web-habil-eng

Privacy-Enhancing Design of Security Mechanisms

Dr. Simone Fischer-Hübner

Project description:

Privacy technologies are becoming more relevant, because individual privacy is at risk in the Global Information Society. ). Unfortunately, today's security models are mostly not appropriate to enforce basic privacy requirements, such as necessity of data processing or purpose binding. In this project, a formal task-based privacy-model, which can be used to technically enforce legal privacy requirements (such as necessity of data protection, purpose binding) is presented. Furthermore, this model has been specified and implemented in a Diploma project by Amon Ott according to the General Framework for Access Control (GFAC)- approach .

Furthermore, criteria, models and concepts for privacy-enhancing system design, especially the concept of pseudonymous audit, are analysed, developed and applied.

Publications:

Fischer-Hübner, S., "Ein Konzept eines formalen Datenschutz-Modells", in: Sicherheit in Informationssystemen, Tagungsband der SIS´94, Zürich, März 1994,Hrsg.: K.Bauknecht, S.Teufel, vdf-Verlag.

Fischer-Hübner, S., "Towards a Privacy-Friendly Design and Usage of IT-Security Mechanisms", Proceedings of the 17th National Computer Security Conference, Baltimore MD, Oktober 1994.

Fischer-Hübner, S., "Considering Privacy as a Security-Aspect: A Formal Privacy-Model", DASY-Papers No. 5/95, Institute of Computer and System Sciences, Copenhagen Business School, 1995.

Sobirey, M., Fischer-Hübner, S., "Privacy-Oriented Auditing", Procceedings of the CSR (Centre for Software Reliability) 13th Annual Worksshop on "Design for Protecting the User", Bürgenstock, Schweiz, September 11-13, 1996.

Sobirey, M., Fischer-Hübner, S., Rannenberg, K., "Pseudonymous Auditing for a Privacy-Enhanced Intrusion Detection", Proceedings of the IFIP TC-11 Sec'97-Conference, Kopenhagen, 14-16 Mai, Capman&Hall.

Fischer-Hübner, S., "A Formal Task-based Privacy Model and its Implementation: An updated Report": Proceedings of the Second Nordic Workshop on Secure Computer Systems NORDSEC´97, Eds.: Aarto Karila, Timo Aalto, Helsinki, 6.-7. November 1997.

Ott, A., "Regelbasierte Zugriffskontrolle nach dem "Generalized Framework for Access Control"-Ansatz am Beispiel von Linux, Diplomarbeit, 10.November 1997, Fachbereich Informatik, Universität Hamburg.