This project contains an XACML controlled reversible anonymisation scheme for XML documents. The tool consists of an anonymiser and deanonymiser which are implemented as proxy based web services. It allows for anonymisation and authorisation of information in XML documents down to octet ranges of elements and attributes of messages. It supports multi-level security, default PERMIT and DENY anonymisation policies, key sharing and location-based authorisation using the GeoXACML framework. The current implementation can anonymise IDMEF messages from intrusion detection systems, in order to implement privacy-enhanced IDS services. It can relatively easily be modified to handle other XML formats.
The reversible anonymiser has been used used to implement privacy-enhanced intrusion detection services. It is integrated with PreludeIDS (http://
This archive also contains the necessary software packages for installing the reversible anonymiser.
This project is based on the work described in the following papers:
"Decision-cache based XACML authorisation and anonymisation for XML documents" by Nils Ulltveit-Moe and Vladimir Oleshchuk, published in Computer Standards and Interfaces, Elsevier,
"A novel policy-driven reversible anonymisation scheme for XML-based services" by Nils Ulltveit-Moe and Vladimir Oleshchuk, published in Information Systems, Elsevier,
If you publish any papers or derived works based on this software, please cite these papers.
This project is being maintained and developed as part of the FP7 EU projects:
PRECYSE - Protection, prevention and reaction to cyberattacks to critical infrastructures, contract number FP7-SEC-
SEMIAH - Scalable Energy Management Infrastructure for Aggregation of Households, contract number ICT-2013.6.1-619560 (http://
It is also part of my PhD work on Privacy-enhanced Network Monitoring (http://
To contribute to this project, please contact: Nils.Ulltveit-