Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Bücher
Zeitschriften
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
SLX-Digitalkonferenz: Zukunftswerkstatt 2024

Mehr Umsatz mit Top-Kontakten

Am 7. Mai erfahren Sie, wie Vertriebsteams Leadgenerierung, Leadnurturing und Leadstrategien effizient steuern können.
Erweiterte Suche
Anmelden
nach oben

2009 | Buch

User Profiling and Re-identification: Case of University-Wide Network Analysis Kapitel lesen Erstes Kapitel lesen

Trust, Privacy and Security in Digital Business

6th International Conference, TrustBus 2009, Linz, Austria, September 3-4, 2009. Proceedings

herausgegeben von: Simone Fischer-Hübner, Costas Lambrinoudakis, Günther Pernul

Verlag: Springer Berlin Heidelberg

Buchreihe : Lecture Notes in Computer Science

Enthalten in: Springer Professional "Wirtschaft+Technik" , Springer Professional "Technik" , Springer Professional "Wirtschaft"

Einloggen, um Zugang zu erhalten
insite
SUCHEN

Über dieses Buch

This book presents the proceedings of the 6th International Conference on Trust, Privacy and Security in Digital Business (TrustBus 2009), held in Linz, Austria d- ing September 3–4, 2009. The conference continues from previous events held in Zaragoza (2004), Copenhagen (2005), Krakow (2006), Regensburg (2007) and Turin (2008). The advances in the information and communication technologies (ICT) have raised new opportunities for the implementation of novel applications and the pro- sion of high-quality services over global networks. The aim is to utilize this ‘infor- tion society era’ for improving the quality of life for all citizens, disseminating knowledge, strengthening social cohesion, generating earnings and finally ensuring that organizations and public bodies remain competitive in the global electronic m- ketplace. Unfortunately, such a rapid technological evolution cannot be problem free. Concerns are raised regarding the ‘lack of trust’ in electronic procedures and the - tent to which ‘information security’ and ‘user privacy’ can be ensured. TrustBus 2009 brought together academic researchers and industry developers, who discussed the state of the art in technology for establishing trust, privacy and security in digital business. We thank the attendees for coming to Linz to participate and debate the new emerging advances in this area.

Inhaltsverzeichnis

Frontmatter

User Profiling and Privacy in Digital Business

User Profiling and Re-identification: Case of University-Wide Network Analysis
Abstract
In this paper we present our methodology for context information processing, modeling users’ behaviour and re-identification. Our primary interest is to what extent a user can be re-identified if we have his “user profile” and how much information is required for a successful re-identification. We operate with “user profiles” that reflect user’s behaviour in the past. We describe the input date we use for building behavioural characteristics; similarity searching procedure and an evaluation of the re-identification process. We discuss (and provide results of our experiments) how different initial conditions, as well as different approaches used in the similarity searching phase, influence the results and propose the optimal scenario where we obtain the most accurate results. We provide experimental results of re-identification of three protocols (SSH, HTTP and HTTPS).
Marek Kumpošt, Vašek Matyáš
Search Engines: Gateway to a New “Panopticon”?
Abstract
Nowadays, Internet users are depending on various search engines in order to be able to find requested information on the Web. Although most users feel that they are and remain anonymous when they place their search queries, reality proves otherwise. The increasing importance of search engines for the location of the desired information on the Internet usually leads to considerable inroads into the privacy of users. The scope of this paper is to study the main privacy issues with regard to search engines, such as the anonymisation of search logs and their retention period, and to examine the applicability of the European data protection legislation to non-EU search engine providers. Ixquick, a privacy-friendly meta search engine will be presented as an alternative to privacy intrusive existing practices of search engines.
Eleni Kosta, Christos Kalloniatis, Lilian Mitrou, Evangelia Kavakli

Privacy Enhancing Technologies and Identity Management

Supporting Local Aliases as Usable Presentation of Secure Pseudonyms
Abstract
Privacy-Enhancing Identity Management (PIM) enables users to control which personal data they provide to whom by partitioning this information into subsets called partial identities. Since these partial identities should not be linkable except by their owner, randomly generated pseudonyms that are unique are used as their identifiers instead of real names. Randomly generated pseudonyms do not leak any information about the corresponding user, but their handling is not easy for human beings. Users should therefore be enabled to assign local aliases according to their individual preferences to such pseudonyms to allow for a better recognizability in interaction scenarios. However, the use of local aliases requires a reasonable support to ensure both privacy and usability.
This paper introduces an architecture that enables users to manage local aliases in a reasonable and usable way. Possible solutions for alias assignment, alias improvement, and replacement between aliases and pseudonyms are discussed. The suggested approach was realized within a collaborative eLearning environment but is also applicable for other collaborative applications.
Elke Franz, Katja Liesebach
A Privacy-Preserving Platform for User-Centric Quantitative Benchmarking
Abstract
We propose a centralised platform for quantitative benchmarking of key performance indicators (KPI) among mutually distrustful organisations. Our platform offers users the opportunity to request an ad-hoc benchmarking for a specific KPI within a peer group of their choice. Architecture and protocol are designed to provide anonymity to its users and to hide the sensitive KPI values from other clients and the central server. To this end, we integrate user-centric peer group formation, exchangeable secure multi-party computation protocols, short-lived ephemeral key pairs as pseudonyms, and attribute certificates. We show by empirical evaluation of a prototype that the performance is acceptable for reasonably sized peer groups.
Dominik Herrmann, Florian Scheuer, Philipp Feustel, Thomas Nowey, Hannes Federrath
An Anonymous Credit Card System
Abstract
Credit cards have many important benefits; however, these same benefits often carry with them many privacy concerns. In particular, the need for users to be able to monitor their own transactions, as well as bank’s need to justify its payment requests from cardholders, entitle the latter to maintain a detailed log of all transactions its credit card customers were involved in. A bank can thus build a profile of each cardholder even without the latter’s consent. In this paper, we present a practical and accountable anonymous credit system based on ecash, with a privacy preserving mechanism for error correction and expense-reporting.
Elli Androulaki, Steven Bellovin

Security and Privacy in Real Life Applications

A Cluster-Based Framework for the Security of Medical Sensor Environments
Abstract
The adoption of Wireless Sensor Networks (WSNs) in the healthcare sector poses many security issues, mainly because medical information is considered particularly sensitive. The security mechanisms employed are expected to be more efficient in terms of energy consumption and scalability in order to cope with the constrained capabilities of WSNs and patients’ mobility. Towards this goal, cluster-based medical WSNs can substantially improve efficiency and scalability. In this context, we have proposed a general framework for cluster-based medical environments on top of which security mechanisms can rely. This framework fully covers the varying needs of both in-hospital environments and environments formed ad hoc for medical emergencies. In this paper, we further elaborate on the security of our proposed solution. We specifically focus on key establishment mechanisms and investigate the group key agreement protocols that can best fit in our framework.
Eleni Klaoudatou, Elisavet Konstantinou, Georgios Kambourakis, Stefanos Gritzalis
Formal Specification and Automatic Analysis of Business Processes under Authorization Constraints: An Action-Based Approach
Abstract
We present an approach to the formal specification and automatic analysis of business processes under authorization constraints based on the action language \(\cal{C}\). The use of \(\cal{C}\) allows for a natural and concise modeling of the business process and the associated security policy and for the automatic analysis of the resulting specification by using the Causal Calculator (CCALC). Our approach improves upon previous work by greatly simplifying the specification step while retaining the ability to perform a fully automatic analysis. To illustrate the effectiveness of the approach we describe its application to a version of a business process taken from the banking domain and use CCALC to determine resource allocation plans complying with the security policy.
Alessandro Armando, Enrico Giunchiglia, Serena Elisa Ponta
A Formalization of HIPAA for a Medical Messaging System
Abstract
The complexity of regulations in healthcare, financial services, and other industries makes it difficult for enterprises to design and deploy effective compliance systems. We believe that in some applications, it may be practical to support compliance by using formalized portions of applicable laws to regulate business processes that use information systems. In order to explore this possibility, we use a stratified fragment of Prolog with limited use of negation to formalize a portion of the US Health Insurance Portability and Accountability Act (HIPAA). As part of our study, we also explore the deployment of our formalization in a prototype hospital Web portal messaging system.
Peifung E. Lam, John C. Mitchell, Sharada Sundaram

Reputation and Security Measurements

Adaptive Dispatching of Incidences Based on Reputation for SCADA Systems
Abstract
SCADA systems represent a challenging scenario where the management of critical alarms is crucial. Their response to these alarms should be efficient and fast in order to mitigate or contain undesired effects. This work presents a mechanism, the Adaptive Assignment Manager (AAM) that will aid to react to incidences in a more efficient way by dynamically assigning alarms to the most suitable human operator. The mechanism uses various inputs for identifying the operators such as their availability, workload and reputation. In fact, we also define a reputation component that stores the reputation of the human operators and uses feedback from past experiences.
Cristina Alcaraz, Isaac Agudo, Carmen Fernandez-Gago, Rodrigo Roman, Gerardo Fernandez, Javier Lopez
Steering Security through Measurement
Abstract
This paper presents the results of a security management survey of IT administrators from small and medium sized enterprises (SMEs) who ranked predefined Critical Success Factors (CSFs) and Indicators. The outcome of this study relies on the development of a set of security management guidelines that allows IT administrators to adopt assessment and managerial security routines. The secondary contribution relies on allowing IT administrators to establish a culture of implementing and tracking the effectiveness of technical and non-technical security controls. The survey results describe how IT administrators would like the most critical aspects of security to evolve.
Jose M. Torres, Jose M. Sarriegi, Josune Hernantes, Ana Lauge
Advanced Features in Bayesian Reputation Systems
Abstract
Bayesian reputation systems are quite flexible and can relatively easily be adapted to different types of applications and environments. The purpose of this paper is to provide a concise overview of the rich set of features that characterizes Bayesian reputation systems. In particular we demonstrate the importance of base rates during bootstrapping, for handling rating scarcity and for expressing long term trends.
Audun Jøsang, Walter Quattrociocchi

Access Control

An MDA-Based Environment for Generating Access Control Policies
Abstract
Identity management and access control are essential in the enterprise IT landscape in order to control access to applications and to fulfil laws or regulations. The global competition of enterprises leads to short development cycles and fast changes of IT applications, which requires also an error-free and quick adaption of its security. The model-driven development of access control policies promises to cope with this situation. This work introduces an mda-based environment for generating access control policies. A comprehensive overview is given on the organisational aspects, describing details of roles, artefacts and tools involved. On this basis the four phases of a model-driven development process for access control policies and their organisational aspects are presented.
Heiko Klarl, Florian Marmé, Christian Wolff, Christian Emig, Sebastian Abeck
An Extended Role-Based Access Control Model for Delegating Obligations
Abstract
The main aim of access control models is to provide means to simplify the management of the security policy, which is a fastidious and error-prone task. Supporting delegation is considered as an important mean to decentralize the administration and therefore to allow security policy to be more flexible and easier to manipulate. Our main contribution is the proposition of a unified model to the administration and delegation of obligations. Managing such delegations implies more requirements than managing traditional privileges delegation. In fact, delegating obligations may include two interpretations: the delegation of the obligation and the delegation of the responsibility related to this obligation. Therefore, it is important to deal with these two notions separately. Moreover, since delegating an obligation involves the delegation of sanctions, then the consent of the user who receives this delegation may be required in some cases. We address in this paper these requirements and we propose a formalism to deal with them.
Meriam Ben-Ghorbel-Talbi, Frédéric Cuppens, Nora Cuppens-Boulahia, Adel Bouhoula
The OPL Access Control Policy Language
Abstract
Existing policy languages suffer from a limited ability of directly and elegantly expressing high-level access control principles such as history-based separation of duty [22], binding of duty [26], context constraints [24], Chinese wall properties [10], and obligations [20]. It is often difficult to extend a language in order to retrofit these features once required or it is necessary to use complicated and complex language constructs to express such concepts. The latter, however, is cumbersome and error-prone for humans dealing with policy administration.
We present the flexible policy language OPL that can represent a wide range of access control principles in XML directly, by providing dedicated language constructs for each supported principle. It can be easily extended with further principles if necessary. OPL is based on a module concept, and it can easily cope with the language complexity that usually comes with a growing expressiveness. OPL is suitable to be used in an enterprise environment, since it combines the required expressiveness with the simplicity necessary for an appropriate administration.
Christopher Alm, Ruben Wolf, Joachim Posegga

Authentication and Authorisation

Operational Semantics for DKAL: Application and Analysis
Abstract
DKAL is a new expressive high-level authorization language. It has been successfully tried at Microsoft which led to further improvements of the language itself. One improvement is the separation of concerns between static core policies and dynamic workflow; important safety properties can be proved from the core policies alone, independently from the workflow. Another improvement is true decentralization; different principals live in different worlds exchanging information by means of communication and filtering assertions. We also present some complexity results.
Yuri Gurevich, Arnab Roy
HB − MAC: Improving the Random − HB # Authentication Protocol
Abstract
The Random − HB # protocol is a significant improvement of the HB  +  protocol introduced by Juels and Weis for the authentication of low-cost RFID tags. Random − HB # improves HB  +  in terms of both security and practicality. It is provably resistant against man-in-the-middle attacks, where the adversary can modify messages send from the reader to the tag and performs significantly better than HB  + , since it reduces the transmission costs and provides more practical error rates. The only problem with Random − HB # is that the storage costs for the secret keys are insurmountable to low cost tags. The designers of the protocol have proposed also an enhanced variant which has less storage requirements, but it is not supported by a security proof. They call this variant just HB #. In this paper we propose a variant of the Random − HB #. The new proposal maintains the performance of the Random − HB #, but it requires significantly less storage for the key. To achieve that we add a lightweight message authentication code to protect the integrity of all the exchanged messages.
Panagiotis Rizomiliotis
Backmatter
Metadaten
Titel
Trust, Privacy and Security in Digital Business
herausgegeben von
Simone Fischer-Hübner
Costas Lambrinoudakis
Günther Pernul
Copyright-Jahr
2009
Verlag
Springer Berlin Heidelberg
Electronic ISBN
978-3-642-03748-1
Print ISBN
978-3-642-03747-4
DOI
https://doi.org/10.1007/978-3-642-03748-1

Premium Partner

    Bildnachweise