securedis: a framework for secure data integration systems fatimah akeel [email protected]...
TRANSCRIPT
SecureDIS: a Framework for SecureDIS: a Framework for Secure Data Integration Secure Data Integration
SystemsSystems
Fatimah [email protected]
Supervisors: Dr. Gary B. Wills & Dr. Andrew Gravell
School of Electronics and Computer Science, ESS Group
2
Katrina
SARS
The use of intensive amount of data creates the so calleddata integration systems
3
A Scenario of Data Integration System (DIS)A Scenario of Data Integration System (DIS)
System Security Management (SSM)
Data Integrator (DI)
Media DS3
Integration Approach(IA)
NHSDS1
ONSDS2
Social Networks
DS4
Data Integration Application
Data SourcesData Sources
Unintentional disclosure of private information caused by system design.
4System Security Management (SSM)
Data Integrator (DI)
Media DS3
Integration Approach(IA)
NHSDS1
ONSDS2
Social Networks
DS4
Data Integration Application
Data SourcesData Sources
SecuritySecurity
PrivacyPrivacy
TrustTrust
5
66
1 2
Build a DIS to be secure by design
3
Focus on disclosure of private data
The Goal is to:
Create a secure and reliable DIS
that Produce accurate results,
used in decision making and disaster recovery.
Which is achieved by having
security requirements propagate through the development
7
8
Data Sources (DS)
Integration Approach (IA) Data Integrator (DI)
System Security Management (SSM)
Secure Data Integration Systems (SecureDIS)
Security
Trust Privacy
Data Consumers (DC)
9
Completed
Published
M. Lenzerini, “Data integration: A theoretical perspective,” in Proceedings of the 21st ACM SIGMOD-SIGACT-SIGART Symposium on Principles of Database Systems, 2002, pp. 233–246.
A. Calì, D. Calvanese, G. D. Giacomo, and M. Lenzerini, “Data integration under integrity constraints,” Adv. Inf. Syst. Eng., pp. 262–279, 2006.
C. Clifton, M. Kantarcioǧlu, A. Doan, G. Schadow, J. Vaidya, A. Elmagarmid, and D. Suciu, “Privacy-preserving data integration and sharing,” in Proceedings of the 9th ACM SIGMOD workshop on Research issues in data mining and knowledge discovery - DMKD ’04, 2004, p. 19.
K. Pasierb, T. Kajdanowicz, and P. Kazienko, “Privacy-preserving data mining, sharing and publishing,” J. Med. Informatics Technol., vol. 18, 2011.
M. Haddad, M.-S. Hacid, and R. Laurini, “Data Integration in Presence of Authorization Policies,” in 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications, 2012, pp. 92–99.
S. W. Van Den Braak, S. Choenni, R. Meijer, and A. Zuiderwijk, “Trusted third parties for secure and privacy-preserving data integration and sharing in the public sector,” in Proceedings of the 13th Annual International Conference on Digital Government Research - dg.o ’12, 2012, pp. 135 –144.
A. Morton and M. Sasse, “Privacy is a process, not a PET: a theory for effective privacy practice,” in Proceedings of the 2012 workshop on New security paradigms, 2012, pp. 87–104.
S. S. Bhowmick, L. Gruenwald, M. Iwaihara, and S. Chatvichienchai, “PRIVATE-IYE: A Framework for Privacy Preserving Data Integration,” in 22nd International Conference on Data Engineering Workshops (ICDEW’06), 2006, pp. 91–91.
11
Questions & Comments?Questions & Comments?
12