Joaquin Garcia-Alfaro Guillermo Navarro-Arribas Alessandro Aldini Fabio Martinelli Neeraj Suri (Eds.) 1 8 4 Data Privacy Management, 9 S C and Security Assurance N L 10th International Workshop, DPM 2015 and 4th International Workshop, QASA 2015 Vienna, Austria, September 21–22, 2015 Revised Selected Papers 123 Lecture Notes in Computer Science 9481 Commenced Publication in 1973 Founding and Former Series Editors: Gerhard Goos, Juris Hartmanis, and Jan van Leeuwen Editorial Board David Hutchison Lancaster University, Lancaster, UK Takeo Kanade Carnegie Mellon University, Pittsburgh, PA, USA Josef Kittler University of Surrey, Guildford, UK Jon M. Kleinberg Cornell University, Ithaca, NY, USA Friedemann Mattern ETH Zurich, Zürich, Switzerland John C. Mitchell Stanford University, Stanford, CA, USA Moni Naor Weizmann Institute of Science, Rehovot, Israel C. Pandu Rangan Indian Institute of Technology, Madras, India Bernhard Steffen TU Dortmund University, Dortmund, Germany Demetri Terzopoulos University of California, Los Angeles, CA, USA Doug Tygar University of California, Berkeley, CA, USA Gerhard Weikum Max Planck Institute for Informatics, Saarbrücken, Germany More information about this series at http://www.springer.com/series/7410 Joaquin Garcia-Alfaro Guillermo Navarro-Arribas (cid:129) Alessandro Aldini Fabio Martinelli (cid:129) Neeraj Suri (Eds.) Data Privacy Management, and Security Assurance 10th International Workshop, DPM 2015 and 4th International Workshop, QASA 2015 – Vienna, Austria, September 21 22, 2015 Revised Selected Papers 123 Editors Joaquin Garcia-Alfaro FabioMartinelli Telecom SudParis National Research Council - C.N.R. Evry Pisa France Italy Guillermo Navarro-Arribas Neeraj Suri Universitat Autònoma deBarcelona Department ofComputer Science Bellaterra TU Darmstadt Spain Darmstadt Germany Alessandro Aldini University of Urbino Urbino Italy ISSN 0302-9743 ISSN 1611-3349 (electronic) Lecture Notesin Computer Science ISBN 978-3-319-29882-5 ISBN978-3-319-29883-2 (eBook) DOI 10.1007/978-3-319-29883-2 LibraryofCongressControlNumber:2016930820 LNCSSublibrary:SL4–SecurityandCryptology ©SpringerInternationalPublishingSwitzerland2016 Thisworkissubjecttocopyright.AllrightsarereservedbythePublisher,whetherthewholeorpartofthe material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storageandretrieval,electronicadaptation,computersoftware,orbysimilarordissimilarmethodologynow knownorhereafterdeveloped. Theuseofgeneraldescriptivenames,registerednames,trademarks,servicemarks,etc.inthispublication doesnotimply,evenintheabsenceofaspecificstatement,thatsuchnamesareexemptfromtherelevant protectivelawsandregulationsandthereforefreeforgeneraluse. Thepublisher,theauthorsandtheeditorsaresafetoassumethattheadviceandinformationinthisbookare believedtobetrueandaccurateatthedateofpublication.Neitherthepublishernortheauthorsortheeditors give a warranty, express or implied, with respect to the material contained herein or for any errors or omissionsthatmayhavebeenmade. Printedonacid-freepaper ThisSpringerimprintispublishedbySpringerNature TheregisteredcompanyisSpringerInternationalPublishingAGSwitzerland Foreword from the DPM 2015 Program Chairs This volume contains the proceedings of the 10th Data Privacy Management Inter- national Workshop (DPM 2015), held in Vienna, Austria, during September 21–22, 2015, in conjunction with the 20th annual European Symposium on Research in Computer Security (ESORICS 2015). The DPM series started in 2005 when the first workshoptookplaceinTokyo(Japan).Sincethen,theeventhasbeenheldeveryyear indifferent venues:Atlanta,USA(2006),Istanbul,Turkey(2007),SaintMalo,France (2009), Athens, Greece (2010), Leuven, Belgium (2011), Pisa, Italy (2012), Egham, UK (2013), and Wroclaw, Poland (2014). The aim of DPM is to promote and stimulate international collaboration and researchexchangeinareasrelatedtothemanagementofprivacy-sensitiveinformation. This is a very critical and important issue for organizations and end-users. It poses several challenging problems, such as translation of high-level business goals into system-level privacy policies, administration of sensitive identifiers, data integration and privacy engineering, among others. In this workshop edition, 39 submissions were received and each of them was eval- uatedonthebasisofsignificance,novelty,andtechnicalquality.TheProgramCommittee, comprising40members,performedanexcellenttaskandwiththehelpofanadditional 22 referees all submissions went through a careful anonymous review process (three or more reviews per submission). In the end, eight full papers, accompanied by six short papersandtwopositionpaperswerepresentedattheevent.Theprogramwascompleted withtwo keynote talks given byPierangelaSamarati (Università degli StudidiMilano) andDieterGollman(TechnischenUniversitätHamburg). We would like to thank everyone who helped organize the event, including all the members of the Organizing Committee of both ESORICS and DPM 2015. In partic- ular,wewouldliketohighlightandacknowledgealltheeffortsoftheteamfromSBA Research,foralltheirhelpandsupport.OurgratitudealsogoestoPierangelaSamarati, steering committee chair of the ESORICS Symposium, for all her arrangements that madepossiblethesatelliteevents,andJavierLopez,theworkshopschairofESORICS 2015. Our special thanks to the general chairs of DPM 2015, Josep Domingo-Ferrer and Vicenç Torra. Last but, by no means least, we thank all the DPM 2015 Program Committee members, additional reviewers, all the authors who submitted papers, and all the workshop attendees. Finally, we want to acknowledge the support received from the sponsors of the workshop: Institut Mines-Telecom (Telecom SudParis), CNRS Samovar UMR 5157 (R3S team), UNESCO Chair in Data Privacy, Universitat Autonoma de Barcelona, Internet Interdisciplinary Institute (IN3), Open University of Catalonia (UOC), and projects TIN2011-27076-C03-02 CO-PRIVACY and TIN2014-55243-P from the Spanish MINECO. January 2016 Joaquin Garcia-Alfaro Guillermo Navarro-Arribas 10th International Workshop on Data Privacy Management — DPM 2015 General Chairs Josep Domingo-Ferrer Universitat Rovira i Virgili, Spain Vicenç Torra University of Skövde, Sweden Program Committee Chairs Joaquin Garcia-Alfaro Telecom SudParis, France Guillermo Navarro-Arribas Universitat Autonoma de Barcelona, Spain Program Committee Rainer Böhme University of Münster, Germany Jordi Castella-Roca Universitat Rovira i Virgili, Spain Jordi Casas-Roma Universitat Oberta de Catalunya, Spain Frederic Cuppens Telecom Bretagne, France Nora Cuppens Telecom Bretagne, France Nicola Dragoni Technical University of Denmark, Germany David Evans University of Derby, UK Sara Foresti University of Milan, Italy Sebastien Gambs University of Rennes, France Paolo Gasti New York Institute of Technology, USA Stefanos Gritzalis University of the Aegean, Greece Marit Hansen Unabhängiges Landeszentrum für Datenschutz, Germany Jordi Herrera-Joancomarti Universitat Autonoma de Barcelona, Spain Sokratis Katsikas University of Piraeus, Greece Evangelos Kranakis Carleton University, Canada Fabio Martinelli IIT-CNR, Italy Chris Mitchell Royal Holloway, UK Anna Monreale University of Pisa, Italy Maryline Laurent Telecom SudParis, France Georgios Lioudakis National Technical University of Athens, Greece Giovanni Livraga University of Milan, Italy Javier Lopez University of Malaga, Spain Sotirios Maniatis HellenicAuthorityforCommunicationsPrivacy,Greece Refik Molva EURECOM, France Melek Önen EURECOM, France VIII 10th International WorkshoponData PrivacyManagement Cristina Perez-Sola Universitat Autonoma de Barcelona, Spain Silvio Ranise FBK, Security and Trust Unit, Italy Kai Rannenberg Goethe University, Germany David Rebollo-Monedero Technical University of Catalonia, Spain Yves Roudier EURECOM, France Pierangela Samarati University of Milan, Italy David Sanchez Universitat Rovira i Virgili, Spain Claudio Soriente ETH Zürich, Switzerland Alessandro Sorniotti IBM Research, Switzerland Traian Marius-Truta Northern Kentucky University, USA Yasuyuki Tsukada NTT Communication Science Laboratories, Japan Alexandre Viejo Universitat Rovira i Virgili, Spain Jens Weber University of Victoria, Canada Lena Wiese University of Göttingen, Germany Nicola Zannone Eindhoven University of Technology, The Netherlands Steering Committee Josep Domingo-Ferrer Universitat Rovira i Virgili, Spain Joaquin Garcia-Alfaro Telecom SudParis, France Guillermo Navarro-Arribas Autonomous University of Barcelona, Spain Vicenç Torra University of Skövde, Sweden Additional Reviewers Carles Anglès-Tafalla David Nuñez Anis Bkakria Jordi Ribes Alberto Blanco-Justicia Ruben Rios Tarek Bouyahia Ahmed Seid Yesuf Vicenç Creus-Garcia Mohammed Shafiul Alam Khan Alexandru Ionut Egner Hari Siswantoro Maria Karyda Dimitrios Vasilopoulos Eleni Klaoudatou Sokratis Vavilis Spyros Kokolakis Fatbardh Veseli Sebastian Luhn Tim Waage Francisco Moyano Shuzhe Yang Foreword from the QASA 2015 Chairs This proceedings volume contains the revised versions of papers presented at QASA2015: 4th International Workshop in Quantitative Aspects in Security Assur- ance, held during September 21–22, 2015, in Vienna, as an affiliated event of ESORICS 2015 and in cooperation with DPM. The QASA workshop series responds to the increasing demand for techniques to dealwithquantitativeaspectsofsecurityassuranceatseverallevelsofthedevelopment life-cycle of systems and services, from requirements elicitation to run-time operation and maintenance. The aim of QASA is to bring together researchers and practitioners interested in these research topics with a particular emphasis on the techniques for service-oriented architectures. The scope of the workshop is intended to be broad, including aspects as dependability, privacy, risk, and trust. QASA2015received11submissions,eachonereviewed byatleastthreeProgram Committeemembers.Thecommitteedecidedtoacceptfourpapers(aftertworoundsof evaluations)fortheproceedings.Theprogramalsoincludesoneinvitedtalk,givenby Pierangela Samarati on data protection (in cooperation with DPM). The presentations and the discussions during the workshop have shown that the area of quantitative security, in its many facets, is an active and interesting field of research. We would like to thank the invited speakers, the authors of submitted papers, the members of the Program Committee, the external reviewers, and the sponsors, which are the EU projects NeCS and SPECS and the IFIP WG 11.14 (NESSoS) on Secure Engineering.WearealsogratefulfortheuseoftheEasyChairplatform,whichoffered an effective and clear way of managing the entire review process as well as the proceedings production. Finally, we are also grateful to the SBA-Research and Technology University of Vienna for providing the venue for QASA2015. January 2016 Alessandro Aldini Fabio Martinelli Neeraj Suri 4th International Workshop on Quantitative Aspects in Security Assurance — QASA 2015 General Chairs Alessandro Aldini University of Urbino, Italy Fabio Martinelli IIT-CNR, Italy Neeraj Suri TU Darmstadt, Germany Program Committee Andrea Bondavalli University of Florence, Italy Tom Clothia University of Birmingham, UK Jorge Cuellar Siemens, Germany Frédéric Cuppens Télécom Bretagne, France Joaquin Garcia-Alfaro Télécom SudParis, France Javier Lopez University of Malaga, Spain Jesus Luna Garcia Cloud Security Alliance, UK Catherine Meadows Naval Research Laboratory, USA Charles Morisset Newcastle University, UK Pierangela Samarati University of Milan, Italy Ketil Stoelen SINTEF, Norway Lorenzo Strigini City London University, UK Herbert Wiklicky Imperial College London, UK Additional Reviewer Gencer Erdogan SINTEF, Norway