Contributions to Books:
P. Kieseberg, E. Weippl:
"Securing Information against Manipulation in the Production Systems Engineering Process";
in: "Security and Quality in Cyber-Physical Systems Engineering",
Springer International Publishing,
Modern engineering projects often include extensive cooperation with partners as well as external experts, either due to specific
knowledge required that cannot be acquired otherwise, or even due to
rules and regulations that have to be obeyed to enter a specific market.
Still, Production Systems Engineering (PSE) processes contain significant intrinsic and explicit knowledge that is a key resource of a partner.
Therefore, the partners in such a collaborative process need to protect
their vital knowledge assets while still being forced to share much of the
information, thus rendering proactive solutions for information protection infeasible. Information fingerprinting has been used as a reactive
measure in many data based information processes. While fingerprinting
does not hinder unsolicited information exchange, fingerprinting techniques can be used to prove ownership of information and to determine
the leaking partner. In addition, expert information is integrated into
the overall process, requiring means to hold single participants responsible for errors and/or other issues. Still, in current environments, manipulation of information is largely possible. This becomes especially
problematic in cases, where the expert information is used as input in
intelligent algorithms, thus rendering any chance of simple detection impossible, even for the expert originally entering the information. In this
chapter, we adopt an approach for providing information integrity in socalled doctor in the loop (Holzinger 2016) systems in order to fit the PSE
process and its special requirements and combine it with fingerprinting
methods for protecting the ownership of vital information assets. Furthermore, we extend this approach to not only control data manipulation, but also access to sensitive information. In order to further mitigate
attacks targeting data exfiltration, we provide two new approaches for
logging SELECT-queries in a way that cannot be manipulated even by
attacks in the possession of administrator privileges.
data protection; audit & control; exfiltration detection; PSE databases
"Official" electronic version of the publication (accessed through its Digital Object Identifier - DOI)
Created from the Publication Database of the Vienna University of Technology.