Abstract
One company by itself cannot detect all instances of fraud or insider attacks. An example is the simple case of buyer fraud: a fraudulent buyer colludes with a supplier creating fake orders for supplies that are never delivered. They circumvent internal controls in place to prevent this kind of fraud, such as a goods receipt, e.g., by ordering services instead of goods. Based on the evidence collected at one company, it is often extremely difficult to detect such fraud, but if companies collaborate and correlate their evidence, they could detect that the ordered services have never actually been provided.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Hippocratic databases. In: VLDB, pp. 143–154. Morgan Kaufmann (2002)
Atallah, M.J., Bykova, M., Li, J., Frikken, K.B., Topkara, M.: Private collaborative forecasting and benchmarking. In: V. Atluri, P.F. Syson, S.D.C. diver Vimercati (eds.) Proceedings of the ACM Workshop on Privacy in the Electronic Society, pp. 103–114. ACM (2004)
Ben-Or, M., Goldwasser, S., Wigderson, A.: Completeness theorems for non-cryptographic fault-tolerant distributed computation (extended abstract). In: Proceedings of the 20th ACM Symposium on Theory of Computing, pp. 1–10. ACM (1988)
Bizer, J.: Sieben goldene Regeln des Datenschutzes. Datenschutz und Datensicherheit 31(5), 350–356 (2007)
Botan, I., Kossmann, D., Fischer, P.M., Kraska, T., Florescu, D., Tamosevicius, R.: Extending XQuery with window functions. In: VLDB ’07: Proceedings of the 33rd international conference on Very Large Data Bases, pp. 75–86. VLDB Endowment (2007)
Decker, G., Kopp, O., Barros, A.: An Introduction to Service Choreographies. Information Technology 50(2), 122–127 (2008)
Desmedt, Y., Frankel, Y.: Threshold cryptosystems. In: G. Brassard (ed.) Proceedings of the Conference on Advances in Cryptology (CRYPTO’89), no. 435 in Lecture Notes in Computer Science, pp. 307–315. Springer, Santa Barbara, California (1989)
Directive 95/46/EC of the European Parliament and of the Council of 24 october 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. Official Journal L 281 (1995). http://europa.eu.int/eur-lex/en/lif/dat/1995/en_395L0046.html
Flegel, U.: Pseudonymizing Unix log files. In: G. Davida, Y. Frankel, O. Rees (eds.) Proceedings of the Infrastructure Security Conference (InfraSec2002), no. 2437 in Lecture Notes in Computer Science, pp. 162–179. Springer, Bristol, United Kingdom (2002)
Flegel, U.: Privacy-Respecting Intrusion Detection, Advances in Information Security, vol. 35. Springer, New York (2007)
Gemmel, P.S.: An introduction to threshold cryptography. Cryptobytes 2(3), 7–12 (1997)
Federal data protection act. In: German Federal Law Gezette, p. 2954 ff. (1990). http: //www.datenschutz-berlin.de/gesetze/bdsg/bdsgeng.htm
Criminal code. In: German Federal Law Gezette, p. 945 ff. (1998). http://www.iuscomp.org/gla/statutes/StGB.htm
Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game or a completeness theorem for protocols with honest majority. In: Proceedings of the 19th ACM Conference on Theory of Computing, pp. 218–229. ACM (1987)
Karastoyanova, D., Khalaf, R., Schroth, R., Paluszek, M., Leymann, F.: BPEL Event Model. Technical Report Computer Science 2006/10, University of Stuttgart, Faculty of Computer Science, Electrical Engineering, and Information Technology, Germany, University of Stuttgart, Institute of Architecture of Application Systems (2006)
Kerschbaum, F.: Distance-preserving pseudonymization for timestamps and spatial data. In: P. Ning, T. Yu (eds.) WPES, pp. 68–71. ACM (2007)
Kopp, O., van Lessen, T., Nitzsche, J.: The Need for a Choreography-aware Service Bus. In: YR-SOC 2008, pp. 28–34. Online (2008)
Lee, A.J., Tabriz, P., Borisov, N.: A privacy-preserving interdomain audit framework. In: Proceedings of the 5th ACM workshop on Privacy in electronic society, pp. 99–108. ACM, New York, NY, USA (2006). DOI http://doi.acm.org/10.1145/1179601.1179620
Lincoln, P., Porras, P., Shmatikov, V.: Privacy-preserving sharing and correlation of security alerts. In: Proceedings of the 13th USENIX Security Symposium, pp. 239–254. San Diego, California, USA (2004)
Mills, D.: Network time protocol (version 3) specification, implementation (1992)
OASIS: Web Services Security Policy Language (WS-SecurityPolicy) (2005). URL http://specs.xmlsoap.org/ws/2005/07/securitypolicy/ws-securitypolicy.pdf
OASIS: Web ServicesBusiness Process Execution Language Version 2.0 (2007)
OASIS: Web Services Reliable Messaging Policy Assertion (WS-RM Policy) (2008). URL http://docs.oasis-open.org/ws-rx/wsrmp/200702
OECD: Guidelines on the protection of privacy and transborder flows of personal data. http://www.oecd.org/document/18Z0, 3343, en_2649_34255_1815186_1_1_1_1, 00.html, (2009-07-01) (1980)
OMG: Business process modelling notation (BPMN) specification version 1.2 (2006)
Parekh, J.J., Wang, K., Stolfo, S.J.: Privacy-preserving payload-based correlation for accurate malicious traffic detection. In: Proceedings of the 2006 SIGCOMM workshop on Large-scale attack defense, pp. 99–106. ACM, New York, NY, USA (2006). DOI http://doi.acm.org/10. 1145 / 1162666.1162667
United States House of Representatives 93d Congress, n.S.: US privacy act of 1974. http: //www.usdoj.gov/opcl/197 4privacyact -overview.htm (2009-07-01)
Shamir, A.: How to share a secret. Communications of the ACM 22, 612–613 (1979)
W3C: OWL-S: Semantic Markup for Web Services (2004). URL http://www.w3.org/Submission/OWL-S/
W3C: Web Service Modeling Ontology (WSMO) (2005). URL http://www.w3.org/TR/wsdl20/
W3C: Web Services Policy 1.2 - Framework (WS-Policy) (2006). URL http://www.w3.org/Submission/WS-Policy/
W3C: Web Services Description Language (WSDL) Version 2.0 Part 1: Core Language (2007). URL http://www.w3.org/Submission/WSMO/
Waters, B.R., Balfanz, D., Durfee, G., Smetters, D.K.: Building an encrypted and searchable audit log. In: Proceedings of the 11th Annual Network and Distributed System Security Symposium (2004)
Xu, J., Fan, J., Ammar, M., Moon, S.B.: Prefix-preserving IP address anonymization: Measurement-based security evaluation and a new cryptography-based scheme. In: Proceedings of the 10th IEEE International Conference on Network Protocols (ICNP), pp. 280–289 (2002)
Yao, A.C.C.: Protocols for secure computations (extended abstract). In: Proceedings of the annual IEEE Symposium on Foundations of Computer Science, pp. 160–164. IEEE (1982)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer Science+Business Media, LLC
About this chapter
Cite this chapter
Flegel, U., Kerschbaum, F., Miseldine, P., Monakova, G., Wacker, R., Leymann, F. (2010). Legally Sustainable Solutions for Privacy Issues in Collaborative Fraud Detection. In: Probst, C., Hunker, J., Gollmann, D., Bishop, M. (eds) Insider Threats in Cyber Security. Advances in Information Security, vol 49. Springer, Boston, MA. https://doi.org/10.1007/978-1-4419-7133-3_7
Download citation
DOI: https://doi.org/10.1007/978-1-4419-7133-3_7
Published:
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4419-7132-6
Online ISBN: 978-1-4419-7133-3
eBook Packages: Computer ScienceComputer Science (R0)