Tuesday, September 11th, 2007

09h00-09h20 

Sven Wohlgemuth (ALU-FR): From Data Economy to Secure Logging as a Step towards Transparency 

Ambient Intelligence environments lead to a collection of contextual and personal data for personalised services which is unaware for their users. This stems from the deployment of RFID tags of goods, sensors and cameras observing the users in, e.g., a shop such as the “Future Store” of the METRO AG. Therefore, users are not able to decide on the disclosure of their data. Either they do not participate in such environments or they have to trust service providers to use their personal data according to the privacy policy. The concept of usage control, with obligations as rules, for a desired use of personal data is an approach allowing users to control the use of their personal data. It has been shown that current privacy mechanisms support access control over personal data but not its use. Privacy policy languages, such as P3P or EPAL, support obligations but do not offer the possibility for users to verify whether obligations have been enforced. The aim is to identify requirements for a mechanism which generates privacy evidences in order to offer users proof that they can trust service providers. Log data are the foundation for privacy evidences, since they should reflect the enforcement of obligations and identify the misuse of personal data should it occur. This talk presented the requirement of the authenticity of log data and an approach toward generating them using a secure logging protocol.

09h20-09h40 

Eleni Kosta (ICRI): Legal Requirements of Secure Logging 

From the view of legislation, log data is also personal data and, as such, must be protected. This talk focuses on the two main legal requirements of the “right to access log data for users” and the “right to be informed”. This also means that there should be integrity control over logging activities, the collected data must be authentic and the logging activities must be accountable. Timestamps and trust services such as the eSignature Directive are proposed. The talk further introduces privacy principles and security criteria which have to be fulfilled by a secure logging system in order to pass legal evaluation. 

09h40-10h00 

Martin Meints (ICPP): International Security Standards and Logging 

This talk introduces the definition of logging according to the ISO/IEC 270xx series of security standards as well as CobiT and ISO/IEC 15408. It concludes that third party (e.g. user) interests are not covered, though protocol data from enterprises is increasingly used by the state. It points out that if logging mechanisms according to these standards are used, the administrator of the system has unlimited access to the data logged. 

10h00-10h20 

Stefan Berthold (TUD): Technical Aspects of Secure Logging – Requirements, Approaches, Limitations 

This talk focuses on the semantic interpretation of log data and its interpretable presentation to users lacking security knowledge.  Stefan Berthold presented the concept of lattices for semantic interpretation and the of town maps for presentation.

10h20-10h30 

Rani Husseiki (SIRRIX): D14.5 Experimental Study on Profiling in Business Processes 

This talk introduces the experimental study according to its goals (detecting the misuse of personal data) and approach. Students apply for various loyalty programs and make minor mistakes in their names. For example, if an address is sold to an advertising company, it is possible to determine who sold the personal data. The results will be summarized by a survey. 

10h30-11h00 

Coffee break 

11h00-12h30 

Coordination of D14.5, D14.6 and proposals for the 5th work plan

The results of the discussion include a sketch of the table of contents of D14.6, its schedule and an agreement upon a publication for the 5th work plan to summarize the results from WP14.  Concerning the 5th work plan, a study of the means by which users can verify the logging of data and only view their own details, was proposed and discussed. The proposal needs refinement before presenting it for the 5th work plan.