View
125
Download
0
Category
Tags:
Preview:
Citation preview
Securing Data Warehouses:A Semi-automatic Approach for Inference Prevention at the Design Level
Salah Triki
Hanene Ben-Abdallah (Mir@cl, University of Sfax)
Nouria Harbi, Omar Boussaid (ERIC, University of Lyon)
1
Outline
• Introduction
• Securing Data Warehouses
• An approach for assisting the design of
secure DW
• Conclusion
Outline
• Introduction
• Securing Data Warehouses
• An approach for assisting the design of
secure DW
• Conclusion
Introduction
• A data warehouse is a collection of data:– integrated– subject-oriented– nonvolatile– historized– available for querying and analysis
• A DW can be deployed in various domains: Commerce, Hospital ...
Introduction• Data warehouses contain:
– Sensitive data– Some personal/propriatary data
• Legal requirements:– HIPPA– GLBA– Safe Harbor– Sarbanes-Oxley
• Organizations must comply with these laws
Outline
6
• Introduction
• Securing Data Warehouses
• An approach for assisting the design of
secure DW
• Conclusion
Entrepôt de données
• The types of inferences :
– Precise Inference
– Partial Inference
QueryNot
Authorized Data
AuthorizedData
• At the physical level
Securing Data Warehouses
• Prevention of inferences at the physical level [Haibing and al. 2008, Cuzzocrea 2009, Zhang and al. 2011]
can induce : – high administrative costs – high maintenance.
• Prevention of inferences at the design level [Steger and al. 2000, Blanco and al. 2010] :
– do not take into account the potential inferences from the available data
– specific to a particular application domain.
Securing Data Warehouses
Outline
• Introduction
• Securing Data Warehouses
• An approach for assisting the design of
secure DW
• Conclusion
• Assumptions :
– The data sources’ class diagram is available.
– The star schema is already designed.
– The star schema is mapped to the data sources’ class diagram.
An approach for assisting the design of secure DW
• Inferences Graph : a set of nodes connected by oriented arcs.
– The nodes represent the data :● Node colored in gray : sensitive data● Node colored in white : none sensitive data
– The arcs indicate the direction of inference :● Solid arc : precise inference● Dotted arc : partial inference
B C
A
Inferences graph construction
Types of inferences
• The automatic construction of the inferences graph does not indicate the type of inferences: partial or precise.
• The indication cannot be, unfortunately, deducted automatically.
• The security designer must distinguish partial inferences (drawn by dotted arcs).
Detection of new inferences
A
B C
D E
• Calculation of the transitive closure
Partial path Precise path
Enrichment of the star schema
A
B C
D E
Partial path Precise path
<<Partial Inference : D:A>>
<<Precise Inference : E:A>>
<<Sensitive Data >>
•Inference type specification
Example
<< Partial Inference : Date : Illness>><< Partial Inference : Time : Illness>>
<< Sensitive Data >>
<<Partial Inference : Transfer :Critical Illness>>
Outline• Introduction
• Securing Data Warehouses
• An approach for assisting the design of
secure DW
• Conclusion
• An approach to produce a conceptual multidimensional model annotated with information for inference prevention:
– A graph of inferences based on the class diagram of data sources.
– The class diagram allows us to identify the elements to lead to precise/partial inferences.
• Studying how to transfer to the logical level the annotations defined at the design level.
Conclusion
Recommended