A Risk-Driven Approach to Designing Privacy-Enhanced Secure Applications

In the context of authorization in distributed systems, security and privacy often seem at odds. Privacy considerations may motivate the use of secure mechanisms for privacy-enhanced and possibly attribute-based anonymous authorization; the need to trace and identify users misusing their rights seems to call for either identity-based authorization or at least some kind of identity escrow allowing re-identification of users. In this paper, we propose a risk-driven design approach for maximizing privacy of users while satisfying security requirements of an application. In this approach, a security measure such as authentication or identity escrow is introduced only if it addresses a concrete risk and this risk cannot be avoided or otherwise addressed. This approach helps to identify privacy-friendly solutions as well as trade-offs between privacy and other considerations such as cost. It also clarifies trust assumptions between credential or certificate issuers and service providers. We illustrate our approach with an example application.

By: Els Van Herreweghen

Published in: in "Information Security Management Education and Privacy" Proc. IFIP 18th World Computer CongressTC11 19th Int'l Information Security Workshops, Boston, Kluwer, vol.148, p.265 in 2004

Please obtain a copy of this paper from your local library. IBM cannot distribute this paper externally.

Questions about this service can be mailed to reports@us.ibm.com .