A Privacy-Aware Access Control Model for Distributed Network Monitoring

International audienceIn this paper, we introduce a new access control model that aims at addressing the privacy implications surrounding network monitoring. In fact, despite its importance, network monitoring is natively leakage-prone and, moreover, this is exacerbated due to the complexity of the highly dynamic monitoring procedures and infrastructures, that may include multiple traffic observation points, distributed mitigation mechanisms and even inter-operator cooperation. Conceived on the basis of data protection legislation, the proposed approach is grounded on a rich in expressiveness information model, that captures all the underlying monitoring concepts along with their associations. The model enables the specification of contextual authorisation policies and expressive separation and binding of duty constraints. Finally, two key innovations of our work consist in the ability to define access control rules at any level of abstraction and in enabling a verification procedure, which results in inherently privacy-aware workflows, thus fostering the realisation of the Privacy by Design vision

SIP as a Unified Signalling Solution in a Beyond 3G System

Abstract—The adoption of packet-switched technologies in mobile communication systems has enabled the provision of IPbased services to mobile users. Yet, these systems, such as the UMTS network, are unable to meet the stringent delay requirements imposed by the enhanced multimedia services due to the anchor point that introduce into the user’s data path. Moreover, such applications will rely on IP-based control protocols for session and mobility management, resulting in duplication of functionality in the network at both the bearer and the application level. For the above reasons, the SAILOR network architecture is presented in this paper, proposing an evolution to the standard UMTS network, where GSNs are integrated into a single entity. Furthermore, the SIP protocol is adopted, for performing mobility and session management procedures currently undertaken by the UMTS Non-Access Stratum protocols. Both modifications to the UMTS network and protocol architecture, result in the smooth evolution of the UMTS core network towards IP as well as accomplish a significant performance gain. T Index Terms—RASN, UMTS, SIP, All–IP architectur

Data Privacy Management and Autonomous Spontaneous Security : DPM 2013 : 8th International Workshop, SETOP 2013 : 6th International Workshop, Ehgam, UK, September 12-13, 2013 - Revised Selected Papers

International audienceThis book constitutes the revised selected papers of the 8th International Workshop on Data Privacy Management, DPM 2013, and the 6th International Workshop on Autonomous and Spontaneous Security, SETOP 2013, held in Egham, UK, in September 2013 and co-located with the 18th European Symposium on Research in Computer Security (ESORICS 2013). The volume contains 13 full papers selected out of 46 submissions and 1 keynote lecturer from the DPM workshop and 6 full papers together with 5 short papers selected among numerous submissions to the SETOP workshop. The papers cover topics related to the management of privacy-sensitive information and automated configuration of security, focusing in particular on system-level privacy policies, administration of sensitive identifiers, data integration and privacy, engineering authentication and authorization, mobile security and vulnerabilities

427 A Framework for Adapting Services ’ Design and Execution to Privacy Regulations

Abstract—The potential impact of contemporary Information and Communication Technologies on users ’ privacy rights is regarded as being among their most evident negative effects. In fact, the recent advances in mobile communications, location and sensing technologies as well as data processing, are boosting the deployment of context-aware personalized services and the creation of smart environments, but at the same time, they pose a serious risk on individuals ’ privacy rights. In order to address this issue, this paper provides a framework for settling the services privacy friendly. The presented approach focuses on specifying a methodology for adapting services to operate on top of a middleware system that incorporates and thus, enforces the privacy regulations, preventing to a great extent the disclosure of personal data to the service providers even if personal data is collected and services are used through pervasive, ubiquitous and wireless devices

Leveraging Ontologies upon a Holistic Privacy-Aware Access Control Model

International audienceAccess control is a crucial concept in both ICT security and privacy, providing for the protection of system resources and personal data. The increasing complexity of nowadays systems has led to a vast family of solutions fostering comprehensive access control models, with the ability to capture a variety of parameters and to incorporate them in the decision making process. However, existing approaches are characterised by limitations regarding expressiveness. We present an approach that aims at overcoming such limitations. It is fully based on ontologies and grounded on a rich in semantics information model. The result is a privacy-aware solution that takes into consideration a variety of aspects and parameters, including attributes, context, dependencies between actions and entities participating therein, as well as separation and binding of duty constraints

Privacy Regulations, Context aware services,

middleware Recent advances in mobile communications, location/sensing technologies and data processing are boosting the deployment of context-aware services and smart spaces creation. This is reflected in urban environments by the smart-city vision, a city with advanced ICT and surveillance infrastructures offering to citizens a diversity of services. Nevertheless, privacy risks and threats ambush, since collection and process of large amount of personal data occur. Although technology enables the collection of data, its protection against abuse is left to data protection legislation. However, privacy terms to be regarded as legislature issues, should be brought down in the technological reality and carefully accounted for in devising technical solutions. In order to limit the disclosure and misuse of citizens ’ personal data, this report introduces a distributed unit o