IT安全与隐私：强化隐私保密机构的设计与应用IT-security and privacy

1.Introduction
2.Privacy in the Global Information Society
2.1 Definition of Privacy and Data Protection
2.2 Historical Perspective on Data Protection Legislation
2.3 Privacy Principles of the German Census Decision
2.4 Basic Privacy Principles
2.5 The EU Directive on Data Protection
2.6 German Data Protection Legislation
2.6.1 The German Federal Data Protection Act (Bundesdatenschutzgesetz)
2.6.2 Data Protection Regulations for Information and Telecommunication Services
2.7 Threats to Privacy in the Global Networked Society
2.7.1 Privacy Threats at Application Level
2.7.2 Privacy Threats at Communication Level
2.7.3 Insecure Technologies
2.8 Problems of an International Harmonisation of Privacy Legislation
2.9 The Need for Privacy Enhancing Technologies
2.10 The Importance of Privacy Education
2.11 Conclusions
3.IT-Security
3.1 Definition
3.2 Security Models
3.2.1 Harrison-Ruzzo-Ullman Model
3.2.2 Bell LaPadula Model
3.2.3 Unix System V/MLS Security Policy
3.2.4 Biba Model
3.2.5 Lattice Model of Information Flow
3.2.6 Noninterference Security Model
3.2.7 Clark-Wilson Model
3.2.8 Chinese Wall Model
3.2.9 Role-Based Access Control Models
3.2.10 Task-Based Authorisation Models for Workflow
3.2.10.1 Workflow Authorisation Model (WAM)
3.2.10.2 Task-Based Authorisation Controls (TBAC)
3.2.11 Security Models for Object-Oriented Information Systems
3.2.11.1 The Authorisation Model by Fernandez et al
3.2.11.2 The Orion Authorisation Model
3.2.11.3 The DORIS Personal Model of Data
3.2.11.4 Further Relevant Research
3.2.12 Resource Allocation Model for Denial of Service Protection
3.2.13 Multiple Security Policies Modelling Approaches
3.2.13.1 The Generalised Framework for Access Control (GFAC)
3.2.13.2 The Multipolicy Paradigm and Multipolicy Systems
3.3 Basic Security Functions and Security Mechanisms
3.3.1 Identification and User Authentication
3.3.2 Access Control
3.3.3 Auditing
3.3.4 Intrusion Detection Systems
3.3.5 Object Reuse Protection
3.3.6 Trusted Path
3.3.7 Cryptography
3.3.7.1 Foundations
3.3.7.2 Symmetric Algorithms
3.3.7.3 Asymmetric Algorithms
3.3.7.4 Hash Functions
3.3.7.5 Certificates
3.4 Security Evaluation Criteria
3.4.1 The Rainbow Series (Orange Book et al.)
3.4.2 European Initiatives
3.4.2.1 Overview
3.4.2.2 The German Green Book
3.4.2.3 The Information Technology Security Evaluation Criteria (ITSEC)
3.4.3 North American Initiatives
3.4.3.1 CTCPEC
3.4.3.2 MSFR
3.4.3.3 Federal Criteria
3.4.4 International Harmonisation
3.4.4.1 ISO Initiatives (ISO/IEC-ECITS)
3.4.4.2 The Common Criteria
3.4.5 Shortcomings of IT Security Evaluation Criteria
3.5 Conflict between IT Security and Privacy
3.5.1 Privacy Implications of IT Security Mechanisms
　　……
4.Privacy-Enhancing Technologies
5.A Task-Based Privacy Model
6.Specification and Implementation of the Privacy Policy Following the Generalised Framework for Access Control-Approach
7.Concluding Remarks
Appendix A:Formal Mathematical Privacy Model
Appdndix B:Implementation of a Hospital Scenario as a Demonstration Example
References