Skip to Main content Skip to Navigation
Theses

Enforcement of Privacy Preferences in Data Services: A SPARQL Query Rewriting Approach

Abstract : With the constant proliferation of information systems around the globe, the need for decentralized and scalable data sharing mechanisms has become a major factor of integration in a wide range of applications. Literature on information integration across autonomous entities has tacitly assumed that the data of each party can be revealed and shared to other parties. A lot of research, concerning the management of heterogeneous sources and database integration, has been proposed, for example based on centralized or distributed mediators that control access to data managed by different parties. On the other hand, real life data sharing scenarios in many application domains like healthcare, e-commerce market, e-government show that data integration and sharing are often hampered by legitimate and widespread data privacy and security concerns. Thus, protecting the individual data may be a prerequisite for organizations to share their data in open environments such as Internet. Work undertaken in this thesis aims to ensure security and privacy requirements of software systems, which take the form of web services, using query rewriting principles. The user query (SPARQL query) is rewritten in such a way that only authorized data are returned with respect to some confidentiality and privacy preferences policy. Moreover, the rewriting algorithm is instrumented by an access control model (OrBAC) for confidentiality constraints and a privacy-aware model (PrivOrBAC) for privacy constraints. A secure and privacy-preserving execution model for data services is then defined. Our model exploits the services¿ semantics to allow service providers to enforce locally their privacy and security policies without changing the implementation of their data services i.e., data services are considered as black boxes. We integrate our model to the architecture of Axis 2.0 and evaluate its efficiency in the healthcare application domain.
Document type :
Theses
Complete list of metadatas

Cited literature [125 references]  Display  Hide  Download

https://tel.archives-ouvertes.fr/tel-00833895
Contributor : Bibliothèque Télécom Bretagne <>
Submitted on : Thursday, June 13, 2013 - 4:39:57 PM
Last modification on : Wednesday, October 14, 2020 - 4:09:28 AM

File

2013telb0274_Oulmakhzoune_Said...
Files produced by the author(s)

Identifiers

  • HAL Id : tel-00833895, version 1

Citation

Said Oulmakhzoune. Enforcement of Privacy Preferences in Data Services: A SPARQL Query Rewriting Approach. Cryptography and Security [cs.CR]. Télécom Bretagne, Université de Rennes 1, 2013. English. ⟨tel-00833895⟩

Share

Metrics

Record views

487

Files downloads

798