Policy Enforcement System for Inter-Organizational Data Sharing

Sharing data among organizations plays an important role in security and data mining. In this paper, the authors describe a Data Sharing Miner and Analyzer DASMA system that simulates data sharing among N organizations. Each organization has its own enforced policy. The N organizations share their data based on trusted third party. The system collects the released data from each organization, processes it, mines it, and analyzes the results. Sharing in DASMA is based on trusted third parties. However, organizations may encode some attributes, for example. Each organization has its own policy represented in XML format. This policy states what attributes can be released, encoded, and randomized. DASMA processes the data set and collects the data, combines it, and prepares it for mining. After mining, a statistical report is produced stating the similarities between mining with data sharing and mining without sharing. The authors test, apply data sharing, enforce policy, and analyze the results of two separate datasets in different domains. The results indicate a fluctuation on the amount of information loss using different releasing factors.

[1]  Allen C. Johnston,et al.  Rootkits and What we Know: Assessing US and Korean Knowledge and Perceptions , 2007, Int. J. Inf. Secur. Priv..

[2]  Elisa Bertino,et al.  Selective and authentic third-party distribution of XML documents , 2004, IEEE Transactions on Knowledge and Data Engineering.

[3]  Bhavani M. Thuraisingham,et al.  Assured Information Sharing: Technologies, Challenges and Directions , 2008, Intelligence and Security Informatics.

[4]  Hamid R. Nemati,et al.  Information Security and Ethics: Concepts, Methodologies, Tools and Applications , 2008 .

[5]  Moshe Zviran,et al.  Goals and Practices in Maintaining Information Systems Security , 2010, Int. J. Inf. Secur. Priv..

[6]  Gordon B. Agnew,et al.  End-to-end security comparisons between IEEE 802.16e and 3G technologies , 2008 .

[7]  Hamid R. Nemati International Journal of Information Security and Privacy , 2007 .

[8]  Kien A. Hua,et al.  Protecting User Privacy Better with Query l-Diversity , 2010, Int. J. Inf. Secur. Priv..

[9]  Stefano Ceri,et al.  Distributed Databases: Principles and Systems , 1984 .

[10]  Bhavani M. Thuraisingham,et al.  Design and Implementation of a Framework for Assured Information Sharing Across Organizational Boundaries , 2008, Int. J. Inf. Secur. Priv..

[11]  Reiner Dojen,et al.  A Mutual Authentication Protocol with Resynchronisation Capability for Mobile Satellite Communications , 2011, Int. J. Inf. Secur. Priv..

[12]  Richard Baskerville,et al.  Extending Security in Agile Software Development Methods , 2008 .

[13]  Hamid Nemati Optimizing Information Security and Advancing Privacy Assurance: New Technologies , 2012 .

[14]  Jun Zheng,et al.  Handbook of Research on Wireless Security , 2008 .

[15]  Bhavani Thuraisingham,et al.  Data Mining: Technologies, Techniques, Tools, and Trends , 1998 .

[16]  S. E. Kruck,et al.  Computer Security Practices and Perceptions of the Next Generation of Corporate Computer Use , 2008, Int. J. Inf. Secur. Priv..