Information Security in Business Intelligence based on Cloud: A Survey of Key Issues and the Premises of a Proposal

Elena Jaramillo, Manuel Munier, Philippe Aniorté

2013

Abstract

More sophisticated inter-organizational interactions have generated changes in the way in which organizations make business. Advanced forms of collaborations, such as Business Process as a Service (BPaaS), allow different partners to leverage business intelligence within organizations. However, although it presents powerfull economical and technical benefits, it also arrises some pitfalls about data security, especially when it is mediated by the cloud. In this article, current aspects which have been tackled in the literature related to data risks and accountability are presented. In addition, some open issues are also presented from the analysis of the existing methodologies and techniques proposed in the literature. A final point is made by proposing an approach, which aims at preventive, detective and corrective accountability and data risk management, based on usage control policies and model driven engineering.

References

  1. European Parliament and the Council of the European Union: Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. Official Journal of the European Union L 281 (1995) 0031-0050
  2. European Parliament and the Council of the European Union: Directive 2010/87/EU on standard contractual clauses for the transfer of personal data to processors established in third countries under Directive 95/46/EC of the European Parliament and of the Council. Official Journal of the European Union L 318 (2010) 0032-0035
  3. European Parliament and the Council of the European Union: Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications). Official Journal of the European Union L 201 (2002) 0037-0047
  4. International Working Group on Data Protection in Telecommunications: Working Paper on Cloud Computing - Privacy and data protection issues - “Sopot Memorandum” - . 51st Meeting, 23-24 April 2012, Sopot (Poland) (2012)
  5. Lacey, D.: Inventing the future - the vision of the jericho forum. Inf. Secur. Tech. Rep. 10 (2005) 186-188
  6. States, U.: Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT ACT) Act of 2001. U.S. Government Printing Office (2001)
  7. Morrow, S.: Data Security in the Cloud. John Wiley & Sons, Inc. (2011)
  8. Leimbach, Timo; Friedewald, Michael; Nentwich, Michael; Strauß, Stefan; Weber, Arnd; Koenig, Rene; Hennen, Leonhard ;Skødt, Jakob Nielsen: Cloud computing - european perspectives on impacts and potentials of cloud computing and social network sites (interim report - phase i). Deliverable No.1; im Auftrag von: Science and Technology Options Assessment (STOA), European Parliament (2012)
  9. Timmermans, J., Ikonen, V., Stahl, B., Bozdag, E.: The ethics of cloud computing: A conceptual review. In: Cloud Computing Technology and Science (CloudCom), 2010 IEEE Second International Conference on. (2010) 614-620
  10. Esteves, R., Rong, C.: Social impact of privacy in cloud computing. In: Cloud Computing Technology and Science (CloudCom), 2010 IEEE Second International Conference on. (2010) 593-596
  11. Lopes Cardoso, Henrique; Leitão, P., Oliveira, E.: An approach to inter-organizational workflow management in an electronic institution. In: Proceedings of the 11th IFAC Symposium on Information Control Problems in Manufacturing. (2006)
  12. Leitão, P., Mendes, J.a.: Agent-based inter-organizational workflow management system. In: Proceedings of the 3rd international conference on Industrial Applications of Holonic and Multi-Agent Systems: Holonic and Multi-Agent Systems for Manufacturing. HoloMAS 7807, Berlin, Heidelberg, Springer-Verlag (2007) 71-80
  13. Pulier, E., Taylor, H.: Understanding enterprise SOA. Manning Pubs Co Series. Manning (2006)
  14. Van Der Aalst, W.M.P.: Inheritance of interorganizational workflows: How to agree to disagree without loosing control? Inf. Technol. and Management 4 (2003) 345-389
  15. Eder, J., Kerschbaumer, N., Köpke, J., Pichler, H., Tahamtan, A.: View-based interorganizational workflows. In: Proceedings of the 12th International Conference on Computer Systems and Technologies. CompSysTech 7811, New York, NY, USA, ACM (2011) 1-10
  16. ISO: ISO/IEC 27010:2012: Information technology - Security techniques - Information security management for inter-sector and inter-organizational communications. Published, International Organization for Standardization (ISO), Geneva, Switzerland (2012)
  17. Bose, S., Pasala, A., Ramanujam A, D., Murthy, S., Malaiyandisamy, G. In: SLA Management in Cloud Computing: A Service Provider's Perspective. John Wiley & Sons, Inc. (2011) 413-436
  18. Cardoso, J., Sheth, A., Miller, J.: Workflow quality of service (2002)
  19. Van Dijk, A.: Contracting workflows and protocol patterns. In: Proceedings of the 2003 international conference on Business process management. BPM'03, Berlin, Heidelberg, Springer-Verlag (2003) 152-167
  20. Guidara, I., Chaari, T., Fakhfakh, K., Jmaiel, M.: A comprehensive survey on intra and inter organizational agreements. In: Proceedings of the 2012 IEEE 21st International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises. WETICE 7812, Washington, DC, USA, IEEE Computer Society (2012) 411-416
  21. Haeberlen, A.: A case for the accountable cloud. SIGOPS Oper. Syst. Rev. 44 (2010) 52-57
  22. Yao, J., Chen, S., Wang, C., Levy, D., Zic, J.: Accountability as a service for the cloud. In: Services Computing (SCC), 2010 IEEE International Conference on. (2010) 81-88
  23. Ringelstein, C., Staab, S.: Logging in distributed workflows. In: PEAS. (2007)
  24. Pearson, S., Tountopoulos, V., Catteddu, D., Sudholt, M., Molva, R., Reich, C., FischerHubner, S., Millard, C., Lotz, V., Jaatun, M., Leenes, R., Rong, C., Lopez, J.: Accountability for cloud and other future internet services. In: Cloud Computing Technology and Science (CloudCom), 2012 IEEE 4th International Conference on. (2012) 629-632
  25. Rochwerger, B., Vázquez, C., Breitgand, D., Hadas, D., Villari, M., Massonet, P., Levy, E., Galis, A., Llorente, I. M., Montero, R. S., Wolfsthal, Y., Nagin, K., Larsson, L., Galán, F. In: An Architecture for Federated Cloud Computing. John Wiley & Sons, Inc. (2011) 391-411
  26. Elrakaiby, Y., Cuppens, F., Cuppens-Boulahia, N.: From contextual permission to dynamic pre-obligation: An integrated approach. In: ARES. (2010) 70-78
Download


Paper Citation


in Harvard Style

Jaramillo E., Munier M. and Aniorté P. (2013). Information Security in Business Intelligence based on Cloud: A Survey of Key Issues and the Premises of a Proposal . In Proceedings of the 10th International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2013) ISBN 978-989-8565-64-8, pages 89-99. DOI: 10.5220/0004589400890099


in Bibtex Style

@conference{wosis13,
author={Elena Jaramillo and Manuel Munier and Philippe Aniorté},
title={Information Security in Business Intelligence based on Cloud: A Survey of Key Issues and the Premises of a Proposal},
booktitle={Proceedings of the 10th International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2013)},
year={2013},
pages={89-99},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0004589400890099},
isbn={978-989-8565-64-8},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 10th International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2013)
TI - Information Security in Business Intelligence based on Cloud: A Survey of Key Issues and the Premises of a Proposal
SN - 978-989-8565-64-8
AU - Jaramillo E.
AU - Munier M.
AU - Aniorté P.
PY - 2013
SP - 89
EP - 99
DO - 10.5220/0004589400890099