Intrusion and threat detection systems analyze large amount of security-related data logs for detecting potentially harmful patterns. However, log data often contain sensitive and personal information, and their access and processing should be minimized. Anonymization can provide the technical mean to reduce the privacy risk, but it should carefully applied and balanced with utility requirements of the different phases of the process: a first exploration analysis needs less details than an investigation on a suspect set of logs. As a result, a complex access control framework has to be put in place to, simultaneously, address privacy and utility requirements. In this paper we propose a trust- and risk-aware access control framework for Threat Detection Systems, where each access request is evaluated by comparing the privacy-risk and the trustworthiness of the request. When the risk is too large compared to the trust level, the framework can apply adaptive adjustment strategies to decrease the risk (e.g., by selectively obfuscating the data) or to increase the trust level to perform a given task. We show how this model can provide meaningful results, and real-time performance, for an industrial threat detection solution.

Trust and Risk-Based Access Control for Privacy Preserving Threat Detection Systems

Metoui, Nadia;Armando, Alessandro
2016-01-01

Abstract

Intrusion and threat detection systems analyze large amount of security-related data logs for detecting potentially harmful patterns. However, log data often contain sensitive and personal information, and their access and processing should be minimized. Anonymization can provide the technical mean to reduce the privacy risk, but it should carefully applied and balanced with utility requirements of the different phases of the process: a first exploration analysis needs less details than an investigation on a suspect set of logs. As a result, a complex access control framework has to be put in place to, simultaneously, address privacy and utility requirements. In this paper we propose a trust- and risk-aware access control framework for Threat Detection Systems, where each access request is evaluated by comparing the privacy-risk and the trustworthiness of the request. When the risk is too large compared to the trust level, the framework can apply adaptive adjustment strategies to decrease the risk (e.g., by selectively obfuscating the data) or to increase the trust level to perform a given task. We show how this model can provide meaningful results, and real-time performance, for an industrial threat detection solution.
2016
978-3-319-48056-5
978-3-319-48057-2
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11582/307025
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
social impact