fostering the realisation of the Privacy by Design vision. |
| doi_str_mv | 10.1016/j.compeleceng.2012.08.003 |
| format | article |
| fullrecord | <record><control><sourceid>proquest_hal_p</sourceid><recordid>TN_cdi_hal_primary_oai_HAL_hal_00949776v1</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><els_id>S004579061200153X</els_id><sourcerecordid>1531002864</sourcerecordid><originalsourceid>FETCH-LOGICAL-c472t-71654b2c595d6114c6933294062fcde8b75faba9c5888ec050245ebff067685b3</originalsourceid><addsrcrecordid>eNqNkU1v2zAMhoViA5p1-w_ubTvYpWx9HoNgawcE6GU7CzJNd0odK5OcFP33U5Bh2G27kCD5kHjBl7FbDg0Hru52Dcb9gSZCmp-aFnjbgGkAuiu24kbbGrSUb9gKQMhaW1DX7F3OOyi14mbF7tfVIYWTx9fav_hElUeknCuM85LiVO3jQFM1xlQNIS8p9MeFhmqm5SWm5zKdwxJTmJ_es7ejnzJ9-J1v2Pcvn79tHurt4_3XzXpbo9DtUmuupOhblFYOinOBynZdawWodsSBTK_l6HtvURpjCEFCKyT14whKKyP77oZ9utz94SdXlO99enXRB_ew3rpzD8AKq7U68cJ-vLCHFH8eKS9uHzLSNPmZ4jE7LjsO0Bol_o2K8sauBCiovaCYYs6Jxj8yOLizJ27n_vLEnT1xYIqwruxuLrtUXnQKlFzGQDPSEBLh4oYY_uPKL0J1mdU</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>1475534750</pqid></control><display><type>article</type><title>A privacy-aware access control model for distributed network monitoring</title><source>ScienceDirect Freedom Collection</source><creator>Papagiannakopoulou, Eugenia I. ; Koukovini, Maria N. ; Lioudakis, Georgios V. ; Garcia-Alfaro, Joaquin ; Kaklamani, Dimitra I. ; Venieris, Iakovos S. ; Cuppens, Frédéric ; Cuppens-Boulahia, Nora</creator><creatorcontrib>Papagiannakopoulou, Eugenia I. ; Koukovini, Maria N. ; Lioudakis, Georgios V. ; Garcia-Alfaro, Joaquin ; Kaklamani, Dimitra I. ; Venieris, Iakovos S. ; Cuppens, Frédéric ; Cuppens-Boulahia, Nora</creatorcontrib><description>► An innovative access control model is proposed for network monitoring workflows. ► The model drives a verification procedure resulting in privacy-aware workflows. ► The model considers both concrete and abstract levels for entities’ representation. ► The approach provides for a holistic view of access control across processes.
In this paper, we introduce a new access control model that aims at addressing the privacy implications surrounding network monitoring. In fact, despite its importance, network monitoring is natively leakage-prone and, moreover, this is exacerbated due to the complexity of the highly dynamic monitoring procedures and infrastructures, that may include multiple traffic observation points, distributed mitigation mechanisms and even inter-operator cooperation. Conceived on the basis of data protection legislation, the proposed approach is grounded on a rich in expressiveness information model, that captures all the underlying monitoring concepts along with their associations. The model enables the specification of contextual authorisation policies and expressive separation and binding of duty constraints. Finally, two key innovations of our work consist in the ability to define access control rules at any level of abstraction and in enabling a verification procedure, which results in inherently privacy-aware workflows, thus fostering the realisation of the Privacy by Design vision.</description><identifier>ISSN: 0045-7906</identifier><identifier>EISSN: 1879-0755</identifier><identifier>DOI: 10.1016/j.compeleceng.2012.08.003</identifier><language>eng</language><publisher>Elsevier Ltd</publisher><subject>Access control ; Binding ; Computer Science ; Computer simulation ; Cryptography and Security ; Legislation ; Monitoring ; Networks ; Policies ; Privacy</subject><ispartof>Computers & electrical engineering, 2013-10, Vol.39 (7), p.2263-2281</ispartof><rights>2012 Elsevier Ltd</rights><rights>Distributed under a Creative Commons Attribution 4.0 International License</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c472t-71654b2c595d6114c6933294062fcde8b75faba9c5888ec050245ebff067685b3</citedby><cites>FETCH-LOGICAL-c472t-71654b2c595d6114c6933294062fcde8b75faba9c5888ec050245ebff067685b3</cites><orcidid>0000-0002-7453-4393</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>230,314,780,784,885,27924,27925</link.rule.ids><backlink>$$Uhttps://hal.science/hal-00949776$$DView record in HAL$$Hfree_for_read</backlink></links><search><creatorcontrib>Papagiannakopoulou, Eugenia I.</creatorcontrib><creatorcontrib>Koukovini, Maria N.</creatorcontrib><creatorcontrib>Lioudakis, Georgios V.</creatorcontrib><creatorcontrib>Garcia-Alfaro, Joaquin</creatorcontrib><creatorcontrib>Kaklamani, Dimitra I.</creatorcontrib><creatorcontrib>Venieris, Iakovos S.</creatorcontrib><creatorcontrib>Cuppens, Frédéric</creatorcontrib><creatorcontrib>Cuppens-Boulahia, Nora</creatorcontrib><title>A privacy-aware access control model for distributed network monitoring</title><title>Computers & electrical engineering</title><description>► An innovative access control model is proposed for network monitoring workflows. ► The model drives a verification procedure resulting in privacy-aware workflows. ► The model considers both concrete and abstract levels for entities’ representation. ► The approach provides for a holistic view of access control across processes.
In this paper, we introduce a new access control model that aims at addressing the privacy implications surrounding network monitoring. In fact, despite its importance, network monitoring is natively leakage-prone and, moreover, this is exacerbated due to the complexity of the highly dynamic monitoring procedures and infrastructures, that may include multiple traffic observation points, distributed mitigation mechanisms and even inter-operator cooperation. Conceived on the basis of data protection legislation, the proposed approach is grounded on a rich in expressiveness information model, that captures all the underlying monitoring concepts along with their associations. The model enables the specification of contextual authorisation policies and expressive separation and binding of duty constraints. Finally, two key innovations of our work consist in the ability to define access control rules at any level of abstraction and in enabling a verification procedure, which results in inherently privacy-aware workflows, thus fostering the realisation of the Privacy by Design vision.</description><subject>Access control</subject><subject>Binding</subject><subject>Computer Science</subject><subject>Computer simulation</subject><subject>Cryptography and Security</subject><subject>Legislation</subject><subject>Monitoring</subject><subject>Networks</subject><subject>Policies</subject><subject>Privacy</subject><issn>0045-7906</issn><issn>1879-0755</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2013</creationdate><recordtype>article</recordtype><recordid>eNqNkU1v2zAMhoViA5p1-w_ubTvYpWx9HoNgawcE6GU7CzJNd0odK5OcFP33U5Bh2G27kCD5kHjBl7FbDg0Hru52Dcb9gSZCmp-aFnjbgGkAuiu24kbbGrSUb9gKQMhaW1DX7F3OOyi14mbF7tfVIYWTx9fav_hElUeknCuM85LiVO3jQFM1xlQNIS8p9MeFhmqm5SWm5zKdwxJTmJ_es7ejnzJ9-J1v2Pcvn79tHurt4_3XzXpbo9DtUmuupOhblFYOinOBynZdawWodsSBTK_l6HtvURpjCEFCKyT14whKKyP77oZ9utz94SdXlO99enXRB_ew3rpzD8AKq7U68cJ-vLCHFH8eKS9uHzLSNPmZ4jE7LjsO0Bol_o2K8sauBCiovaCYYs6Jxj8yOLizJ27n_vLEnT1xYIqwruxuLrtUXnQKlFzGQDPSEBLh4oYY_uPKL0J1mdU</recordid><startdate>201310</startdate><enddate>201310</enddate><creator>Papagiannakopoulou, Eugenia I.</creator><creator>Koukovini, Maria N.</creator><creator>Lioudakis, Georgios V.</creator><creator>Garcia-Alfaro, Joaquin</creator><creator>Kaklamani, Dimitra I.</creator><creator>Venieris, Iakovos S.</creator><creator>Cuppens, Frédéric</creator><creator>Cuppens-Boulahia, Nora</creator><general>Elsevier Ltd</general><general>Elsevier</general><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>7SP</scope><scope>8FD</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><scope>1XC</scope><scope>VOOES</scope><orcidid>https://orcid.org/0000-0002-7453-4393</orcidid></search><sort><creationdate>201310</creationdate><title>A privacy-aware access control model for distributed network monitoring</title><author>Papagiannakopoulou, Eugenia I. ; Koukovini, Maria N. ; Lioudakis, Georgios V. ; Garcia-Alfaro, Joaquin ; Kaklamani, Dimitra I. ; Venieris, Iakovos S. ; Cuppens, Frédéric ; Cuppens-Boulahia, Nora</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c472t-71654b2c595d6114c6933294062fcde8b75faba9c5888ec050245ebff067685b3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2013</creationdate><topic>Access control</topic><topic>Binding</topic><topic>Computer Science</topic><topic>Computer simulation</topic><topic>Cryptography and Security</topic><topic>Legislation</topic><topic>Monitoring</topic><topic>Networks</topic><topic>Policies</topic><topic>Privacy</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Papagiannakopoulou, Eugenia I.</creatorcontrib><creatorcontrib>Koukovini, Maria N.</creatorcontrib><creatorcontrib>Lioudakis, Georgios V.</creatorcontrib><creatorcontrib>Garcia-Alfaro, Joaquin</creatorcontrib><creatorcontrib>Kaklamani, Dimitra I.</creatorcontrib><creatorcontrib>Venieris, Iakovos S.</creatorcontrib><creatorcontrib>Cuppens, Frédéric</creatorcontrib><creatorcontrib>Cuppens-Boulahia, Nora</creatorcontrib><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Electronics & Communications Abstracts</collection><collection>Technology Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><collection>Hyper Article en Ligne (HAL)</collection><collection>Hyper Article en Ligne (HAL) (Open Access)</collection><jtitle>Computers & electrical engineering</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Papagiannakopoulou, Eugenia I.</au><au>Koukovini, Maria N.</au><au>Lioudakis, Georgios V.</au><au>Garcia-Alfaro, Joaquin</au><au>Kaklamani, Dimitra I.</au><au>Venieris, Iakovos S.</au><au>Cuppens, Frédéric</au><au>Cuppens-Boulahia, Nora</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>A privacy-aware access control model for distributed network monitoring</atitle><jtitle>Computers & electrical engineering</jtitle><date>2013-10</date><risdate>2013</risdate><volume>39</volume><issue>7</issue><spage>2263</spage><epage>2281</epage><pages>2263-2281</pages><issn>0045-7906</issn><eissn>1879-0755</eissn><abstract>► An innovative access control model is proposed for network monitoring workflows. ► The model drives a verification procedure resulting in privacy-aware workflows. ► The model considers both concrete and abstract levels for entities’ representation. ► The approach provides for a holistic view of access control across processes.
In this paper, we introduce a new access control model that aims at addressing the privacy implications surrounding network monitoring. In fact, despite its importance, network monitoring is natively leakage-prone and, moreover, this is exacerbated due to the complexity of the highly dynamic monitoring procedures and infrastructures, that may include multiple traffic observation points, distributed mitigation mechanisms and even inter-operator cooperation. Conceived on the basis of data protection legislation, the proposed approach is grounded on a rich in expressiveness information model, that captures all the underlying monitoring concepts along with their associations. The model enables the specification of contextual authorisation policies and expressive separation and binding of duty constraints. Finally, two key innovations of our work consist in the ability to define access control rules at any level of abstraction and in enabling a verification procedure, which results in inherently privacy-aware workflows, thus fostering the realisation of the Privacy by Design vision.</abstract><pub>Elsevier Ltd</pub><doi>10.1016/j.compeleceng.2012.08.003</doi><tpages>19</tpages><orcidid>https://orcid.org/0000-0002-7453-4393</orcidid><oa>free_for_read</oa></addata></record> |
| fulltext | fulltext |
| identifier | ISSN: 0045-7906 |
| ispartof | Computers & electrical engineering, 2013-10, Vol.39 (7), p.2263-2281 |
| issn | 0045-7906 1879-0755 |
| language | eng |
| recordid | cdi_hal_primary_oai_HAL_hal_00949776v1 |
| source | ScienceDirect Freedom Collection |
| subjects | Access control Binding Computer Science Computer simulation Cryptography and Security Legislation Monitoring Networks Policies Privacy |
| title | A privacy-aware access control model for distributed network monitoring |
| url | http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-28T23%3A05%3A33IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_hal_p&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=A%20privacy-aware%20access%20control%20model%20for%20distributed%20network%20monitoring&rft.jtitle=Computers%20&%20electrical%20engineering&rft.au=Papagiannakopoulou,%20Eugenia%20I.&rft.date=2013-10&rft.volume=39&rft.issue=7&rft.spage=2263&rft.epage=2281&rft.pages=2263-2281&rft.issn=0045-7906&rft.eissn=1879-0755&rft_id=info:doi/10.1016/j.compeleceng.2012.08.003&rft_dat=%3Cproquest_hal_p%3E1531002864%3C/proquest_hal_p%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-c472t-71654b2c595d6114c6933294062fcde8b75faba9c5888ec050245ebff067685b3%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_pqid=1475534750&rft_id=info:pmid/&rfr_iscdi=true |