Abstract
Data protection according to sensitivity and classification has become a mandatory security mechanism for safety- and security-critical organizations. There is however no consensus on how to implement data sensitivity and classification in existing big-data systems. An approach is proposed to express and compute data sensitivity and multidimensional data classification in fine granularity. The approach is based on a declarative logic programming language, which is able to separate security requirement definitions and deduction from implementation details. Expressing and validating the security rules can be done transparently, ignoring underlying technical migrations and infrastructure differences. It is therefore possible to use the same set of security rules among various big data systems. Compared to other logic-programming-based approach, the declarative nature also makes it preferable for modular development and system maintenance. Sensitivity specification is shown and security analysis including conflict detection and resolution is performed on the same platform. Several typical types of data classification have also been illustrated and analyzed. The approach is capable of expressing complex classification methods, including classification with multiple parameters, classification according to graph computation, and classification based on relations among multiple data objects. The logic programming-based method is shown to have more expressive power and better complexity performance than conventional methods.
Highlights
The Data Security Law has been published and is to take effect in September
The Data Security Law requires that data should be protected according to data sensitivity and classification, which is determined based on the harm of a potential data breach to national security, public interests, or legal rights of individuals or organizations
Control (MAC)-like security mechanisms, and multi-dimensional data classification types are used as alternatives to control data access in a less constrained way
Summary
The Data Security Law has been published and is to take effect in September. Control (MAC)-like security mechanisms, and multi-dimensional data classification types are used as alternatives to control data access in a less constrained way. The same data can be assigned several different types for use in different applications. Data sensitivity and classification configuration is often implemented using labels [1], because most big data applications already have a label system. Different applications use their own classification rules independently. After the data sensitivity and classification rules are defined, data protection mechanisms can be further deployed based on the results of Datalog programs, or even be defined within the same framework. If rules or data are changed frequently, query algorithms can be used to compute sensitivity and classification types for specific data objects on the fly
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: International Journal of Information and Communication Sciences
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
