advertisement

Securing Data Warehouses: A Semi-automatic Approach for Inference Prevention at the Design Level

100 %
0 %
advertisement
Information about Securing Data Warehouses: A Semi-automatic Approach for Inference...
Technology

Published on March 10, 2014

Author: salahtriki

Source: slideshare.net

Description

Data warehouses contain sensitive data that must be secured in two ways: by defining appropriate access rights to the users and by preventing potential data inferences. Inspired from development methods for information systems, the first way of securing a data warehouse has been treated in the literature during the early phases of the development cycle. However, despite the high risks of inferences, the second way is not sufficiently taken into account in the design phase; it is rather left to the administrator of the data warehouse. However, managing inferences during the exploitation phase may induce high maintenance costs and complex OLAP server administration. In this paper, we propose an approach that, starting from the conceptual model of the data sources, assists the designer of the data warehouse in indentifying
multidimensional sensitive data and those that may be subject to inferences.
advertisement

Securing Data Warehouses: A Semi-automatic Approach for Inference Prevention at the Design Level Salah Triki Hanene Ben-Abdallah (Mir@cl, University of Sfax) Nouria Harbi, Omar Boussaid (ERIC, University of Lyon) 1

Outline • Introduction • Securing Data Warehouses • An approach for assisting the design of secure DW • Conclusion

Outline • Introduction • Securing Data Warehouses • An approach for assisting the design of secure DW • Conclusion

Introduction • A data warehouse is a collection of data: – integrated – subject-oriented – nonvolatile – historized – available for querying and analysis • A DW can be deployed in various domains: Commerce, Hospital ...

Introduction • Data warehouses contain: – Sensitive data – Some personal/propriatary data • Legal requirements: – HIPPA – GLBA – Safe Harbor – Sarbanes-Oxley • Organizations must comply with these laws

Outline 6 • Introduction • Securing Data Warehouses • An approach for assisting the design of secure DW • Conclusion

Securing Data Warehouses 7 • The two levels of security : – Design level – Physical level

Securing Data Warehouses • At the design level Security constraint Security constraint

Entrepôt de données • The types of inferences : – Precise Inference – Partial Inference Query Not Authorized Data Authorized Data • At the physical level Securing Data Warehouses

• Prevention of inferences at the physical level [Haibing and al. 2008, Cuzzocrea 2009, Zhang and al. 2011] can induce : – high administrative costs – high maintenance. • Prevention of inferences at the design level [Steger and al. 2000, Blanco and al. 2010] : – do not take into account the potential inferences from the available data – specific to a particular application domain. Securing Data Warehouses

Outline • Introduction • Securing Data Warehouses • An approach for assisting the design of secure DW • Conclusion

• Assumptions : – The data sources’ class diagram is available. – The star schema is already designed. – The star schema is mapped to the data sources’ class diagram. An approach for assisting the design of secure DW

(1) (2) (3) (4) An approach for assisting the design of secure DW Security Designer

• Inferences Graph : a set of nodes connected by oriented arcs. – The nodes represent the data : ● Node colored in gray : sensitive data ● Node colored in white : none sensitive data – The arcs indicate the direction of inference : ● Solid arc : precise inference ● Dotted arc : partial inference B C A Inferences graph construction

Inference rules 1/3 C1 C1

Inference rules 2/3

Inference rules 3/3

Types of inferences • The automatic construction of the inferences graph does not indicate the type of inferences: partial or precise. • The indication cannot be, unfortunately, deducted automatically. • The security designer must distinguish partial inferences (drawn by dotted arcs).

Detection of new inferences A B C D E • Calculation of the transitive closure Partial path Precise path

Enrichment of the star schema A B C D E Partial path Precise path <<Partial Inference : D:A>> <<Precise Inference : E:A>> <<Sensitive Data >>

• Class diagram of the data sources Example

• DW star schema Example Illness Critical Illness

Example Illness Critical Illness Treatment Diagnostic Transfer

• Inferences graph Example

• Inferences graph transitive closure Example

•Inference type specification Example << Partial Inference : Date : Illness>> << Partial Inference : Time : Illness>> << Sensitive Data >> <<Partial Inference : Transfer :Critical Illness>>

Outline • Introduction • Securing Data Warehouses • An approach for assisting the design of secure DW • Conclusion

• An approach to produce a conceptual multidimensional model annotated with information for inference prevention: – A graph of inferences based on the class diagram of data sources. – The class diagram allows us to identify the elements to lead to precise/partial inferences. • Studying how to transfer to the logical level the annotations defined at the design level. Conclusion

Add a comment

Related presentations

Presentación que realice en el Evento Nacional de Gobierno Abierto, realizado los ...

In this presentation we will describe our experience developing with a highly dyna...

Presentation to the LITA Forum 7th November 2014 Albuquerque, NM

Un recorrido por los cambios que nos generará el wearabletech en el futuro

Um paralelo entre as novidades & mercado em Wearable Computing e Tecnologias Assis...

Microsoft finally joins the smartwatch and fitness tracker game by introducing the...

Related pages

Securing Data Warehouses: A Semi-automatic Approach for ...

Data warehouses contain sensitive data that must be ... Securing Data Warehouses: A Semi-automatic Approach for Inference Prevention at the Design Level.
Read more

Securing Data Warehouses: A Semi-automatic Approach for ...

Securing Data Warehouses: A Semi-automatic Approach for Inference Prevention at the ... An Automatic Data Warehouse Conceptual Design Approach. In: ...
Read more

Securing Data Warehouses: A Semi-automatic Approach for ...

Securing Data Warehouses: A Semi-automatic Approach for Inference Prevention at the Design Level ... The need for securing DW was felt long ago [1] [2].
Read more

Securing data warehouses - dl.acm.org

Securing data warehouses: a semi-automatic approach for inference prevention at the design level
Read more

Securing data warehouses: a semi-automatic approach for ...

Securing Data Warehouses: A Semi-automatic Approach for Inference Prevention at the Design Level Salah Triki1, Hanene Ben-Abdallah1, Nouria Harbi2, and ...
Read more

Securing Data Warehouses: A Semi-automatic Approach for ...

Securing Data Warehouses: A Semi-automatic Approach for ... Securing Data Warehouses: A Semi-automatic Approach for Inference Prevention at the Design Level.
Read more

An Automatic Data Warehouse Conceptual Design Approach ...

Securing Data Warehouses: A Semi-automatic Approach for Inference Prevention at the Design Level. Salah Triki, Hanêne Ben-Abdallah, Nouria Harbi, Omar ...
Read more

Modeling Conflict of Interest in the Design of Secure Data ...

Securing Data Warehouses: A Semi-automatic Approach for Inference Prevention at the Design Level
Read more

Security Issues in Data Warehouse - Semantic Scholar

Securing Data Warehouses: A Semi-automatic Approach for Inference Prevention at the Design Level. Salah Triki, Hanêne Ben-Abdallah, Nouria Harbi, Omar ...
Read more