Registered by Nils Ulltveit-Moe

This project contains an XACML controlled reversible anonymisation scheme for XML documents. The tool consists of an anonymiser and deanonymiser which are implemented as proxy based web services. It allows for anonymisation and authorisation of information in XML documents down to octet ranges of elements and attributes of messages. It supports multi-level security, default PERMIT and DENY anonymisation policies, key sharing and location-based authorisation using the GeoXACML framework. The current implementation can anonymise IDMEF messages from intrusion detection systems, in order to implement privacy-enhanced IDS services. It can relatively easily be modified to handle other XML formats.

The reversible anonymiser has been used used to implement privacy-enhanced intrusion detection services. It is integrated with PreludeIDS ( via a SOAP based web service module that allows feeding IDS alarms from prelude-manager via the anonymiser in order to anonymise the IDMEF based IDS alarms. The anonymised IDS alarms can subsequently be sent back to another instance of prelude-manager via the idmefserver program, which interfaces the SOAP messages back to PreludeIDS' internal protocol format. This allows for storing and presenting anonymised IDS alarms in the Prewikka tool. Unmodified anonymised IDS alarms can be deanonymised using the deanonymiser tool. Ubuntu software packages with a patched version of PreludeIDS that supports the IDMEF SOAP interface is stored in the PPA archive:

This archive also contains the necessary software packages for installing the reversible anonymiser.

This project is based on the work described in the following papers:
"Decision-cache based XACML authorisation and anonymisation for XML documents" by Nils Ulltveit-Moe and Vladimir Oleshchuk, published in Computer Standards and Interfaces, Elsevier,

"A novel policy-driven reversible anonymisation scheme for XML-based services" by Nils Ulltveit-Moe and Vladimir Oleshchuk, published in Information Systems, Elsevier,

If you publish any papers or derived works based on this software, please cite these papers.

This project is being maintained and developed as part of the FP7 EU projects:
PRECYSE - Protection, prevention and reaction to cyberattacks to critical infrastructures, contract number FP7-SEC-2012-1-285181 (
SEMIAH - Scalable Energy Management Infrastructure for Aggregation of Households, contract number ICT-2013.6.1-619560 (
It is also part of my PhD work on Privacy-enhanced Network Monitoring (, which was supported partially by Telenor under the contract DR-2009-1 and partially by University of Agder, Norway.

To contribute to this project, please contact:

Project information

Nils Ulltveit-Moe
Nils Ulltveit-Moe
Apache Licence

RDF metadata

View full history Series and milestones

trunk series is the current focus of development.

All code Code

Version control system:
Programming languages:

All bugs Latest bugs reported

Get Involved


Reversible Anonymiser does not have any download files registered with Launchpad.