Security in Data Warehouses - Data Warehousing Design and Advanced Engineering Applications

Database Reference

In-Depth Information

Figure 1. The UCONABC usage control model from Park and Sandhu (2004)

Both topics are very active fields of research.

be used to infer some secret information. Data

warehouses are built to support data mining. If a

data mining tool can be used to derive sensitive

information from unclassified information legiti-

mately obtained, there is an inference problem,

as discussed by Bertino et al. (2006).

Well-established protection concepts for statis-

tical database security, such as: restriction-based

techniques, query set size control, expanded query

set size control-audit based (assumed information

base), perturbation-based techniques, data swap-

ping (distribution unchanged), random-sample

queries, fixed perturbation (modify data), and

query-based perturbation. For an in-depth descrip-

tion Castano et al. (1994) and Willenborg and De

Waal (1996) are excellent sources.

Query set size control Enforcing a minimum

set size for returned information does not offer

adequate protection. Denning (1982) described

trackers that are sequences of queries all within

the size limits allowed by the database; when

combined with AND statements and negations,

information on individuals can be inferred. While

simple trackers require some background infor-

Usage Control

The main problem with data collection is that

people might allow companies to use data for

specific reasons (such as recommending related

products) but do not consent to other uses of the

same data. Usage control byPark and Sandhu

(2004) is a concept that makes it possible to en-

force pre- and postconditions when using data. It

is similar to a traditional reference monitor, only

that the restrictions are enforced during the entire

access, as proposed by Thuraisingham (2005): The

privacy control would “limit and watch access to

the DBMS (that access the data in the database)

(cf. Figure 1).”

Statistical Database Security

A statistical database contains information about

individuals, but allows only aggregate queries

(such as asking for the average age and not an

individual's age). Nonetheless, inference can

Data Warehousing Design and Advanced Engineering Applications

Search WWH ::

Custom Search

Home