國
立 政 治 大 學
‧
N a tio na
l C h engchi U ni ve rs it y
49
圖 十四、Protégé SWRL Tab 推論 DRP 的規則畫面
5.2 系統展示
本研究的研究架構分為兩個步驟:第一在資料委外的時候必經先將資料以加 密結合分割的方式處理,並且記錄 IndexKey 的關係。第二是在 Protégé 設定好 ACP、DHP 和 DRP 三種規範和相對應的 SWRL 或 SQWRL 規則,並且由人進行 手動推論。由於本研究所設計的系統需實現動態推論,因此採用 Protégé 所提供 的
protégé-owl api,來實現動態編輯 OWL DL 本體論和 SWRL 或 SQWRL 規則推
‧
Access Control Policy
Data Handling Policy
Data Releasing Policy 資料查詢介面(Web) Protégé OWL API
...
本研究的系統實作架構圖如上所示。protégé-owl api 是以 Java 語言撰寫的函 式庫,為了系統整合方便本研究採用 JSP 語言撰寫資料查詢介面和後端,以調用
‧ 國
立 政 治 大 學
‧
N a tio na
l C h engchi U ni ve rs it y
51
圖 十六、PBQ 使用者勾選所需資料頁面
圖 十七、侵害隱私的 PBQ 使用者需從 Quasi-identifiers 的組成元素中挑選一個欄位
‧ 國
立 政 治 大 學
‧
N a tio na
l C h engchi U ni ve rs it y
52
圖 十八、侵害隱私的 PBQ 使用者需挑選 SDC 去處理上一步驟所挑選的欄位
圖 十九、最後揭露給 PBQ 使用者的資料
‧ 國
立 政 治 大 學
‧
N a tio na
l C h engchi U ni ve rs it y
53
第6章
結論與未來展望
本研究在資料委外前先行以加密結合分割的方式處理資料以確保資料委外 的隱私保護,並以本體論和規則語言設計 ACP、DHP 和 DRP 這三個規範。ACP 負責驗證使用者以及授權使用者能使用的查詢模式,DHP 則將符合資料擁有者 的隱私偏好使用情境的委外資料從雲端資料庫服務中整合出來,最後 DRP 負責 最後進行對使用者的資料揭露。透過這三個規範合作、分工來提供 SBQ 和 PBQ 確保資料使用上的隱私保護。
而本研究中只有考量到結構化單一資料源的 Microdata 揭露一次時的隱私保 護,並沒有考量使用者多次查詢不同欄位資料,接著再藉由比對資料確認資料擁 有者身分來侵害隱私的情況。同時對於結構化多資料源的 Microdata 揭露以及 Macrodata 揭露時該落實的保護也是本研究沒有探討的部分,前者像是透過多資 料源的不同欄位資料的比對,可以辨別一個人的身分[6]進而侵犯隱私,而後者 像是多次查詢 Macrodata 等。如何運用本體論和規則語言來塑模 Audit Log 針對 上述情況進行資料使用上的保護,還需要進一步的探討。此外,本研究是探討在 關聯式資料庫的委外隱私保護,但資料的儲存方式正在轉往語意格式儲存,如歐 洲等國正逐步推動以 RDF (Resource Description Framework)格式儲存資料,如何 確保委外的 RDF 格式資料的隱私也是未來需要探討的部分。
‧ 國
立 政 治 大 學
‧
N a tio na
l C h engchi U ni ve rs it y
54
參考文獻
[1] H. Hakan, "Providing Database as a Service," 2002, pp. 0029-0029.
[2] M. Armbrust, A. Fox, et al., "Above the Clouds: A Berkeley View of Cloud Computing," EECS Department, University of California, Berkeley
UCB/EECS-2009-28, February 10 2009.
[3] H. Takabi, J. B. D. Joshi, et al., "Security and Privacy Challenges in Cloud Computing Environments," IEEE Security and Privacy, vol. 8, pp. 24-31, 2010.
[4] P. Samarati and S. D. C. d. Vimercati, "Data protection in outsourcing scenarios:
issues and directions," Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, Beijing, China, 2010.
[5] V. Ciriani, S. Capitani di Vimercati, et al., "Microdata Protection," in Secure Data Management in Decentralized Systems. vol. 33, 2007, pp. 291-321.
[6] L. Sweeney, "k-anonymity: a model for protecting privacy," Int. J. Uncertain.
Fuzziness Knowl.-Based Syst., vol. 10, pp. 557-570, 2002.
[7] R. Popp and J. Poindexter, "Countering Terrorism through Information and Privacy Protection Technologies," IEEE Security and Privacy, vol. 4, pp. 18-27, 2006.
[8] OpenTC. Available: http://www.opentc.net/
[9] S. Cabuk, C. I. Dalton, et al., "Towards automated security policy enforcement in multi-tenant virtual data centers," Journal of Computer Security, vol. 18, pp.
89-121, 2010.
[10] S. Berger, R. C, et al., "Security for the cloud infrastructure: trusted virtual data center implementation," IBM J. Res. Dev., vol. 53, pp. 560-571, 2009.
[11] California Senate Bill SB 1386, 2002.
‧
[12] SWRL: A Semantic Web Rule Language Combining OWL and RuleML.
Available: http://www.w3.org/Submission/SWRL/
[13] Connor, M. O. and A. Das (2009). "SQWRL: a Query Language for OWL."
Proceedings of the 6th International Workshop on OWL: Experiences and Directions (OWLED 2009).
[14] D. Calvanese and G. D. Giacomo, "Data integration: a logic-based perspective,"
AI Mag., vol. 26, pp. 59-70, 2005.
[15] D. Calvanese, G. Giacomo, et al., "Data Integration through DL-Lite A Ontologies," in Semantics in Data and Knowledge Bases, 2008, pp. 26-47.
[16] D. Calvanese, G. Giacomo, et al., "Using OWL in Data Integration," in Semantic Web Information Management, 2010, pp. 397-424.
[17] A. Y. Levy, A. Rajaraman, et al., "Querying Heterogeneous Information Sources Using Source Descriptions," Proceedings of the 22th International Conference on Very Large Data Bases, 1996.
[18] C. A. Ardagna, M. Cremonini, et al., "A privacy-aware access control system," J.
Comput. Secur., vol. 16, pp. 369-397, 2008.
[19] C. A. Ardagna, J. Camenisch, et al., "Exploiting cryptography for
privacy-enhanced access control: A result of the PRIME Project," J. Comput.
Secur., vol. 18, pp. 123-160, 2010.
[20] The Enterprise Privacy Authorization Language(EPAL). Available:
http://www.w3.org/2003/p3p-ws/pp/ibm3.html
[21] S. De Capitani di Vimercati and S. Foresti, "Privacy of Outsourced
Data Privacy and Identity Management for Life." vol. 320, 2010, pp. 174-187.
[22] V. Ciriani, S. De Capitani di Vimercati, et al., "Keep a Few: Outsourcing Data While Maintaining Confidentiality Computer Security – ESORICS 2009." vol.
‧ 國
立 政 治 大 學
‧
N a tio na
l C h engchi U ni ve rs it y
56
5789, 2009, pp. 440-455.
[23] V. Ciriani, S. D. C. D. Vimercati, et al., "Combining fragmentation and
encryption to protect privacy in data storage," ACM Trans. Inf. Syst. Secur., vol.
13, pp. 1-33, 2010.
[24] S. Ceri, G. Gottlob, et al., "What You Always Wanted to Know About Datalog (And Never Dared to Ask)," IEEE Trans. on Knowl. and Data Eng., vol. 1, pp.
146-166, 1989.
[25] N. R. Adam and J. C. Worthmann, "Security-control methods for statistical databases: a comparative study," ACM Comput. Surv., vol. 21, pp. 515-556, 1989.
[26] J. Mateo-Sanz, A. Martínez-Ballesté, et al., "Fast Generation of Accurate Synthetic Microdata," in Privacy in Statistical Databases. vol. 3050, 2004, pp.
298-306.
[27] M. Lenzerini, "Ontology-based data management," Proceedings of the 20th ACM international conference on Information and knowledge
management, Glasgow, Scotland, UK, 2011.