Balancing Security and Performance for Enhancing Data Privacy in Data Warehouses



Data Warehouses (DWs) store the golden nuggets of the business, which makes them an appealing target. To ensure data privacy, encryption solutions have been used and proven efficient in their security purpose. However, they introduce massive storage space and performance overheads, making them unfeasible for DWs. We propose a data masking technique for protecting sensitive business data in DWs that balances security strength with database performance, using a formula based on the mathematical modular operator. Our solution manages apparent randomness and distribution of the masked values, while introducing small storage space and query execution time overheads. It also enables a false data injection method for misleading attackers and increasing the overall security strength. It can be easily implemented in any DataBase Management System (DBMS) and transparently used, without changes to application source code. Experimental evaluations using a real-world DW and TPC-H decision support benchmark implemented in leading commercial DBMS Oracle 11g and Microsoft SQL Server 2008 demonstrate its overall effectiveness. Results show substantial savings of its implementation costs when compared with state of the art data privacy solutions provided by those DBMS and that it outperforms those solutions in both data querying and insertion of new data.


Data warehousing, Data masking, Data obfuscation, Data encryption, Data privacy, Data security


Data Security


TRUSTCOM 2011 - IEEE International Conference on Trust, Security and Privacy in Computing and Communications, November 2011

PDF File

Cited by

Year 2013 : 1 citations

 N. V. Blamah, A. O. Adewumi, M. O. Olusanya, "A secured agent-based framework for data warehouse management", 2013 IEEE International Conference on Industrial Technology, ICIT 2013, Cape Town, South Africa, February 25-28, 2013.