Browse Books

Reviewer: Anthony Donald Vanker

The privacy of information generated either by or for an individual is an important issue. In the US, regulations, such as the payment card industry (PCI) Data Security Standard and the Health Insurance Portability and Accountability Act (HIPAA), are being implemented to ensure the safety of both financial and medical information. This book addresses another privacy issue of concern: how to protect the privacy of a lot of data generated by various computer operating systems, and at the same time provide appropriate information when investigating a possible misuse scenario in a computer or network environment. In this book, Flegel, from the University of Dortmund in Germany, describes a system that he and his coworkers have developed to address the privacy issues associated with audit data and intrusion detection systems (IDSs). IDSs analyze the actions performed by users and applications, looking for evidence of malicious activities. To accomplish this, IDSs collect and save data about users' behavior. This book comprises five parts: "Introduction and Background," "Set-based Approach," "Application to Unix Audit Data," "Evaluation," and "Refinement of Misuse Scenario Models." The purpose of the system described is twofold: first, it provides a way to pseudonymize audit data to provide the necessary privacy; then, it provides a way to recover the appropriate original data from the stored pseudonymized data. (Pseudonymization is a process that replaces the sensitive information with pseudonyms instead of deleting that information.) A set-based approach was used for initial modeling of the system. To create a proof-of-concept prototype, Flegel focused on Unix/Linux audit data, specifically that produced by the syslog process. The prototype was implemented in a modular form, as a software tool set called pseudonymization with conditional reidentification (Pseudo/CoRe). Cryptographic algorithms were used to pseudonymize and recover sensitive data from the audit trail. Pseudo/CoRe was evaluated on a central server at the University of Dortmund, and was able to handle the number of audit records generated over a variety of conditions. Flegel uncovered several limitations in Pseudo/CoRe, and in the final section of the book discusses ways of refining the model to provide better links with IDSs. The proposed model refinement uses signature nets similar to nonautonomous Petri nets. The nets' places represent specific states of user behavior with features (tokens) representing the various parameters of a single audit record. The nets' transitions comprise sets of specific feature values, permitting movement from place to place as events occur. This book presents a very broad view of aspects of privacy with respect to IDSs. Flegel does a good job of identifying the important topics in this area. To gain deeper knowledge, an extensive bibliography is included. Many of the references are in German, which leads to my one criticism of the book: it reads like a literal translation from German into English. Because of that, I found many passages difficult to understand and had to reread them several times. Online Computing Reviews Service