Security-control methods for statistical databases: a comparative study
ACM Computing Surveys (CSUR)
ICNP '02 Proceedings of the 10th IEEE International Conference on Network Protocols
k-anonymity: a model for protecting privacy
International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems
Statistical Identification of Encrypted Web Browsing Traffic
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
A high-level programming environment for packet trace anonymization and transformation
Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
Remote Physical Device Fingerprinting
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
The devil and packet trace anonymization
ACM SIGCOMM Computer Communication Review
\ell -Diversity: Privacy Beyond \kappa -Anonymity
ICDE '06 Proceedings of the 22nd International Conference on Data Engineering
SC2D: an alternative to trace anonymization
Proceedings of the 2006 SIGCOMM workshop on Mining network data
M-invariance: towards privacy preserving re-publication of dynamic datasets
Proceedings of the 2007 ACM SIGMOD international conference on Management of data
On web browsing privacy in anonymized NetFlows
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
ICALP'06 Proceedings of the 33rd international conference on Automata, Languages and Programming - Volume Part II
Privacy integrated queries: an extensible platform for privacy-preserving data analysis
Proceedings of the 2009 ACM SIGMOD International Conference on Management of data
A framework for safely publishing communication traces
Proceedings of the 18th ACM conference on Information and knowledge management
The role of network trace anonymization under attack
ACM SIGCOMM Computer Communication Review
Review: Passive internet measurement: Overview and guidelines based on experiences
Computer Communications
Privacy integrated queries: an extensible platform for privacy-preserving data analysis
Communications of the ACM
Differentially-private network trace analysis
Proceedings of the ACM SIGCOMM 2010 conference
Protecting user privacy with multi-field anonymisation of ip addresses
Proceedings of the 3rd international conference on Security of information and networks
An architectural solution for data exchange in cooperative network security research
Proceedings of the First Workshop on Building Analysis Datasets and Gathering Experience Returns for Security
Hi-index | 0.02 |
Privacy concerns relating to sharing network traces have traditionally been handled via sanitization, which includes removal of sensitive data and IP address anonymization. We argue that sanitization is a poor solution for data sharing that offers insufficient research utility to users and poor privacy guarantees to data providers. We claim that a better balance in the utility/privacy trade-off, inherent to network data sharing, can be achieved via a new paradigm we propose: secure queries. In this paradigm, a data owner publishes a query language and an online portal, allowing researchers to submit sets of queries to be run on data. Only certain operations are allowed on certain data fields, and in specific contexts. Query restriction is achieved via the provider's privacy policy, and enforced by the language's interpreter. Query results, returned to researchers, consist of aggregate information such as counts, histograms, distributions, etc. and not of individual packets. We discuss why secure queries provide higher privacy guarantees and higher research utility than sanitization, and present a design of the secure query language and a privacy policy.