Details
| Original language | English |
|---|---|
| Title of host publication | Proceedings of the 2023 IEEE Asia-Pacific Conference on Computer Science and Data Engineering, CSDE 2023 |
| Publisher | Institute of Electrical and Electronics Engineers Inc. |
| ISBN (electronic) | 9798350341072 |
| ISBN (print) | 979-8-3503-4108-9 |
| Publication status | Published - 2023 |
| Event | 2023 IEEE Asia-Pacific Conference on Computer Science and Data Engineering, CSDE 2023 - Nadi, Fiji Duration: 4 Dec 2023 → 6 Dec 2023 |
Abstract
Data compliance is essential in industry applications to ensure that organizations do not run afoul of data protection and privacy legislation. Geographically distributed data is an especially relevant topic because of recent developments in cross-border data protection agreements, e.g., between the United States and the European Union. We report our experience of designing and implementing QOMPLIANCE, a system for automated data-centric compliance evaluation in cloud environments. Our approach fills a gap in the research for higher-level data-centric compliance systems with a particular focus on geographically distributed data. Its declarative and extensible policy model allows for defining policies that can govern data movements across borders and is intended to be understandable without explicit knowledge of the governed data by employing a tag-based abstraction layer. The particular challenge is to automate data-centric policy compliance on data movements in a maintainable manner. QOMPLIANCE analyzes SQL-defined data movements to extract what data is being addressed and combines this information with additional attributes to statically match policies. Policies decide whether data movements are allowed and specify requirements on the query and the execution that should be enforced. We provide a qualitative comparison between our approach and related work, and we performed a performance analysis which shows that compliance evaluation can be done in seconds for large sets of policies.
Keywords
- compliance, data processing, policies
ASJC Scopus subject areas
- Computer Science(all)
- Artificial Intelligence
- Computer Science(all)
- Computer Science Applications
- Computer Science(all)
- Information Systems
- Decision Sciences(all)
- Information Systems and Management
- Mathematics(all)
- Modelling and Simulation
Cite this
- Standard
- Harvard
- Apa
- Vancouver
- BibTeX
- RIS
Proceedings of the 2023 IEEE Asia-Pacific Conference on Computer Science and Data Engineering, CSDE 2023. Institute of Electrical and Electronics Engineers Inc., 2023.
Research output: Chapter in book/report/conference proceeding › Conference contribution › Research › peer review
}
TY - GEN
T1 - QOMPLIANCE
T2 - 2023 IEEE Asia-Pacific Conference on Computer Science and Data Engineering, CSDE 2023
AU - Oudejans, Daan
AU - Zorin, Anton
AU - Rellermeyer, Jan S.
N1 - Publisher Copyright: © 2023 IEEE.
PY - 2023
Y1 - 2023
N2 - Data compliance is essential in industry applications to ensure that organizations do not run afoul of data protection and privacy legislation. Geographically distributed data is an especially relevant topic because of recent developments in cross-border data protection agreements, e.g., between the United States and the European Union. We report our experience of designing and implementing QOMPLIANCE, a system for automated data-centric compliance evaluation in cloud environments. Our approach fills a gap in the research for higher-level data-centric compliance systems with a particular focus on geographically distributed data. Its declarative and extensible policy model allows for defining policies that can govern data movements across borders and is intended to be understandable without explicit knowledge of the governed data by employing a tag-based abstraction layer. The particular challenge is to automate data-centric policy compliance on data movements in a maintainable manner. QOMPLIANCE analyzes SQL-defined data movements to extract what data is being addressed and combines this information with additional attributes to statically match policies. Policies decide whether data movements are allowed and specify requirements on the query and the execution that should be enforced. We provide a qualitative comparison between our approach and related work, and we performed a performance analysis which shows that compliance evaluation can be done in seconds for large sets of policies.
AB - Data compliance is essential in industry applications to ensure that organizations do not run afoul of data protection and privacy legislation. Geographically distributed data is an especially relevant topic because of recent developments in cross-border data protection agreements, e.g., between the United States and the European Union. We report our experience of designing and implementing QOMPLIANCE, a system for automated data-centric compliance evaluation in cloud environments. Our approach fills a gap in the research for higher-level data-centric compliance systems with a particular focus on geographically distributed data. Its declarative and extensible policy model allows for defining policies that can govern data movements across borders and is intended to be understandable without explicit knowledge of the governed data by employing a tag-based abstraction layer. The particular challenge is to automate data-centric policy compliance on data movements in a maintainable manner. QOMPLIANCE analyzes SQL-defined data movements to extract what data is being addressed and combines this information with additional attributes to statically match policies. Policies decide whether data movements are allowed and specify requirements on the query and the execution that should be enforced. We provide a qualitative comparison between our approach and related work, and we performed a performance analysis which shows that compliance evaluation can be done in seconds for large sets of policies.
KW - compliance
KW - data processing
KW - policies
UR - http://www.scopus.com/inward/record.url?scp=85190604997&partnerID=8YFLogxK
U2 - 10.1109/CSDE59766.2023.10487688
DO - 10.1109/CSDE59766.2023.10487688
M3 - Conference contribution
AN - SCOPUS:85190604997
SN - 979-8-3503-4108-9
BT - Proceedings of the 2023 IEEE Asia-Pacific Conference on Computer Science and Data Engineering, CSDE 2023
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 4 December 2023 through 6 December 2023
ER -