Secure Data Integration Systems

Fatimah Y. Akeel, Gary B. Wills, Andrew M. Gravell

2015

Abstract

With the web witnessing an immense shift towards publishing data, integrating data from diverse sources that have heterogeneous security and privacy levels and varying in trust becomes even more challenging. In a Data Integration System (DIS) that integrates confidential data in critical domains to contain a problem and make faster and reliable decisions, there is a need to integrate multiple data sources while maintaining the security levels and privacy requirements of each data source before and during the integration. This situation becomes even more challenging when using cloud services and third parties in achieving any part of the integration. Therefore, such systems face a threat of data leakage that compromises data confidentiality and privacy. The lack of literature addressing security in DIS encourages this research to provide a data leakage prevention framework that focuses on the level prior to the actual data integration, which is the analysis and early design of the system. As a result, we constructed SecureDIS, an architectural framework that consists of several components containing guidelines to build secure DIS. The framework was confirmed by 16 experts in the field and it is currently being prepared to be applied on a real-life data integration context such as the cloud context.

References

  1. Akeel, F. et al. 2013. SecureDIS: a Framework for Secure Data Integration Systems. In: The 8th International Conference for Internet Technology and Secured Transactions. London, UK.
  2. Akeel, F. Y. et al. 2014. Exposing Data Leakage in Data Integration Systems. The 9th International Conference for Internet Technology and Secured Transactions (ICITST-2014), pp. 420-425.
  3. Armellin, G. et al. 2010. Privacy preserving event driven integration for interoperating social and health systems. Secure Data Management, pp. 54-69.
  4. Artz, D. and Gil, Y. 2007. A survey of trust in computer science and the Semantic Web. Web Semantics: Science, Services and Agents on the World Wide Web 5(2), pp. 58-71.
  5. Avison, D. and Young, T. 2007. Time to rethink health care and ICT communications. Communications of the ACM (June 2007), pp. 69-74.
  6. Barhamgi, M., Benslimane, D., Ghedira, C., Tbahriti, S.- E., et al. 2011. A Framework for Building PrivacyConscious DaaS Service Mashups. In: 2011 IEEE International Conference on Web Services. Washington DC, USA: IEEE, pp. 323-330.
  7. Barhamgi, M., Benslimane, D., Ghedira, C. and Gancarski, A. L. 2011. Privacy-Preserving Data Mashup. In: IEEE International Conference on Advanced Information Networking and Applications. Biopolis, Singapore: IEEE, pp. 467-474.
  8. Batty, M. et al. 2010. Data mash-ups and the future of mapping by. JISC TechWatch, pp. 1-45.
  9. Begum, B. a. et al. 2010. Security policy integration and conflict reconciliation for data integration across data sharing services in ubiquitous computing environments. In: International Conference on Computer and Communication Technology (ICCCT'10). Allahabad, India: IEEE, pp. 1-6.
  10. Bhowmick, S. S. et al. 2006. PRIVATE-IYE: A Framework for Privacy Preserving Data Integration. In: Proceedings of the 22nd International Conference on Data Engineering Workshops (ICDEW'06). Washington, DC, USA: IEEE.
  11. Boyens, C. et al. 2004. On privacy-preserving access to distributed heterogeneous healthcare information. In: Proceedings of the 37th Hawaii International Conference on System Sciences. Big Island, Hawaii, USA, pp. 1-10.
  12. Van Den Braak, S. W. et al. 2012. Trusted third parties for secure and privacy-preserving data integration and sharing in the public sector. In: Proceedings of the 13th Annual International Conference on Digital Government Research - dg.o 7812. College Park, MD, USA: ACM Press, pp. 135 -144.
  13. Braghin, C. et al. 2003. Information leakage detection in boundary ambients. Electronic Notes in Theoretical Computer Science (78), pp. 123-143.
  14. Carey, M. J. et al. 2012. Data Services. Communications of the ACM 55(6), pp. 86-97.
  15. Clifton, C. et al. 2004. Privacy-preserving data integration and sharing. In: Proceedings of the 9th ACM SIGMOD workshop on Research issues in data mining and knowledge discovery - DMKD 7804. Paris, France: ACM Press, p. 19.
  16. Cruz, I. et al. 2008. A Secure Mediator for Integrating Multiple Level Access Control Policies. KnowledgeBased Intelligent Information and Engineering Systems, pp. 354-362.
  17. CWE 2013. CWE-200: Information Leak (Information Exposure). [Online] Available at: http://cwe.mitre.org/ data/definitions/200.html [Accessed: 2 August 2013].
  18. Dawson, S. et al. 2000. Providing security and interoperation of heterogeneous systems. Distributed and Parallel Databases (8), pp. 119-145.
  19. Dicelie, J. J. et al. 2001. Data integration system.
  20. Eze, B. et al. 2010. Policy-based Data Integration for eHealth Monitoring Processes in a B2B Environment: Experiences from Canada. Journal of theoretical and applied electronic commerce research 5(1), pp. 56-70.
  21. Flechais, I. et al. 2013. In the balance in Saudi Arabia: security, privacy and trust. In: Extended Abstracts on Human Factors in Computing Systems CHI 7813. Paris, France, pp. 823-828.
  22. Fung, B. C. M. et al. 2012. Service-Oriented Architecture for High-Dimensional Private Data Mashup. IEEE Transactions on Services Computing 5(3), pp. 373- 386.
  23. Gollmann, D. 2006. Computer Security. Second Edi. John Wiley & Sons.
  24. Gusmini, A. and Leida, M. 2011. A patent: Data Integration System.
  25. Haddad, M. et al. 2012. Data Integration in Presence of Authorization Policies. In: IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications. Liverpool, UK: IEEE, pp. 92-99.
  26. Halevy, A. et al. 2006. Data integration: the teenage years. In: 32nd International Conference on Very large data bases VLDB'06. Seoul, Korea.
  27. Harris, D. et al. 2007. Standards for secure data sharing across organizations. Computer Standards & Interfaces 29(1), pp. 86-96.
  28. Hong, Y. et al. 2008. Protection of Patient's Privacy and Data Security in E-Health Services. In: 2008 International Conference on BioMedical Engineering and Informatics. Sanya, China: IEEE, pp. 643-647.
  29. Hu, Y. and Yang, J. 2011. A semantic privacy-preserving model for data sharing and integration. In: Proceedings of the International Conference on Web Intelligence, Mining and Semantics - WIMS 7811. Sogndal, Norway: ACM Press.
  30. Hung, P. 2005. Towards a privacy access control model for e-healthcare services. In: Third Annual Conference on Privacy, Security and Trust. Andrews, New Brunswick, Canada.
  31. ISO 2014. ISO/IEC27000: Information technology - Security techniques - Information security management systems - Overview and vocabulary. BSI Standards Publication.
  32. Jawad, M. et al. 2013. Supporting Data Privacy in P2P Systems. Security and Privacy Preserving in Social Networks, pp. 1-51.
  33. Jurczyk, P. and Xiong, L. 2008. Towards privacypreserving integration of distributed heterogeneous data. In: Proceedings of the 2nd PhD workshop on Information and knowledge management. Napa Valley, California, USA, pp. 65-72.
  34. Khattak, Z. et al. 2012. Evaluation of Unified Security, Trust and Privacy Framework (UnifiedSTPF) for Federated Identity and Access Management (FIAM) Mode. International Journal of Computer Applications 54(6), pp. 12-19.
  35. Lamb, P. et al. 2006. Role-based access control for data service integration. In: Proceedings of the 3rd ACM workshop on Secure web services - SWS 7806. Alexandria, VA,USA: ACM Press, pp. 3-12.
  36. Manan, J. A. et al. 2011. Security, Trust and Privacy-A New Direction for Pervasive Computing. In: Proceedings of the 15th WSEAS international conference on Computers. Stevens Point, Wisconsin, USA, pp. 56-60.
  37. McGraw, G. 2004. Software security. IEEE Security & Privacy Magazine, pp. 80-83.
  38. Meingast, M. et al. 2006. Security and privacy issues with health care information technology. In: Proceedings of the 28th IEEE Annual International Conference of Engineering in Medicine and Biology Society. New York, New York, USA, pp. 5453-5458.
  39. Mohammed, N. et al. 2011. Anonymity meets game theory: secure data integration with malicious participants. The VLDB Journal-The International Journal on Very Large Data Bases 20(4), pp. 567- 588.
  40. Morton, A. and Sasse, M. 2012. Privacy is a process, not a PET: a theory for effective privacy practice. In: Proceedings of the 2012 workshop on new security paradigms NSPW'12. Bertinoro, Italy, pp. 87-104.
  41. Nachouki, G. and Quafafou, M. 2011. MashUp web data sources and services based on semantic queries. Information Systems 36(2), pp. 151-173.
  42. Pasierb, K. et al. 2011. Privacy-preserving data mining, sharing and publishing. Journal of Medical Informatics & Technologies 18, pp. 70-76.
  43. Philip Coppel Qc 2012. The Data Protection Act 1998 & Personal Privacy. Statute Law Society 499(19 March 2012), pp. 1 - 31.
  44. Pistoia, M. et al. 2007. When Role Models Have Flaws?: Static Validation of Enterprise Security Policies Introduction?: RBAC Systems. In: 29th International Conference on Software Engineering. Minneapolis, MN, USA.
  45. Pon, R. and Critchlow, T. 2005. Performance-oriented privacy-preserving data integration. Data Integration in the Life Sciences, pp. 240-256.
  46. Prakash, V. and Darbari, M. 2012. A Review on Security Issues in Distributed Systems. International Journal of Scientific & Engineering 3(9), pp. 1-5.
  47. Ray, S. S. et al. 2009. Combining multisource information through functional-annotation-based weighting: gene function prediction in yeast. IEEE transactions on biomedical engineering 56(2), pp. 229-36.
  48. Reeve, A. 2013. Cloud-Based Data Integration Adds Concerns about Latency and Security [Online] Available at: http://data-informed.com/cloud-baseddata-integration-adds-concerns-about-latency-andsecurity/ [Accessed: 4 February 2014].
  49. Ristenpart, T. et al. 2009. Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In: Proceedings of the 16th ACM conference on Computer and communications security. Chicago, Illinois, USA.
  50. Ross, R. et al. 2014. Systems security Eegineering an integrated approach to building trustworthy resilient systems. NIST Special Publication (800-160), p. 121.
  51. Russom, P. 2008. Data Integration Architecture: What It Does, Where It's Going, and Why You Should Care [Online] Available at: http://tdwi.org/articles/2008/ 05/27/data-integration-architecture-what-it-doeswhere-its-going-and-why-you-should-care.aspx.
  52. Saeed, M. Y. et al. 2014. Insight into Security Challenges for Cloud Databases and Data Protection Techniques for Building Trust in Cloud Computing. Journal of Basic and Applied Scientific Research 4(1), pp. 54-59.
  53. Takabi, H. et al. 2010. Security and privacy challenges in cloud computing environments. IEEE Security & Privacy Magazine (December), pp. 24-31.
  54. Tian, Y. et al. 2011. Dynamic content-based cloud data integration system with privacy and cost concern. In: Proceedings of the 8th Annual Collaboration, Electronic messaging, Anti-Abuse and Spam Conference on - CEAS 7811. Perth, Western Australia, Australia: ACM Press, pp. 193-199.
  55. Treglia, J. V. and Park, J.S. 2009. Towards trusted intelligence information sharing. In: Proceedings of the ACM SIGKDD Workshop on CyberSecurity and Intelligence Informatics - CSI-KDD 7809. Paris, France: ACM Press, pp. 45-52.
  56. U.S. HHS 1996. Health Insurance Portability and Accountability Act (HIPAA) [Online] Available at: http://www.hhs.gov/ocr/privacy/hipaa/understanding/s ummary/.
  57. Watson, D. 2007. Web Application Attacks. Network Security (October), pp. 10-14.
  58. Whang, S. and Garcia-Molina, H. 2012. A model for quantifying information leakage. Secure Data Management.
  59. Xiong, L. et al. 2007. Preserving data privacy in outsourcing data aggregation services. ACM Transactions on Internet Technology 7(3), p. 28.
  60. Yau, S. and Chen, Z. 2008. Security policy integration and conflict reconciliation for collaborations among organizations in ubiquitous computing environments. Ubiquitous Intelligence and Computing, pp. 3-19.
  61. Yau, S. S. and Yin, Y. 2008. A Privacy Preserving Repository for Data Integration across Data Sharing Services. IEEE Transactions on Services Computing 1(3), pp. 130-140.
  62. Youssef, A. and Alageel, M. 2012. A Framework for Secure Cloud Computing. International Journal of Computer Science 9(4), pp. 487-500.
  63. Zhang, D. Y. et al. 2011. Modeling and evaluating information leakage caused by inferences in supply chains. Computers in Industry 62(3), pp. 351-363.
Download


Paper Citation


in Harvard Style

Akeel F., B. Wills G. and Gravell A. (2015). Secure Data Integration Systems . In Doctoral Consortium - DCCLOSER, (CLOSER 2015) ISBN Not Available, pages 26-37


in Bibtex Style

@conference{dccloser15,
author={Fatimah Y. Akeel and Gary B. Wills and Andrew M. Gravell},
title={Secure Data Integration Systems},
booktitle={Doctoral Consortium - DCCLOSER, (CLOSER 2015)},
year={2015},
pages={26-37},
publisher={SciTePress},
organization={INSTICC},
doi={},
isbn={Not Available},
}


in EndNote Style

TY - CONF
JO - Doctoral Consortium - DCCLOSER, (CLOSER 2015)
TI - Secure Data Integration Systems
SN - Not Available
AU - Akeel F.
AU - B. Wills G.
AU - Gravell A.
PY - 2015
SP - 26
EP - 37
DO -