Abstract
Privacy is today an important concern for both users and enterprises. Therefore, intense research is today being carried out on various aspects of privacy-preserving data management systems. In this paper, we focus on database management systems (DBMS) able to enforce privacy promises encoded in privacy languages such as P3P. In particular, in the paper, we first present an overview of the P3P language and outlines some of its critical aspects. We then outline the main requirements for a privacy-preserving DBMS and we discuss solutions related to the management of privacy-related meta-data, focusing on special category of meta-data information, that is, purpose information. Purpose information represents an important component of privacy statements and thus their effective management is crucial. We then discuss current solutions to to fine-grained access control in the context of relational database systems and identify relevant issues.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Hippocratic databases. In: The 28th International Conference on Very Large Databases (VLDB) (2002)
Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: An XPath-based preference language for P3P. In: Proceedings of the Twelfth International World Wide Web Conference (WWW2003), pp. 629–639. ACM Press, New York (May 2003)
Anton, A.I., Bertino, E., Li, N., Yu, T.: A roadmap for comprehensive online privacy policy. Technical Report TR 2004-47. Purdue University (2004)
Bertino, E., Ferari, E., Squicciarini, A.: Trust negotation: Concepts, systems and languages. IEEE Computing in Science and Engineering 6(4), 27–34 (2004)
Byun, J., Bertino, E., Li, N.: Purpose based access control for privacy protection in relational database systems. Technical Report 2004-52. Purdue University (2004)
Byun, J., Bertino, E., Li, N.: Purpose based access control of complex data for privacy protection. In: Symposium on Access Control Model And Technologies (SACMAT) (2005) (to appear)
Clifton, C.: Using sample size to limit exposure to data mining. Journal of Computer Security 8(4), 281–308 (2000)
Clifton, C., Vaidya, J.: Privacy-preserving data mining: Why, how, and when. IEEE Security and Privacy 2(6), 19–27 (2004)
Cranor, L.: P3P user agent guidlines. P3P User Agent Task Force Report 23 (May 2003)
Cranor, L.F.: Personal communication
Cranor, L.F., Reidenberg, J.R.: Can user agents acurately represent privacy notices? Discussion draft 1.0 (August 2002)
Marchiori, M., et al.: The Platform for Privacy Preferences 1.0 (P3P1.0) Specification. W3C Recommendation (April 2002)
Hogben, G.: A technical analysis of problems with P3P v1.0 and possible solutions. Position paper for W3C Workshop on the Future of P3P (November 2002), Available at, http://www.w3.org/2002/p3p-ws/pp/jrc.html
Hogben, G.: Suggestions for long term changes to P3P. Position paper for W3C Workshop on the Long Term Future of P3P (June 2003), Available at, http://www.w3.org/2003/p3p-ws/pp/jrc.pdf
Hogben, G., Jackson, T., Wilikens, M.: A fully compliant research implementation of the P3P standard for privacy protection: Experiences and recommendations. In: Gollmann, D., Karjoth, G., Waidner, M. (eds.) ESORICS 2002. LNCS, vol. 2502, pp. 104–125. Springer, Heidelberg (2002)
Langheinrich, M.: A P3P Preference Exchange Language 1.0 (APPEL1.0). W3C Working Draft (April 2002)
LeFevre, K., Agrawal, R., Ercegovac, V., Ramakrishnan, R., Xu, Y., DeWitt, D.: Limiting disclosure in hippocratic databases. In: 30th International Conference on Very Large Data Bases (VLDB), Toronto, Canada (August 2004)
Li, N., Mitchell, J.C., Winsborough, W.H.: Design of a role-based trust management framework. In: Proceedings of the 2002 IEEE Symposium on Security and Privacy, pp. 114–130. IEEE Computer Society Press, Los Alamitos (May 2002)
Li, N., Yu, T., Antón, A.I.: A semantics-based approach to privacy languages. Technical Report TR 2003-28, CERIAS (November 2003)
McDonald, N., Stonbraker, M., Wong, E.: Preliminary specification of ingres. Technical Report 435-436. University of California, Berkeley (May 1974)
Motro, A.: An access authorization model for relational databases based on algebraic manipulation of view definitions. In: The Fifth International Conference on Data Engineering (ICDE), pp. 339–347 (February 1989)
Oracle Coperation. Oracle Database: Security Guide (December 2003), Available at, http://www.oracle.com
Rizvi, S., Mendelzon, A., Sudarshan, S., Roy, P.: Extending query rewriting techniques for fine-grained access control. In: Proceedings of the 2004 ACM SIGMOD International Conference on Management of Data, Paris, France, pp. 551–562. ACM Press, New York (2004)
Schunter, M., Herreweghen, E.V., Waidner, M.: Expressive privacy promises — how to improve the platform for privacy preferences (P3P). Position paper for W3C Workshop on the Future of P3P, Available at, http://www.w3.org/2002/p3p-ws/pp/ibm-zuerich.pdf
Schutzer, D.M.: Citigroup P3P position paper. Position paper for W3C Workshop on the Future of P3P, Available at, http://www.w3.org/2002/p3p-ws/pp/ibm-zuerich.pdf
Stonebraker, M., Wong, E.: Access control in a relational database management system by query modification. In: Proceedings of the 1974 Annual Conference (ACM/CSC-ER), pp. 180–186. ACM Press, New York (1974)
Sweeney, L.: Achieving k-anonymity privacy protection using generalization and suppression. International Journal on Uncertainty, Fuzziness and Knowledge-based Systems (2002)
Sweeney, L.: K-anonymity: A model for protecting privacy. International Journal on Uncertainty, Fuzziness and Knowledge-based Systems (2002)
W3C. Platform for privacy preferences (P3P) project, http://www.w3.org/P3P/
Wenning, R.: Minutes of the P3P 2.0 workshop (July 2003), Available at, http://www.w3.org/2003/p3p-ws/minutes.html
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Bertino, E., Byun, JW., Li, N. (2005). Privacy-Preserving Database Systems. In: Aldini, A., Gorrieri, R., Martinelli, F. (eds) Foundations of Security Analysis and Design III. FOSAD FOSAD 2005 2004. Lecture Notes in Computer Science, vol 3655. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11554578_6
Download citation
DOI: https://doi.org/10.1007/11554578_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-28955-5
Online ISBN: 978-3-540-31936-8
eBook Packages: Computer ScienceComputer Science (R0)