Securing Data Warehouses: A Semi-automatic Approach for Inference Prevention at the Design Level

Securing Data Warehouses:A Semi-automatic Approach for Inference Prevention at the Design Level

Salah Triki

Hanene Ben-Abdallah (Mir@cl, University of Sfax)

Nouria Harbi, Omar Boussaid (ERIC, University of Lyon)

1

Outline

• Introduction

• Securing Data Warehouses

• An approach for assisting the design of

secure DW

• Conclusion

Introduction

• A data warehouse is a collection of data:– integrated– subject-oriented– nonvolatile– historized– available for querying and analysis

• A DW can be deployed in various domains: Commerce, Hospital ...

Introduction• Data warehouses contain:

– Sensitive data– Some personal/propriatary data

• Legal requirements:– HIPPA– GLBA– Safe Harbor– Sarbanes-Oxley

• Organizations must comply with these laws

Outline

6

• Introduction



secure DW

• Conclusion

Securing Data Warehouses

7

• The two levels of security :

– Design level

– Physical level


• At the design level

Security constraint

Security constraint

Entrepôt de données

• The types of inferences :

– Precise Inference

– Partial Inference

QueryNot

Authorized Data

AuthorizedData

• At the physical level


• Prevention of inferences at the physical level [Haibing and al. 2008, Cuzzocrea 2009, Zhang and al. 2011]

can induce : – high administrative costs – high maintenance.

• Prevention of inferences at the design level [Steger and al. 2000, Blanco and al. 2010] :

– do not take into account the potential inferences from the available data

– specific to a particular application domain.


Outline

• Introduction



secure DW

• Conclusion

• Assumptions :

– The data sources’ class diagram is available.

– The star schema is already designed.

– The star schema is mapped to the data sources’ class diagram.

An approach for assisting the design of secure DW

(1)

(2)

(3)

(4)

An approach for assisting the design of secure DW

SecurityDesigner

• Inferences Graph : a set of nodes connected by oriented arcs.

– The nodes represent the data :● Node colored in gray : sensitive data● Node colored in white : none sensitive data

– The arcs indicate the direction of inference :● Solid arc : precise inference● Dotted arc : partial inference

B C

A

Inferences graph construction

Inference rules 1/3

C1 C1

Inference rules 2/3

Inference rules 3/3

Types of inferences

• The automatic construction of the inferences graph does not indicate the type of inferences: partial or precise.

• The indication cannot be, unfortunately, deducted automatically.

• The security designer must distinguish partial inferences (drawn by dotted arcs).

Detection of new inferences

A

B C

D E

• Calculation of the transitive closure

Partial path Precise path

Enrichment of the star schema

A

B C

D E

Partial path Precise path

<<Partial Inference : D:A>>

<<Precise Inference : E:A>>

<<Sensitive Data >>

• Class diagram of the data sources

Example

• DW star schema

Example

Illness CriticalIllness

Example

IllnessCriticalIllness

Treatment Diagnostic Transfer

• Inferences graph

Example

• Inferences graph transitive closure

Example

•Inference type specification

Example

<< Partial Inference : Date : Illness>><< Partial Inference : Time : Illness>>

<< Sensitive Data >>

<<Partial Inference : Transfer :Critical Illness>>

Outline• Introduction



secure DW

• Conclusion

• An approach to produce a conceptual multidimensional model annotated with information for inference prevention:

– A graph of inferences based on the class diagram of data sources.

– The class diagram allows us to identify the elements to lead to precise/partial inferences.

• Studying how to transfer to the logical level the annotations defined at the design level.

Conclusion

Securing Data Warehouses: A Semi-automatic Approach for Inference Prevention at the Design Level

Technology

Transcript of Securing Data Warehouses: A Semi-automatic Approach for Inference Prevention at the Design Level