Data leakage quantification

S. Vavilis; M. Petkovic; N. Zannone

doi:10.1007/978-3-662-43936-4_7

Data leakage quantification

S. Vavilis, M. Petkovic, N. Zannone

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

12 Citations (Scopus)

2 Downloads (Pure)

Abstract

The detection and handling of data leakages is becoming a critical issue for organizations. To this end, data leakage solutions are usually employed by organizations to monitor network traffic and the use of portable storage devices. These solutions often produce a large number of alerts, whose analysis is time-consuming and costly for organizations. To effectively handle leakage incidents, organizations should be able to focus on the most severe incidents. Therefore, alerts need to be prioritized with respect to their severity. This work presents a novel approach for the quantification of data leakages based on their severity. The approach quantifies leakages with respect to the amount and sensitivity of the leaked information as well as the ability to identify the data subjects of the leaked information. To specify and reason on data sensitivity in an application domain, we propose a data model representing the knowledge in the domain. We validate our approach by analyzing data leakages within a healthcare environment. Keywords: Data Leakage Detection; Severity Metrics; Data Sensitivity Model

Original language	English
Title of host publication	Data and Applications Security and Privacy XXVIII (28th Annual IFIP WG 11.3 Working Conference, DBSec 2014, Vienna, Austria, July 14-16, 2014)
Editors	V. Atluri, G. Pernul
Publisher	Springer
Pages	98-113
ISBN (Print)	978-3-662-43935-7
DOIs	https://doi.org/10.1007/978-3-662-43936-4_7
Publication status	Published - 2014
Event	28th Annual IFIP WG 11.3 Working Conference on Data and Applications Security (DBSec 2014), July 14-16, 2014, Vienna, Austria - Vienna, Austria Duration: 14 Jul 2014 → 16 Jul 2014

Publication series

Name	Lecture Notes in Computer Science
Volume	8566
ISSN (Print)	0302-9743

Conference

Conference	28th Annual IFIP WG 11.3 Working Conference on Data and Applications Security (DBSec 2014), July 14-16, 2014, Vienna, Austria
Abbreviated title	DBSec 2014
Country/Territory	Austria
City	Vienna
Period	14/07/14 → 16/07/14

Access to Document

10.1007/978-3-662-43936-4_7

Best Student Paper Award at 28th Annual IFIP WG 11.3 Working Conference on Data and Applications Security (DBSec 2014)
Vavilis, S. (Recipient), Petkovic, M. (Recipient) & Zannone, N. (Recipient), 2014
Prize: Other › Career, activity or publication related prizes (lifetime, best paper, poster etc.) › Scientific

Cite this

Vavilis, S., Petkovic, M., & Zannone, N. (2014). Data leakage quantification. In V. Atluri, & G. Pernul (Eds.), Data and Applications Security and Privacy XXVIII (28th Annual IFIP WG 11.3 Working Conference, DBSec 2014, Vienna, Austria, July 14-16, 2014) (pp. 98-113). (Lecture Notes in Computer Science; Vol. 8566). Springer. https://doi.org/10.1007/978-3-662-43936-4_7

@inproceedings{c4e5093557b84770999aaf5f53f27049,

title = "Data leakage quantification",

abstract = "The detection and handling of data leakages is becoming a critical issue for organizations. To this end, data leakage solutions are usually employed by organizations to monitor network traffic and the use of portable storage devices. These solutions often produce a large number of alerts, whose analysis is time-consuming and costly for organizations. To effectively handle leakage incidents, organizations should be able to focus on the most severe incidents. Therefore, alerts need to be prioritized with respect to their severity. This work presents a novel approach for the quantification of data leakages based on their severity. The approach quantifies leakages with respect to the amount and sensitivity of the leaked information as well as the ability to identify the data subjects of the leaked information. To specify and reason on data sensitivity in an application domain, we propose a data model representing the knowledge in the domain. We validate our approach by analyzing data leakages within a healthcare environment. Keywords: Data Leakage Detection; Severity Metrics; Data Sensitivity Model",

author = "S. Vavilis and M. Petkovic and N. Zannone",

year = "2014",

doi = "10.1007/978-3-662-43936-4_7",

language = "English",

isbn = "978-3-662-43935-7",

series = "Lecture Notes in Computer Science",

publisher = "Springer",

pages = "98--113",

editor = "V. Atluri and G. Pernul",

booktitle = "Data and Applications Security and Privacy XXVIII (28th Annual IFIP WG 11.3 Working Conference, DBSec 2014, Vienna, Austria, July 14-16, 2014)",

address = "Germany",

note = "28th Annual IFIP WG 11.3 Working Conference on Data and Applications Security (DBSec 2014), July 14-16, 2014, Vienna, Austria, DBSec 2014 ; Conference date: 14-07-2014 Through 16-07-2014",

}

Vavilis, S , Petkovic, M & Zannone, N 2014, Data leakage quantification. in V Atluri & G Pernul (eds), Data and Applications Security and Privacy XXVIII (28th Annual IFIP WG 11.3 Working Conference, DBSec 2014, Vienna, Austria, July 14-16, 2014). Lecture Notes in Computer Science, vol. 8566, Springer, pp. 98-113, 28th Annual IFIP WG 11.3 Working Conference on Data and Applications Security (DBSec 2014), July 14-16, 2014, Vienna, Austria, Vienna, Austria, 14/07/14. https://doi.org/10.1007/978-3-662-43936-4_7

Data leakage quantification. / Vavilis, S.; Petkovic, M.; Zannone, N.
Data and Applications Security and Privacy XXVIII (28th Annual IFIP WG 11.3 Working Conference, DBSec 2014, Vienna, Austria, July 14-16, 2014). ed. / V. Atluri; G. Pernul. Springer, 2014. p. 98-113 (Lecture Notes in Computer Science; Vol. 8566).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - Data leakage quantification

AU - Vavilis, S.

AU - Petkovic, M.

AU - Zannone, N.

PY - 2014

Y1 - 2014

N2 - The detection and handling of data leakages is becoming a critical issue for organizations. To this end, data leakage solutions are usually employed by organizations to monitor network traffic and the use of portable storage devices. These solutions often produce a large number of alerts, whose analysis is time-consuming and costly for organizations. To effectively handle leakage incidents, organizations should be able to focus on the most severe incidents. Therefore, alerts need to be prioritized with respect to their severity. This work presents a novel approach for the quantification of data leakages based on their severity. The approach quantifies leakages with respect to the amount and sensitivity of the leaked information as well as the ability to identify the data subjects of the leaked information. To specify and reason on data sensitivity in an application domain, we propose a data model representing the knowledge in the domain. We validate our approach by analyzing data leakages within a healthcare environment. Keywords: Data Leakage Detection; Severity Metrics; Data Sensitivity Model

AB - The detection and handling of data leakages is becoming a critical issue for organizations. To this end, data leakage solutions are usually employed by organizations to monitor network traffic and the use of portable storage devices. These solutions often produce a large number of alerts, whose analysis is time-consuming and costly for organizations. To effectively handle leakage incidents, organizations should be able to focus on the most severe incidents. Therefore, alerts need to be prioritized with respect to their severity. This work presents a novel approach for the quantification of data leakages based on their severity. The approach quantifies leakages with respect to the amount and sensitivity of the leaked information as well as the ability to identify the data subjects of the leaked information. To specify and reason on data sensitivity in an application domain, we propose a data model representing the knowledge in the domain. We validate our approach by analyzing data leakages within a healthcare environment. Keywords: Data Leakage Detection; Severity Metrics; Data Sensitivity Model

U2 - 10.1007/978-3-662-43936-4_7

DO - 10.1007/978-3-662-43936-4_7

M3 - Conference contribution

SN - 978-3-662-43935-7

T3 - Lecture Notes in Computer Science

SP - 98

EP - 113

BT - Data and Applications Security and Privacy XXVIII (28th Annual IFIP WG 11.3 Working Conference, DBSec 2014, Vienna, Austria, July 14-16, 2014)

A2 - Atluri, V.

A2 - Pernul, G.

PB - Springer

T2 - 28th Annual IFIP WG 11.3 Working Conference on Data and Applications Security (DBSec 2014), July 14-16, 2014, Vienna, Austria

Y2 - 14 July 2014 through 16 July 2014

ER -

Data leakage quantification

Abstract

Publication series

Conference

Access to Document

Fingerprint

Prizes

Best Student Paper Award at 28th Annual IFIP WG 11.3 Working Conference on Data and Applications Security (DBSec 2014)

Cite this