论文信息 - How the Conceptual Modelling Improves the Security on Document Databases

How the Conceptual Modelling Improves the Security on Document Databases

Big Data is becoming a prominent trend in our society. Ever larger amounts of data, including sensitive and personal information, are being loaded into NoSQL and other Big Data technologies for analysis and processing. However, current security approaches do not take into account the special characteristics of these technologies, leaving sensitive and personal data unprotected, thereby risking severe monetary losses and brand damage. In this paper, we focus on assuring document databases, proposing a framework that considers three stages: (1) The source data set is analysed by using Natural Language Processing techniques and ontological resources, in order to detect sensitive data. (2) We define a metamodel for document databases that allows designers to specify both structural and security aspects. (3) This model is automatically implemented into a specific document database tool, MongoDB. Finally, we apply the proposed framework to a case study with a data set from the medical domain. The great advantages of our framework are that: (1) the effort required to secure the data is reduced, as part of the process is automated, (2) it can be easily applied to other NoSQL technologies by adapting the metamodel and transformations, and (3) it is aligned with existing standards, thus facilitating the application of recommendations and best practices.

[1] Ehud Gudes,et al. Security Issues in NoSQL Databases , 2011, 2011IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications.

[2] N. Kshetri. Big data's impact on privacy, security and consumer welfare , 2014 .

[3] Jan Jürjens,et al. Secure systems development with UML , 2004 .

[4] P. Dhavachelvan,et al. Big Data and Hadoop-a Study in Security Perspective , 2015 .

[5] Satyajee Srivastava,et al. Big data security issues and challenges , 2016, 2016 International Conference on Computing, Communication and Automation (ICCCA).

[6] Keith W. Miller,et al. Big Data: New Opportunities and New Challenges [Guest editors' introduction] , 2013, Computer.

[7] Li Xu,et al. Universal designated verifier transitive signatures for graph-based big data , 2015, Inf. Sci..

[8] Bhavani M. Thuraisingham. Big Data Security and Privacy , 2015, CODASPY.

[9] Rongxing Lu,et al. Obtain confidentiality or/and authenticity in Big Data by ID-based generalized signcryption , 2015, Inf. Sci..

[10] Guillermo Lafuente,et al. The big data security challenge , 2015, Netw. Secur..

[11] Yan Wang,et al. A graph-based comprehensive reputation model: Exploiting the social context of opinions to enhance trust in social commerce , 2015, Inf. Sci..