«ИИИ»ИИИИИИИИИИИ 2016.

» ИИИИИИИИИИ ИИИ»ИИИИИИИИИИИ 206 0030 43505/2 ) : ) 206

» ИИИИИИИИИИИИИ ИИИИ» ИИИИИИИИИИИ 206 43505/2 :» : 4 2 206 3 NetBeans 4

5 2 3 k 4 Ф 6 0 206 ИИИ» ИИИИИИ 206 ИИИИИИИИИИИИИИИИИ

6 2 4 2 /» : 206 k k ) Web ABSTRACT 6 pages 2 pictures 4 tables 2 appendices Lebedeva VA Kanonymitybased database access control management Bachelor work/ VA Lebedeva: FSAEI HE SPЛSTU SaintPetersburg 206 This bachelor work analyzes the existing algorithms of deidentification and suggests the algorithm based on kanonymity implementation The suggested algorithm is enforced through kmember clustering and is applied to the polyclinic database which is created as a webapplication The distance metrics between two database records is defined The algorithm is considered to be suitable for attributes of different domains DEIDENTIFICATION KANONYMITY CLUSTERING DATABASES PERSONAL DATA PROCESSING INFORMATION SECURITY DATA PRIVACY

2 4 6 6 6 2 8 2 3 4 4 5 5 k 8 6 2 6 2 62 2 63 7 22 23 7 23 72 23 8 24 2 26 2 E/R 26 22 27 23 24 29 34 3 35 3 32 35 36

3 32 37 322 40 33 34 43 46 4 4 47 47 4 47 42 48 43 48 42 49 43 53 55 57 59 2 6

4 : k k k k ) K k k : 2 3 k

5 4 Ф E/R Ф

6 Щ ) ) : ) ) Д а ь 2 Ма а а ь

7»)»)»)»)»» в )» [] а RBAC Rolebased Access Control)

8 ь ва а ав а RBAC а RBRBAC Rulebased Access Control) RBRBAC 2 ACL Access Control List)»» ) Windows ACL ACE Access Control Entry) SID Secutity Identifier)

9 АТЧНШаЬ Microsoft AМЭТЯО DТЫОМЭШЫв GPO) 5 [2] [0]

0 ) [7] 5 : CLS cell level security) RLS row level security) [7] RLS CLS 4

2 : 20 ) 4 ) ) [5] 996

2 [6] [5] )

3 [5] [3] [4] [5] 996 [3] [5]

4 3 [5]

5 4 ) ) 33 57 49 4 55 35 * * * * * * 2 402983 2305959 90967 3004975 00396 070498 5 3 8 3 2

6 2002 :» [5] Ф Ф) k k=2 3 * * * * * * k ) 3040 5060 4050 4050 5060 3040 * * * * * * 996 [35Ж

7 k: ) *») 25» 2030») k k ) k k k 30 3 40

8 l [] l l» l k k 5 щ k k k k k [4]» k

9 k ) : X Xd T x xd) k k ) [9] k *») : n ) On2k) k ln k)

20 [2] ) TAj) Aj Aj Aj Aj jtaj) 2 Ok) [8] ln k) On2k) [3] 2 ) kmember [4] k information loss IL metric)

2 ) ) On2) k kmember 6 6 k) k k 62 k

22 k k ) 63 : 2 3 k 4 k E/R k

23 7 web 7 72 я : ) )

24 ) ) я : я я Java EE 7 : GlassFish 4 8 : : )

25 kmember

26 2 2 E/R 3 doctors) : appointments)» patients) )» idpatients» : lastnamep ) birthdatep ) insurance ) firstnamep ) gender ) patronymicp ) phonenump ) address ) 2 E/R

27» iddoctors» ) firstnamed ) patronymicd ) phonenumd ) timetable : lastnamed ) birthdated ) specialization )» idappointments» iddoctors idpatients) timeapp ) diagnosis : dateapp ) ) treatment ) 22 : Java EE 7 Java EE Java EE Glassfish realms» realm» / /

28 Java API Java EE JAAS Java Authentication and Authorization Service) Java SE Web Web HTML JSP WEBINF Javabeans HTML JSP admin» user» users» username» ) ) username» password» groupname» ) groups» ) SHA256 HashedPasswordGeneratorjava Google Guava SHA256 ) SHA256

29 22 E/R 23 MySQL Workbench WebNetbeans Glassfish 4 JSP JavaServer Pages) Security Realms ) Glassfish users» ) : admin» ) 2 web web web admin» user» web

30 3 : ) 2) ) 3) JSP JavaServer Pages) JSP HTML JavaBean JavaBean id) JSP <jsp:usebean id= user scope= request class= beansuser ></jsp:usebean> JavaBean @Namedvalue = "logoutbean") @RequestScoped public class LogoutBean { private static Logger log = LoggergetLoggerLogoutBeanclassgetName)) public String logout) { // // webstring destination = "/index?facesredirect=true" //FacesContext HttpServletRequest // // FacesContext context = FacesContextgetCurrentInstance)

3 HttpServletRequest request = HttpServletRequest) contextgetexternalcontext)getrequest) try { HttpSession requestgetsession) sessioninvalidate) session = requestlogout) } catch ServletException e) { logloglevelsevere "Н л ч " e) destination = "/loginerror?facesredirect=true" } return destination } } taglib JSTL Java Java ) Patient Doctor Appointment public class registercontroller extends HttpServlet { protected void doposthttpservletrequest request HttpServletResponse response) throws ServletException IOException { responsesetcontenttype"text/htmlcharset=utf8") // Patient pt = new Patient)

32 // String lastname=requestgetparameter"lastname") String firstname=requestgetparameter"firstname") String patronymic = requestgetparameter"patronymic") String gender=requestgetparameter"gender") int age=getintrequestgetparameter"age")) String insurance=requestgetparameter"insurance") String phonenum=requestgetparameter"phonenum") String address=requestgetparameter"address") // ptsetlastnamelastname) ptsetfirstnamefirstname) ptsetpatronymicpatronymic) ptsetgendergender) ptsetageage) ptsetinsuranceinsurance) ptsetphonenumphonenum) ptsetaddressaddress) // if!ptispatientexistinsurance)) { ptregisteruserpt) responsesendredirect"register_formjsp") } else responsesendredirect"register_errorjsp") } RegisterUser Patient Doctor Appointment ispatientexist public class Patient { // String sqlinsert="insert into patients values????????)" String sqlcheck="select * from patients where insurance=?" //

33 public boolean ispatientexiststring insur){ boolean flag=false try { polyconn dbconn=new polyconn) Connection mycon= dbconnconnection) PreparedStatement s = myconpreparestatementsqlcheck) ssetstring insur) rs=sexecutequery) // л х я л л flag=rsnext) } catchsqlexception se) { seprintstacktrace) } return flag } // public void RegisterUserPatient pt) { try { polyconn dbconn=new polyconn) Connection mycon= dbconnconnection) PreparedStatement s = myconpreparestatementsqlinsert) //?» ssetstringptgetlastname)) ssetstring2ptgetfirstname)) ssetstring3ptgetpatronymic)) ssetstring4ptgetgender)) ssetint5ptgetage)) ssetstring6ptgetinsurance)) ssetstring7ptgetphonenum)) ssetstring8ptgetaddress)) sexecuteupdate) myconcommit) myconclose)

34 } catch SQLException ex) {LoggergetLoggerUserclassgetName))logLevelSEVER E null ex)} } } 24 E/R 2 3 Java web 4 GlassFish 5 )

35 3 3 щ *»»» diagnosis

36 patients» ) ) appointments» patientidpatients appointmentspatient» : )»: 2)»: : CREATE VIEW anonymousview AS SELECT age gender address district diagnosis FROM polyclinicdbpatients INNER JOIN polyclinicdbappointments ON polyclinicdbpatientsidpatients=polyclinicdbappointme ntspatient ) 32 щ 5 k

37 kmember Д4] kmember : S ) k { 2 = 4 = = = { } } 3 n : = = ) ) e) = ) ) 32 ) D : = ) D TD

38 : D = ) x y 3» address) 32» 3» 3/3=» gender)»» 2/3=066»» /= T ={ : }

39 [ ] [ ] + = = [ ] = A [ ] [ ]) kmember k ) = { } ) e e : = = e HT) + = e N T k AT) : =

40 322 3 ) 3 32 )» ) 33 )S k k k : ) n ri ) e rj 2) 2) 3) { } e k 4) k 5) ri ) 2) 3)

4 6) k 33

42 34 34 find_best_record S ) c find_best_cluster

43 ) r k 33 щ anonview ) private double distancepattern pattern Pattern pattern2) { double distance = 0 // //getpatternvdimension) //maxvpi) minvpi) i forint i = 0 i < patterngetpatternvdimension) i++) distance += patterngetvaluei) pattern2getvaluei))/maxvpi)minvpi)) // // //getpatterncdimension) // //comancestdist) // )

44 //treeh) // j ) forint j = 0 j <patterngetpatterncdimension) j++) distance += comancestdistpatterngetcategj)pattern2getcateg j))/treehj) return distance } patternscopy patternslength k patternscopy public List<Cluster> partitionpattern[] patterns){ // Pattern[] patternscopy = new Pattern[patternslength] patternscopy=patterns int id=0 Cluster [] c = new Cluster[patternslength/k] // caddpatternpatterns[0]) clustersputc[id]) // forint i = 0 i < patternslength i++){ int t = int ind = i if patternscopy[i]!=null) { //

45 while numcatc)<k) { // double mindistance = DoubleMAX_VALUE // forint j = i+ j < i j++){ // double distance = distancepatterns[i]patterns[j]) ifdistance < mindistance){ mindistance = distance // id if patternscopy[j]!=null) t = j } } // c[id]addpatternpatterns[t]) ind++ // c[id] delpatpatterns[t]patternscopy) } // clustersputc[id]) } k if patternscopylength>k) && indi)!=0)) id++ else break } // for int i=0 i<id i++){ int t=0 double mindistance = DoubleMAX_VALUE for int j=0 j<patternslength j++){ if patternscopy[j]!=null) { // double distancecp = distancecpc[id]patternscopy[j]) if mindistance > distance) { mindistance = distance

46 t = j } } } c[id]addpatternpatterns[t]) } return } new ArrayList<Cluster>clustersvalues)) 34 k kmember k

47 4 4 4 Java webmysql 4) SHA256 String hash= Hashingsha256) hashstringpasswordcharsetsutf_8)tostring) 4 realms» GlassFish web admin» user»

48 webxml adminconstraint userconstraint) admin» user» glassfishwebxml 23 bean logoutjava 42 ) Patient Doctor Appointment) ) ) 23 43 k 3 diagnosis) gender) age) k 3 anonview select age gender address from anonview)

49 33 42 6 anonview 42 42 anonview 3 32 34

50 k ) l IL) k={234} 43 k=2 k=2 43)» 20

5 30 l=3 4 44 k=3 k=3 6 44)

52» l=3»»» 45 k=4

53 k=4 45) k=3 l=4 kk TotalIL Total Information Loss) 322 4) 4 k k TotalIL IL IL k IL 2 08 35 35 3 227 443 254 4 98 495 495 06 379 075 k=3 k=3 k k 43

54 k l)

55» : : kmember k k k l

56 *»

57 [ URL: 2002 3 ] // http://compressru/articleaspx?id=0099 0704206) 2 // 203 2 20 http://librarykeldyshru/preprintasp?id=2032 URL: 0704206) 3 996 203 5» 4 //» 20 3 5 2 32) // 204 27 6 2 7 204) 2006 N 52» INSIDE 20 3 8 A Gionis and T Tassa kanonymization with minimal loss of information // IEEE Trans on Knowledge And Data Engineering Volume 2 Issue 2 2009 P 20629

58 9 A Meyerson and R Williams On the complexity of optimal kanonymity // PODS 04: PЫШМООНТЧРЬ ШП ЭСО ЭаОЧЭвthird ACM SIGMODSIGACTSIGART symposium on Principles of database systems 2004 P 223228 0Access Control: Models and Methods [ ] // InfoSec Institute official website URL: http://resourcesinfosecinstitutecom/accesscontrolmodelsandmethods/ 004206) A Machanavajjhala D Kifer J Gehrke M Venkitasubramaniam LDiversity: Privacy Beyond kanonymity // 22nd International Conference on Data Engineering ICDE) IEEE 2006 24 ISBN 0769525709 2G Aggarwal T Feder K Kenthapadi R Motwani R Panigrahy D Thomas and A Zhu Anonymizing tables // ICDT 2005 P 246258 3H Park and K Shim Approximate algorithms for kanonymity // SIGMOD 07: PЫШМООНТЧРЬ ШП ЭСО 2007 ACM SIGMOD ТЧЭОЫЧКЭТШЧКХ Мonference on Management of data 2007 P 6778 4JiWon Byun Ashish Kamra Elisa Bertino Ninghui Li Efficient kanonymization Using Clustering Techniques // DASFAA'07 Proceedings of the 2th international conference on Database systems for advanced applications 2007 P 88200 5Pierangela Samarati Latanya Sweeney Protecting Privacy when Disclosing Information: kanonymity and Its Enforcement through Generalization and Suppression // Technical Report SRICSL9804 Computer Science Laboratory {SRI} International 998

59 ИЛ 0 ) 2) 3) 4) 5) 6) 7) 8)» 0 2 3 4 5 0 033 066 066 033 0 066 066 6 7 066 066 0 033 066 066 033 0 0 033 066 033 0 066 066 066 0 066 066 033 033 033 066 066 066 066 033 033 9) 0) ) 2) 3) 4) ) 2) 4) 3) 033 033 066 066 066 033 066 066 066 066 066 066 066 8 9 0 033 066 033 066 2 3 4 066 066 066 033 066 033 066 066» И

60 5) 066 066 033 066 033 066 066 066 033 066 033 066 0 066 033 066 0 033 066 066 033 066 033 0 066 066 066 0 6) 7) 8) 9) 066 066 033 066 0) ) 2) 3) 4) 033 066 033 033 066 066 033 0 066 033 033 033 066 066 0 033 066 066 066 033 033 033 0

6 ИЛ И