PRISM - Privacy-aware Secure Monitoring

Home » Project of the week » PRISM - Privacy-aware Secure Monitoring
01/03/2008 to 31/05/2010


Passive network monitoring is required for the operation and maintenance of communication networks as well as to detect frauds and attacks. Typically, raw packet-level traffic traces are collected using suitable traffic probe devices and fed to monitoring applications (IDSs, antivirus, etc..) for analysis, with potential risks for the legitimate privacy rights of the customers. This projects aims to show that it is technically possible to devise a privacy-preserving network monitoring system where carefully designed data protection mechanisms can coexist with suitably adapted monitoring applications.

The proposed approach is based on a two-tier system. A first front-end tier of data protection mechanisms will be directly enforced at the traffic probe devices. The front-end cryptographic mechanisms will be controlled by a separate entity (privacy-preserving controller). The collected (and already protected) data will be delivered to a second back-end tier, which is implemented as a privacy-enforcing middleware and provides an additional level of data protection to enable privacy-preserving access and/or sharing of the acquired data to external parties. By interacting with the privacy-preserving controller, the back-end provides the capability of selectively removing data protection in specific cases (namely in the presence of attacks, abuses and in general when reaction is needed) and on the minimal amount of collected data necessary to enable such reactions.The system will exploit standard-based protocols for data exporting, in order to achieve interoperability. It will be designed from the beginning to comply with the privacy regulation set forth at EU and regional levels: the back-end will express privacy regulations into concrete rules in an ontology language. Ultimately, the goal of the project is to set a new de-facto standard for privacy-preserving traffic monitoring and deliver a tool that is guaranteed (and possibly certified) for legal compliance.

Thursday, 8 February, 2018

Future Events

The third Annual Fraud & Financial Crime Europe will focus on analysing the risks to determine the solutions in combating Fraud and Financial Crime.

01/09/2020 to 02/09/2020

Information security and privacy have already been established as some of the most crucial aspects of technology especially in a world that is migrating to digital applications by the day. This has inevitably led to the emergence of technologies that support the safety and dependability of the ever-increasing sensitive data handled by these applications. Additionally, besides these technologies which target security by their design, there are other technologies, such as machine learning, which could potentially be applied to security in innovative schemes. 

17/09/2020 to 18/09/2020