Abstract
Data Integration Systems (DIS) are concerned with integrating data from multiple data sources to resolve user queries. Typically, organisations providing data sources specify security policies that impose stringent requirements on the collection, processing, and disclosure of personal and sensitive data. If the security policies were not correctly enforced by the integration component of DIS, the data is exposed to data leakage threats, e.g. unauthorised disclosure or secondary use of the data. SecureDIS is a framework that helps system designers to mitigate data leakage threats during the early phases of DIS development. SecureDIS provides designers with a set of informal guidelines written in natural language to specify and enforce security policies that capture confidentiality, privacy, and trust properties. In this paper, we apply a formal approach to model a DIS with the SecureDIS security policies and verify the correctness and consistency of the model. The model can be used as a basis to perform security policies analysis or automatically generate a Java code to enforce those policies within DIS.
Highlights
With the advent of cloud computing and big data analysis, Data Integration Systems (DIS) regained popularity
SecureDIS provides designers with a set of informal guidelines written in natural language to specify and enforce security policies that capture confidentiality, privacy, and trust properties
The first step is to model the data consumer queries to different data sources and the Role-Based Access Control (RBAC) policy governing query execution granted to consumers
Summary
With the advent of cloud computing and big data analysis, Data Integration Systems (DIS) regained popularity. Organisations providing data sources specify the security policies that impose stringent requirements on the collection, processing, and disclosure of personal and sensitive data Integrating and enforcing these policies is the responsibility of the mediator during the execution of a query placed by a data consumer. The rest of the paper is organised as follows: Section 2 provides an overview on the SecureDIS framework and the requirements to specify and enforce security policies that mitigate data leakage threats. (c) The SecureDIS guidelines Each component of the DIS architecture is associated with a set of data leakage mitigation guidelines These guidelines represent the activities proposed to system designers, such as the use of security policies, encryption, and logging. SecureDIS suggests logging and analysing consumers’ queries at the data consumers component in order to identify possible secondary use threats
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
