More Web Proxy on the site http://driver.im/

Article

A privacy-preserving interdomain audit framework

Authors:

Nikita BorisovAuthors Info & Claims

WPES '06: Proceedings of the 5th ACM workshop on Privacy in electronic society

Pages 99 - 108

https://doi.org/10.1145/1179601.1179620

Published: 30 October 2006 Publication History

Abstract

Recent trends in Internet computing have led to the popularization of many forms of virtual organizations. Examples include supply chain management, grid computing, and collaborative research environments like PlanetLab. Unfortunately, when it comes to the security analysis of these systems, the whole is certainly greater than the sum of its parts. That is, local intrusion detection and audit practices are insufficient for detecting distributed attacks such as coordinated network reconnaissance, stepping-stone attacks, and violations of application-level trust constraints between security domains. A distributed process that coordinates information from each member could detect these types of violations, but privacy concerns between member organizations or safety concerns about centralizing sensitive information often restrict this level of information flow. In this paper, we propose a privacy-preserving framework for distributed audit that allows member organizations to detect distributed attacks without requiring the release of excessive private information. We discuss both the architecture and mechanisms used in our approach and comment on the performance of a prototype implementation.

References

[1]

G. Aggarwal, N. Mishra, and B. Pinkas. Secure computation of the k-th ranked element. In Eurocrypt, May 2004.

[2]

R. Agrawal, A. Evfimievski, and R. Srikant. Information sharing across private databases. In Proceedings of the 2003 ACM SIGMOD International Conference on Management of Data, pages 86--97, 2003.

Digital Library

[3]

M. Atallah, M. Bykova, J. Li, K. Frikken, and M. Topkara. Private collaborative forecasting and benchmarking. In ACM Workshop on Privacy in the Electronic Society (WPES'04), Oct. 2004.

Digital Library

[4]

J. Bethencourt, J. Franklin, and M. Vernon. Mapping internet sensors with probe response attacks. In Proceedings of the USENIX Security Symposium, August 2005.

Digital Library

[5]

B. H. Bloom. Space/time trade-offs in hash coding with allowable errors. Communications of the ACM, 13(7):422--426, Jul. 1970.

Digital Library

[6]

E. Bresson, O. Chevassut, D. Pointcheval, and J.-J. Quisquater. Provably authenticated group Diffie-Hellman key exchange. In Proceedings of the 8th ACM conference on Computer and Communications Security (CCS'01), pages 255--264, 2001.

Digital Library

[7]

California Senate Bill SB 1386, Sept. 2002. http://info.sen.ca.gov/pub/01-02/bill/sen/sb 1351-1400/ sb 1386 bill 20020926 chaptered.html.

[8]

H. Debar, D. Curry, and B. Feinstein. Intrusion detection message exchange format. IETF Internet-Draft, Jan. 2005. hhttp://www3.ietf.org/proceedings/05mar/ IDs/draft-ietf-idwg-idmef-xml-14.txti.

[9]

DeepSight analyzer. Web site, 2006. hhttp://analyzer.symantec.com/i.

[10]

Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, Oct. 1995. Available at http: //ec.europa.eu/justice home/fsj/privacy/law/index en.htm.

[11]

DShield-distributed intrustion detection system. Web Page, 2006. hhttp://www.dshield.orgi.

[12]

F. Emekci, D. Agrawal, and A. E. Abbadi. ABACUS: A distributed middleware for privacy preserving data sharing across private data warehouses. In Proceedings of Middleware 2005, volume 3790 of Lecture Notes in Computer Science, pages 21--41. Springer-Verlag, 2005.

Digital Library

[13]

J. Fan, J. Xu, M. Ammar, and S. Moon. Prefix-preserving IP address anonymization. Computer Networks, 46(2):253--272, Oct. 2004.

Digital Library

[14]

T. Garfinkel, B. Pfaff, J. Chow, M. Rosenblum, and D. Boneh. Terra: a virtual machine-based platform for trusted computing. In Symposium on Operating Systems Principles, 2003.

Digital Library

[15]

O. Goldreich. Secure multi-party computation. Working draft, Version 1.4, Oct. 2002. hhttp://www.wisdom.weizmann.ac.il/~odedg/pp.htmli.

[16]

H. Kargupta, S. Datta, Q. Wang, and K. Sivakumar. Random data perturbation techniques and privacy preserving data mining. Knowledge and Information Systems Journal, 7(4):387--414, 2005.

Digital Library

[17]

S. Katti, B. Krishnamurthy, and D. Katabi. Collaborating against common enemies. In Internet Measurement Conference, 2005.

Digital Library

[18]

T. Kohno, A. Broido, and K. Claffy. Remote physical device fingerprinting. IEEE Transactions on Dependable and Secure Computing, 2(2), Apr.-Jun. 2005.

Digital Library

[19]

H. Krawczyk, M. Bellare, and R. Canetti. HMAC: Keyed-hashing for message authentication. IETF RFC 2104, Feb. 1997. hhttp://www.ietf.org/rfc/rfc2104.txti.

Digital Library

[20]

P. Lincoln, P. Porras, and V. Shmatikov. Privacy-preserving sharing and correlation of security alerts. In Proceedings of the 13th USENIX Security Symposium, Aug. 2004.

Digital Library

[21]

McAfee IntruShield Security Manager. Web site, May 2006. hhttp: //www.mcafee.com/us/enterprise/products/network intrusion prevention/intrushield security management system.htmli.

[22]

A. Mounji, B. L. Charlier, D. Zampunieris, and N. Habra. Distributed audit trail analysis. In Proceedings of the Internet Society Symposium on Network and Distributed System Security, Feb. 1995.

Digital Library

[23]

P. Paillier. Public-key cryptosystems based on composite degree residuosity classes. In J. Stern, editor, Advances in Cryptology-EUROCRYPT '99, volume 1592 of Lecture Notes in Computer Science, pages 223--238. Springer-Verlag, 1999.

Digital Library

[24]

R. Pang, M. Allman, V. Paxson, and J. Lee. The devil and packet trace anonymization. Computer Communication Review, Jan. 2006.

Digital Library

[25]

R. Pang and V. Paxson. A high-level programming environment for packet trace anonymization and transformation. In Proceedings of the 2003 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications (SIGCOMM'03), 2003.

Digital Library

[26]

V. Paxson. Bro: a system for detecting network intruders in real-time. Computer Networks, 31(23-24):2435--2463, 1999.

Digital Library

[27]

Planetlab. Web site, May 2006. hhttp://www.planet-lab.org/php/pr/i.

[28]

P. Roberts. Update: Hackers breach supercomputer centers. COMPUTERWORLD Security, Apr. 2004. hhttp: //www.teragrid.org/news/apps/0404/computerworld2.htmli.

[29]

M. Roesch. Snort, intrusion detection system. Web site, May 2006. hhttp://www.snort.orgi.

[30]

A. Slagell, K. Lakkaraju, and K. Luo. FLAIM: A multi-level anonymization framework for computer and network logs. In 20th USENIX Large Installation System Administration Conference, Dec. 2006.

Digital Library

[31]

S. R. Snapp, J. Brentano, G. V. Dias, T. L. Goan, L. T. Heberlein, C.-L. Ho, K. N. Levitt, B. Mukherjee, S. E. Smaha, T. Grance, D. M. Teal, and D. Mansur. DIDS (distributed intrusion detection system) -- motivation, architecture, and an early prototype. In Proc. 14th NIST-NCSC National Computer Security Conference, 1991.

[32]

M. Steiner, G. Tsudik, and M. Waidner. Diffie-Hellman key distribution extended to group communication. In Proceedings of the 3rd ACM Conference on Computer and Communications Security (CCS'96), pages 31--37, 1996.

Digital Library

[33]

Tcpdump public repository. Web site, May 2006. hhttp://www.tcpdump.orgi.

[34]

V. S. Verykios, E. Bertino, I. N. Fovino, L. P. Provenza, Y. Saygin, and Y. Theodoridis. State-of-the-art in privacy preserving data mining. SIGMOD Record, 33(1):50--57, 2004.

Digital Library

[35]

Y.-S. Wu, B. Foo, Y. Mei, and S. Bagchi. Collaborative intrusion detection system (CIDS): A framework for accurate and efficient IDS. In Proceedings of the 19th Annual Computer Security Applications Conference (ACSAC'03), Dec. 2003.

Digital Library

[36]

A. C. Yao. Protocols for secure computation. In Proceedings of the 23rd IEEE Symposium on the Foundations of Computer Science, 1982.

Digital Library

[37]

V. Yegneswaran, P. Barford, and S. Jha. Global intrusion detection in the DOMINO overlay system. In Proceedings of the The 11th Annual Network and Distributed System Security Symposium (NDSS'04), 2004.

[38]

T. Ylonen and C. Lonvick. The secure shell (SSH) transport layer protocol. IETF RFC 4253, Jan. 2006. hhttp://www.ietf.org/rfc/rfc4253.txti.

[39]

Y. Zhang and V. Paxson. Detecting stepping stones. In Proceedings of the 9th Annual USENIX Security Symposium, Aug. 2000.

Digital Library

Cited By

Amir-Mohammadian SZowj A(2021)Towards Concurrent Audit Logging in Microservices2021 IEEE 45th Annual Computers, Software, and Applications Conference (COMPSAC)10.1109/COMPSAC51774.2021.00191(1357-1362)Online publication date: Jul-2021
https://doi.org/10.1109/COMPSAC51774.2021.00191
Qusa HTarazi J(2021)Collaborative Fog Computing Architecture for Privacy-Preserving Data Aggregation2021 IEEE World AI IoT Congress (AIIoT)10.1109/AIIoT52608.2021.9454198(0086-0091)Online publication date: 10-May-2021
https://doi.org/10.1109/AIIoT52608.2021.9454198
Tsiatsikas ZGeneiatakis DKambourakis GKeromytis A(2015)An efficient and easily deployable method for dealing with DoS in SIP servicesComputer Communications10.1016/j.comcom.2014.11.00257(50-63)Online publication date: Feb-2015
https://doi.org/10.1016/j.comcom.2014.11.002
Show More Cited By

Index Terms

A privacy-preserving interdomain audit framework

Recommendations

Privacy preserving data obfuscation for inherently clustered data

Privacy is defined as the freedom from unauthorised intrusion. The availability of public records along with intelligent search engines and data mining tools allow easy access to useful information. They also serve as a haven for individuals with ...
Multi-level privacy preserving data publishing

Policedata is an important source of social media data and can be regarded as a technical assistance to increase government accountability and transparency. Notably, it contains large amounts of personal private information that should be preserved ...
Privacy-Preserving Data Publishing: An Overview

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

WPES '06: Proceedings of the 5th ACM workshop on Privacy in electronic society

October 2006

128 pages

ISBN:1595935568

DOI:10.1145/1179601

General Chair:
Ari Juels
RSA Laboratories
,
Program Chair:
Marianne Winslett
UIUC

Copyright © 2006 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 30 October 2006

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

CCS06

Sponsor:

CCS06: 13th ACM Conference on Computer and Communications Security 2006

October 30, 2006

Virginia, Alexandria, USA

Acceptance Rates

Overall Acceptance Rate 106 of 355 submissions, 30%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

13
Total Citations
View Citations
867
Total Downloads

Downloads (Last 12 months)11
Downloads (Last 6 weeks)0

Reflects downloads up to 16 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Amir-Mohammadian SZowj A(2021)Towards Concurrent Audit Logging in Microservices2021 IEEE 45th Annual Computers, Software, and Applications Conference (COMPSAC)10.1109/COMPSAC51774.2021.00191(1357-1362)Online publication date: Jul-2021
https://doi.org/10.1109/COMPSAC51774.2021.00191
Qusa HTarazi J(2021)Collaborative Fog Computing Architecture for Privacy-Preserving Data Aggregation2021 IEEE World AI IoT Congress (AIIoT)10.1109/AIIoT52608.2021.9454198(0086-0091)Online publication date: 10-May-2021
https://doi.org/10.1109/AIIoT52608.2021.9454198
Tsiatsikas ZGeneiatakis DKambourakis GKeromytis A(2015)An efficient and easily deployable method for dealing with DoS in SIP servicesComputer Communications10.1016/j.comcom.2014.11.00257(50-63)Online publication date: Feb-2015
https://doi.org/10.1016/j.comcom.2014.11.002
Montanari MHuh JBobba RCampbell R(2013)Limiting Data Exposure in Monitoring Multi-domain Policy ConformanceTrust and Trustworthy Computing10.1007/978-3-642-38908-5_5(65-82)Online publication date: 2013
https://doi.org/10.1007/978-3-642-38908-5_5
Qusa HBaldoni RBeraldi R(2012)A Privacy Preserving Scalable Architecture for Collaborative Event CorrelationProceedings of the 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications10.1109/TrustCom.2012.48(837-843)Online publication date: 25-Jun-2012
https://dl.acm.org/doi/10.1109/TrustCom.2012.48
Santana de Oliveira AKerschbaum FLim HYu S(2012)Privacy-Preserving Techniques and System for Streaming DatabasesProceedings of the 2012 ASE/IEEE International Conference on Social Computing and 2012 ASE/IEEE International Conference on Privacy, Security, Risk and Trust10.1109/SocialCom-PASSAT.2012.85(728-733)Online publication date: 3-Sep-2012
https://dl.acm.org/doi/10.1109/SocialCom-PASSAT.2012.85
Kerschbaum FOertel N(2010)Privacy-preserving pattern matching for anomaly detection in RFID anti-counterfeitingProceedings of the 6th international conference on Radio frequency identification: security and privacy issues10.5555/1926325.1926343(124-137)Online publication date: 8-Jun-2010
https://dl.acm.org/doi/10.5555/1926325.1926343
Kerschbaum F(2010)Data Protection in Collaborative Business ApplicationsCollaborative Computer Security and Trust Management10.4018/978-1-60566-414-9.ch005(81-110)Online publication date: 2010
https://doi.org/10.4018/978-1-60566-414-9.ch005
Flegel UHoffmann JMeier MShin SOssowski SSchumacher MPalakal MHung C(2010)Cooperation enablement for centralistic early warning systemsProceedings of the 2010 ACM Symposium on Applied Computing10.1145/1774088.1774509(2001-2008)Online publication date: 22-Mar-2010
https://dl.acm.org/doi/10.1145/1774088.1774509
Kerschbaum FOertel N(2010)Privacy-Preserving Pattern Matching for Anomaly Detection in RFID Anti-CounterfeitingRadio Frequency Identification: Security and Privacy Issues10.1007/978-3-642-16822-2_12(124-137)Online publication date: 2010
https://doi.org/10.1007/978-3-642-16822-2_12
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents