Michael mrissa c aise
Upcoming SlideShare
Loading in...5
×
 

Michael mrissa c aise

on

  • 238 views

 

Statistics

Views

Total Views
238
Views on SlideShare
196
Embed Views
42

Actions

Likes
0
Downloads
0
Comments
0

2 Embeds 42

http://www.pros.upv.es 41
http://pros.local 1

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Michael mrissa c aise Michael mrissa c aise Presentation Transcript

  • UMR 5205 Secure and Privacy-preserving execution model for Data Services Mahmoud Barhamgi, Djamal Benslimane, Said Oulmakhzoune, Nora Cuppens-Boulahia, Frederic Cuppens, Michael Mrissa, and Hajer Taktak CAiSE 2013 – Valencia, Spain
  • Context : the PAIRSE Project 2 PAIRSE Project Autonomous data sources are exported as Data Web Services Queries are resolved by service composition  Services = Parameterized RDF Views  RDF Query Rewriting Service-based Query Processing DB DB DB DB Sa SnSi Sb Modeling Services as RDF views over Domain Ontologies + Annotating the Service Descriptions with the Defined Views Ontologies Annotated WS descriptions Service Registry Composition Plan Generation RDF Query Rewriting Privacy-preserving Composition Execution Composition P2P Service Discovery Peer Structure Virtual Organization VO1 Virtual Organization VO2 Virtual Organization VO3 peer peer peer peer DHT DHT DHT m appings mappings mappings Hybrid P2P Network SPARQL Query Results Client Data Services Data Sources CAiSE conference, Valencia, Spain – 19/06/2013
  • Outline of the presentation Motivating example  Scenario from the PAIRSE project Challenges and existing solutions  Overview of our originality Proposed approach  Presentation of the model  RDF view rewriting  Privacy and security enforcement Composition and execution model Implementation Discussion and future work Lieu de la présentation - 17/11/2003 3
  • Motivating Example 4 Query: What are the names and dates of birth DoB of all patients admitted at the NetCare medical center Query issuer (data recipient): Alice, nurse at the Cardiology department Purpose: Medical treatment Services: S1($center, ?name, ?DoB) Query = S1(“NetCare”, ?name,?Dob) Security & privacy constraints: Nurses may be only allowed to access the information of patients from their own departments. Physicians may be only allowed to access the information of their own patients  Patients must be consented (e.g., Bob and Sue have different preferences about the disclosure of their ages). ….. CAiSE conference, Valencia, Spain – 19/06/2013
  • Challenges & Existing solutions 5 Challenge: Enable service providers to locally enforce their security and privacy policies without changing the implementation of their services Existing approaches: S&P constraints are handled at the DBMS level Queries are rewritten to include the different constraints before their execution by the DBMS May not be applicable to data services that access and manage DBMS-less data sources (XML files, silos of legacy applications, external Web services, etc) S&P constraints are handled at the application level Not always applicable: often services are provided as black boxes (e.g., by AquaLogic), Not advisable: often leads to privacy leaks CAiSE conference, Valencia, Spain – 19/06/2013
  • Proposed Approach Privacy-preserving service execution model 6 Model Overview RDF View & Contextual information Extraction RDF View Rewriting Service-based View Rewriting Privacy and Security Enforcement S Composition Si Security & Privacy Policies WSDL-S (Si) WSDL-S (Si) WSDL-S (Si) Refers to Service Consumer Si invocation request Privacy-sanitized response S Si S S Si’sConventional Invocation Service Registry Si’s RDF View, <Recipient, purpose> The Invocation Process of Si at the service provider side RDF View with S&P constraints Service description file WSDL CAiSE conference, Valencia, Spain – 19/06/2013
  • Presentation of the Model 7 Data Services are modeled as ‘‘Parameterized RDF Views’’ over domain ontologies. (a) (b) o:Patient P rdf:type o:hasDisease o:hasName ?y ?z o:hasDoB C o:admittedIn rdf:type $x o:name o:Center "Diabetes" PREFIX o:<http://hospital.fr/> S1($x,?y,?z):- ?C rdf:type o:Center ?C o:name ?x ?P rdf:type o:Patient ?P o:admittedIn ?C ?P o:hasName ?y ?P o:hasDoB ?z ?P o:hasDisease “Diabetes” CAiSE conference, Valencia, Spain – 19/06/2013
  • Presentation of the Model 8 Security and privacy policies: expressed in OrBAC and PrivOrBAC models over domain ontologies  Permission(org, r, a, d, c), Permission(org, r, p, a, d, c) Examples: SecRule-1= Permission(NetCare, Nurse, Read, o:hasName, SameDepartment), SecRule-2= Permission(NetCare, Nurse, Read, o:hasDoB, SameDepartment), SecRule-3= Permission(NetCare, Nurse, Read, o:hasDisease, SameDepartment), SameDepartment:- o:Patient(P), o:hasName(P,name), o:treatedIn(P,D), o:Department(D), o:employedIn(recipient,D), o:composedOf(NetCare,D) PrivRule-1= Permission(NetCare,Nurse,Medical_Treatment,Read,o:hasName,Consent), PrivRule-2= Permission(NetCare,Nurse,Medical_Treatment,Read,o:hasDoB,Consent), PrivRule-3= Permission(NetCare,Nurse,Medical_Treatment,Read,o:hasDisease,Consent), rdf:type Prp:Preferences p:hasPurpose p:hasRecipient T p:hasTarget p:hasDecision p:propertyName rdf:type p:Target o:PatientP rdf:type “Medical Treatment” “Nurse” “o:hasName” “Yes” p:hasPreferences PREFIX o:<http://hospital.fr/> PREFIX p:<http://privacypolicy.fr/> Consent:- ?P rdf:type o:Patient, ?P p:hasPreferences ?Pr, ?Pr rdf:type p:Preferences, ?Pr p:hasPurpose “Medical_Treatement”, ?Pr p:hasRecipient “Nurse”, ?Pr p:hasTarget ?T, ?T rdf:type p:Target, ?T p:propertyName “o:hasName”, ?T p:hasDecision “Yes” CAiSE conference, Valencia, Spain – 19/06/2013
  • RDF view rewriting to include S&P constraints 9 o:Patient P rdf:type o:hasDisease o:hasName ?y ?z o:hasD oB C o:admittedIn rdf:type $x o:name (a) rdf:type P1p:Preferences p:hasPurpose p:hasRecipient T1 p:hasTarget p:hasDecision p:propertyName "HealthCare" "Nurse" "hasName" ?w rdf:type P2p:Preferences p:hasPurpose p:hasRecipient T2 p:hasTarget p:hasDecision p:propertyName "HealthCare" "Nurse" "hasDoB" ?q rdf:type P3p:Preferences p:hasPurpose p:hasRecipient T3 p:hasTarget p:hasDecision p:propertyName "HealthCare" "Nurse" "dName" ?u rdf:type P4p:Preferences p:hasPurpose p:hasRecipient T4 p:hasTarget p:hasDecision p:propertyName "HealthCare" "Nurse" "hasDisease" ?r p:hasPreferences (c) o:Center rdf:type p:Target rdf:type p:Target rdf:type p:Target rdf:type p:Target Const1 = "Diabetes" D o:Department rdf:type o:dName Const2 = "cardiology" o:composedOf o:treatedIn o:Patient P rdf:type o:hasDisease o:hasName ?y ?z o:hasD oB C o:admittedInrdf:type $x o:name o:Center Const1 = "Diabetes" D o:Department rdf:type o:dName Const2 = "cardiology" o:composedOf o:treatedIn o:Patient P rdf:type o:hasDisease o:hasName ?y ?z o:hasD oB C o:admittedInrdf:type $x o:name o:Center Const1 = "Diabetes" (b) CAiSE conference, Valencia, Spain – 19/06/2013
  • RDF view rewriting in terms of data services 10 RDF query rewriting algorithm [Barhamgi et al, TSC 2010]: Available services: Vextended($x,?y,?z,?w,?q,?u,?r):- S1($x,?y,?z)$ ˄ const1="Diabetes" ˄ S2($y,?x,const2) ˄ const2="cardiology" ˄ S3($y,"HealthCare","Nurse","hasName",?w) ˄ S3($y,"HealthCare","Nurse","hasDoB",?q) ˄ S3($y,"HealthCare","Nurse","dName",?u) ˄ S3($y,"HealthCare","Nurse","hasDisease",?r) o:Patient P rdf:type o:hasName $a C rdf:type ?c o:name D o:Department rdf:type o:dName o:composedOf o:treatedIn o:Center ?b rdf:type Rp:Preferences p:hasPurpose p:hasRecipient T p:hasTarget p:hasDecision p:propertyName ?e rdf:type p:Target $d $c $b o:PatientP rdf:type o:hasName $a (a) (b)Service S2 Service S3 CAiSE conference, Valencia, Spain – 19/06/2013
  • Privacy & security enforcement 11 S1 Begin Composition Execution Plan S2 S3 (x, y, z, di) S3 S3 S3 Join Filter (x, y, z, di, dep) (x, y, z, di, w) (x, y, z, di, u) (x, y, z, di, q) (x, y, z, di, r) (x, y, z, di, dep, w, u, q, r) Select Select (x, y, z, di, dep, w, u, q, r) Project End(y, z) dep="Cardiology" di="Diabetes" Semantics of Filter operator For each tuple t  T For i = 1 to n /* n is the number of columns in T */ if const(t[i]) = true Then tp [i] = t[i] else tp [i] = null Discard all tuples that are null in all columns in Tp CAiSE conference, Valencia, Spain – 19/06/2013
  • Privacy-preserving composition execution model 12 y Bob John z 1940 Null The output of the Join operator The output of the Filter operator The output of Select(const2= "cardiology") The output of Project(y, z) t1 t2 t3 t4 t5 t1 t2 t3 t4 t5 t1 t2 t3 t1 t2 y Bob x John Sue Andy Stacy z 1940 1983 1977 1990 1980 w Yes Yes Yes Yes Yes u Yes q Yes YesNo YesYes NoYes YesYes r Yes Yes No Yes Yes cardiology cardiology cardiology cardiology Surgery NetCare NetCare NetCare NetCare NetCare Diabetes Diabetes Diabetes Diabetes Diabetes y Bob x John Sue Andy Stacy z 1940 Null 1977 1990 1980 w Yes Yes Yes Yes Yes u Yes q Yes YesNo YesYes NoYes YesYes r Yes Yes No Yes Yes cardiology cardiology cardiology Null Surgery NetCare NetCare NetCare NetCare NetCare Diabetes Diabetes Null Diabetes Diabetes y Bob x John Sue z 1940 Null 1977 w Yes const2 Yes Yes u Yes q Yes YesNo YesYes r Yes Yes No cardiology cardiology cardiology NetCare NetCare NetCare Diabetes Diabetes Null const1 const2const1 const2 The output of Select(const1= "Diabetes") t1 t2 y Bob x John z 1940 Null w Yes Yes u Yes q Yes YesNo r Yes Yes cardiology cardiology NetCare NetCare Diabetes Diabetes const1 const2const1 CAiSE conference, Valencia, Spain – 19/06/2013
  • Implementation 13 Model integrated into AXIS 2.0: AXIS 2.0 OUT Handler IN Handler Transport Sender AXIS Internal Processing OutFlow Transport Listner InFlow AXIS Internal Processing Service Consumer SOAP Message SOAP Message OUT Handler OUT Message Interception RDF View Extraction RDF View Modification RDF View Rewriting Composition Execution Results Filtering OUT Message Construction WSDL-S Files Privacy & Security Policies Privacy & Security Policies Privacy & Security Policies Privacy sanitized output message Composition CAiSE conference, Valencia, Spain – 19/06/2013
  • Conclusion and Future Work Privacy and security  Respects architectural constraints  Operates at the service host Several perspectives  Additional decoupling Develop a generic solution for any data concern? For any protection algorithm?  Aspect-oriented programming?  At the composition level How to compose services with protected data? 14CAiSE conference, Valencia, Spain – 19/06/2013
  • Thank You ! Questions, answers, discussion… Contact : michael.mrissa@liris.cnrs.fr CAiSE conference, Valencia, Spain – 19/06/2013 15