The University of Southampton
University of Southampton Institutional Repository

Formal modelling of data integration systems security policies

Formal modelling of data integration systems security policies
Formal modelling of data integration systems security policies
Data Integration Systems (DIS) are concerned with integrating data from multiple data sources to resolve user queries. Typically, organisations providing data sources specify security policies that impose stringent requirements on the collection, processing, and disclosure of personal and sensitive data. If the security policies were not correctly enforced by the integration component of DIS, the data is exposed to data leakage threats, e.g. unauthorised disclosure or secondary use of the data. SecureDIS is a framework that helps system designers to mitigate data leakage threats during the early phases of DIS development. SecureDIS provides designers with a set of informal guidelines written in natural language to specify and enforce security policies that capture confidentiality, privacy, and trust properties. In this paper, we apply a formal approach to model a DIS with the SecureDIS security policies and verify the correctness and consistency of the model. The model can be used as a basis to perform security policies analysis or automatically generate a Java code to enforce those policies within DIS.
2364-1185
139-148
Akeel, Fatmah
5d9eaff5-a180-46e1-baf0-09ef40ded27a
Salehi Fathabadi, Asieh
b799ee35-4032-4e7c-b4b2-34109af8aa75
Paci, Federica
9fbf3e5b-ae03-40e8-a75a-3657cbc9216e
Gravell, Andy
f3a261c5-f057-4b5f-b6ac-c1ca37d72749
Wills, Gary
3a594558-6921-4e82-8098-38cd8d4e8aa0
Akeel, Fatmah
5d9eaff5-a180-46e1-baf0-09ef40ded27a
Salehi Fathabadi, Asieh
b799ee35-4032-4e7c-b4b2-34109af8aa75
Paci, Federica
9fbf3e5b-ae03-40e8-a75a-3657cbc9216e
Gravell, Andy
f3a261c5-f057-4b5f-b6ac-c1ca37d72749
Wills, Gary
3a594558-6921-4e82-8098-38cd8d4e8aa0

Akeel, Fatmah, Salehi Fathabadi, Asieh, Paci, Federica, Gravell, Andy and Wills, Gary (2016) Formal modelling of data integration systems security policies Data Science and Engineering, 1, (3), pp. 139-148.

Record type: Article

Abstract

Data Integration Systems (DIS) are concerned with integrating data from multiple data sources to resolve user queries. Typically, organisations providing data sources specify security policies that impose stringent requirements on the collection, processing, and disclosure of personal and sensitive data. If the security policies were not correctly enforced by the integration component of DIS, the data is exposed to data leakage threats, e.g. unauthorised disclosure or secondary use of the data. SecureDIS is a framework that helps system designers to mitigate data leakage threats during the early phases of DIS development. SecureDIS provides designers with a set of informal guidelines written in natural language to specify and enforce security policies that capture confidentiality, privacy, and trust properties. In this paper, we apply a formal approach to model a DIS with the SecureDIS security policies and verify the correctness and consistency of the model. The model can be used as a basis to perform security policies analysis or automatically generate a Java code to enforce those policies within DIS.

PDF art%3A10.1007%2Fs41019-016-0016-y.pdf - Version of Record
Available under License Creative Commons Attribution.
Download (661kB)

More information

Accepted/In Press date: 5 August 2016
e-pub ahead of print date: 23 August 2016
Published date: September 2016
Organisations: Electronics & Computer Science

Identifiers

Local EPrints ID: 401776
URI: http://eprints.soton.ac.uk/id/eprint/401776
ISSN: 2364-1185
PURE UUID: fae62a93-7611-4099-8fcf-1d327cdc6ee4
ORCID for Gary Wills: ORCID iD orcid.org/0000-0001-5771-4088

Catalogue record

Date deposited: 21 Oct 2016 10:47
Last modified: 10 Nov 2017 01:57

Export record

Contributors

Author: Fatmah Akeel
Author: Asieh Salehi Fathabadi
Author: Federica Paci
Author: Andy Gravell
Author: Gary Wills ORCID iD

University divisions

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of http://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×