• Increase font size
  • Default font size
  • Decrease font size

English (United Kingdom)

An access control approach for privacy-preserving passive network monitoring

Year: 2009
Type of Publication: In Proceedings
Book title: Proceedings of the 4th International Conference for Internet Technology and Secured Transactions (ICITST 2009)
Pages: 1-8
Month: November
ISBN: 978-1-4244-5647-5
London, UK, November 9 – 12, 2009
Passive network monitoring is very useful for the operation, maintenance, control and protection of communication networks, while in certain cases it provides the authorities with the means for law enforcement. Nevertheless, the flip side of passive network monitoring activities is that they are natively surrounded by serious privacy implications. In this paper, an innovative approach for privacy-preserving access control to data originating from passive network monitoring is described. The proposed framework relies on an ontological model for the specification of the access control policies, which are evaluated and enforced on a two-phase and two-stage basis by a system that intercedes between the network link and the monitoring applications. The two stages refer to controlled access regarding both the data that are disclosed to the monitoring application from the mediating system and the raw data that the mediator retrieves from the network link. On the other hand, the two phases concern respectively the execution of ¿static¿ and ¿dynamic¿ control; the former enforces the rules that are a priori applicable, grounded on the data, role and purpose semantics, while the latter evaluates the real-time ¿privacy context¿ for the adaptation of the access control procedures to the particular conditions underlying a request.