Future networks will be characterized by a dramatic increase in terms of capacity, traffic volume, number of delivered flows, and diffusion capillarity. The emerging concern is how to avoid that a massive gathering of measurement data, and the possible misuse of such collected data, may become a threat to the network customers privacy. To face this issue, we believe that network monitoring architectures should be rethought so as to incorporate a privacy preservation operation in their design. This paper addresses such issue by describing a two-stage network measurement architecture that separates monitoring tasks between a front- end and a back-end. The front-end observes, pre-processes, and protects measured network traffic, while the back-end provides access control, post-processing, and data and result storage services. The system effectively separates trust between the stages, applying novel data protection and reduction techniques as early in the monitoring process as possible, and protecting stored data with a fine-grained semantic access control scheme.

Privacy-Preserving Network Monitoring Architecture for the Future Internet

PROCISSI, GREGORIO;
2009-01-01

Abstract

Future networks will be characterized by a dramatic increase in terms of capacity, traffic volume, number of delivered flows, and diffusion capillarity. The emerging concern is how to avoid that a massive gathering of measurement data, and the possible misuse of such collected data, may become a threat to the network customers privacy. To face this issue, we believe that network monitoring architectures should be rethought so as to incorporate a privacy preservation operation in their design. This paper addresses such issue by describing a two-stage network measurement architecture that separates monitoring tasks between a front- end and a back-end. The front-end observes, pre-processes, and protects measured network traffic, while the back-end provides access control, post-processing, and data and result storage services. The system effectively separates trust between the stages, applying novel data protection and reduction techniques as early in the monitoring process as possible, and protecting stored data with a fine-grained semantic access control scheme.
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11568/135243
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus ND
  • ???jsp.display-item.citation.isi??? ND
social impact