6533b7dcfe1ef96bd1271d80

RESEARCH PRODUCT

Privacy handling for critical information infrastructures

Nils Ulltveit-moeVladimir A. OleshchukSigurd M. AssevTerje GjøsæterGeir M. Køien

subject

Information privacyPrivacy by DesignComputer sciencebusiness.industryPrivacy softwareComputer securitycomputer.software_genreEncryptionInformation sensitivityEnterprise service busPrivacy-enhancing technologiesbusinessResilience (network)computer

description

This paper proposes an architecture and a methodology for privacy handling in Critical Information Infrastructures. Privacy is in this respect considered as both the risk of revealing person-sensitive information, for example from critical infrastructures in health institutions, but also to identify and avoid leakage of confidential information from the critical information infrastructures themselves. The architecture integrates privacy enhancing technologies into an enterprise service bus, which allows for policy-controlled authorisation, anonymisation and encryption of information in XML elements or attributes in messages on the service bus. The proposed methodology can be used to identify, quantify and reduce leakages of private or confidential information. It also suggests privacy enforcement mechanisms to increase the resilience against sensitive information leakages caused by cyber attacks.

yearjournalcountryeditionlanguage
2013-07-012013 11th IEEE International Conference on Industrial Informatics (INDIN)
https://doi.org/10.1109/indin.2013.6622967