Skip to main content
SpringerLink
Log in

Re-Identification Risk Based Security Controls

  • Conference paper
On the Move to Meaningful Internet Systems: OTM 2014 Workshops (OTM 2014)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 8842))

  • 1929 Accesses

Abstract

Companies are taking more and more advantage of cloud architectures for their IT systems. By combining private and public cloud resources, it is possible to facilitate data submissions by customers and processing with third parties, among other advantages. But this represents also a potential threat to personal data’s privacy and confidentiality. Even if legal obligations regulate the usage of personal data, for example requiring to disclose them in anonymised form, users do not have any visibility or control on data disclosure operations, nor on anonmymisation policies used by companies. To this extent, we propose a solution to establish and enforce data-centric security policies, in order to enable secure and compliant data processing operations. Our proposal is particularly fit for cloud architectures as it supports multiple actors with different roles, responsibilities and obligations. We also present a use case to demonstrate the peculiarities of our proposition.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. European Parliament. Directive 95/46/EC of the european parliament and of the council of 24 october 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. Technical Report EUR-Lex - 31995L0046, European Parliament (November 1995)

    Google Scholar 

  2. Godik, S., Anderson, A., Parducci, B., Humenn, P., Vajjhala, S.: OASIS eXtensible access control 2 markup language (XACML) 3. Technical report, OASIS (2002)

    Google Scholar 

  3. Jansen, W., Grance, T.: Guidelines on security and privacy in public cloud computing. Technical Report NIST SP 800-144, National Institute of Standards and Technology (December 2011)

    Google Scholar 

  4. Kamateri, E., Kalampokis, E., Tambouris, E., Tarabanis, K.: The linked medical data access control framework. Journal of Biomedical Informatics 50, 213–225 (2014)

    Article  Google Scholar 

  5. Kerschbaum, F.: Searching over encrypted data in cloud systems. In: Conti, M., Vaidya, J., Schaad, A. (eds.) SACMAT, pp. 87–88. ACM (2013)

    Google Scholar 

  6. Malin, B., Karp, D., Scheuermann, R.H.: Technical and policy approaches to balancing patient privacy and data sharing in clinical and translational research. Journal of Investigative Medicine: The Official Publication of the American Federation for Clinical Research 58(1), 11–18 (2010), 00046 PMID: 20051768

    Google Scholar 

  7. Mell, P., Grance, T.: The NIST definition of cloud computing. Technical Report NIST SP 800-145, National Institute of Standards and Technology (September 2011)

    Google Scholar 

  8. Murphy, S.N., Chueh, H.C.: A security architecture for query tools used to access large biomedical databases. In: Proceedings of the AMIA Symposium, pp. 552–556 (2002), 00059 PMID: 12463885

    Google Scholar 

  9. Murphy, S.N., Weber, G., Mendis, M., Gainer, V., Chueh, H.C., Churchill, S., Kohane, I.: Serving the enterprise and beyond with informatics for integrating biology and the bedside (i2b2). Journal of the American Medical Informatics Association 17(2), 124–130 (2010)

    Article  Google Scholar 

  10. Park, J., Sandhu, R.: The UCON ABC usage control model. ACM Transactions on Information and System Security (TISSEC) 7(1), 128–174 (2004), 00158

    Google Scholar 

  11. Pretschner, A., Hilty, M., Basin, D.: Distributed usage control. Communications of the ACM 49(9), 39–44 (2006), 00784

    Google Scholar 

  12. Samarati, P., Sweeney, L.: Protecting privacy when disclosing information: k-anonymity and its enforcement through generalization and suppression. Technical report, Technical report, SRI International, 00705 (1998)

    Google Scholar 

  13. SAP. the FI-WARE Data Handling Generic Enabler, http://wiki.fi-ware.org/FIWARE.OpenSpecification.Security.Data_Handling_Generic_Enabler (accessed on June 25, 2014)

  14. SAP. the FI-WARE Database Anonymizer Generic Enabler, http://wiki.fi-ware.org/FIWARE.OpenSpecification.Security.Optional_Security_Enablers.DBAnonymizer (accessed on June 25, 2104)

  15. Trabelsi, S., Njeh, A., Bussard, L., Neven, G.: The ppl engine: A symmetric architecture for privacy policy handling. In: W3C Workshop on Privacy and data usage control, vol. 4 (2010)

    Google Scholar 

  16. Trabelsi, S., Salzgeber, V., Bezzi, M., Montagnon, G.: Data disclosure risk evaluation. In: Kalam, A.A.E., Deswarte, Y., Mostafa, M. (eds.) CRiSIS, pp. 35–72. IEEE (2009)

    Google Scholar 

  17. Trabelsi, S., Sendor, J.: Sticky policies for data control in the cloud. In: 2012 Tenth Annual International Conference on Privacy, Security and Trust (PST), pp. 75–80. IEEE (2012)

    Google Scholar 

  18. Trabelsi, S., Sendor, J., Reinicke, S.: Ppl: Primelife privacy policy engine. In: 2011 IEEE International Symposium on Policies for Distributed Systems and Networks (POLICY), pp. 184–185. IEEE (2011)

    Google Scholar 

  19. U.S. Department of Health and Human Services. Standards for privacy of individually identifiable health information, final rule. Technical Report 67(157), 53182–53273, Federal Register (2002)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. SAP Labs France, Product Security Research, 805, Av. du Docteur Maurice Donat, 06250, Mougins, France

    Francesco Di Cerbo & Slim Trabelsi

Authors
  1. Francesco Di Cerbo
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Slim Trabelsi
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. TU Graz, Rechbauerstraße 12, 8010, Graz, Austria

    Robert Meersman

  2. CRAN, University of Lorraine, Campus Sciences, BP 70239, 54506, Vandoevre-les-Nancy, France

    Hervé Panetto

  3. Department of Software Engineering, Atilim Univeristy, Kızılcaşar Mh Mh, 06830, Ankara, Turkey

    Alok Mishra

  4. Facultad de Informática, Universidad de Murcia, Campus de Espinardo, 30100, Murcia, Spain

    Rafael Valencia-García

  5. Dep. of Informatics Engineering, University of Porto, Rua Dr. Roberto Frias, 4200-465, Porto, Portugal

    António Lucas Soares

  6. SIGMA / LIG, Joseph Fourier University, 220 Rue de la Chimie, BP 53, 38041, Grenoble Cedex 9, France

    Ioana Ciuciu

  7. Institute for Research on Population and Social, National Research Council, Policies, Via Palestro 32, 00185, Rome, Italy

    Fernando Ferri

  8. Dep. Business Informatics, Communications Engineering, Johannes Kepler University, Freistaedterstrasse 315, 4040, Linz, Austria

    Georg Weichhart

  9. STINA Business Solutions GmbH, Schottenfeldgasse 63/2, 1070, Wien, Austria

    Thomas Moser

  10. SAP Research, 805 avenue du Dr Donat, 06259, Sophia-Antipolis, Mougins, France

    Michele Bezzi

  11. Department of Computing, Hong Kong Polytechnic University, PQ806, Mong Man Wai Building, Hong Kong,, China

    Henry Chan

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Di Cerbo, F., Trabelsi, S. (2014). Re-Identification Risk Based Security Controls. In: Meersman, R., et al. On the Move to Meaningful Internet Systems: OTM 2014 Workshops. OTM 2014. Lecture Notes in Computer Science, vol 8842. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-45550-0_14

Download citation

  • DOI: https://doi.org/10.1007/978-3-662-45550-0_14

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-662-45549-4

  • Online ISBN: 978-3-662-45550-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation