A Security Management Framework for Data Sensitivity and Multidimensional Classification

doi:10.3969/j.issn.1671-1122.2021.10.007

Abstract

Abstract:

In view of there has been no consensus on the standard and the technical architecture of data sensitivity and classification management, and conventional tools to realize data sensitivity and classification have very limited expressive power, a framework for expressing and computing data sensitivity and multidimensional data classification was proposed. The method was based on a declarative logic programming language and was capable of defining and analyzing data sensitivity and classification with fine granularity and high efficiency. Firstly, in terms of expression ability and complexity, besides supported conventional security labels, sensitivity and classification assigned not on data records, or parameterized, or concerning multiple data resources could also be expressed and computed. Then based on sensitivity and classification, examples were given to show the expressiveness and complexity of the method. Various data security analysis and management mechanisms could be implemented on the same framework. In addition, utilizing the declarative nature of the language, realizing data security on existing systems incurs low overhead to performance and was transparented to underlying computation and storage details, which was beneficial to system migration and optimization, could reduce the impact of security mechanism on system performance, and facilitates the deployment of data sensitivity and classification-based security mechanisms.

Key words: data security, sensitivity and classification, logic programming, big data

CLC Number:

TP309

LIU Hong, ZHANG Yuejin, ZHAO Wenxia, YANG Mu. A Security Management Framework for Data Sensitivity and Multidimensional Classification[J]. Netinfo Security, 2021, 21(10): 48-53.

Figures/Tables 1

References 17

[1]	JIANG Yuze, CHEN Shiyang. Development Status and Challenge Analysis of Data Security Technology[J]. Communications World, 2021(8):17-19.
	姜宇泽, 陈诗洋. 数据安全技术发展现状及挑战解析[J]. 通信世界, 2021(8):17-19.
[2]	LIU Bosong. Research and Implementation of Security Policy Management System Based on Multi-dimensional Attribute Label[D]. Beijing: Beijing University of Posts and Telecommunications, 2017.
	刘伯松. 基于多维属性标签的安全策略管理系统研究与实现[D]. 北京:北京邮电大学, 2017.
[3]	YANG Mohan. Declarative Languages and Scalable Systems for Graph Analytics and Knowledge Discovery[D]. Los Angeles: University of California, 2017.
[4]	ANTONIOU G, BATSAKIS S, MUTHARAJU R, et al. A Survey of Large-scale Reasoning on the Web of Data[J]. The Knowledge Engineering Review, 2018(33):1-24.
[5]	DAS A, LI Youfu, WANG Jin, et al. Big Data Applications from Graph Analytics to Machine Learning by Aggregates in Recursion[EB/OL]. https://arxiv.org/abs/1909.08249v1, 2019-09-18.
[6]	AREF M, CATE B T, GREEN T J, et al. Design and Implementation of the Logic Blox System [C]//ACM. 2015 International Conference on Management of Data (SIGMOD’15), May 27-28, 2015, New York, USA. New York: ACM, 2015: 1371-1382.
[7]	MOTIK B, NENOV Y, PIRO R. Parallel Materialisation of Datalog Programs in Centralised, Main-memory RDF Systems [C]//AAAI. 28th AAAI Conference on Artificial Intelligence (AAAI’14), July 27-29, 2014, Québec, Canada. Palo Alto: AAAI, 2014: 129-137.
[8]	SHKAPSKY A, YANG M, INTERLANDI M, et al. Big Data Analytics with Datalog Queries on Spark [C]//ACM. 2016 International Conference on Management of Data (SIGMOD’16), June 26-27, 2016, San Francisco, USA. New York: ACM, 2016: 1135-1149.
[9]	SEO J, PARK J, SHIN J, et al. Distributed Socialite: A Datalog-based Language for Large-scale Graph Analysis[J]. VLDB Endowment, 2013, 6(14):1906-1917.
[10]	WANG Jingjing, BALAZINSKA M, HALPERIN D, et al. Asynchronous and Fault-tolerant Recursive Datalog Evaluation in Shared-nothing Engines[J]. VLDB Endowment, 2015, 8(12):1542-1553.
[11]	GU J, WATANABE Y, MAZZA W, et al. RaSQL: Greater Power and Performance for Big Data Analytics with Recursive-aggregate-SQL on Spark [C]//ACM. 2019 International Conference on Management of Data (SIGMOD’19), June 14-16, 2019, Amsterdam, Netherlands. New York: ACM, 2019: 467-484.
[12]	LI Ninghui. Delegation Logic: A Logic-based Approach to Distributed Authorization[D]. New York: New York University, 2000.
[13]	PASARELLA E, LOBO J. A Datalog Framework for Modeling Relationship-based Access Control Policies [C]//ACM. 22nd ACM on Symposium on Access Control Models and Technologies (SACMAT’17), June 21-22, 2017, Indianapolis, USA. New York: ACM, 2017: 91-102.
[14]	OU Xinming. A Logic-programming Approach to Network Security Analysis[D]. New Jersey: Princeton University, 2005.
[15]	ZANIOLO C, YANG M, INTERLANDI M, et al. Fixpoint Semantics and Optimization of Recursive Datalog Programs with Aggregates[J]. Theory and Practice of Logic Programming, 2017, 17(5-6):1048-1065. doi: 10.1017/S1471068417000436 URL
[16]	MEI Hongyuan, QIN Guanghui, XU Minjie, et al. Neural Datalog Through Time: Informed Temporal Modeling via Logical Specification[EB/OL]. https://arxiv.org/abs/2006.16723, 2020-06-30.
[17]	WANG Jin, WU Jiacheng, LI Mingda. et al. Formal Semantics and High Performance in Declarative Machine Learning Using Datalog[J]. The VLDB Journal, 2021, 30(12):859-881. doi: 10.1007/s00778-021-00665-6 URL