Data Privacy Management and Autonomous Spontaneus Security
6th International Workshop, DPM 2011 and 4th International Workshop, SETOP 2011, Leuven, Belgium, September 15-16, 2011, Revised Selected Papers
Published on 12. March 2012
XV, 319 pages
978-3-642-28879-1 (ISBN)
Description
This book constitutes the thoroughly refereed joint post proceedings of two international workshops, the 6th International Workshop on Data Privacy Management, DPM 2011, and the 4th International Workshop on Autonomous and Spontaneous Security, SETOP 2011, held in Leuven, Belgium, in September 2011.
The volume contains 9 full papers and 1 short paper from the DPM workshop and 9 full papers and 2 short papers from the SETOP workshop, as well as the keynote paper.
The contributions from DPM cover topics from location privacy, privacy-based metering and billing, record linkage, policy-based privacy, application of data privacy in recommendation systems, privacy considerations in user profiles, in RFID, in network monitoring, in transactions protocols, in usage control, and in customer data. The topics of the SETOP contributions are access control, policy derivation, requirements engineering, verification of service-oriented-architectures, query and data privacy, policy delegation and service orchestration.
More details
Other editions
Additional editions
Joaquin Garcia-Alfaro | Guillermo Navarro-Arribas | Nora Cuppens-Boulahia
Data Privacy Management and Autonomous Spontaneus Security
6th International Workshop, DPM 2011 and 4th International Workshop, SETOP 2011, Leuven, Belgium, September 15-16, 2011, Revised Selected Papers
Book
03/2012
1st Edition
Springer
€53.49
Shipment within 7-9 days
Persons
Content
- Title
- Table of Contents
- Keynote Address
- Privacy Challenges in RFID
- Threat Classification
- Background
- Security Threats
- Privacy: Information Leakage
- Information Revealed by the Tag
- Information Revealed by the Back-End System
- Privacy: Malicious Traceability
- Models and Protocols
- A Problem without Solution
- Research Challenges
- Need of Privacy
- Security as a Whole
- Toward a Privacy Certification
- References
- Data Privacy Management
- Fake Injection Strategies for Private Phonetic Matching
- Introduction
- Related Work
- The PPRL Problem Formulation
- The PPRL Problem Restatement with Privacy Guarantees
- PPRL Building Blocks
- The Soundex Forge
- A Matching Protocol for PPRL
- The Relative Information Gain as a Measure of Privacy
- An Example Illustrating the RIG Metric
- A Faking Phonetic Encoding Methodology
- Uniform Ciphertext/Uniform Plaintext
- Uniform Ciphertexts by Swapping Plaintexts
- k-Anonymous Ciphertexts
- Empirical Evaluation
- Soundex Inherent Information Gain
- Higher Privacy by Fake Injection
- Impact of Fake Injection on Data Quality
- Conclusions and Future Work
- References
- A Design Phase for Data Sharing Agreements
- Introduction
- Example Scenario
- DSA Authoring
- Authoring Language
- Examples
- Authoring Tool
- DSA Analysis
- The Analysis Tool
- Analysis Example
- Discussion
- Related Work
- Conclusions and Future Work
- References
- A Privacy-Protecting Architecture for Collaborative Filtering via Forgery and Suppression of Ratings
- Introduction
- Contribution and Plan of This Paper
- State of the Art
- An Architecture for Privacy Protection in CF-Based Recommendation Systems
- User Profile
- Adversarial Model
- Privacy Metric
- Architecture
- Formulation of the Trade-Off among Privacy, Forgery Rate and Suppression Rate
- Numerical Example
- Concluding Remarks
- References
- On the Complexity of Aggregating Information for Authentication and Profiling
- Introduction
- Motivation
- Related Work
- Privacy and Profile Aggregation Model Overview
- Theory
- Experimental Results
- Discussion and Conclusions
- References
- Secure and Privacy-Aware Searching in Peer-to-Peer Networks
- Introduction
- Related Work
- The Secure and Privacy-Aware Searching Algorithm
- The Network Environment
- The Proposed Search Algorithm
- Privacy-Preservation in Searching
- Performance Evaluation
- Conclusion
- References
- On the Security of Mutual Authentication Protocols for RFID Systems: The Case of Wei et al.'s Protocol
- Introduction
- Mutual Authentication Protocols in RFID Systems
- Standards for RFID Protocols
- Overview of the Current Work
- Preliminaries
- Wei et al.'s Protocol Description
- Tag Impersonation Attack
- Desynchronization Attack
- The First Desynchronization Attack
- The Second Desynchronization Attack
- Strengthening Wei et al.'s Protocol
- Conclusion
- References
- Inference-Proof View Update Transactions with Minimal Refusals
- Introduction
- Related Work
- Server and Protocol for Inference-Proof Interactions
- Components
- Uncontrolled Interaction
- Employing Inference-Proof Protocols
- Two Kinds of Confidentiality Preservation
- Enforcing CCP
- Protocols
- Inference-Proof Query Processing
- Inference-Proof View Update Transactions
- Availability Considerations
- Summary and Discussion
- References
- Representation-Independent Data Usage Control
- Introduction
- Background
- A Combined Model
- Instantiations
- Related Work
- Conclusions
- References
- Using Personal Portfolios to Manage Customer Data
- Introduction
- Portfolio Concepts and Architecture
- Problem Statement - Privacy Preserving Transactions
- Portfolio Definition and Architecture
- Requirements
- Privacy Preserving Protocols
- Portfolio Building Blocks
- Portfolio Protocols
- Discussion and Conclusions
- Future Work
- References
- Using Requirements Engineering in an Automatic Security Policy Derivation Process
- Introduction
- Security Requirements and Related Work
- Derivation of Formal Security Policy Process
- The OrBAC Model
- Formal Specification of Requirements
- KAOS Goal-Oriented Methodology
- KAOS Guided by an Analysis of Risk
- Security Requirements Extraction
- Security Policy Generation
- Case Studies
- The Echo Doppler Case Study
- The Embedded Secure System Case Study
- Conclusion
- References
- Autonomous and Spontaneous Security
- Web Services Verification and Prudent Implementation
- Introduction
- Web Services
- Business Processes
- Choreographies
- Contributions
- Formal Models
- Conversations
- Communication Scenarios
- The ASLan Language
- Compilation Procedure
- Execution Model
- Solution Principle
- Solving the Problem
- Experimental Results
- From ASLan to Servlets
- Multi-session Handling
- Testing Benchmark
- Conclusions
- Related Works
- Future Works
- References
- Evolving Security Requirements in Multi-layered Service-Oriented-Architectures
- Motivation and Outline
- Multi-layered Service-Oriented Architectures
- Layering in Service-Oriented Architectures
- SOA Security Concerns
- Attacker Model
- Security Requirements
- Towards an Aspect-Based SOA Model
- Implications of the Integrity Property on the SOA Stack
- A Solution to Achieve Integrity with Aspects
- Aspect Model Design Criteria
- Related Work
- Conclusion and Future Work
- References
- Risk-Based Auto-delegation for Probabilistic Availability
- Introduction
- Contributions
- Background
- Auto-delegation Mechanism
- Uncertain Availability
- Auto-delegation under Uncertainty
- Utility, Gain and Damage
- Mathematical Model
- Examples
- Auto-delegation for Healthcare
- Auto-delegation for Resource Management
- Extensions
- Auto-delegation for a Dynamic System
- Forcing Availability
- Related Work
- Conclusion
- References
- Intra-role Progression in RBAC: An RPG-Like Access Control Scheme
- Introduction
- Background: FRBAC
- User Progression: RPG-Like Access Control
- Levels and Role Membership
- Roles and Permissions
- Users and Permissions
- Polymorphic Permissions
- Example
- Implementation through FRBAC
- Comparison with RBAC
- Related Work
- Conclusions
- References
- Distributed Orchestration of Web Services under Security Constraints
- Introduction
- The AVANTSSAR Approach
- Web Service Model
- Web Service Orchestration
- Reduction of Orchestration to Protocol State Reachability
- Distributed Orchestration under Security Constraints
- Distributed Orchestration Example
- Formal Model
- Solving the Distributed Orchestration Problem
- Implementation
- Input and Output Language
- AVANTSSAR Platform
- Conclusion
- References
- On the Key Schedule Strength of PRESENT
- Introduction
- Previous works.
- Contribution.
- Organization.
- The Key Schedule of PRESENT
- PRESENT-80.
- PRESENT-128
- Methodology
- Simulated Annealing
- A General Simulated Annealing Algorithm
- Results
- The Search for Semi-equivalent Keys
- Global Annihilators
- Output Entropy Minimization
- Measuring the Strength of a Key Schedule
- Conclusions
- References
- A Traffic Regulation Method Based on MRA Signatures to Reduce Unwanted Traffic from Compromised End-User Machines
- Introduction
- Related Work
- Proposed Approach
- Principle
- Method
- Experimental Evaluation
- Dataset Analysis
- Signature Extraction
- Experimental Results
- Conclusions and Further Work
- References
- Short Papers
- Network Securing against Threatening Requests
- Introduction
- Testing and Concurrent Components System
- Robustness Testing Methods and Our Approach
- Labeled Transition System
- Our Approach
- Experiment with RADIUS Protocol
- Conclusion
- References
- A Workflow Checking Approach for Inherent Privacy Awareness in Network Monitoring
- Introduction
- Reference Architecture
- Workflow Verification Methodology
- Purpose Verification
- Skin Task Verification
- Decomposition
- Conclusions and Current Work
- References
- Controlling Data Dissemination
- Introduction
- Architecture
- Service
- Sandbox
- Policy Middleware
- Policy
- Middleware
- Related Work
- Conclusion and Future Work
- References
- A Framework of Deployment Strategy for Hierarchical WSN Security Management
- Introduction
- State of the Art
- Overview of the Security Framework
- Cost and Security Evaluation
- Conclusion
- References
- Author Index
