Nils Ulltveit-Moe defended his Ph.D. dissertation at the University of Agder (UiA) 8 April 2014.
Data surveillance techniques can be problematic from a privacy perspective, even if the intentions behind the surveillance might be commendable.
Surveillance of computer systems is often used to identify cyber attacks, identify violation to internal IT policies or to perform data retention according to legal requirements.
One of the main problems is that surveillance frequently lacks transparency concerning what indeed is being monitored, who have access to this information, and if side information from the surveillance can be used for other purposes than planned. In addition, information about what is being monitored by computer security companies is usually kept secret for business reasons. Another reason is that information about what is being monitored also may hurt the security of the company if attackers learn which strategies that are being used against cyber attacks.
For some businesses, especially critical infrastructures like health institutions, power grids and transport systems, it is still important to know what kind of information that is being monitored, and make sure that person sensitive or confidential information to as small as possible degree leaks to organisations performing monitoring of computer networks, especially when such operation is being outsourced. This often causes a dilemma between the need for protecting sensitive information and efficient methods for detecting computer attacks.
The dissertation amongst others describes a method for reversible anonymisation of sensitive information from computer monitoring systems, a privacy leakage metric based on Shannon entropy, and how these techniques can be used together in an improvement process which reduces leakage of sensitive information over time.
The research is being continued in the EU-projects PRECYSE and SEMIAH.
PRECYSE is a security project which is researching methods for protecting critical infrastructures against cyber attacks.
SEMIAH, which started 1. march 2014, is developing a secure and privacy friendly infrastructure for virtual power plants, which make profit from matching power consumption with production of renewable energy by moving power consumption in time.
Biography
Nils Ulltveit-Moe is from Moe in Gjerstad municipality in Aust-Agder, Norway. He got a bachelor degree in Telematics from Agder Ingeniør- and Distriktshøgskole (now University of Agder) in 1988 and master in Information Technology from Høgskolesenteret i Rogaland (now University of Stavanger) in 1990. He has worked as software developer for Ericsson and has later worked with computer security for Proseq AS which now is acquired by Telenor Security Operations Center.
He has been assistant professor at UiA since 1998, and has previously participated in the EU project EIAO which did research on large-scale automatic measuring of accessibility to web pages for disabled people. He has since 2009 worked with a PhD related to privacy-enhanced network monitoring, and does now work as assistant professor and work package leader for the EU projects PRECYSE and SEMIAH.
The PhD work is supported by Telenor, the PRECYSE project with contract number FP7-SEC-2012-1-285181 (www.precyse.eu) and UiA.