學術產出-學位論文

文章檢視/開啟

書目匯出

Google ScholarTM

政大圖書館

引文資訊

TAIR相關學術產出

題名 雲端委外語意式資料保護
Protection of Outsourcing Semantic Data in the Clou
作者 鄭國平
Cheng, Kuo Ping
貢獻者 胡毓忠<br>Hu, Yuh Jong
鄭國平
Cheng, Kuo Ping
關鍵詞 本體論
規則語言
信賴虛擬域
統計式揭露控管
Ontology
Rule Language
Trusted Virtual Domain
Statistical Disclosure Control
日期 2012
上傳時間 1-四月-2013 14:39:05 (UTC+8)
摘要 企業基於業務需求會蒐集大量的個人資料。近來,企業基於成本考量往往會將資料委外儲存到雲端資料庫服務中,並自行建置資料查詢介面給使用者。但將資料委外到雲端資料庫服務中,雲端資料庫服務提供者便可能侵犯資料擁有者隱私。此外,資料查詢介面也必須根據不同使用情境提供不同揭露程度的資料給使用者,像是基於診療目的的醫生應該使用完整的資料,而醫療研究人員便只能使用匿名處理的資料。如何根據使用情境提供不同揭露程度的資料來確保資料使用上的隱私保護是一個重要的議題。
本研究將探討結構化單一資料源的資料委外和委外資料使用時的隱私保護,藉由在資料委外前以加密結合分割的方式處理資料,以及運用OWL本體論和LP規則語言設計三種規範:Access Control Policy (ACP)、Data Handling Policy (DHP)和Data Releasing Policy (DRP),並且以規則語言來落實規範。透過這三種規範的合作和分工來提供揭露程度不同的資料確保資料委外和使用上的隱私保護。
Enterprise collects a great amount of personal identifiable information (PII) for business service. Recently, these PII data are outsourced for Database-as-a-Service (DaaS) in the cloud to reduce the enterprise`s data administration cost. However, this might provide an opportunity for cloud service providers (CSPs) to infringe data owners` privacy. In addition, a data controller of enterprise should provide an interface for data users with different level of data usage based on its access context. For example, a doctor can use a patient`s complete PII when (s)he performs the medication practice. On the other hand, a researcher for medical analysis can only use de-identifiable PII. Therefore, the research challenge is to ensure how privacy protection criteria are satisfied for various data disclosure when using associated data usage context.
In this study, we address the research problem for outsourcing data protection from a single data source in the cloud. We apply encryption and fragmentation techniques for these outsourcing data to avoid privacy violation risk from CSPs. Furthermore, we use OWL-based ontologies to represent there types of data protection policies, i.e., Access Control Policy (ACP), Data Handling Policy (DHP), and Data Releasing Policy (DRP). In addition, we use Logic-Program (LP) rules to enforce these policies. Finally, through integration and collaboration of these policies, we ensure the satisfaction of privacy protection criteria and achieve different level of outsourcing data disclosure in the cloud.
參考文獻 [1] H. Hakan, "Providing Database as a Service," 2002, pp. 0029-0029.
[2] M. Armbrust, A. Fox, et al., "Above the Clouds: A Berkeley View of Cloud Computing," EECS Department, University of California, Berkeley UCB/EECS-2009-28, February 10 2009.
[3] H. Takabi, J. B. D. Joshi, et al., "Security and Privacy Challenges in Cloud Computing Environments," IEEE Security and Privacy, vol. 8, pp. 24-31, 2010.
[4] P. Samarati and S. D. C. d. Vimercati, "Data protection in outsourcing scenarios: issues and directions," Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, Beijing, China, 2010.
[5] V. Ciriani, S. Capitani di Vimercati, et al., "Microdata Protection," in Secure Data Management in Decentralized Systems. vol. 33, 2007, pp. 291-321.
[6] L. Sweeney, "k-anonymity: a model for protecting privacy," Int. J. Uncertain. Fuzziness Knowl.-Based Syst., vol. 10, pp. 557-570, 2002.
[7] R. Popp and J. Poindexter, "Countering Terrorism through Information and Privacy Protection Technologies," IEEE Security and Privacy, vol. 4, pp. 18-27, 2006.
[8] OpenTC. Available: http://www.opentc.net/
[9] S. Cabuk, C. I. Dalton, et al., "Towards automated security policy enforcement in multi-tenant virtual data centers," Journal of Computer Security, vol. 18, pp. 89-121, 2010.
[10] S. Berger, R. C, et al., "Security for the cloud infrastructure: trusted virtual data center implementation," IBM J. Res. Dev., vol. 53, pp. 560-571, 2009.
[11] California Senate Bill SB 1386, 2002.
[12] SWRL: A Semantic Web Rule Language Combining OWL and RuleML. Available: http://www.w3.org/Submission/SWRL/
[13] Connor, M. O. and A. Das (2009). "SQWRL: a Query Language for OWL." Proceedings of the 6th International Workshop on OWL: Experiences and Directions (OWLED 2009).
[14] D. Calvanese and G. D. Giacomo, "Data integration: a logic-based perspective," AI Mag., vol. 26, pp. 59-70, 2005.
[15] D. Calvanese, G. Giacomo, et al., "Data Integration through DL-Lite A Ontologies," in Semantics in Data and Knowledge Bases, 2008, pp. 26-47.
[16] D. Calvanese, G. Giacomo, et al., "Using OWL in Data Integration," in Semantic Web Information Management, 2010, pp. 397-424.
[17] A. Y. Levy, A. Rajaraman, et al., "Querying Heterogeneous Information Sources Using Source Descriptions," Proceedings of the 22th International Conference on Very Large Data Bases, 1996.
[18] C. A. Ardagna, M. Cremonini, et al., "A privacy-aware access control system," J. Comput. Secur., vol. 16, pp. 369-397, 2008.
[19] C. A. Ardagna, J. Camenisch, et al., "Exploiting cryptography for privacy-enhanced access control: A result of the PRIME Project," J. Comput. Secur., vol. 18, pp. 123-160, 2010.
[20] The Enterprise Privacy Authorization Language(EPAL). Available: http://www.w3.org/2003/p3p-ws/pp/ibm3.html
[21] S. De Capitani di Vimercati and S. Foresti, "Privacy of Outsourced
Data Privacy and Identity Management for Life." vol. 320, 2010, pp. 174-187.
[22] V. Ciriani, S. De Capitani di Vimercati, et al., "Keep a Few: Outsourcing Data While Maintaining Confidentiality Computer Security – ESORICS 2009." vol. 5789, 2009, pp. 440-455.
[23] V. Ciriani, S. D. C. D. Vimercati, et al., "Combining fragmentation and encryption to protect privacy in data storage," ACM Trans. Inf. Syst. Secur., vol. 13, pp. 1-33, 2010.
[24] S. Ceri, G. Gottlob, et al., "What You Always Wanted to Know About Datalog (And Never Dared to Ask)," IEEE Trans. on Knowl. and Data Eng., vol. 1, pp. 146-166, 1989.
[25] N. R. Adam and J. C. Worthmann, "Security-control methods for statistical databases: a comparative study," ACM Comput. Surv., vol. 21, pp. 515-556, 1989.
[26] J. Mateo-Sanz, A. Martínez-Ballesté, et al., "Fast Generation of Accurate Synthetic Microdata," in Privacy in Statistical Databases. vol. 3050, 2004, pp. 298-306.
[27] M. Lenzerini, "Ontology-based data management," Proceedings of the 20th ACM international conference on Information and knowledge management, Glasgow, Scotland, UK, 2011.
描述 碩士
國立政治大學
資訊科學學系
99753025
101
資料來源 http://thesis.lib.nccu.edu.tw/record/#G0099753025
資料類型 thesis
dc.contributor.advisor 胡毓忠<br>Hu, Yuh Jongzh_TW
dc.contributor.author (作者) 鄭國平zh_TW
dc.contributor.author (作者) Cheng, Kuo Pingen_US
dc.creator (作者) 鄭國平zh_TW
dc.creator (作者) Cheng, Kuo Pingen_US
dc.date (日期) 2012en_US
dc.date.accessioned 1-四月-2013 14:39:05 (UTC+8)-
dc.date.available 1-四月-2013 14:39:05 (UTC+8)-
dc.date.issued (上傳時間) 1-四月-2013 14:39:05 (UTC+8)-
dc.identifier (其他 識別碼) G0099753025en_US
dc.identifier.uri (URI) http://nccur.lib.nccu.edu.tw/handle/140.119/57580-
dc.description (描述) 碩士zh_TW
dc.description (描述) 國立政治大學zh_TW
dc.description (描述) 資訊科學學系zh_TW
dc.description (描述) 99753025zh_TW
dc.description (描述) 101zh_TW
dc.description.abstract (摘要) 企業基於業務需求會蒐集大量的個人資料。近來,企業基於成本考量往往會將資料委外儲存到雲端資料庫服務中,並自行建置資料查詢介面給使用者。但將資料委外到雲端資料庫服務中,雲端資料庫服務提供者便可能侵犯資料擁有者隱私。此外,資料查詢介面也必須根據不同使用情境提供不同揭露程度的資料給使用者,像是基於診療目的的醫生應該使用完整的資料,而醫療研究人員便只能使用匿名處理的資料。如何根據使用情境提供不同揭露程度的資料來確保資料使用上的隱私保護是一個重要的議題。
本研究將探討結構化單一資料源的資料委外和委外資料使用時的隱私保護,藉由在資料委外前以加密結合分割的方式處理資料,以及運用OWL本體論和LP規則語言設計三種規範:Access Control Policy (ACP)、Data Handling Policy (DHP)和Data Releasing Policy (DRP),並且以規則語言來落實規範。透過這三種規範的合作和分工來提供揭露程度不同的資料確保資料委外和使用上的隱私保護。
zh_TW
dc.description.abstract (摘要) Enterprise collects a great amount of personal identifiable information (PII) for business service. Recently, these PII data are outsourced for Database-as-a-Service (DaaS) in the cloud to reduce the enterprise`s data administration cost. However, this might provide an opportunity for cloud service providers (CSPs) to infringe data owners` privacy. In addition, a data controller of enterprise should provide an interface for data users with different level of data usage based on its access context. For example, a doctor can use a patient`s complete PII when (s)he performs the medication practice. On the other hand, a researcher for medical analysis can only use de-identifiable PII. Therefore, the research challenge is to ensure how privacy protection criteria are satisfied for various data disclosure when using associated data usage context.
In this study, we address the research problem for outsourcing data protection from a single data source in the cloud. We apply encryption and fragmentation techniques for these outsourcing data to avoid privacy violation risk from CSPs. Furthermore, we use OWL-based ontologies to represent there types of data protection policies, i.e., Access Control Policy (ACP), Data Handling Policy (DHP), and Data Releasing Policy (DRP). In addition, we use Logic-Program (LP) rules to enforce these policies. Finally, through integration and collaboration of these policies, we ensure the satisfaction of privacy protection criteria and achieve different level of outsourcing data disclosure in the cloud.
en_US
dc.description.tableofcontents 目錄 6
圖目錄 8
表目錄 9
第1章 10
1.1 研究動機 10
1.2 研究目的 11
1.3 各章節概述 12
第2章 13
2.1 資料揭露的隱私風險 13
2.2 雲端環境的安全保護 14
2.3 資料委外的隱私保護 15
2.4 本體論與規則語言 16
2.5 資料整合 17
第3章 19
3.1 隱私導向的存取控管系統 19
3.2 委外資料的查詢 20
3.3 企業隱私授權語言 22
第4章 23
4.1 研究架構設計 23
4.2 資料委外 26
4.2.1 委外資料的保護方式 26
4.2.2 資料委外保護 28
4.2.3 資料委外模式 30
4.3 規範的設計和資料查詢處理 31
4.3.1 研究情境說明 32
4.3.2 Access Control Policy 32
4.3.3 Data Handling Policy 36
4.3.4 資料查詢處理 39
4.3.5 Data Releasing Policy 41
第5章 47
5.1 規範推論的驗證 47
5.2 系統展示 49
第6章 53
參考文獻 54
zh_TW
dc.language.iso en_US-
dc.source.uri (資料來源) http://thesis.lib.nccu.edu.tw/record/#G0099753025en_US
dc.subject (關鍵詞) 本體論zh_TW
dc.subject (關鍵詞) 規則語言zh_TW
dc.subject (關鍵詞) 信賴虛擬域zh_TW
dc.subject (關鍵詞) 統計式揭露控管zh_TW
dc.subject (關鍵詞) Ontologyen_US
dc.subject (關鍵詞) Rule Languageen_US
dc.subject (關鍵詞) Trusted Virtual Domainen_US
dc.subject (關鍵詞) Statistical Disclosure Controlen_US
dc.title (題名) 雲端委外語意式資料保護zh_TW
dc.title (題名) Protection of Outsourcing Semantic Data in the Clouen_US
dc.type (資料類型) thesisen
dc.relation.reference (參考文獻) [1] H. Hakan, "Providing Database as a Service," 2002, pp. 0029-0029.
[2] M. Armbrust, A. Fox, et al., "Above the Clouds: A Berkeley View of Cloud Computing," EECS Department, University of California, Berkeley UCB/EECS-2009-28, February 10 2009.
[3] H. Takabi, J. B. D. Joshi, et al., "Security and Privacy Challenges in Cloud Computing Environments," IEEE Security and Privacy, vol. 8, pp. 24-31, 2010.
[4] P. Samarati and S. D. C. d. Vimercati, "Data protection in outsourcing scenarios: issues and directions," Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, Beijing, China, 2010.
[5] V. Ciriani, S. Capitani di Vimercati, et al., "Microdata Protection," in Secure Data Management in Decentralized Systems. vol. 33, 2007, pp. 291-321.
[6] L. Sweeney, "k-anonymity: a model for protecting privacy," Int. J. Uncertain. Fuzziness Knowl.-Based Syst., vol. 10, pp. 557-570, 2002.
[7] R. Popp and J. Poindexter, "Countering Terrorism through Information and Privacy Protection Technologies," IEEE Security and Privacy, vol. 4, pp. 18-27, 2006.
[8] OpenTC. Available: http://www.opentc.net/
[9] S. Cabuk, C. I. Dalton, et al., "Towards automated security policy enforcement in multi-tenant virtual data centers," Journal of Computer Security, vol. 18, pp. 89-121, 2010.
[10] S. Berger, R. C, et al., "Security for the cloud infrastructure: trusted virtual data center implementation," IBM J. Res. Dev., vol. 53, pp. 560-571, 2009.
[11] California Senate Bill SB 1386, 2002.
[12] SWRL: A Semantic Web Rule Language Combining OWL and RuleML. Available: http://www.w3.org/Submission/SWRL/
[13] Connor, M. O. and A. Das (2009). "SQWRL: a Query Language for OWL." Proceedings of the 6th International Workshop on OWL: Experiences and Directions (OWLED 2009).
[14] D. Calvanese and G. D. Giacomo, "Data integration: a logic-based perspective," AI Mag., vol. 26, pp. 59-70, 2005.
[15] D. Calvanese, G. Giacomo, et al., "Data Integration through DL-Lite A Ontologies," in Semantics in Data and Knowledge Bases, 2008, pp. 26-47.
[16] D. Calvanese, G. Giacomo, et al., "Using OWL in Data Integration," in Semantic Web Information Management, 2010, pp. 397-424.
[17] A. Y. Levy, A. Rajaraman, et al., "Querying Heterogeneous Information Sources Using Source Descriptions," Proceedings of the 22th International Conference on Very Large Data Bases, 1996.
[18] C. A. Ardagna, M. Cremonini, et al., "A privacy-aware access control system," J. Comput. Secur., vol. 16, pp. 369-397, 2008.
[19] C. A. Ardagna, J. Camenisch, et al., "Exploiting cryptography for privacy-enhanced access control: A result of the PRIME Project," J. Comput. Secur., vol. 18, pp. 123-160, 2010.
[20] The Enterprise Privacy Authorization Language(EPAL). Available: http://www.w3.org/2003/p3p-ws/pp/ibm3.html
[21] S. De Capitani di Vimercati and S. Foresti, "Privacy of Outsourced
Data Privacy and Identity Management for Life." vol. 320, 2010, pp. 174-187.
[22] V. Ciriani, S. De Capitani di Vimercati, et al., "Keep a Few: Outsourcing Data While Maintaining Confidentiality Computer Security – ESORICS 2009." vol. 5789, 2009, pp. 440-455.
[23] V. Ciriani, S. D. C. D. Vimercati, et al., "Combining fragmentation and encryption to protect privacy in data storage," ACM Trans. Inf. Syst. Secur., vol. 13, pp. 1-33, 2010.
[24] S. Ceri, G. Gottlob, et al., "What You Always Wanted to Know About Datalog (And Never Dared to Ask)," IEEE Trans. on Knowl. and Data Eng., vol. 1, pp. 146-166, 1989.
[25] N. R. Adam and J. C. Worthmann, "Security-control methods for statistical databases: a comparative study," ACM Comput. Surv., vol. 21, pp. 515-556, 1989.
[26] J. Mateo-Sanz, A. Martínez-Ballesté, et al., "Fast Generation of Accurate Synthetic Microdata," in Privacy in Statistical Databases. vol. 3050, 2004, pp. 298-306.
[27] M. Lenzerini, "Ontology-based data management," Proceedings of the 20th ACM international conference on Information and knowledge management, Glasgow, Scotland, UK, 2011.
zh_TW