Privacy handling for critical information infrastructures

Author

Ulltveit-Moe, Nils ; Gjosaeter, Terje ; Assev, Sigurd M. ; Koien, Geir M. ; Oleshchuk, Vladimir

Author_Institution

Fac. of Sci. & Eng., Univ. of Agder, Grimstad, Norway

fYear

2013

fDate

29-31 July 2013

Firstpage

688

Lastpage

694

Abstract

This paper proposes an architecture and a methodology for privacy handling in Critical Information Infrastructures. Privacy is in this respect considered as both the risk of revealing person-sensitive information, for example from critical infrastructures in health institutions, but also to identify and avoid leakage of confidential information from the critical information infrastructures themselves. The architecture integrates privacy enhancing technologies into an enterprise service bus, which allows for policy-controlled authorisation, anonymisation and encryption of information in XML elements or attributes in messages on the service bus. The proposed methodology can be used to identify, quantify and reduce leakages of private or confidential information. It also suggests privacy enforcement mechanisms to increase the resilience against sensitive information leakages caused by cyber attacks.

Keywords

XML; authorisation; cryptography; data privacy; XML attributes; XML elements; anonymisation; critical information infrastructures; cyber attacks; encryption; enterprise service bus; health institutions; information leakage reduction; person-sensitive information; policy-controlled authorisation; privacy enforcement mechanisms; privacy handling; Data privacy; Encryption; Entropy; Measurement; Privacy;

fLanguage

English

Publisher

ieee

Conference_Titel

Industrial Informatics (INDIN), 2013 11th IEEE International Conference on

Conference_Location

Bochum

Type

conf

DOI

10.1109/INDIN.2013.6622967

Filename

6622967