Formal modelling of data integration systems security policies
Formal modelling of data integration systems security policies
Data Integration Systems (DIS) are concerned with integrating data from multiple data sources to resolve user queries. Typically, organisations providing data sources specify security policies that impose stringent requirements on the collection, processing, and disclosure of personal and sensitive data. If the security policies were not correctly enforced by the integration component of DIS, the data is exposed to data leakage threats, e.g. unauthorised disclosure or secondary use of the data. SecureDIS is a framework that helps system designers to mitigate data leakage threats during the early phases of DIS development. SecureDIS provides designers with a set of informal guidelines written in natural language to specify and enforce security policies that capture confidentiality, privacy, and trust properties. In this paper, we apply a formal approach to model a DIS with the SecureDIS security policies and verify the correctness and consistency of the model. The model can be used as a basis to perform security policies analysis or automatically generate a Java code to enforce those policies within DIS.
139-148
Akeel, Fatmah
5d9eaff5-a180-46e1-baf0-09ef40ded27a
Salehi Fathabadi, Asieh
b799ee35-4032-4e7c-b4b2-34109af8aa75
Paci, Federica
9fbf3e5b-ae03-40e8-a75a-3657cbc9216e
Gravell, Andy
f3a261c5-f057-4b5f-b6ac-c1ca37d72749
Wills, Gary
3a594558-6921-4e82-8098-38cd8d4e8aa0
September 2016
Akeel, Fatmah
5d9eaff5-a180-46e1-baf0-09ef40ded27a
Salehi Fathabadi, Asieh
b799ee35-4032-4e7c-b4b2-34109af8aa75
Paci, Federica
9fbf3e5b-ae03-40e8-a75a-3657cbc9216e
Gravell, Andy
f3a261c5-f057-4b5f-b6ac-c1ca37d72749
Wills, Gary
3a594558-6921-4e82-8098-38cd8d4e8aa0
Akeel, Fatmah, Salehi Fathabadi, Asieh, Paci, Federica, Gravell, Andy and Wills, Gary
(2016)
Formal modelling of data integration systems security policies.
Data Science and Engineering, 1 (3), .
(doi:10.1007/s41019-016-0016-y).
Abstract
Data Integration Systems (DIS) are concerned with integrating data from multiple data sources to resolve user queries. Typically, organisations providing data sources specify security policies that impose stringent requirements on the collection, processing, and disclosure of personal and sensitive data. If the security policies were not correctly enforced by the integration component of DIS, the data is exposed to data leakage threats, e.g. unauthorised disclosure or secondary use of the data. SecureDIS is a framework that helps system designers to mitigate data leakage threats during the early phases of DIS development. SecureDIS provides designers with a set of informal guidelines written in natural language to specify and enforce security policies that capture confidentiality, privacy, and trust properties. In this paper, we apply a formal approach to model a DIS with the SecureDIS security policies and verify the correctness and consistency of the model. The model can be used as a basis to perform security policies analysis or automatically generate a Java code to enforce those policies within DIS.
Text
art%3A10.1007%2Fs41019-016-0016-y.pdf
- Version of Record
More information
Accepted/In Press date: 5 August 2016
e-pub ahead of print date: 23 August 2016
Published date: September 2016
Organisations:
Electronics & Computer Science
Identifiers
Local EPrints ID: 401776
URI: http://eprints.soton.ac.uk/id/eprint/401776
ISSN: 2364-1185
PURE UUID: fae62a93-7611-4099-8fcf-1d327cdc6ee4
Catalogue record
Date deposited: 21 Oct 2016 10:47
Last modified: 16 Mar 2024 02:51
Export record
Altmetrics
Contributors
Author:
Fatmah Akeel
Author:
Asieh Salehi Fathabadi
Author:
Federica Paci
Author:
Andy Gravell
Author:
Gary Wills
Download statistics
Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.
View more statistics