{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,28]],"date-time":"2025-03-28T06:57:33Z","timestamp":1743145053400,"version":"3.40.3"},"publisher-location":"Berlin, Heidelberg","reference-count":45,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783662562659"},{"type":"electronic","value":"9783662562666"}],"license":[{"start":{"date-parts":[[2017,1,1]],"date-time":"2017-01-01T00:00:00Z","timestamp":1483228800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2017]]},"DOI":"10.1007\/978-3-662-56266-6_1","type":"book-chapter","created":{"date-parts":[[2017,11,27]],"date-time":"2017-11-27T12:35:08Z","timestamp":1511786108000},"page":"1-30","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":4,"title":["Risk-Based Privacy-Aware Access Control for\u00a0Threat Detection Systems"],"prefix":"10.1007","author":[{"given":"Nadia","family":"Metoui","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Michele","family":"Bezzi","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Alessandro","family":"Armando","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2017,11,28]]},"reference":[{"key":"1_CR1","unstructured":"Ali, M., Bussard, L., Pinsdorf, U.: Obligation language for access control and privacy policies (2010)"},{"issue":"4","key":"1_CR2","doi-asserted-by":"crossref","first-page":"369","DOI":"10.3233\/JCS-2008-0328","volume":"16","author":"CA Ardagna","year":"2008","unstructured":"Ardagna, C.A., Cremonini, M., De Capitani di Vimercati, S., Samarati, P.: A privacy-aware access control system. J. Comput. Secur. 16(4), 369\u2013397 (2008)","journal-title":"J. Comput. Secur."},{"key":"1_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"660","DOI":"10.1007\/978-3-319-26148-5_45","volume-title":"On the Move to Meaningful Internet Systems: OTM 2015 Conferences","author":"A Armando","year":"2015","unstructured":"Armando, A., Bezzi, M., Cerbo, F., Metoui, N.: Balancing trust and risk in access control. In: Debruyne, C., Panetto, H., Meersman, R., Dillon, T., Weichhart, G., An, Y., Ardagna, C.A. (eds.) OTM 2015. LNCS, vol. 9415, pp. 660\u2013676. Springer, Cham (2015). https:\/\/doi.org\/10.1007\/978-3-319-26148-5_45"},{"key":"1_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"266","DOI":"10.1007\/978-3-319-17016-9_17","volume-title":"Data Privacy Management, Autonomous Spontaneous Security, and Security Assurance","author":"A Armando","year":"2015","unstructured":"Armando, A., Bezzi, M., Metoui, N., Sabetta, A.: Risk-aware information disclosure. In: Garcia-Alfaro, J., Herrera-Joancomart\u00ed, J., Lupu, E., Posegga, J., Aldini, A., Martinelli, F., Suri, N. (eds.) DPM\/QASA\/SETOP 2014. LNCS, vol. 8872, pp. 266\u2013276. Springer, Cham (2015). https:\/\/doi.org\/10.1007\/978-3-319-17016-9_17"},{"issue":"2","key":"1_CR5","doi-asserted-by":"crossref","first-page":"70","DOI":"10.4018\/IJSSE.2015040104","volume":"6","author":"A Armando","year":"2015","unstructured":"Armando, A., Bezzi, M., Metoui, N., Sabetta, A.: Risk-based privacy-aware information disclosure. Int. J. Secur. Softw. Eng. 6(2), 70\u201389 (2015)","journal-title":"Int. J. Secur. Softw. Eng."},{"key":"1_CR6","doi-asserted-by":"crossref","unstructured":"Baracaldo, N., Joshi, J.: Beyond accountability: using obligations to reduce risk exposure and deter insider attacks. In: Proceedings of the 18th ACM Symposium on Access Control Models and Technologies, SACMAT 2013, pp. 213\u2013224. ACM, New York (2013)","DOI":"10.1145\/2462410.2462411"},{"key":"1_CR7","doi-asserted-by":"crossref","unstructured":"Bettini, C., Jajodia, S., Wang, X.S., Wijesekera, D.: Provisions and obligations in policy management and security applications. In: Proceedings of the 28th International Conference on Very Large Data Bases, VLDB 2002, pp. 502\u2013513. VLDB Endowment (2002)","DOI":"10.1016\/B978-155860869-6\/50051-2"},{"issue":"3","key":"1_CR8","first-page":"199","volume":"3","author":"M Bezzi","year":"2010","unstructured":"Bezzi, M.: An information theoretic approach for privacy metrics. Trans. Data Priv. 3(3), 199\u2013215 (2010)","journal-title":"Trans. Data Priv."},{"key":"1_CR9","doi-asserted-by":"crossref","unstructured":"Brickell, J., Shmatikov, V.: The cost of privacy: destruction of data-mining utility in anonymized data publishing. In: Proceedings of the 14th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, KDD 2008, pp. 70\u201378. ACM, New York (2008)","DOI":"10.1145\/1401890.1401904"},{"key":"1_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"140","DOI":"10.1007\/978-3-642-29963-6_11","volume-title":"Security and Trust Management","author":"L Chen","year":"2012","unstructured":"Chen, L., Crampton, J.: Risk-aware role-based access control. In: Meadows, C., Fernandez-Gago, C. (eds.) STM 2011. LNCS, vol. 7170, pp. 140\u2013156. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-29963-6_11"},{"key":"1_CR11","doi-asserted-by":"crossref","unstructured":"Chen, L., Crampton, J., Kollingbaum, M.J., Norman, T.J.: Obligations in risk-aware access control. In: Cuppens-Boulahia, N., Fong, P., Garc\u00eda-Alfaro, J., Marsh, S., Stegh\u00f6fer, J. (eds.) PST, pp. 145\u2013152. IEEE (2012)","DOI":"10.1109\/PST.2012.6297931"},{"key":"1_CR12","doi-asserted-by":"crossref","unstructured":"Cheng, P.-C., Rohatgi, P., Keser, C., Karger, P.A., Wagner, G.M., Reninger, A.S.: Fuzzy multi-level security: an experiment on quantified risk-adaptive access control. In: IEEE Symposium on Security and Privacy, pp. 222\u2013230. IEEE Computer Society (2007)","DOI":"10.1109\/SP.2007.21"},{"key":"1_CR13","volume-title":"Algorithms and Theory of Computation Handbook","author":"V Ciriani","year":"2009","unstructured":"Ciriani, V., De Capitani di Vimercati, S., Foresti, S., Samarati, P.: Theory of privacy and anonymity. In: Atallah, M., Blanton, M. (eds.) Algorithms and Theory of Computation Handbook, 2nd edn. CRC Press, Boca Raton (2009)","edition":"2"},{"issue":"2","key":"1_CR14","first-page":"161","volume":"6","author":"C Clifton","year":"2013","unstructured":"Clifton, C., Tassa, T.: On syntactic anonymity and differential privacy. Trans. Data Priv. 6(2), 161\u2013183 (2013)","journal-title":"Trans. Data Priv."},{"key":"1_CR15","doi-asserted-by":"crossref","unstructured":"Di Cerbo, F., Doliere, F., Gomez, L., Trabelsi, S.: PPL v2.0: uniform data access and usage control on cloud and mobile. In: Proceedings of the 1st International Workshop on TEchnical and LEgal Aspects of Data PRIvacy and SEcurity. IEEE (2015)","DOI":"10.1109\/TELERISE.2015.9"},{"key":"1_CR16","unstructured":"Dickens, L., Russo, A., Cheng, P.-C., Lobo, J.: Towards learning risk estimation functions for access control. In: Snowbird Learning Workshop (2010)"},{"key":"1_CR17","unstructured":"eXtensible Access Control Markup Language (XACML) Version 3.0, January 2013. http:\/\/docs.oasis-open.org\/xacml\/3.0\/xacml-3.0-core-spec-os-en.pdf"},{"key":"1_CR18","doi-asserted-by":"crossref","DOI":"10.4324\/9781315766645","volume-title":"Privacy and Security in the Digital Age: Privacy in the Age of Super-Technologies","author":"M Friedewald","year":"2016","unstructured":"Friedewald, M., Pohoryles, R.J.: Privacy and Security in the Digital Age: Privacy in the Age of Super-Technologies. Routledge, London (2016)"},{"issue":"4","key":"1_CR19","first-page":"4:1","volume":"42","author":"BCM Fung","year":"2010","unstructured":"Fung, B.C.M., Wang, K., Chen, R., Yu, P.S.: Privacy-preserving data publishing: a survey of recent developments. ACM Comput. Surv. 42(4), 4:1\u20134:153 (2010)","journal-title":"ACM Comput. Surv."},{"key":"1_CR20","unstructured":"Ghinita, G., Karras, P., Kalnis, P., Mamoulis, N.: Fast data anonymization with low information loss. In: Proceedings of the 33rd International Conference on Very Large Data Bases, pp. 758\u2013769. VLDB Endowment (2007)"},{"issue":"2","key":"1_CR21","doi-asserted-by":"crossref","first-page":"618","DOI":"10.1016\/j.dss.2005.05.019","volume":"43","author":"A Josang","year":"2007","unstructured":"Josang, A., Ismail, R., Boyd, C.: A survey of trust and reputation systems for online service provision. Decis. Support Syst. 43(2), 618\u2013644 (2007). Emerging Issues in Collaborative Commerce","journal-title":"Decis. Support Syst."},{"key":"1_CR22","unstructured":"Kaempfer, M. (2015). http:\/\/scn.sap.com\/community\/security\/blog\/2015\/03\/04\/sap-enterprise-threat-detection-and-siem-is-this-not-the-same"},{"key":"1_CR23","doi-asserted-by":"crossref","first-page":"62","DOI":"10.1016\/j.jbi.2013.12.002","volume":"50","author":"F Kohlmayer","year":"2014","unstructured":"Kohlmayer, F., Prasser, F., Eckert, C., Kuhn, K.A.: A flexible approach to distributed data anonymization. J. Biomed. Inform. 50, 62\u201376 (2014). Special Issue on Informatics Methods in Medical Privacy","journal-title":"J. Biomed. Inform."},{"key":"1_CR24","unstructured":"Kounine, A., Bezzi, M.: Assessing disclosure risk in anonymized datasets. In: Proceedings of the FloCon Workshop, January 2009"},{"key":"1_CR25","doi-asserted-by":"crossref","unstructured":"Lakkaraju, K., Slagell, A.: Evaluating the utility of anonymized network traces for intrusion detection. In: Proceedings of the 4th International Conference on Security and Privacy in Communication Netowrks, SecureComm 2008, pp. 17:1\u201317:8. ACM, New York (2008)","DOI":"10.1145\/1460877.1460899"},{"issue":"6","key":"1_CR26","doi-asserted-by":"crossref","first-page":"837","DOI":"10.1016\/j.jpdc.2011.01.007","volume":"71","author":"X Li","year":"2011","unstructured":"Li, X., Zhou, F., Yang, X.: A multi-dimensional trust evaluation model for large-scale P2P computing. J. Parallel Distrib. Comput. 71(6), 837\u2013847 (2011)","journal-title":"J. Parallel Distrib. Comput."},{"key":"1_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"962","DOI":"10.1007\/978-3-319-48472-3_61","volume-title":"On the Move to Meaningful Internet Systems: OTM 2016 Conferences","author":"N Metoui","year":"2016","unstructured":"Metoui, N., Bezzi, M.: Differential privacy based access control. In: Debruyne, C., et al. (eds.) OTM 2016. LNCS, vol. 10033, pp. 962\u2013974. Springer, Cham (2016). https:\/\/doi.org\/10.1007\/978-3-319-48472-3_61"},{"key":"1_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"285","DOI":"10.1007\/978-3-319-48057-2_20","volume-title":"Future Data and Security Engineering","author":"N Metoui","year":"2016","unstructured":"Metoui, N., Bezzi, M., Armando, A.: Trust and risk-based access control for privacy preserving threat detection systems. In: Dang, T.K., Wagner, R., K\u00fcng, J., Thoai, N., Takizawa, M., Neuhold, E. (eds.) FDSE 2016. LNCS, vol. 10018, pp. 285\u2013304. Springer, Cham (2016). https:\/\/doi.org\/10.1007\/978-3-319-48057-2_20"},{"key":"1_CR29","doi-asserted-by":"crossref","unstructured":"Mivule, K., Anderson, B.: A study of usability-aware network trace anonymization. In: Science and Information Conference (SAI), pp. 1293\u20131304. IEEE (2015)","DOI":"10.1109\/SAI.2015.7237310"},{"key":"1_CR30","doi-asserted-by":"crossref","unstructured":"Mont, M.C., Beato, F.: On parametric obligation policies: enabling privacy-aware information lifecycle management in enterprises. In: Eighth IEEE International Workshop on Policies for Distributed Systems and Networks, POLICY 2007, pp. 51\u201355. IEEE (2007)","DOI":"10.1109\/POLICY.2007.30"},{"key":"1_CR31","doi-asserted-by":"publisher","first-page":"357","DOI":"10.1007\/978-94-017-7376-8_13","volume-title":"Data Protection on the Move","author":"A Narayanan","year":"2016","unstructured":"Narayanan, A., Huey, J., Felten, E.W.: A precautionary approach to big data privacy. In: Gutwirth, S., Leenes, R., De Hert, P. (eds.) Data Protection on the Move, pp. 357\u2013385. Springer, Dordrecht (2016). https:\/\/doi.org\/10.1007\/978-94-017-7376-8_13"},{"key":"1_CR32","unstructured":"Council of Europe: Handbook on European data protection law. Technical report (2014)"},{"key":"1_CR33","unstructured":"Committee on Strategies for Responsible Sharing of Clinical Trial Data: Sharing Clinical Trial Data: Maximizing Benefits, Minimizing Risk. National Academies Press, Washington, DC (2015)"},{"key":"1_CR34","doi-asserted-by":"crossref","unstructured":"Oprea, A., Li, Z., Yen, T.-F., Chin, S.H., Alrwais, S.: Detection of early-stage enterprise infection by mining large-scale log data. In: 2015 45th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 45\u201356. IEEE (2015)","DOI":"10.1109\/DSN.2015.14"},{"issue":"9","key":"1_CR35","doi-asserted-by":"crossref","first-page":"39","DOI":"10.1145\/1151030.1151053","volume":"49","author":"A Pretschner","year":"2006","unstructured":"Pretschner, A., Hilty, M., Basin, D.: Distributed usage control. Commun. ACM 49(9), 39\u201344 (2006)","journal-title":"Commun. ACM"},{"issue":"6","key":"1_CR36","doi-asserted-by":"crossref","first-page":"1010","DOI":"10.1109\/69.971193","volume":"13","author":"P Samarati","year":"2001","unstructured":"Samarati, P.: Protecting respondents\u2019 identities in microdata release. IEEE Trans. Knowl. Data Eng. 13(6), 1010\u20131027 (2001)","journal-title":"IEEE Trans. Knowl. Data Eng."},{"key":"1_CR37","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"17","DOI":"10.1007\/978-3-540-45215-7_2","volume-title":"Computer Network Security","author":"R Sandhu","year":"2003","unstructured":"Sandhu, R., Park, J.: Usage control: a vision for next generation access control. In: Gorodetsky, V., Popyack, L., Skormin, V. (eds.) MMM-ACNS 2003. LNCS, vol. 2776, pp. 17\u201331. Springer, Heidelberg (2003). https:\/\/doi.org\/10.1007\/978-3-540-45215-7_2"},{"key":"1_CR38","doi-asserted-by":"crossref","unstructured":"Scholl, M.A., Stine, K.M., Hash, J., Bowen, P., Johnson, L.A., Smith, C.D., Steinberg, D.I.: SP 800\u201366 REV. 1. An introductory resource guide for implementing the health insurance portability and accountability act (HIPAA) security rule. Technical report (2008)","DOI":"10.6028\/NIST.SP.800-66r1"},{"issue":"4","key":"1_CR39","doi-asserted-by":"crossref","first-page":"447","DOI":"10.1016\/j.cose.2012.02.006","volume":"31","author":"RA Shaikh","year":"2012","unstructured":"Shaikh, R.A., Adi, K., Logrippo, L.: Dynamic risk-based decision methods for access control systems. Comput. Secur. 31(4), 447\u2013464 (2012)","journal-title":"Comput. Secur."},{"key":"1_CR40","unstructured":"Templ, M., Meindl, B., Kowarik, A.: Introduction to statistical disclosure control (SDC). Project: Relative to the testing of SDC algorithms and provision of practical SDC, data analysis OG (2013)"},{"key":"1_CR41","unstructured":"Ulltveit-Moe, N., Oleshchuk, V.A.: Measuring privacy leakage for IDS rules. CoRR, abs\/1308.5421 (2013)"},{"issue":"3","key":"1_CR42","doi-asserted-by":"crossref","first-page":"317","DOI":"10.1007\/s11277-010-0069-6","volume":"57","author":"N Ulltveit-Moe","year":"2011","unstructured":"Ulltveit-Moe, N., Oleshchuk, V.A., K\u00f8ien, G.M.: Location-aware mobile intrusion detection with enhanced privacy in a 5G context. Wirel. Pers. Commun. 57(3), 317\u2013338 (2011)","journal-title":"Wirel. Pers. Commun."},{"key":"1_CR43","doi-asserted-by":"publisher","DOI":"10.1007\/978-0-387-29489-6","volume-title":"Privacy Preserving Data Mining","author":"J Vaidya","year":"2006","unstructured":"Vaidya, J., Clifton, C.W., Zhu, Y.M.: Privacy Preserving Data Mining, vol. 19. Springer, Boston (2006). https:\/\/doi.org\/10.1007\/978-0-387-29489-6"},{"key":"1_CR44","unstructured":"XACML Obligation Profile for Healthcare Version 1.0, February 2013. http:\/\/docs.oasis-open.org\/xacml\/xspa-obl\/v1.0\/csd01\/xspa-obl-v1.0-csd01.html"},{"issue":"1","key":"1_CR45","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1186\/s40537-015-0013-4","volume":"2","author":"R Zuech","year":"2015","unstructured":"Zuech, R., Khoshgoftaar, T.M., Wald, R.: Intrusion detection and big heterogeneous data: a survey. J. Big Data 2(1), 1\u201341 (2015)","journal-title":"J. Big Data"}],"container-title":["Lecture Notes in Computer Science","Transactions on Large-Scale Data- and Knowledge-Centered Systems XXXVI"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-662-56266-6_1","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,10,6]],"date-time":"2019-10-06T18:55:16Z","timestamp":1570388116000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-662-56266-6_1"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017]]},"ISBN":["9783662562659","9783662562666"],"references-count":45,"URL":"https:\/\/doi.org\/10.1007\/978-3-662-56266-6_1","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2017]]}}}