SlideShare a Scribd company logo

Securing Data Warehouses: A Semi-automatic Approach for Inference Prevention at the Design Level

S
Salah Triki

Data warehouses contain sensitive data that must be secured in two ways: by defining appropriate access rights to the users and by preventing potential data inferences. Inspired from development methods for information systems, the first way of securing a data warehouse has been treated in the literature during the early phases of the development cycle. However, despite the high risks of inferences, the second way is not sufficiently taken into account in the design phase; it is rather left to the administrator of the data warehouse. However, managing inferences during the exploitation phase may induce high maintenance costs and complex OLAP server administration. In this paper, we propose an approach that, starting from the conceptual model of the data sources, assists the designer of the data warehouse in indentifying multidimensional sensitive data and those that may be subject to inferences.

Technology
1 of 28
Download to read offline
Securing Data Warehouses: A Semi-automatic Approach for Inference Prevention at the Design Level Salah Triki Hanene Ben-Abdallah (Mir@cl, University of Sfax) Nouria Harbi, Omar Boussaid (ERIC, University of Lyon) 1
Outline • Introduction • Securing Data Warehouses • An approach for assisting the design of secure DW • Conclusion
Outline • Introduction • Securing Data Warehouses • An approach for assisting the design of secure DW • Conclusion
Introduction • A data warehouse is a collection of data: – integrated – subject-oriented – nonvolatile – historized – available for querying and analysis • A DW can be deployed in various domains: Commerce, Hospital ...
Introduction • Data warehouses contain: – Sensitive data – Some personal/propriatary data • Legal requirements: – HIPPA – GLBA – Safe Harbor – Sarbanes-Oxley • Organizations must comply with these laws
Outline 6 • Introduction • Securing Data Warehouses • An approach for assisting the design of secure DW • Conclusion
Securing Data Warehouses 7 • The two levels of security : – Design level – Physical level
Securing Data Warehouses • At the design level Security constraint Security constraint
Entrepôt de données • The types of inferences : – Precise Inference – Partial Inference Query Not Authorized Data Authorized Data • At the physical level Securing Data Warehouses
• Prevention of inferences at the physical level [Haibing and al. 2008, Cuzzocrea 2009, Zhang and al. 2011] can induce : – high administrative costs – high maintenance. • Prevention of inferences at the design level [Steger and al. 2000, Blanco and al. 2010] : – do not take into account the potential inferences from the available data – specific to a particular application domain. Securing Data Warehouses
Outline • Introduction • Securing Data Warehouses • An approach for assisting the design of secure DW • Conclusion
• Assumptions : – The data sources’ class diagram is available. – The star schema is already designed. – The star schema is mapped to the data sources’ class diagram. An approach for assisting the design of secure DW
(1) (2) (3) (4) An approach for assisting the design of secure DW Security Designer
• Inferences Graph : a set of nodes connected by oriented arcs. – The nodes represent the data : ● Node colored in gray : sensitive data ● Node colored in white : none sensitive data – The arcs indicate the direction of inference : ● Solid arc : precise inference ● Dotted arc : partial inference B C A Inferences graph construction
Inference rules 1/3 C1 C1
Inference rules 2/3
Inference rules 3/3
Types of inferences • The automatic construction of the inferences graph does not indicate the type of inferences: partial or precise. • The indication cannot be, unfortunately, deducted automatically. • The security designer must distinguish partial inferences (drawn by dotted arcs).
Detection of new inferences A B C D E • Calculation of the transitive closure Partial path Precise path
Enrichment of the star schema A B C D E Partial path Precise path <<Partial Inference : D:A>> <<Precise Inference : E:A>> <<Sensitive Data >>
• Class diagram of the data sources Example
• DW star schema Example Illness Critical Illness
Example Illness Critical Illness Treatment Diagnostic Transfer
• Inferences graph Example
• Inferences graph transitive closure Example
•Inference type specification Example << Partial Inference : Date : Illness>> << Partial Inference : Time : Illness>> << Sensitive Data >> <<Partial Inference : Transfer :Critical Illness>>
Outline • Introduction • Securing Data Warehouses • An approach for assisting the design of secure DW • Conclusion
• An approach to produce a conceptual multidimensional model annotated with information for inference prevention: – A graph of inferences based on the class diagram of data sources. – The class diagram allows us to identify the elements to lead to precise/partial inferences. • Studying how to transfer to the logical level the annotations defined at the design level. Conclusion

Recommended

Designing the business process dimensional model
Designing the business process dimensional modelDesigning the business process dimensional model
Designing the business process dimensional modelGersiton Pila Challco
 
Microsoft Data Warehouse Business Intelligence Lifecycle - The Kimball Approach
Microsoft Data Warehouse Business Intelligence Lifecycle - The Kimball ApproachMicrosoft Data Warehouse Business Intelligence Lifecycle - The Kimball Approach
Microsoft Data Warehouse Business Intelligence Lifecycle - The Kimball ApproachMark Ginnebaugh
 
Big Data Visualization
Big Data VisualizationBig Data Visualization
Big Data VisualizationRaffael Marty
 
seminar presentation
seminar presentationseminar presentation
seminar presentationShaantnu Anand
 
Visualization for Security
Visualization for SecurityVisualization for Security
Visualization for SecurityRaffael Marty
 
Scia Scaffolding
Scia ScaffoldingScia Scaffolding
Scia ScaffoldingRudi Vanmechelen ✉ SCIA
 
18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network SecurityKathirvel Ayyaswamy
 
20120709 cyber patterns2012
20120709 cyber patterns201220120709 cyber patterns2012
20120709 cyber patterns2012Aniketos EU FP7 Project
 

Recommended

Designing the business process dimensional model
Designing the business process dimensional modelDesigning the business process dimensional model
Designing the business process dimensional modelGersiton Pila Challco
 
Microsoft Data Warehouse Business Intelligence Lifecycle - The Kimball Approach
Microsoft Data Warehouse Business Intelligence Lifecycle - The Kimball ApproachMicrosoft Data Warehouse Business Intelligence Lifecycle - The Kimball Approach
Microsoft Data Warehouse Business Intelligence Lifecycle - The Kimball ApproachMark Ginnebaugh
 
Big Data Visualization
Big Data VisualizationBig Data Visualization
Big Data VisualizationRaffael Marty
 
seminar presentation
seminar presentationseminar presentation
seminar presentationShaantnu Anand
 
Visualization for Security
Visualization for SecurityVisualization for Security
Visualization for SecurityRaffael Marty
 
Scia Scaffolding
Scia ScaffoldingScia Scaffolding
Scia ScaffoldingRudi Vanmechelen ✉ SCIA
 
18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network SecurityKathirvel Ayyaswamy
 
20120709 cyber patterns2012
20120709 cyber patterns201220120709 cyber patterns2012
20120709 cyber patterns2012Aniketos EU FP7 Project
 
Secure Coding Practices for Middleware
Secure Coding Practices for MiddlewareSecure Coding Practices for Middleware
Secure Coding Practices for MiddlewareManuel Brugnoli
 
Overview of data programming: easing the bottleneck of supervised machine lea...
Overview of data programming: easing the bottleneck of supervised machine lea...Overview of data programming: easing the bottleneck of supervised machine lea...
Overview of data programming: easing the bottleneck of supervised machine lea...datalab-vietnam
 
OWASP
OWASPOWASP
OWASPPen Testeronyguy
 
Anomaly detection (Unsupervised Learning) in Machine Learning
Anomaly detection (Unsupervised Learning) in Machine LearningAnomaly detection (Unsupervised Learning) in Machine Learning
Anomaly detection (Unsupervised Learning) in Machine LearningKuppusamy P
 
Archive enabling tagging using progressive barcodes
Archive enabling tagging using progressive barcodesArchive enabling tagging using progressive barcodes
Archive enabling tagging using progressive barcodesMarie Vans
 
lecture1.ppt
lecture1.pptlecture1.ppt
lecture1.pptbayhehua
 
Secure and Privacy-Preserving Big-Data Processing
Secure and Privacy-Preserving Big-Data ProcessingSecure and Privacy-Preserving Big-Data Processing
Secure and Privacy-Preserving Big-Data ProcessingShantanu Sharma
 
Azure Digital Twins
Azure Digital TwinsAzure Digital Twins
Azure Digital TwinsMarco Parenzan
 
Outlier analysis for Temporal Datasets
Outlier analysis for Temporal DatasetsOutlier analysis for Temporal Datasets
Outlier analysis for Temporal DatasetsQuantUniversity
 
Cloud last
Cloud lastCloud last
Cloud lastAnmitas1
 
Attaining data security in cloud computing
Attaining data security in cloud computingAttaining data security in cloud computing
Attaining data security in cloud computingGopinath Muthusamy
 
security Issues of cloud computing
security Issues of cloud computingsecurity Issues of cloud computing
security Issues of cloud computingprachupanchal
 
Supporting Data-Rich Research on Many Fronts
Supporting Data-Rich Research on Many FrontsSupporting Data-Rich Research on Many Fronts
Supporting Data-Rich Research on Many FrontsJohn Kunze
 
State of Florida Neo4j Graph Briefing - Cyber IAM
State of Florida Neo4j Graph Briefing - Cyber IAMState of Florida Neo4j Graph Briefing - Cyber IAM
State of Florida Neo4j Graph Briefing - Cyber IAMNeo4j
 
REASSURE Robust and Efficient Approaches to Evaluating Side Channel and Fault...
REASSURE Robust and Efficient Approaches to Evaluating Side Channel and Fault...REASSURE Robust and Efficient Approaches to Evaluating Side Channel and Fault...
REASSURE Robust and Efficient Approaches to Evaluating Side Channel and Fault...Agence du Numérique (AdN)
 
Computer Hardware | 3B
Computer Hardware | 3BComputer Hardware | 3B
Computer Hardware | 3BCMDLMS
 
Computer Hardware - Lecture B
Computer Hardware - Lecture BComputer Hardware - Lecture B
Computer Hardware - Lecture BCMDLearning
 
Building Your Application Security Data Hub - OWASP AppSecUSA
Building Your Application Security Data Hub - OWASP AppSecUSABuilding Your Application Security Data Hub - OWASP AppSecUSA
Building Your Application Security Data Hub - OWASP AppSecUSADenim Group
 
Big Data Day LA 2015 - Scalable and High-Performance Analytics with Distribut...
Big Data Day LA 2015 - Scalable and High-Performance Analytics with Distribut...Big Data Day LA 2015 - Scalable and High-Performance Analytics with Distribut...
Big Data Day LA 2015 - Scalable and High-Performance Analytics with Distribut...Data Con LA
 
High-Volume Data Collection and Real Time Analytics Using Redis
High-Volume Data Collection and Real Time Analytics Using RedisHigh-Volume Data Collection and Real Time Analytics Using Redis
High-Volume Data Collection and Real Time Analytics Using Rediscacois
 
Système de fichiers simple
Système de fichiers simpleSystème de fichiers simple
Système de fichiers simpleSalah Triki
 
Multiplexage du CPU
Multiplexage du CPUMultiplexage du CPU
Multiplexage du CPUSalah Triki
 

More Related Content

Similar to Securing Data Warehouses: A Semi-automatic Approach for Inference Prevention at the Design Level

Secure Coding Practices for Middleware
Secure Coding Practices for MiddlewareSecure Coding Practices for Middleware
Secure Coding Practices for MiddlewareManuel Brugnoli
 
Overview of data programming: easing the bottleneck of supervised machine lea...
Overview of data programming: easing the bottleneck of supervised machine lea...Overview of data programming: easing the bottleneck of supervised machine lea...
Overview of data programming: easing the bottleneck of supervised machine lea...datalab-vietnam
 
Anomaly detection (Unsupervised Learning) in Machine Learning
Anomaly detection (Unsupervised Learning) in Machine LearningAnomaly detection (Unsupervised Learning) in Machine Learning
Anomaly detection (Unsupervised Learning) in Machine LearningKuppusamy P
 
Archive enabling tagging using progressive barcodes
Archive enabling tagging using progressive barcodesArchive enabling tagging using progressive barcodes
Archive enabling tagging using progressive barcodesMarie Vans
 
lecture1.ppt
lecture1.pptlecture1.ppt
lecture1.pptbayhehua
 
Secure and Privacy-Preserving Big-Data Processing
Secure and Privacy-Preserving Big-Data ProcessingSecure and Privacy-Preserving Big-Data Processing
Secure and Privacy-Preserving Big-Data ProcessingShantanu Sharma
 
Outlier analysis for Temporal Datasets
Outlier analysis for Temporal DatasetsOutlier analysis for Temporal Datasets
Outlier analysis for Temporal DatasetsQuantUniversity
 
Cloud last
Cloud lastCloud last
Cloud lastAnmitas1
 
Attaining data security in cloud computing
Attaining data security in cloud computingAttaining data security in cloud computing
Attaining data security in cloud computingGopinath Muthusamy
 
security Issues of cloud computing
security Issues of cloud computingsecurity Issues of cloud computing
security Issues of cloud computingprachupanchal
 
Supporting Data-Rich Research on Many Fronts
Supporting Data-Rich Research on Many FrontsSupporting Data-Rich Research on Many Fronts
Supporting Data-Rich Research on Many FrontsJohn Kunze
 
State of Florida Neo4j Graph Briefing - Cyber IAM
State of Florida Neo4j Graph Briefing - Cyber IAMState of Florida Neo4j Graph Briefing - Cyber IAM
State of Florida Neo4j Graph Briefing - Cyber IAMNeo4j
 
REASSURE Robust and Efficient Approaches to Evaluating Side Channel and Fault...
REASSURE Robust and Efficient Approaches to Evaluating Side Channel and Fault...REASSURE Robust and Efficient Approaches to Evaluating Side Channel and Fault...
REASSURE Robust and Efficient Approaches to Evaluating Side Channel and Fault...Agence du Numérique (AdN)
 
Computer Hardware | 3B
Computer Hardware | 3BComputer Hardware | 3B
Computer Hardware | 3BCMDLMS
 
Computer Hardware - Lecture B
Computer Hardware - Lecture BComputer Hardware - Lecture B
Computer Hardware - Lecture BCMDLearning
 
Building Your Application Security Data Hub - OWASP AppSecUSA
Building Your Application Security Data Hub - OWASP AppSecUSABuilding Your Application Security Data Hub - OWASP AppSecUSA
Building Your Application Security Data Hub - OWASP AppSecUSADenim Group
 
Big Data Day LA 2015 - Scalable and High-Performance Analytics with Distribut...
Big Data Day LA 2015 - Scalable and High-Performance Analytics with Distribut...Big Data Day LA 2015 - Scalable and High-Performance Analytics with Distribut...
Big Data Day LA 2015 - Scalable and High-Performance Analytics with Distribut...Data Con LA
 
High-Volume Data Collection and Real Time Analytics Using Redis
High-Volume Data Collection and Real Time Analytics Using RedisHigh-Volume Data Collection and Real Time Analytics Using Redis
High-Volume Data Collection and Real Time Analytics Using Rediscacois
 

Similar to Securing Data Warehouses: A Semi-automatic Approach for Inference Prevention at the Design Level (20)

Secure Coding Practices for Middleware
Secure Coding Practices for MiddlewareSecure Coding Practices for Middleware
Secure Coding Practices for Middleware
 
Overview of data programming: easing the bottleneck of supervised machine lea...
Overview of data programming: easing the bottleneck of supervised machine lea...Overview of data programming: easing the bottleneck of supervised machine lea...
Overview of data programming: easing the bottleneck of supervised machine lea...
 
OWASP
OWASPOWASP
OWASP
 
Anomaly detection (Unsupervised Learning) in Machine Learning
Anomaly detection (Unsupervised Learning) in Machine LearningAnomaly detection (Unsupervised Learning) in Machine Learning
Anomaly detection (Unsupervised Learning) in Machine Learning
 
Archive enabling tagging using progressive barcodes
Archive enabling tagging using progressive barcodesArchive enabling tagging using progressive barcodes
Archive enabling tagging using progressive barcodes
 
lecture1.ppt
lecture1.pptlecture1.ppt
lecture1.ppt
 
Secure and Privacy-Preserving Big-Data Processing
Secure and Privacy-Preserving Big-Data ProcessingSecure and Privacy-Preserving Big-Data Processing
Secure and Privacy-Preserving Big-Data Processing
 
Azure Digital Twins
Azure Digital TwinsAzure Digital Twins
Azure Digital Twins
 
Outlier analysis for Temporal Datasets
Outlier analysis for Temporal DatasetsOutlier analysis for Temporal Datasets
Outlier analysis for Temporal Datasets
 
Cloud last
Cloud lastCloud last
Cloud last
 
Attaining data security in cloud computing
Attaining data security in cloud computingAttaining data security in cloud computing
Attaining data security in cloud computing
 
security Issues of cloud computing
security Issues of cloud computingsecurity Issues of cloud computing
security Issues of cloud computing
 
Supporting Data-Rich Research on Many Fronts
Supporting Data-Rich Research on Many FrontsSupporting Data-Rich Research on Many Fronts
Supporting Data-Rich Research on Many Fronts
 
State of Florida Neo4j Graph Briefing - Cyber IAM
State of Florida Neo4j Graph Briefing - Cyber IAMState of Florida Neo4j Graph Briefing - Cyber IAM
State of Florida Neo4j Graph Briefing - Cyber IAM
 
REASSURE Robust and Efficient Approaches to Evaluating Side Channel and Fault...
REASSURE Robust and Efficient Approaches to Evaluating Side Channel and Fault...REASSURE Robust and Efficient Approaches to Evaluating Side Channel and Fault...
REASSURE Robust and Efficient Approaches to Evaluating Side Channel and Fault...
 
Computer Hardware | 3B
Computer Hardware | 3BComputer Hardware | 3B
Computer Hardware | 3B
 
Computer Hardware - Lecture B
Computer Hardware - Lecture BComputer Hardware - Lecture B
Computer Hardware - Lecture B
 
Building Your Application Security Data Hub - OWASP AppSecUSA
Building Your Application Security Data Hub - OWASP AppSecUSABuilding Your Application Security Data Hub - OWASP AppSecUSA
Building Your Application Security Data Hub - OWASP AppSecUSA
 
Big Data Day LA 2015 - Scalable and High-Performance Analytics with Distribut...
Big Data Day LA 2015 - Scalable and High-Performance Analytics with Distribut...Big Data Day LA 2015 - Scalable and High-Performance Analytics with Distribut...
Big Data Day LA 2015 - Scalable and High-Performance Analytics with Distribut...
 
High-Volume Data Collection and Real Time Analytics Using Redis
High-Volume Data Collection and Real Time Analytics Using RedisHigh-Volume Data Collection and Real Time Analytics Using Redis
High-Volume Data Collection and Real Time Analytics Using Redis
 

More from Salah Triki

Système de fichiers simple
Système de fichiers simpleSystème de fichiers simple
Système de fichiers simpleSalah Triki
 
Multiplexage du CPU
Multiplexage du CPUMultiplexage du CPU
Multiplexage du CPUSalah Triki
 
Projet Développement d'applications sécurisées
Projet Développement d'applications sécuriséesProjet Développement d'applications sécurisées
Projet Développement d'applications sécuriséesSalah Triki
 
Développement d'applications sécurisées [Partie 2]
Développement d'applications sécurisées [Partie 2]Développement d'applications sécurisées [Partie 2]
Développement d'applications sécurisées [Partie 2]Salah Triki
 
Arrangement de la mémoire
Arrangement de la mémoireArrangement de la mémoire
Arrangement de la mémoireSalah Triki
 
Développement d'applications sécurisées [Partie 1]
Développement d'applications sécurisées [Partie 1]Développement d'applications sécurisées [Partie 1]
Développement d'applications sécurisées [Partie 1]Salah Triki
 
Principe de fonctionnement de l'ordinateur
Principe de fonctionnement de l'ordinateurPrincipe de fonctionnement de l'ordinateur
Principe de fonctionnement de l'ordinateurSalah Triki
 
Les appels système
Les appels systèmeLes appels système
Les appels systèmeSalah Triki
 
Gestion de la mémoire
Gestion de la mémoireGestion de la mémoire
Gestion de la mémoireSalah Triki
 
Cours systèmes d'exploitation 2
Cours systèmes d'exploitation 2Cours systèmes d'exploitation 2
Cours systèmes d'exploitation 2Salah Triki
 
MIRADOC 2010 - MIRACL Lab. : Etat d'avancement des travaux de thèse
MIRADOC 2010 - MIRACL Lab. : Etat d'avancement des travaux de thèseMIRADOC 2010 - MIRACL Lab. : Etat d'avancement des travaux de thèse
MIRADOC 2010 - MIRACL Lab. : Etat d'avancement des travaux de thèseSalah Triki
 
Vers une approche de sécurisation des entrepôts de données en utilisant les r...
Vers une approche de sécurisation des entrepôts de données en utilisant les r...Vers une approche de sécurisation des entrepôts de données en utilisant les r...
Vers une approche de sécurisation des entrepôts de données en utilisant les r...Salah Triki
 
Sécurisation des entrepôts de données : Etat de l’art et proposition
Sécurisation des entrepôts de données : Etat de l’art et proposition Sécurisation des entrepôts de données : Etat de l’art et proposition
Sécurisation des entrepôts de données : Etat de l’art et proposition Salah Triki
 

More from Salah Triki (14)

Système de fichiers simple
Système de fichiers simpleSystème de fichiers simple
Système de fichiers simple
 
Multiplexage du CPU
Multiplexage du CPUMultiplexage du CPU
Multiplexage du CPU
 
Projet Développement d'applications sécurisées
Projet Développement d'applications sécuriséesProjet Développement d'applications sécurisées
Projet Développement d'applications sécurisées
 
Développement d'applications sécurisées [Partie 2]
Développement d'applications sécurisées [Partie 2]Développement d'applications sécurisées [Partie 2]
Développement d'applications sécurisées [Partie 2]
 
Arrangement de la mémoire
Arrangement de la mémoireArrangement de la mémoire
Arrangement de la mémoire
 
Développement d'applications sécurisées [Partie 1]
Développement d'applications sécurisées [Partie 1]Développement d'applications sécurisées [Partie 1]
Développement d'applications sécurisées [Partie 1]
 
Principe de fonctionnement de l'ordinateur
Principe de fonctionnement de l'ordinateurPrincipe de fonctionnement de l'ordinateur
Principe de fonctionnement de l'ordinateur
 
Les appels système
Les appels systèmeLes appels système
Les appels système
 
Gestion de la mémoire
Gestion de la mémoireGestion de la mémoire
Gestion de la mémoire
 
DMA
DMADMA
DMA
 
Cours systèmes d'exploitation 2
Cours systèmes d'exploitation 2Cours systèmes d'exploitation 2
Cours systèmes d'exploitation 2
 
MIRADOC 2010 - MIRACL Lab. : Etat d'avancement des travaux de thèse
MIRADOC 2010 - MIRACL Lab. : Etat d'avancement des travaux de thèseMIRADOC 2010 - MIRACL Lab. : Etat d'avancement des travaux de thèse
MIRADOC 2010 - MIRACL Lab. : Etat d'avancement des travaux de thèse
 
Vers une approche de sécurisation des entrepôts de données en utilisant les r...
Vers une approche de sécurisation des entrepôts de données en utilisant les r...Vers une approche de sécurisation des entrepôts de données en utilisant les r...
Vers une approche de sécurisation des entrepôts de données en utilisant les r...
 
Sécurisation des entrepôts de données : Etat de l’art et proposition
Sécurisation des entrepôts de données : Etat de l’art et proposition Sécurisation des entrepôts de données : Etat de l’art et proposition
Sécurisation des entrepôts de données : Etat de l’art et proposition
 

Recently uploaded

Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 

Recently uploaded (20)

Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 

Securing Data Warehouses: A Semi-automatic Approach for Inference Prevention at the Design Level

  • 1. Securing Data Warehouses: A Semi-automatic Approach for Inference Prevention at the Design Level Salah Triki Hanene Ben-Abdallah (Mir@cl, University of Sfax) Nouria Harbi, Omar Boussaid (ERIC, University of Lyon) 1
  • 2. Outline • Introduction • Securing Data Warehouses • An approach for assisting the design of secure DW • Conclusion
  • 3. Outline • Introduction • Securing Data Warehouses • An approach for assisting the design of secure DW • Conclusion
  • 4. Introduction • A data warehouse is a collection of data: – integrated – subject-oriented – nonvolatile – historized – available for querying and analysis • A DW can be deployed in various domains: Commerce, Hospital ...
  • 5. Introduction • Data warehouses contain: – Sensitive data – Some personal/propriatary data • Legal requirements: – HIPPA – GLBA – Safe Harbor – Sarbanes-Oxley • Organizations must comply with these laws
  • 6. Outline 6 • Introduction • Securing Data Warehouses • An approach for assisting the design of secure DW • Conclusion
  • 7. Securing Data Warehouses 7 • The two levels of security : – Design level – Physical level
  • 8. Securing Data Warehouses • At the design level Security constraint Security constraint
  • 9. Entrepôt de données • The types of inferences : – Precise Inference – Partial Inference Query Not Authorized Data Authorized Data • At the physical level Securing Data Warehouses
  • 10. • Prevention of inferences at the physical level [Haibing and al. 2008, Cuzzocrea 2009, Zhang and al. 2011] can induce : – high administrative costs – high maintenance. • Prevention of inferences at the design level [Steger and al. 2000, Blanco and al. 2010] : – do not take into account the potential inferences from the available data – specific to a particular application domain. Securing Data Warehouses
  • 11. Outline • Introduction • Securing Data Warehouses • An approach for assisting the design of secure DW • Conclusion
  • 12. • Assumptions : – The data sources’ class diagram is available. – The star schema is already designed. – The star schema is mapped to the data sources’ class diagram. An approach for assisting the design of secure DW
  • 13. (1) (2) (3) (4) An approach for assisting the design of secure DW Security Designer
  • 14. • Inferences Graph : a set of nodes connected by oriented arcs. – The nodes represent the data : ● Node colored in gray : sensitive data ● Node colored in white : none sensitive data – The arcs indicate the direction of inference : ● Solid arc : precise inference ● Dotted arc : partial inference B C A Inferences graph construction
  • 18. Types of inferences • The automatic construction of the inferences graph does not indicate the type of inferences: partial or precise. • The indication cannot be, unfortunately, deducted automatically. • The security designer must distinguish partial inferences (drawn by dotted arcs).
  • 19. Detection of new inferences A B C D E • Calculation of the transitive closure Partial path Precise path
  • 20. Enrichment of the star schema A B C D E Partial path Precise path <<Partial Inference : D:A>> <<Precise Inference : E:A>> <<Sensitive Data >>
  • 21. • Class diagram of the data sources Example
  • 22. • DW star schema Example Illness Critical Illness
  • 25. • Inferences graph transitive closure Example
  • 26. •Inference type specification Example << Partial Inference : Date : Illness>> << Partial Inference : Time : Illness>> << Sensitive Data >> <<Partial Inference : Transfer :Critical Illness>>
  • 27. Outline • Introduction • Securing Data Warehouses • An approach for assisting the design of secure DW • Conclusion
  • 28. • An approach to produce a conceptual multidimensional model annotated with information for inference prevention: – A graph of inferences based on the class diagram of data sources. – The class diagram allows us to identify the elements to lead to precise/partial inferences. • Studying how to transfer to the logical level the annotations defined at the design level. Conclusion