John Heidemann / Papers / Privacy Principles for Sharing Cyber Security Data

Privacy Principles for Sharing Cyber Security Data
Gina Fisk, Calvin Ardi, Neale Pickett, John Heidemann, Mike Fisk and Christos Papadopoulos
USC/Information Sciences Institute

Citation

Gina Fisk, Calvin Ardi, Neale Pickett, John Heidemann, Mike Fisk and Christos Papadopoulos. Privacy Principles for Sharing Cyber Security Data. Proceedings of the IEEE International Workshop on Privacy Engineering (San Jose, California, USA, May 2015), 193–197. [DOI] [PDF] [alt PDF]

Abstract

Sharing cyber security data across organizational boundaries brings both privacy risks in the exposure of personal information and data, and organizational risk in disclosing internal information. These risks occur as information leaks in network traffic or logs, and also in queries made across organizations. They are also complicated by the trade-offs in privacy preservation and utility present in anonymization to manage disclosure. In this paper, we define three principles that guide sharing security information across organizations: Least Disclosure, Qualitative Evaluation, and Forward Progress. We then discuss engineering approaches that apply these principles to a distributed security system. Application of these principles can reduce the risk of data exposure and help manage trust requirements for data sharing, helping to meet our goal of balancing privacy, organizational risk, and the ability to better respond to security with shared information.

Bibtex Citation

@inproceedings{Fisk15b,
  author = {Fisk, Gina and Ardi, Calvin and Pickett, Neale and Heidemann, John and Fisk, Mike and Papadopoulos, Christos},
  title = {Privacy Principles for Sharing Cyber Security Data},
  booktitle = {Proceedings of the  IEEE International Workshop on Privacy Engineering},
  year = {2015},
  sortdate = {2015-05-21},
  projects = {ant, retrofuture},
  jsubject = {network_observation},
  pages = {193--197},
  month = may,
  address = {San Jose, California, USA},
  publisher = {IEEE},
  keywords = {map/reduce, file map, lanl, retro-future},
  jlocation = {johnh: pafile},
  copyright = {IEEE},
  copyrightterms = {
  	Personal use of this material is permitted.  Permission from IEEE must
  	be obtained for all other uses, in any current or future media,
  	including reprinting/republishing this material for advertising or
  	promotional purposes, creating new collective works, for resale or
  	redistribution to servers or lists, or reuse of any copyrighted
  	component of this work in other works.
    },
  myorganization = {USC/Information Sciences Institute},
  url = {https://ant.isi.edu/%7ejohnh/PAPERS/Fisk15a.html},
  pdfurl = {https://ant.isi.edu/%7ejohnh/PAPERS/Fisk15a.pdf},
  doi = {http://dx.doi.org/10.1109/SPW.2015.23},
  blogurl = {https://ant.isi.edu/blog/?p=670}
}

Copyright

Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
Copyright © by John Heidemann