Title :
Privacy handling for critical information infrastructures
Author :
Ulltveit-Moe, Nils ; Gjosaeter, Terje ; Assev, Sigurd M. ; Koien, Geir M. ; Oleshchuk, Vladimir
Author_Institution :
Fac. of Sci. & Eng., Univ. of Agder, Grimstad, Norway
Abstract :
This paper proposes an architecture and a methodology for privacy handling in Critical Information Infrastructures. Privacy is in this respect considered as both the risk of revealing person-sensitive information, for example from critical infrastructures in health institutions, but also to identify and avoid leakage of confidential information from the critical information infrastructures themselves. The architecture integrates privacy enhancing technologies into an enterprise service bus, which allows for policy-controlled authorisation, anonymisation and encryption of information in XML elements or attributes in messages on the service bus. The proposed methodology can be used to identify, quantify and reduce leakages of private or confidential information. It also suggests privacy enforcement mechanisms to increase the resilience against sensitive information leakages caused by cyber attacks.
Keywords :
XML; authorisation; cryptography; data privacy; XML attributes; XML elements; anonymisation; critical information infrastructures; cyber attacks; encryption; enterprise service bus; health institutions; information leakage reduction; person-sensitive information; policy-controlled authorisation; privacy enforcement mechanisms; privacy handling; Data privacy; Encryption; Entropy; Measurement; Privacy;
Conference_Titel :
Industrial Informatics (INDIN), 2013 11th IEEE International Conference on
Conference_Location :
Bochum
DOI :
10.1109/INDIN.2013.6622967
