Privacy-aware access control and authorization in passive network monitoring infrastructures

Gogoulos, F; Antonakopoulou, A; Lioudakis, GV; Mousas, AS; Kaklamani, DI; Venieris, IS

dc.contributor.author	Gogoulos, F	en
dc.contributor.author	Antonakopoulou, A	en
dc.contributor.author	Lioudakis, GV	en
dc.contributor.author	Mousas, AS	en
dc.contributor.author	Kaklamani, DI	en
dc.contributor.author	Venieris, IS	en
dc.date.accessioned	2014-03-01T02:46:57Z
dc.date.available	2014-03-01T02:46:57Z
dc.date.issued	2010	en
dc.identifier.uri	https://dspace.lib.ntua.gr/xmlui/handle/123456789/32951
dc.subject	Access control	en
dc.subject	Authorisation	en
dc.subject	Passive network monitoring	en
dc.subject	Privacy	en
dc.subject	Semantic information model	en
dc.subject.other	Access control policies	en
dc.subject.other	Authorisation	en
dc.subject.other	Authorization and access control	en
dc.subject.other	Communication networks	en
dc.subject.other	Control and protection	en
dc.subject.other	Control procedures	en
dc.subject.other	Innovative approaches	en
dc.subject.other	Monitoring applications	en
dc.subject.other	Network links	en
dc.subject.other	Network Monitoring	en
dc.subject.other	Ontological models	en
dc.subject.other	Particular condition	en
dc.subject.other	Passive network monitoring	en
dc.subject.other	Privacy	en
dc.subject.other	Privacy preserving	en
dc.subject.other	Privacy-Aware Access Control	en
dc.subject.other	Semantic information model	en
dc.subject.other	Two stage	en
dc.subject.other	Computer software maintenance	en
dc.subject.other	Embedded software	en
dc.subject.other	Embedded systems	en
dc.subject.other	Information technology	en
dc.subject.other	Monitoring	en
dc.subject.other	Passive networks	en
dc.subject.other	Security systems	en
dc.subject.other	Access control	en
dc.title	Privacy-aware access control and authorization in passive network monitoring infrastructures	en
heal.type	conferenceItem	en
heal.identifier.primary	10.1109/CIT.2010.203	en
heal.identifier.secondary	http://dx.doi.org/10.1109/CIT.2010.203	en
heal.identifier.secondary	5578562	en
heal.publicationDate	2010	en
heal.abstract	Despite the usefulness of passive network monitoring for the operation, maintenance, control and protection of communication networks, as well as law enforcement, network monitoring activities are surrounded by serious privacy implications. In this paper, an innovative approach for privacy-preserving authorization and access control to data originating from passive network monitoring is described. The proposed framework relies on an ontological model for the specification of the access control policies, which are evaluated and enforced on a two-phase and two-stage basis by a system that intercedes between the network link and the monitoring applications. The two stages refer to controlled access regarding both the data that are disclosed to the monitoring application from the mediating system and the raw data that the mediator retrieves from the network link. On the other hand, the two phases concern respectively the execution of ""static"" and ""dynamic"" control; the former enforces the rules that are a priori applicable, grounded on the data, role and purpose semantics, while the latter evaluates the real-time contextual parameters for the adaptation of the access control procedures to the particular conditions underlying a request. © 2010 IEEE.	en
heal.journalName	Proceedings - 10th IEEE International Conference on Computer and Information Technology, CIT-2010, 7th IEEE International Conference on Embedded Software and Systems, ICESS-2010, ScalCom-2010	en
dc.identifier.doi	10.1109/CIT.2010.203	en
dc.identifier.spage	1114	en
dc.identifier.epage	1121	en