SlideShare a Scribd company logo

Securing Data Warehouses: A Semi-automatic Approach for Inference Prevention at the Design Level

S
Salah Triki

Data warehouses contain sensitive data that must be secured in two ways: by defining appropriate access rights to the users and by preventing potential data inferences. Inspired from development methods for information systems, the first way of securing a data warehouse has been treated in the literature during the early phases of the development cycle. However, despite the high risks of inferences, the second way is not sufficiently taken into account in the design phase; it is rather left to the administrator of the data warehouse. However, managing inferences during the exploitation phase may induce high maintenance costs and complex OLAP server administration. In this paper, we propose an approach that, starting from the conceptual model of the data sources, assists the designer of the data warehouse in indentifying multidimensional sensitive data and those that may be subject to inferences.

Technology
1 of 28
Download to read offline
Securing Data Warehouses: A Semi-automatic Approach for Inference Prevention at the Design Level Salah Triki Hanene Ben-Abdallah (Mir@cl, University of Sfax) Nouria Harbi, Omar Boussaid (ERIC, University of Lyon) 1
Outline • Introduction • Securing Data Warehouses • An approach for assisting the design of secure DW • Conclusion
Outline • Introduction • Securing Data Warehouses • An approach for assisting the design of secure DW • Conclusion
Introduction • A data warehouse is a collection of data: – integrated – subject-oriented – nonvolatile – historized – available for querying and analysis • A DW can be deployed in various domains: Commerce, Hospital ...
Introduction • Data warehouses contain: – Sensitive data – Some personal/propriatary data • Legal requirements: – HIPPA – GLBA – Safe Harbor – Sarbanes-Oxley • Organizations must comply with these laws
Outline 6 • Introduction • Securing Data Warehouses • An approach for assisting the design of secure DW • Conclusion
Securing Data Warehouses 7 • The two levels of security : – Design level – Physical level
Securing Data Warehouses • At the design level Security constraint Security constraint
Entrepôt de données • The types of inferences : – Precise Inference – Partial Inference Query Not Authorized Data Authorized Data • At the physical level Securing Data Warehouses
• Prevention of inferences at the physical level [Haibing and al. 2008, Cuzzocrea 2009, Zhang and al. 2011] can induce : – high administrative costs – high maintenance. • Prevention of inferences at the design level [Steger and al. 2000, Blanco and al. 2010] : – do not take into account the potential inferences from the available data – specific to a particular application domain. Securing Data Warehouses
Outline • Introduction • Securing Data Warehouses • An approach for assisting the design of secure DW • Conclusion
• Assumptions : – The data sources’ class diagram is available. – The star schema is already designed. – The star schema is mapped to the data sources’ class diagram. An approach for assisting the design of secure DW
(1) (2) (3) (4) An approach for assisting the design of secure DW Security Designer
• Inferences Graph : a set of nodes connected by oriented arcs. – The nodes represent the data : ● Node colored in gray : sensitive data ● Node colored in white : none sensitive data – The arcs indicate the direction of inference : ● Solid arc : precise inference ● Dotted arc : partial inference B C A Inferences graph construction
Inference rules 1/3 C1 C1
Inference rules 2/3
Inference rules 3/3
Types of inferences • The automatic construction of the inferences graph does not indicate the type of inferences: partial or precise. • The indication cannot be, unfortunately, deducted automatically. • The security designer must distinguish partial inferences (drawn by dotted arcs).
Detection of new inferences A B C D E • Calculation of the transitive closure Partial path Precise path
Enrichment of the star schema A B C D E Partial path Precise path <<Partial Inference : D:A>> <<Precise Inference : E:A>> <<Sensitive Data >>
• Class diagram of the data sources Example
• DW star schema Example Illness Critical Illness
Example Illness Critical Illness Treatment Diagnostic Transfer
• Inferences graph Example
• Inferences graph transitive closure Example
•Inference type specification Example << Partial Inference : Date : Illness>> << Partial Inference : Time : Illness>> << Sensitive Data >> <<Partial Inference : Transfer :Critical Illness>>
Outline • Introduction • Securing Data Warehouses • An approach for assisting the design of secure DW • Conclusion
• An approach to produce a conceptual multidimensional model annotated with information for inference prevention: – A graph of inferences based on the class diagram of data sources. – The class diagram allows us to identify the elements to lead to precise/partial inferences. • Studying how to transfer to the logical level the annotations defined at the design level. Conclusion

Recommended

Designing the business process dimensional model
Designing the business process dimensional modelDesigning the business process dimensional model
Designing the business process dimensional modelGersiton Pila Challco
 
Microsoft Data Warehouse Business Intelligence Lifecycle - The Kimball Approach
Microsoft Data Warehouse Business Intelligence Lifecycle - The Kimball ApproachMicrosoft Data Warehouse Business Intelligence Lifecycle - The Kimball Approach
Microsoft Data Warehouse Business Intelligence Lifecycle - The Kimball ApproachMark Ginnebaugh
 
Big Data Visualization
Big Data VisualizationBig Data Visualization
Big Data VisualizationRaffael Marty
 
seminar presentation
seminar presentationseminar presentation
seminar presentationShaantnu Anand
 
Visualization for Security
Visualization for SecurityVisualization for Security
Visualization for SecurityRaffael Marty
 
Scia Scaffolding
Scia ScaffoldingScia Scaffolding
Scia ScaffoldingRudi Vanmechelen ✉ SCIA
 
18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network SecurityKathirvel Ayyaswamy
 
20120709 cyber patterns2012
20120709 cyber patterns201220120709 cyber patterns2012
20120709 cyber patterns2012Aniketos EU FP7 Project
 

Recommended

Designing the business process dimensional model
Designing the business process dimensional modelDesigning the business process dimensional model
Designing the business process dimensional modelGersiton Pila Challco
 
Microsoft Data Warehouse Business Intelligence Lifecycle - The Kimball Approach
Microsoft Data Warehouse Business Intelligence Lifecycle - The Kimball ApproachMicrosoft Data Warehouse Business Intelligence Lifecycle - The Kimball Approach
Microsoft Data Warehouse Business Intelligence Lifecycle - The Kimball ApproachMark Ginnebaugh
 
Big Data Visualization
Big Data VisualizationBig Data Visualization
Big Data VisualizationRaffael Marty
 
seminar presentation
seminar presentationseminar presentation
seminar presentationShaantnu Anand
 
Visualization for Security
Visualization for SecurityVisualization for Security
Visualization for SecurityRaffael Marty
 
Scia Scaffolding
Scia ScaffoldingScia Scaffolding
Scia ScaffoldingRudi Vanmechelen ✉ SCIA
 
18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network SecurityKathirvel Ayyaswamy
 
20120709 cyber patterns2012
20120709 cyber patterns201220120709 cyber patterns2012
20120709 cyber patterns2012Aniketos EU FP7 Project
 
Secure Coding Practices for Middleware
Secure Coding Practices for MiddlewareSecure Coding Practices for Middleware
Secure Coding Practices for MiddlewareManuel Brugnoli
 
Overview of data programming: easing the bottleneck of supervised machine lea...
Overview of data programming: easing the bottleneck of supervised machine lea...Overview of data programming: easing the bottleneck of supervised machine lea...
Overview of data programming: easing the bottleneck of supervised machine lea...datalab-vietnam
 
OWASP
OWASPOWASP
OWASPPen Testeronyguy
 
Anomaly detection (Unsupervised Learning) in Machine Learning
Anomaly detection (Unsupervised Learning) in Machine LearningAnomaly detection (Unsupervised Learning) in Machine Learning
Anomaly detection (Unsupervised Learning) in Machine LearningKuppusamy P
 
Archive enabling tagging using progressive barcodes
Archive enabling tagging using progressive barcodesArchive enabling tagging using progressive barcodes
Archive enabling tagging using progressive barcodesMarie Vans
 
lecture1.ppt
lecture1.pptlecture1.ppt
lecture1.pptbayhehua
 
Secure and Privacy-Preserving Big-Data Processing
Secure and Privacy-Preserving Big-Data ProcessingSecure and Privacy-Preserving Big-Data Processing
Secure and Privacy-Preserving Big-Data ProcessingShantanu Sharma
 
Azure Digital Twins
Azure Digital TwinsAzure Digital Twins
Azure Digital TwinsMarco Parenzan
 
Outlier analysis for Temporal Datasets
Outlier analysis for Temporal DatasetsOutlier analysis for Temporal Datasets
Outlier analysis for Temporal DatasetsQuantUniversity
 
Cloud last
Cloud lastCloud last
Cloud lastAnmitas1
 
Attaining data security in cloud computing
Attaining data security in cloud computingAttaining data security in cloud computing
Attaining data security in cloud computingGopinath Muthusamy
 
security Issues of cloud computing
security Issues of cloud computingsecurity Issues of cloud computing
security Issues of cloud computingprachupanchal
 
Supporting Data-Rich Research on Many Fronts
Supporting Data-Rich Research on Many FrontsSupporting Data-Rich Research on Many Fronts
Supporting Data-Rich Research on Many FrontsJohn Kunze
 
State of Florida Neo4j Graph Briefing - Cyber IAM
State of Florida Neo4j Graph Briefing - Cyber IAMState of Florida Neo4j Graph Briefing - Cyber IAM
State of Florida Neo4j Graph Briefing - Cyber IAMNeo4j
 
REASSURE Robust and Efficient Approaches to Evaluating Side Channel and Fault...
REASSURE Robust and Efficient Approaches to Evaluating Side Channel and Fault...REASSURE Robust and Efficient Approaches to Evaluating Side Channel and Fault...
REASSURE Robust and Efficient Approaches to Evaluating Side Channel and Fault...Agence du Numérique (AdN)
 
Computer Hardware | 3B
Computer Hardware | 3BComputer Hardware | 3B
Computer Hardware | 3BCMDLMS
 
Computer Hardware - Lecture B
Computer Hardware - Lecture BComputer Hardware - Lecture B
Computer Hardware - Lecture BCMDLearning
 
Building Your Application Security Data Hub - OWASP AppSecUSA
Building Your Application Security Data Hub - OWASP AppSecUSABuilding Your Application Security Data Hub - OWASP AppSecUSA
Building Your Application Security Data Hub - OWASP AppSecUSADenim Group
 
Big Data Day LA 2015 - Scalable and High-Performance Analytics with Distribut...
Big Data Day LA 2015 - Scalable and High-Performance Analytics with Distribut...Big Data Day LA 2015 - Scalable and High-Performance Analytics with Distribut...
Big Data Day LA 2015 - Scalable and High-Performance Analytics with Distribut...Data Con LA
 
High-Volume Data Collection and Real Time Analytics Using Redis
High-Volume Data Collection and Real Time Analytics Using RedisHigh-Volume Data Collection and Real Time Analytics Using Redis
High-Volume Data Collection and Real Time Analytics Using Rediscacois
 
Système de fichiers simple
Système de fichiers simpleSystème de fichiers simple
Système de fichiers simpleSalah Triki
 
Multiplexage du CPU
Multiplexage du CPUMultiplexage du CPU
Multiplexage du CPUSalah Triki
 

More Related Content

Similar to Securing Data Warehouses: A Semi-automatic Approach for Inference Prevention at the Design Level

Secure Coding Practices for Middleware
Secure Coding Practices for MiddlewareSecure Coding Practices for Middleware
Secure Coding Practices for MiddlewareManuel Brugnoli
 
Overview of data programming: easing the bottleneck of supervised machine lea...
Overview of data programming: easing the bottleneck of supervised machine lea...Overview of data programming: easing the bottleneck of supervised machine lea...
Overview of data programming: easing the bottleneck of supervised machine lea...datalab-vietnam
 
Anomaly detection (Unsupervised Learning) in Machine Learning
Anomaly detection (Unsupervised Learning) in Machine LearningAnomaly detection (Unsupervised Learning) in Machine Learning
Anomaly detection (Unsupervised Learning) in Machine LearningKuppusamy P
 
Archive enabling tagging using progressive barcodes
Archive enabling tagging using progressive barcodesArchive enabling tagging using progressive barcodes
Archive enabling tagging using progressive barcodesMarie Vans
 
lecture1.ppt
lecture1.pptlecture1.ppt
lecture1.pptbayhehua
 
Secure and Privacy-Preserving Big-Data Processing
Secure and Privacy-Preserving Big-Data ProcessingSecure and Privacy-Preserving Big-Data Processing
Secure and Privacy-Preserving Big-Data ProcessingShantanu Sharma
 
Outlier analysis for Temporal Datasets
Outlier analysis for Temporal DatasetsOutlier analysis for Temporal Datasets
Outlier analysis for Temporal DatasetsQuantUniversity
 
Cloud last
Cloud lastCloud last
Cloud lastAnmitas1
 
Attaining data security in cloud computing
Attaining data security in cloud computingAttaining data security in cloud computing
Attaining data security in cloud computingGopinath Muthusamy
 
security Issues of cloud computing
security Issues of cloud computingsecurity Issues of cloud computing
security Issues of cloud computingprachupanchal
 
Supporting Data-Rich Research on Many Fronts
Supporting Data-Rich Research on Many FrontsSupporting Data-Rich Research on Many Fronts
Supporting Data-Rich Research on Many FrontsJohn Kunze
 
State of Florida Neo4j Graph Briefing - Cyber IAM
State of Florida Neo4j Graph Briefing - Cyber IAMState of Florida Neo4j Graph Briefing - Cyber IAM
State of Florida Neo4j Graph Briefing - Cyber IAMNeo4j
 
REASSURE Robust and Efficient Approaches to Evaluating Side Channel and Fault...
REASSURE Robust and Efficient Approaches to Evaluating Side Channel and Fault...REASSURE Robust and Efficient Approaches to Evaluating Side Channel and Fault...
REASSURE Robust and Efficient Approaches to Evaluating Side Channel and Fault...Agence du Numérique (AdN)
 
Computer Hardware | 3B
Computer Hardware | 3BComputer Hardware | 3B
Computer Hardware | 3BCMDLMS
 
Computer Hardware - Lecture B
Computer Hardware - Lecture BComputer Hardware - Lecture B
Computer Hardware - Lecture BCMDLearning
 
Building Your Application Security Data Hub - OWASP AppSecUSA
Building Your Application Security Data Hub - OWASP AppSecUSABuilding Your Application Security Data Hub - OWASP AppSecUSA
Building Your Application Security Data Hub - OWASP AppSecUSADenim Group
 
Big Data Day LA 2015 - Scalable and High-Performance Analytics with Distribut...
Big Data Day LA 2015 - Scalable and High-Performance Analytics with Distribut...Big Data Day LA 2015 - Scalable and High-Performance Analytics with Distribut...
Big Data Day LA 2015 - Scalable and High-Performance Analytics with Distribut...Data Con LA
 
High-Volume Data Collection and Real Time Analytics Using Redis
High-Volume Data Collection and Real Time Analytics Using RedisHigh-Volume Data Collection and Real Time Analytics Using Redis
High-Volume Data Collection and Real Time Analytics Using Rediscacois
 

Similar to Securing Data Warehouses: A Semi-automatic Approach for Inference Prevention at the Design Level (20)

Secure Coding Practices for Middleware
Secure Coding Practices for MiddlewareSecure Coding Practices for Middleware
Secure Coding Practices for Middleware
 
Overview of data programming: easing the bottleneck of supervised machine lea...
Overview of data programming: easing the bottleneck of supervised machine lea...Overview of data programming: easing the bottleneck of supervised machine lea...
Overview of data programming: easing the bottleneck of supervised machine lea...
 
OWASP
OWASPOWASP
OWASP
 
Anomaly detection (Unsupervised Learning) in Machine Learning
Anomaly detection (Unsupervised Learning) in Machine LearningAnomaly detection (Unsupervised Learning) in Machine Learning
Anomaly detection (Unsupervised Learning) in Machine Learning
 
Archive enabling tagging using progressive barcodes
Archive enabling tagging using progressive barcodesArchive enabling tagging using progressive barcodes
Archive enabling tagging using progressive barcodes
 
lecture1.ppt
lecture1.pptlecture1.ppt
lecture1.ppt
 
Secure and Privacy-Preserving Big-Data Processing
Secure and Privacy-Preserving Big-Data ProcessingSecure and Privacy-Preserving Big-Data Processing
Secure and Privacy-Preserving Big-Data Processing
 
Azure Digital Twins
Azure Digital TwinsAzure Digital Twins
Azure Digital Twins
 
Outlier analysis for Temporal Datasets
Outlier analysis for Temporal DatasetsOutlier analysis for Temporal Datasets
Outlier analysis for Temporal Datasets
 
Cloud last
Cloud lastCloud last
Cloud last
 
Attaining data security in cloud computing
Attaining data security in cloud computingAttaining data security in cloud computing
Attaining data security in cloud computing
 
security Issues of cloud computing
security Issues of cloud computingsecurity Issues of cloud computing
security Issues of cloud computing
 
Supporting Data-Rich Research on Many Fronts
Supporting Data-Rich Research on Many FrontsSupporting Data-Rich Research on Many Fronts
Supporting Data-Rich Research on Many Fronts
 
State of Florida Neo4j Graph Briefing - Cyber IAM
State of Florida Neo4j Graph Briefing - Cyber IAMState of Florida Neo4j Graph Briefing - Cyber IAM
State of Florida Neo4j Graph Briefing - Cyber IAM
 
REASSURE Robust and Efficient Approaches to Evaluating Side Channel and Fault...
REASSURE Robust and Efficient Approaches to Evaluating Side Channel and Fault...REASSURE Robust and Efficient Approaches to Evaluating Side Channel and Fault...
REASSURE Robust and Efficient Approaches to Evaluating Side Channel and Fault...
 
Computer Hardware | 3B
Computer Hardware | 3BComputer Hardware | 3B
Computer Hardware | 3B
 
Computer Hardware - Lecture B
Computer Hardware - Lecture BComputer Hardware - Lecture B
Computer Hardware - Lecture B
 
Building Your Application Security Data Hub - OWASP AppSecUSA
Building Your Application Security Data Hub - OWASP AppSecUSABuilding Your Application Security Data Hub - OWASP AppSecUSA
Building Your Application Security Data Hub - OWASP AppSecUSA
 
Big Data Day LA 2015 - Scalable and High-Performance Analytics with Distribut...
Big Data Day LA 2015 - Scalable and High-Performance Analytics with Distribut...Big Data Day LA 2015 - Scalable and High-Performance Analytics with Distribut...
Big Data Day LA 2015 - Scalable and High-Performance Analytics with Distribut...
 
High-Volume Data Collection and Real Time Analytics Using Redis
High-Volume Data Collection and Real Time Analytics Using RedisHigh-Volume Data Collection and Real Time Analytics Using Redis
High-Volume Data Collection and Real Time Analytics Using Redis
 

More from Salah Triki

Système de fichiers simple
Système de fichiers simpleSystème de fichiers simple
Système de fichiers simpleSalah Triki
 
Multiplexage du CPU
Multiplexage du CPUMultiplexage du CPU
Multiplexage du CPUSalah Triki
 
Projet Développement d'applications sécurisées
Projet Développement d'applications sécuriséesProjet Développement d'applications sécurisées
Projet Développement d'applications sécuriséesSalah Triki
 
Développement d'applications sécurisées [Partie 2]
Développement d'applications sécurisées [Partie 2]Développement d'applications sécurisées [Partie 2]
Développement d'applications sécurisées [Partie 2]Salah Triki
 
Arrangement de la mémoire
Arrangement de la mémoireArrangement de la mémoire
Arrangement de la mémoireSalah Triki
 
Développement d'applications sécurisées [Partie 1]
Développement d'applications sécurisées [Partie 1]Développement d'applications sécurisées [Partie 1]
Développement d'applications sécurisées [Partie 1]Salah Triki
 
Principe de fonctionnement de l'ordinateur
Principe de fonctionnement de l'ordinateurPrincipe de fonctionnement de l'ordinateur
Principe de fonctionnement de l'ordinateurSalah Triki
 
Les appels système
Les appels systèmeLes appels système
Les appels systèmeSalah Triki
 
Gestion de la mémoire
Gestion de la mémoireGestion de la mémoire
Gestion de la mémoireSalah Triki
 
Cours systèmes d'exploitation 2
Cours systèmes d'exploitation 2Cours systèmes d'exploitation 2
Cours systèmes d'exploitation 2Salah Triki
 
MIRADOC 2010 - MIRACL Lab. : Etat d'avancement des travaux de thèse
MIRADOC 2010 - MIRACL Lab. : Etat d'avancement des travaux de thèseMIRADOC 2010 - MIRACL Lab. : Etat d'avancement des travaux de thèse
MIRADOC 2010 - MIRACL Lab. : Etat d'avancement des travaux de thèseSalah Triki
 
Vers une approche de sécurisation des entrepôts de données en utilisant les r...
Vers une approche de sécurisation des entrepôts de données en utilisant les r...Vers une approche de sécurisation des entrepôts de données en utilisant les r...
Vers une approche de sécurisation des entrepôts de données en utilisant les r...Salah Triki
 
Sécurisation des entrepôts de données : Etat de l’art et proposition
Sécurisation des entrepôts de données : Etat de l’art et proposition Sécurisation des entrepôts de données : Etat de l’art et proposition
Sécurisation des entrepôts de données : Etat de l’art et proposition Salah Triki
 

More from Salah Triki (14)

Système de fichiers simple
Système de fichiers simpleSystème de fichiers simple
Système de fichiers simple
 
Multiplexage du CPU
Multiplexage du CPUMultiplexage du CPU
Multiplexage du CPU
 
Projet Développement d'applications sécurisées
Projet Développement d'applications sécuriséesProjet Développement d'applications sécurisées
Projet Développement d'applications sécurisées
 
Développement d'applications sécurisées [Partie 2]
Développement d'applications sécurisées [Partie 2]Développement d'applications sécurisées [Partie 2]
Développement d'applications sécurisées [Partie 2]
 
Arrangement de la mémoire
Arrangement de la mémoireArrangement de la mémoire
Arrangement de la mémoire
 
Développement d'applications sécurisées [Partie 1]
Développement d'applications sécurisées [Partie 1]Développement d'applications sécurisées [Partie 1]
Développement d'applications sécurisées [Partie 1]
 
Principe de fonctionnement de l'ordinateur
Principe de fonctionnement de l'ordinateurPrincipe de fonctionnement de l'ordinateur
Principe de fonctionnement de l'ordinateur
 
Les appels système
Les appels systèmeLes appels système
Les appels système
 
Gestion de la mémoire
Gestion de la mémoireGestion de la mémoire
Gestion de la mémoire
 
DMA
DMADMA
DMA
 
Cours systèmes d'exploitation 2
Cours systèmes d'exploitation 2Cours systèmes d'exploitation 2
Cours systèmes d'exploitation 2
 
MIRADOC 2010 - MIRACL Lab. : Etat d'avancement des travaux de thèse
MIRADOC 2010 - MIRACL Lab. : Etat d'avancement des travaux de thèseMIRADOC 2010 - MIRACL Lab. : Etat d'avancement des travaux de thèse
MIRADOC 2010 - MIRACL Lab. : Etat d'avancement des travaux de thèse
 
Vers une approche de sécurisation des entrepôts de données en utilisant les r...
Vers une approche de sécurisation des entrepôts de données en utilisant les r...Vers une approche de sécurisation des entrepôts de données en utilisant les r...
Vers une approche de sécurisation des entrepôts de données en utilisant les r...
 
Sécurisation des entrepôts de données : Etat de l’art et proposition
Sécurisation des entrepôts de données : Etat de l’art et proposition Sécurisation des entrepôts de données : Etat de l’art et proposition
Sécurisation des entrepôts de données : Etat de l’art et proposition
 

Recently uploaded

Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 

Recently uploaded (20)

Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 

Securing Data Warehouses: A Semi-automatic Approach for Inference Prevention at the Design Level

  • 1. Securing Data Warehouses: A Semi-automatic Approach for Inference Prevention at the Design Level Salah Triki Hanene Ben-Abdallah (Mir@cl, University of Sfax) Nouria Harbi, Omar Boussaid (ERIC, University of Lyon) 1
  • 2. Outline • Introduction • Securing Data Warehouses • An approach for assisting the design of secure DW • Conclusion
  • 3. Outline • Introduction • Securing Data Warehouses • An approach for assisting the design of secure DW • Conclusion
  • 4. Introduction • A data warehouse is a collection of data: – integrated – subject-oriented – nonvolatile – historized – available for querying and analysis • A DW can be deployed in various domains: Commerce, Hospital ...
  • 5. Introduction • Data warehouses contain: – Sensitive data – Some personal/propriatary data • Legal requirements: – HIPPA – GLBA – Safe Harbor – Sarbanes-Oxley • Organizations must comply with these laws
  • 6. Outline 6 • Introduction • Securing Data Warehouses • An approach for assisting the design of secure DW • Conclusion
  • 7. Securing Data Warehouses 7 • The two levels of security : – Design level – Physical level
  • 8. Securing Data Warehouses • At the design level Security constraint Security constraint
  • 9. Entrepôt de données • The types of inferences : – Precise Inference – Partial Inference Query Not Authorized Data Authorized Data • At the physical level Securing Data Warehouses
  • 10. • Prevention of inferences at the physical level [Haibing and al. 2008, Cuzzocrea 2009, Zhang and al. 2011] can induce : – high administrative costs – high maintenance. • Prevention of inferences at the design level [Steger and al. 2000, Blanco and al. 2010] : – do not take into account the potential inferences from the available data – specific to a particular application domain. Securing Data Warehouses
  • 11. Outline • Introduction • Securing Data Warehouses • An approach for assisting the design of secure DW • Conclusion
  • 12. • Assumptions : – The data sources’ class diagram is available. – The star schema is already designed. – The star schema is mapped to the data sources’ class diagram. An approach for assisting the design of secure DW
  • 13. (1) (2) (3) (4) An approach for assisting the design of secure DW Security Designer
  • 14. • Inferences Graph : a set of nodes connected by oriented arcs. – The nodes represent the data : ● Node colored in gray : sensitive data ● Node colored in white : none sensitive data – The arcs indicate the direction of inference : ● Solid arc : precise inference ● Dotted arc : partial inference B C A Inferences graph construction
  • 18. Types of inferences • The automatic construction of the inferences graph does not indicate the type of inferences: partial or precise. • The indication cannot be, unfortunately, deducted automatically. • The security designer must distinguish partial inferences (drawn by dotted arcs).
  • 19. Detection of new inferences A B C D E • Calculation of the transitive closure Partial path Precise path
  • 20. Enrichment of the star schema A B C D E Partial path Precise path <<Partial Inference : D:A>> <<Precise Inference : E:A>> <<Sensitive Data >>
  • 21. • Class diagram of the data sources Example
  • 22. • DW star schema Example Illness Critical Illness
  • 25. • Inferences graph transitive closure Example
  • 26. •Inference type specification Example << Partial Inference : Date : Illness>> << Partial Inference : Time : Illness>> << Sensitive Data >> <<Partial Inference : Transfer :Critical Illness>>
  • 27. Outline • Introduction • Securing Data Warehouses • An approach for assisting the design of secure DW • Conclusion
  • 28. • An approach to produce a conceptual multidimensional model annotated with information for inference prevention: – A graph of inferences based on the class diagram of data sources. – The class diagram allows us to identify the elements to lead to precise/partial inferences. • Studying how to transfer to the logical level the annotations defined at the design level. Conclusion