Cover image for Privacy-respecting intrusion detection
Privacy-respecting intrusion detection
Personal Author:
Advances in information security ; 35
Publication Information:
New York, NY : Springer-Verlag, 2007
Physical Description:
xvii, 307 p. : ill. ; 24 cm.


Item Barcode
Call Number
Material Type
Item Category 1
30000010184063 QA76.9.A25 F53 2007 Open Access Book Book

On Order



Effective response to misuse or abusive activity in IT systems requires the capability to detect and understand improper activity. Intrusion Detection Systems observe IT activity, record these observations in audit data, and analyze the collected audit data to detect misuse. Privacy-Respecting Intrusion Detection introduces the concept of technical purpose binding, which restricts the linkability of pseudonyms in audit data to the amount necessary for misuse detection. Also, it limits the recovery of personal data to pseudonyms involved in a detected misuse scenario. The book includes case studies demonstrating this theory, and solutions that are constructively validated by providing algorithms.

Table of Contents

Part I Introduction and Background
1 Introductionp. 3
2 Authorizationsp. 9
3 An Architectural Model for Secure Authorizationsp. 13
4 Traditional Security Objectivesp. 27
5 Personal Data Protection Objectivesp. 31
6 Technical Enforcement of Multilateral Securityp. 43
7 Pseudonyms - A Technical Point of Viewp. 47
8 An Architectural Model for Pseudonymous Authorizationsp. 55
9 Comparing Architecturesp. 65
10 Audit Data Pseudonymizationp. 77
Part II Set-based Approach
11 Requirements, Assumptions and Trust Modelp. 91
12 Modeling Conditions for Technical Purpose Bindingp. 97
13 Cryptographic Enforcement of Disclosure Conditionsp. 103
14 The Mismatch Problemp. 109
15 Operational Pseudonymization and Pseudonym Disclosurep. 115
16 Extensionsp. 123
Part III Application to Unix Audit Data
17 Unix Audit Datap. 137
18 Syslogp. 141
19 Instantiating the Set-based Approach for Syslog Audit Datap. 147
20 Implementation: Pseudo/CoRep. 159
Part IV Evaluation
21 APES: Anonymity and Privacy in Electronic Servicesp. 171
22 Evaluating the Design Using Basic Building Blocksp. 177
23 Evaluating the Performance of the Implementationp. 187
Part V Refinement of Misuse Scenario Models
24 Motivating Model Refinementsp. 199
25 Models of Misuse Scenariosp. 203
26 Pseudonymization Based on Serial Signature-Netsp. 229
27 Pseudonym Linkabilityp. 233
28 Pseudonym Disclosurep. 247
Summaryp. 283
A Threshold Schemes for Cryptographic Secret Sharingp. 285
Referencesp. 287
Indexp. 303