A Qualitative Risk Assessment Framework for Sharing Computer Network Data
23 Pages Posted: 2 Apr 2012 Last revised: 23 Sep 2012
Date Written: March 31, 2012
The availability of computer network data is critically important for network operations, the development of next-generation systems, and creation of the evidence-based policies that drive them. Collection and sharing of this network data, which may range from detailed packet traces to aggregated security alerts, is effectively the only way to concretely understand the complex structure and function of real-world networks. The information gleaned from such data sharing efforts is key to enabling innovation and resolving formidable issues in electronic crime forensics, infrastructure security, Internet governance, and intellectual property protection.
The data provider's decision to share network data is ultimately anchored in trust. The nature and extent of that trust is a confluence of the capacity to satisfy relevant legal requirements, the value placed on potential benefits, and confidence that the data recipient will not increase the provider's risk of disclosing sensitive information. What is most notable about the current state of practice is that most would-be data providers have a relatively weak understanding of these individual issues and their interplay, particularly in the context of computer network data. Risk is fueled by uncertainty about the application and interpretation of legal restrictions and obligations (e.g., regulations and privacy laws) related to network data disclosure, and exacerbated by unfamiliarity with disclosure control methods. At present, most efforts related to network data sharing focus on defining common data formats and exchange procedures for information interoperability. However, little work has been done to address the need for generalizable and scalable guidance that helps data providers understand and reason about these data sharing issues, thereby enabling risk-sensitive data disclosures that consider both legal constraints and utility needs.
We propose a reference risk assessment framework comprised of three phases that are designed to be generalizable across a wide range of data sharing scenarios. The first phase establishes a disclosure control continuum along two primary axes: the intended utility objectives and the disclosure restrictions imposed by legal, contractual, and ethical concerns. In the second phase, we describe operational, technical, and policy-oriented disclosure control methods, along with how they may be applied to adjust the balance between utility and risk mitigation. Finally, the third phase assesses the chosen controls with respect to the stated utility objectives and disclosure restrictions in the context of a qualitatively defined threat model. Significantly, our approach is unique among similar data sharing efforts (e.g., health data) because there is no generally accepted quantitative approach for assessing the risks associated with network data sharing, nor a practicable framework for addressing the growing number of related threats. Instead, we focus on educating data providers toward more effective, balanced, and pragmatic decisions that build a level trust and understanding necessary for productive network data sharing.
Keywords: data sharing, privacy, computer networks, anonymization, risk assessment
Suggested Citation: Suggested Citation