學術產出-學位論文
文章檢視/開啟
書目匯出
-
題名 在語意式雲端環境上資料交換的保護 -以醫療病例為例
Data exchange protection in the semantic data cloud-medical health record as an example作者 黃雅玲
Huang, Ya Ling貢獻者 胡毓忠
Hu, Yuh Jong
黃雅玲
Huang, Ya Ling關鍵詞 語意網
資料交換
雜湊函數日期 2012 上傳時間 1-四月-2013 14:39:07 (UTC+8) 摘要 近年來,隨著網路資訊的普及和個人隱私意識的提升,個人識別資料的分享和保護已經變成重要網路研究議題之ㄧ。資料存放在雲端環境上,因不同資料來源之間結構上的差異,我們將會面臨到如何建立PII的分享和保護準則,以確保滿足資料擁有者的隱私偏好。 本研究使用雲端運算做為多個資料源執行資料交換的環境,其好處在於擁有大量的網路存放空間、大幅降低了資料管理成本。舉例來說,我們可在雲端環境上存放大量的醫療資料,當使用者欲查詢不同來源的醫療資料時,可透過資料交換的方式從單一入口取得,不需兩端分別進行查詢,並利用雜湊函數的方式來處理個人資料匿名性的辨識,主要是在不揭露個人資料的狀況下,仍然可以判斷資料是否為同一筆資料。另外,由於本研究以個人隱私資料做為研究之情境,所以在隱私保護上會以存取控管規範(Access Control Policy,ACP)、資料處理規範(Data Handling Policy,DHP)和資料釋放規範(Data Release Policy,DRP),三種規範來說明資料保護、資料交換和資料揭露的過程。最後,本研究主要是使用具有語意化技術本體論和規則的知識表達來解決跨資料源的資料交換,除了理論塑模之外並且利用兩家醫院的情境來加以展示。
Personal Identifiable Information (PII) sharing and protection have become one of the most important research issues for the Internet, especially for cloud computing infrastructure because of its widespread services. The challenge of sharing structured PII data in the cloud is to address the structure differences between data sources. In addition, we face the problem for how to establish the PII sharing and protection principles to ensure that its disclosure criteria are satisfied with the data owners` privacy policies.In this study, we use cloud computing simulated environment as a multiple data sources exchange platform because of its spacious and cost-effective reasons. For example, we can outsource tremendous amount of electronic health record (EHR) administration services in the cloud without too much cost. Besides, data exchange provides a single point of data access instead of having accessed in a separate entry. We apply hash function of de-identifiable partial PII to enable record linkage services between data sources for data exchange without losing data owners` privacy.Three types of privacy protection policies are proposed to achieve the data exchange and protection objectives in the multiple sources data cloud. They are Access Control Policy (ACP), Data Handling Policy (DHP), and Data Releasing Policy (DRP). These policies are represented as OWL-based ontologies and enforced as Logic-Program (LP)-based rules. We demonstrate the privacy protection policy concepts for medical record exchange between two hospitals.參考文獻 [1] Eberhart, A. et al., "Semantic Technologies and Cloud Computing." In Foundations for the Web of Information and Services, Fensel, D., Ed.; Springer, 2011, pp. 239–251.[2] 新北市政府資訊中心,新北市打造雲端檔案櫃省紙減碳節省公帑千萬,2012http://www.imc.ntpc.gov.tw/web/News?command=showDetail&postId=262250[3] Bill Claybrook. "Differences Explained: Private vs. Public vs. Hybrid Cloud Computing." Sponsored by: HP & INTEL, 2011.[4] R. Fagin , et al.," Data Exchange: Semantics and Query Answering", Lecture Notes in Computer Science, vol.2572, pp.207-224, 2003.[5] A. Hernich, et al.," Logic and Data Exchange: Which Solutions Are “Good” Solutions?", Lecture Notes in Computer Science, vol.6006,pp.61-85, 2010.[6] A. Y. Levy, et al., "Querying Heterogeneous Information Sources Using Source Descriptions," Presented at the Proceedings of the 22th International Conference on Very Large Data Bases, 1996.[7] R. Herold, "European Union (EU) Data Protection Directive of 1995 Frequently Asked Questions " Computer Security Institute,2002.[8] R. Popp, et al.," Countering Terrorism Through Information and Privacy Protection Technologies", IEEE Security and Privac, vol.4,pp.18-27, 2006.[9] V. Ciriani, S. Capitani di Vimercati, et al., "Microdata Protection," in Secure Data Management in Decentralized Systems. vol. 33, 2007, pp. 291-321.[10] L. Sweeney, et al.," k-Anonymity: A Model for Protecting Privacy", International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems,vol.10,pp.557-570,2002.[11] D. Calvanese and G. D. Giacomo, "Data Integration: A Logic-Based Perspective," AI Magazine, vol. 26, pp. 59-70, 2005.[12] Y. Kalfoglou and M. Schorlemmer, "Ontology Mapping: The State of The Art", The Knowledge Engineering Review, vol. 18, pp. 1-31, 2003.[13] J. Euzenat and P. Valtchev, "Similarity-Based Ontology Alignment in OWL-Lite", ECAI , 2004.[14] N. F. Noy and M. A. Musen, "The PROMPT Suite: Interactive Tools for Ontology Merging and Mapping," International Journal of Human-Computer Studies, vol. 59, pp. 983-1024, 2003.[15] R.L.Rivest.," The MD5 message digest algorithm ", RFC 1321, 1992.[16] L. Sweeney, "Achieving k-anonymity privacy protection using generalization and suppression." International Journal on Uncertainty, Fuzziness and Knowledge-based Systems, 2002.[17] 鄭國平, "雲端委外語意式資料保護," 碩士, 資訊科學學系,國立政治大學,2013.[18] C.A. Ardagna, et al., "A Privacy-Aware Access Control System∗," J. Comput. Secur., vol. 16, pp. 369-397, 2008.[19] C. A. Ardagna, J. Camenisch, et al., "Exploiting cryptography for privacy-enhanced access control: A result of the PRIME Project," J. Comput. Secur., vol. 18, pp. 123-160, 2010.[20] Ian Horrocks, Peter F. Patel-Schneider, Harold Boley, Said Tabet , Benjamin Grosof , Mike Mike Mike Dean(2004). ”SWRL: A Semantic Web Rule Language Combining OWL and RuleML”,http://www.w3.org/Submission/SWRL/[21] OECD定義Quasi-identifiershttp://stats.oecd.org/glossary/detail.asp?ID=6961[22] 楊竣展, "整合資料在雲端環境上的分享與隱私保護-以電子病歷資料為例," 碩士, 資訊科學學系,國立政治大學,2011.[23] J. Mateo-Sanz, A. Martínez-Ballesté, et al., "Fast Generation of Accurate Synthetic Microdata," in Privacy in Statistical Databases. vol. 3050, 2004, pp. 298-306.[24] Knublauch, H., M. A. Musen, and A. L. Rector(2004). “Editing description logics ontologies with the Protégé OWL plugin”, International Workshop on Description Logics., Vol.104. 描述 碩士
國立政治大學
資訊科學學系
99753026
101資料來源 http://thesis.lib.nccu.edu.tw/record/#G0099753026 資料類型 thesis dc.contributor.advisor 胡毓忠 zh_TW dc.contributor.advisor Hu, Yuh Jong en_US dc.contributor.author (作者) 黃雅玲 zh_TW dc.contributor.author (作者) Huang, Ya Ling en_US dc.creator (作者) 黃雅玲 zh_TW dc.creator (作者) Huang, Ya Ling en_US dc.date (日期) 2012 en_US dc.date.accessioned 1-四月-2013 14:39:07 (UTC+8) - dc.date.available 1-四月-2013 14:39:07 (UTC+8) - dc.date.issued (上傳時間) 1-四月-2013 14:39:07 (UTC+8) - dc.identifier (其他 識別碼) G0099753026 en_US dc.identifier.uri (URI) http://nccur.lib.nccu.edu.tw/handle/140.119/57581 - dc.description (描述) 碩士 zh_TW dc.description (描述) 國立政治大學 zh_TW dc.description (描述) 資訊科學學系 zh_TW dc.description (描述) 99753026 zh_TW dc.description (描述) 101 zh_TW dc.description.abstract (摘要) 近年來,隨著網路資訊的普及和個人隱私意識的提升,個人識別資料的分享和保護已經變成重要網路研究議題之ㄧ。資料存放在雲端環境上,因不同資料來源之間結構上的差異,我們將會面臨到如何建立PII的分享和保護準則,以確保滿足資料擁有者的隱私偏好。 本研究使用雲端運算做為多個資料源執行資料交換的環境,其好處在於擁有大量的網路存放空間、大幅降低了資料管理成本。舉例來說,我們可在雲端環境上存放大量的醫療資料,當使用者欲查詢不同來源的醫療資料時,可透過資料交換的方式從單一入口取得,不需兩端分別進行查詢,並利用雜湊函數的方式來處理個人資料匿名性的辨識,主要是在不揭露個人資料的狀況下,仍然可以判斷資料是否為同一筆資料。另外,由於本研究以個人隱私資料做為研究之情境,所以在隱私保護上會以存取控管規範(Access Control Policy,ACP)、資料處理規範(Data Handling Policy,DHP)和資料釋放規範(Data Release Policy,DRP),三種規範來說明資料保護、資料交換和資料揭露的過程。最後,本研究主要是使用具有語意化技術本體論和規則的知識表達來解決跨資料源的資料交換,除了理論塑模之外並且利用兩家醫院的情境來加以展示。 zh_TW dc.description.abstract (摘要) Personal Identifiable Information (PII) sharing and protection have become one of the most important research issues for the Internet, especially for cloud computing infrastructure because of its widespread services. The challenge of sharing structured PII data in the cloud is to address the structure differences between data sources. In addition, we face the problem for how to establish the PII sharing and protection principles to ensure that its disclosure criteria are satisfied with the data owners` privacy policies.In this study, we use cloud computing simulated environment as a multiple data sources exchange platform because of its spacious and cost-effective reasons. For example, we can outsource tremendous amount of electronic health record (EHR) administration services in the cloud without too much cost. Besides, data exchange provides a single point of data access instead of having accessed in a separate entry. We apply hash function of de-identifiable partial PII to enable record linkage services between data sources for data exchange without losing data owners` privacy.Three types of privacy protection policies are proposed to achieve the data exchange and protection objectives in the multiple sources data cloud. They are Access Control Policy (ACP), Data Handling Policy (DHP), and Data Releasing Policy (DRP). These policies are represented as OWL-based ontologies and enforced as Logic-Program (LP)-based rules. We demonstrate the privacy protection policy concepts for medical record exchange between two hospitals. en_US dc.description.tableofcontents 摘要 3第一章、導論 101.1研究動機 101.2研究目的 111.3各章節概述 11第二章、研究背景 122.1雲端運算 122.2資料交換 vs.資料整合 122.3個人資料查詢的合理使用 142.4本體論 162.5資料整合-資料庫vs.本體論 162.6雜湊函數 18第三章、相關研究 203.1 隱私還原保護 203.2雲端委外語意式資料保護 213.3 隱私資料的存取控管機制 21第四章、研究方法與架構 234.1研究情境與架構 234.2本體論建構 254.2.1 ACP、DHP和DRP設計 254.2.2 ACP設計 264.2.3 DHP設計 284.2.4 DRP設計 384.2.5查詢結果說明 424.3不同資料來源的分析與優勢 434.3.1 SBQ分析與優勢 434.3.2 PBQ分析與優勢 44第五章、模擬驗證 475.1模擬架構 475.2模擬驗證之環境需求 475.3 Protégé實作本體論與規則 48第六章、結論與未來展望 51參考資料: 52 zh_TW dc.language.iso en_US - dc.source.uri (資料來源) http://thesis.lib.nccu.edu.tw/record/#G0099753026 en_US dc.subject (關鍵詞) 語意網 zh_TW dc.subject (關鍵詞) 資料交換 zh_TW dc.subject (關鍵詞) 雜湊函數 zh_TW dc.title (題名) 在語意式雲端環境上資料交換的保護 -以醫療病例為例 zh_TW dc.title (題名) Data exchange protection in the semantic data cloud-medical health record as an example en_US dc.type (資料類型) thesis en dc.relation.reference (參考文獻) [1] Eberhart, A. et al., "Semantic Technologies and Cloud Computing." In Foundations for the Web of Information and Services, Fensel, D., Ed.; Springer, 2011, pp. 239–251.[2] 新北市政府資訊中心,新北市打造雲端檔案櫃省紙減碳節省公帑千萬,2012http://www.imc.ntpc.gov.tw/web/News?command=showDetail&postId=262250[3] Bill Claybrook. "Differences Explained: Private vs. Public vs. Hybrid Cloud Computing." Sponsored by: HP & INTEL, 2011.[4] R. Fagin , et al.," Data Exchange: Semantics and Query Answering", Lecture Notes in Computer Science, vol.2572, pp.207-224, 2003.[5] A. Hernich, et al.," Logic and Data Exchange: Which Solutions Are “Good” Solutions?", Lecture Notes in Computer Science, vol.6006,pp.61-85, 2010.[6] A. Y. Levy, et al., "Querying Heterogeneous Information Sources Using Source Descriptions," Presented at the Proceedings of the 22th International Conference on Very Large Data Bases, 1996.[7] R. Herold, "European Union (EU) Data Protection Directive of 1995 Frequently Asked Questions " Computer Security Institute,2002.[8] R. Popp, et al.," Countering Terrorism Through Information and Privacy Protection Technologies", IEEE Security and Privac, vol.4,pp.18-27, 2006.[9] V. Ciriani, S. Capitani di Vimercati, et al., "Microdata Protection," in Secure Data Management in Decentralized Systems. vol. 33, 2007, pp. 291-321.[10] L. Sweeney, et al.," k-Anonymity: A Model for Protecting Privacy", International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems,vol.10,pp.557-570,2002.[11] D. Calvanese and G. D. Giacomo, "Data Integration: A Logic-Based Perspective," AI Magazine, vol. 26, pp. 59-70, 2005.[12] Y. Kalfoglou and M. Schorlemmer, "Ontology Mapping: The State of The Art", The Knowledge Engineering Review, vol. 18, pp. 1-31, 2003.[13] J. Euzenat and P. Valtchev, "Similarity-Based Ontology Alignment in OWL-Lite", ECAI , 2004.[14] N. F. Noy and M. A. Musen, "The PROMPT Suite: Interactive Tools for Ontology Merging and Mapping," International Journal of Human-Computer Studies, vol. 59, pp. 983-1024, 2003.[15] R.L.Rivest.," The MD5 message digest algorithm ", RFC 1321, 1992.[16] L. Sweeney, "Achieving k-anonymity privacy protection using generalization and suppression." International Journal on Uncertainty, Fuzziness and Knowledge-based Systems, 2002.[17] 鄭國平, "雲端委外語意式資料保護," 碩士, 資訊科學學系,國立政治大學,2013.[18] C.A. Ardagna, et al., "A Privacy-Aware Access Control System∗," J. Comput. Secur., vol. 16, pp. 369-397, 2008.[19] C. A. Ardagna, J. Camenisch, et al., "Exploiting cryptography for privacy-enhanced access control: A result of the PRIME Project," J. Comput. Secur., vol. 18, pp. 123-160, 2010.[20] Ian Horrocks, Peter F. Patel-Schneider, Harold Boley, Said Tabet , Benjamin Grosof , Mike Mike Mike Dean(2004). ”SWRL: A Semantic Web Rule Language Combining OWL and RuleML”,http://www.w3.org/Submission/SWRL/[21] OECD定義Quasi-identifiershttp://stats.oecd.org/glossary/detail.asp?ID=6961[22] 楊竣展, "整合資料在雲端環境上的分享與隱私保護-以電子病歷資料為例," 碩士, 資訊科學學系,國立政治大學,2011.[23] J. Mateo-Sanz, A. Martínez-Ballesté, et al., "Fast Generation of Accurate Synthetic Microdata," in Privacy in Statistical Databases. vol. 3050, 2004, pp. 298-306.[24] Knublauch, H., M. A. Musen, and A. L. Rector(2004). “Editing description logics ontologies with the Protégé OWL plugin”, International Workshop on Description Logics., Vol.104. zh_TW