Invasion of privacy and misuse of personal data are among the most obvious negative effects of today's information and communication technologies. Besides technical issues from a variety of fields, privacy legislation, depending on national activities and often lacking behind technical progress, plays an important role in designing, implementing, and using privacy-enhancing systems.Taking into account technical aspects from IT security, this book presents in detail a formal task-based privacy model which can be used to technically enforce legal privacy requirements. Furthermore, the author specifies how the privacy model policy has been implemented together with other security policies in accordance with the Generalized Framework for Access Control (GFAC).This book will appeal equally to R&D professionals and practitioners active in IT security and privacy, advanced students, and IT managers.
作者簡介
暫缺《IT安全與隱私:強化隱私保密機構(gòu)的設(shè)計與應(yīng)用IT-security and privacy》作者簡介
圖書目錄
1.Introduction 2.Privacy in the Global Information Society 2.1 Definition of Privacy and Data Protection 2.2 Historical Perspective on Data Protection Legislation 2.3 Privacy Principles of the German Census Decision 2.4 Basic Privacy Principles 2.5 The EU Directive on Data Protection 2.6 German Data Protection Legislation 2.6.1 The German Federal Data Protection Act (Bundesdatenschutzgesetz) 2.6.2 Data Protection Regulations for Information and Telecommunication Services 2.7 Threats to Privacy in the Global Networked Society 2.7.1 Privacy Threats at Application Level 2.7.2 Privacy Threats at Communication Level 2.7.3 Insecure Technologies 2.8 Problems of an International Harmonisation of Privacy Legislation 2.9 The Need for Privacy Enhancing Technologies 2.10 The Importance of Privacy Education 2.11 Conclusions 3.IT-Security 3.1 Definition 3.2 Security Models 3.2.1 Harrison-Ruzzo-Ullman Model 3.2.2 Bell LaPadula Model 3.2.3 Unix System V/MLS Security Policy 3.2.4 Biba Model 3.2.5 Lattice Model of Information Flow 3.2.6 Noninterference Security Model 3.2.7 Clark-Wilson Model 3.2.8 Chinese Wall Model 3.2.9 Role-Based Access Control Models 3.2.10 Task-Based Authorisation Models for Workflow 3.2.10.1 Workflow Authorisation Model (WAM) 3.2.10.2 Task-Based Authorisation Controls (TBAC) 3.2.11 Security Models for Object-Oriented Information Systems 3.2.11.1 The Authorisation Model by Fernandez et al 3.2.11.2 The Orion Authorisation Model 3.2.11.3 The DORIS Personal Model of Data 3.2.11.4 Further Relevant Research 3.2.12 Resource Allocation Model for Denial of Service Protection 3.2.13 Multiple Security Policies Modelling Approaches 3.2.13.1 The Generalised Framework for Access Control (GFAC) 3.2.13.2 The Multipolicy Paradigm and Multipolicy Systems 3.3 Basic Security Functions and Security Mechanisms 3.3.1 Identification and User Authentication 3.3.2 Access Control 3.3.3 Auditing 3.3.4 Intrusion Detection Systems 3.3.5 Object Reuse Protection 3.3.6 Trusted Path 3.3.7 Cryptography 3.3.7.1 Foundations 3.3.7.2 Symmetric Algorithms 3.3.7.3 Asymmetric Algorithms 3.3.7.4 Hash Functions 3.3.7.5 Certificates 3.4 Security Evaluation Criteria 3.4.1 The Rainbow Series (Orange Book et al.) 3.4.2 European Initiatives 3.4.2.1 Overview 3.4.2.2 The German Green Book 3.4.2.3 The Information Technology Security Evaluation Criteria (ITSEC) 3.4.3 North American Initiatives 3.4.3.1 CTCPEC 3.4.3.2 MSFR 3.4.3.3 Federal Criteria 3.4.4 International Harmonisation 3.4.4.1 ISO Initiatives (ISO/IEC-ECITS) 3.4.4.2 The Common Criteria 3.4.5 Shortcomings of IT Security Evaluation Criteria 3.5 Conflict between IT Security and Privacy 3.5.1 Privacy Implications of IT Security Mechanisms …… 4.Privacy-Enhancing Technologies 5.A Task-Based Privacy Model 6.Specification and Implementation of the Privacy Policy Following the Generalised Framework for Access Control-Approach 7.Concluding Remarks Appendix A:Formal Mathematical Privacy Model Appdndix B:Implementation of a Hospital Scenario as a Demonstration Example References