PRISM - Privacy-aware Secure Monitoring

01/03/2008 to 31/05/2010


Passive network monitoring is required for the operation and maintenance of communication networks as well as to detect frauds and attacks. Typically, raw packet-level traffic traces are collected using suitable traffic probe devices and fed to monitoring applications (IDSs, antivirus, etc..) for analysis, with potential risks for the legitimate privacy rights of the customers. This projects aims to show that it is technically possible to devise a privacy-preserving network monitoring system where carefully designed data protection mechanisms can coexist with suitably adapted monitoring applications.

The proposed approach is based on a two-tier system. A first front-end tier of data protection mechanisms will be directly enforced at the traffic probe devices. The front-end cryptographic mechanisms will be controlled by a separate entity (privacy-preserving controller). The collected (and already protected) data will be delivered to a second back-end tier, which is implemented as a privacy-enforcing middleware and provides an additional level of data protection to enable privacy-preserving access and/or sharing of the acquired data to external parties. By interacting with the privacy-preserving controller, the back-end provides the capability of selectively removing data protection in specific cases (namely in the presence of attacks, abuses and in general when reaction is needed) and on the minimal amount of collected data necessary to enable such reactions.The system will exploit standard-based protocols for data exporting, in order to achieve interoperability. It will be designed from the beginning to comply with the privacy regulation set forth at EU and regional levels: the back-end will express privacy regulations into concrete rules in an ontology language. Ultimately, the goal of the project is to set a new de-facto standard for privacy-preserving traffic monitoring and deliver a tool that is guaranteed (and possibly certified) for legal compliance.

Thursday, 8 February, 2018

Project type:


A Holistic framework: Business Process Re-engineering and functional toolkit for GDPR compliance

BPR4GDPR is one of the GDPR cluster projects that will provide a holistic framework able to support end-to-end GDPR-compliant intra- and interorganisational ICT-enabled processes at various scales, while also being generic enough, fulfilling operational requirements covering diverse application domains. Read this to find out more.

Future Events

IAM Online Europe live webinar - AARC Extensions to the REFEDS Assurance Framework

AARC is holding a live webinar on 27 June 2019 at 15:00 CEST, that will explain extensions to the REFEDS Assurance Framework and implementations that were devised in the AARC project.

Representation of the State of Hessen to the EU
04/07/2019 to 05/07/2019

Project CyberSec4Europe (Cyber Security for Europe) is holding it next event - "Representation of the State of Hessen to the EU" in Brussels, Belgium on 4-5 July 2019. 

Other three pilots are invited during CyberSec4Europe meetings.