Meinig, Michael; Tröger, Peter; Meinel, Christoph
Proceedings of the 5th Conference on Information Systems Security and Privacy (ICISSP 2019)
Prague, Czech Republic
SCITEPRESS – Science and Technology Publications, Lda
Modern information infrastructures and organizations increasingly face the problem of data breaches and cyber-attacks. A traditional method for dealing with this problem are classification zones, such as ‘top secret’, ‘confidential’, and ‘unclassified’, which regulate the access of persons, hardware, and software to data records. In this paper, we present an approach that finds classification zone violations through automated message flow analysis. Our approach considers the problem of anonymization for the source event logs, which makes the resulting data flow model sharable with experts and the public. We discuss practical implications from applying the approach to a large governmental organization data set and discuss how the anonymity of our concept can be formally validated.