Proposed NIST standard for role-based access control
ACM Transactions on Information and System Security (TISSEC)
A technique for counting natted hosts
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
Separation of Duty in Role-based Environments
CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
Organization based access control
POLICY '03 Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks
Statistical Identification of Encrypted Web Browsing Traffic
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
'I didn't buy it for myself': privacy and Ecommerce personalization
Designing personalized user experiences in eCommerce
Separation of duties for access control enforcement in workflow environments
IBM Systems Journal - End-to-end security
Computer Networks: The International Journal of Computer and Telecommunications Networking
The devil and packet trace anonymization
ACM SIGCOMM Computer Communication Review
Hierarchical hippocratic databases with minimal disclosure for virtual organizations
The VLDB Journal — The International Journal on Very Large Data Bases
Administration in role-based access control
ASIACCS '07 Proceedings of the 2nd ACM symposium on Information, computer and communications security
POSITIF: A Policy-Based Security Management System
POLICY '07 Proceedings of the Eighth IEEE International Workshop on Policies for Distributed Systems and Networks
VLDB '02 Proceedings of the 28th international conference on Very Large Data Bases
A middleware architecture for privacy protection
Computer Networks: The International Journal of Computer and Telecommunications Networking
Legal issues surrounding monitoring during network research
Proceedings of the 7th ACM SIGCOMM conference on Internet measurement
Limiting disclosure in hippocratic databases
VLDB '04 Proceedings of the Thirtieth international conference on Very large data bases - Volume 30
Constraint based role based access control in the SECTET-framework: A model-driven approach
Journal of Computer Security - Privacy, Security and Trust (PST) Technologies: Evolution and Challenges
Purpose based access control for privacy protection in relational database systems
The VLDB Journal — The International Journal on Very Large Data Bases
Modeling contextual security policies
International Journal of Information Security
A Workflow-Based Access Control Framework for e-Health Applications
AINAW '08 Proceedings of the 22nd International Conference on Advanced Information Networking and Applications - Workshops
PuRBAC: Purpose-Aware Role-Based Access Control
OTM '08 Proceedings of the OTM 2008 Confederated International Conferences, CoopIS, DOA, GADA, IS, and ODBASE 2008. Part II on On the Move to Meaningful Internet Systems
Supporting flexible streaming media protection through privacy-aware secure processors
Computers and Electrical Engineering
A hybrid intrusion detection system design for computer network security
Computers and Electrical Engineering
Multi-layer framework for analysing and managing routing configurations
Computers and Electrical Engineering
The role of network trace anonymization under attack
ACM SIGCOMM Computer Communication Review
Exploiting cryptography for privacy-enhanced access control: A result of the PRIME Project
Journal of Computer Security - EU-Funded ICT Research on Trust and Security
Fingerprinting websites using traffic analysis
PET'02 Proceedings of the 2nd international conference on Privacy enhancing technologies
Privacy-aware role-based access control
ACM Transactions on Information and System Security (TISSEC)
Semantic web service composition testbed
Computers and Electrical Engineering
SecureSOA Modelling Security Requirements for Service-Oriented Architectures
SCC '10 Proceedings of the 2010 IEEE International Conference on Services Computing
Fingerprinting websites using remote traffic analysis
Proceedings of the 17th ACM conference on Computer and communications security
Privacy-Aware Access Control and Authorization in Passive Network Monitoring Infrastructures
CIT '10 Proceedings of the 2010 10th IEEE International Conference on Computer and Information Technology
Virtual workflow system for distributed collaborative scientific applications on Grids
Computers and Electrical Engineering
Dynamic deployment of context-aware access control policies for constrained security devices
Journal of Systems and Software
Program synthesis in administration of higher-order permissions
Proceedings of the 16th ACM symposium on Access control models and technologies
Mobility in collaborative alert systems: building trust through reputation
NETWORKING'11 Proceedings of the IFIP TC 6th international conference on Networking
Formal enforcement and management of obligation policies
Data & Knowledge Engineering
Using identities to achieve enhanced privacy in future content delivery networks
Computers and Electrical Engineering
Contextual privacy management in extended role based access control model
DPM'09/SETOP'09 Proceedings of the 4th international workshop, and Second international conference on Data Privacy Management and Autonomous Spontaneous Security
Privacy vulnerabilities in encrypted HTTP streams
PET'05 Proceedings of the 5th international conference on Privacy Enhancing Technologies
A contextual privacy-aware access control model for network monitoring workflows: work in progress
FPS'11 Proceedings of the 4th Canada-France MITACS conference on Foundations and Practice of Security
Efficient and multi-level privacy-preserving communication protocol for VANET
Computers and Electrical Engineering
A workflow checking approach for inherent privacy awareness in network monitoring
DPM'11 Proceedings of the 6th international conference, and 4th international conference on Data Privacy Management and Autonomous Spontaneus Security
| Hi-index | 0.00 |
In this paper, we introduce a new access control model that aims at addressing the privacy implications surrounding network monitoring. In fact, despite its importance, network monitoring is natively leakage-prone and, moreover, this is exacerbated due to the complexity of the highly dynamic monitoring procedures and infrastructures, that may include multiple traffic observation points, distributed mitigation mechanisms and even inter-operator cooperation. Conceived on the basis of data protection legislation, the proposed approach is grounded on a rich in expressiveness information model, that captures all the underlying monitoring concepts along with their associations. The model enables the specification of contextual authorisation policies and expressive separation and binding of duty constraints. Finally, two key innovations of our work consist in the ability to define access control rules at any level of abstraction and in enabling a verification procedure, which results in inherently privacy-aware workflows, thus fostering the realisation of the Privacy by Design vision.