Extending SQL to Allow the Active Usage of Purposes

van Staden, Wynand; Olivier, Martin S.

doi:10.1007/11824633_13

Wynand van Staden¹⁹ &
Martin S. Olivier¹⁹

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 4083))

Included in the following conference series:

International Conference on Trust, Privacy and Security in Digital Business

931 Accesses

Abstract

The protection of private information revolves around the protection of data by making use of purposes. These purposes indicate why data is stored, and what the data will be used for (referred to as specification/verification phases).

In this article, the active specification of purposes during access requests is considered. In particular it is argued that the subject that wishes to get access to data should explicitly specify their reason for wanting the data; as opposed to verification taking place by implicit examination of the subject’s profile. To facilitate this active specification extensions to the SQL data manipulation language is considered.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Safety and Domain Independence

The Usage of Declarative Integrity Constraints in the SQL Databases of Some Existing Software

A Model-Driven Approach for Enforcing Fine-Grained Access Control for SQL Queries

References

Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Hippocratic databases. In: Proceedings of the 28th VLDB Conference, Hong Kong, China (2002)
Google Scholar
Ashley, P., Hada, S., Karjoth, G.: E-p3p privacy policies and privacy authorisation. In: WPES 2002, Washington (November 2002)
Google Scholar
Ashley, P., Hada, S., Karjoth, G., Powers, C., Schunter, M.: Enterprise privacy authorisation language (EPAL 1.1). Tech. rep., International Business Machines Corporation (2003)
Google Scholar
Bertino, E.: Data security. Data and Knowledge Engineering 25(2), 199–216 (1998)
Article MATH Google Scholar
Byun, J.-W., Bertino, E., Li, N.: Purpose based access control of complex data for privacy protection. In: SACMAT 2005, Stockholm, Sweden. ACM, New York (2005)
Google Scholar
Cranor, L., Langheinrich, M., Marchiori, M., Presler-Marshall, M., Reagle, J.: The platform for privacy preferences (P3P1.0) specification. Tech. rep., W3C (2002), available at : http://www.w3.org/TR/P3P/
Fischer-Hübner, S.: IT-Security and Privacy: Design and Use of Privacy-Enhancing Security Mechanisms. Springer, Heidelberg (2001)
MATH Google Scholar
Fischer-Hübner, S., Ott, A.: From a formal privacy model to its implementation. In: 21st National Information Systems Security Conference, Arlington, VA, USA (October 1998)
Google Scholar
Griffiths, P.P., Wade, B.W.: An authorization mechanism for a relational database system. ACM Transactions on Database Systems (TODS) 1(3), 242–255 (1976)
Article Google Scholar
Hes, R., Borking, J. (eds.): Privacy Enhancing Technologies: The Road to Anonimity, revised ed., Dutch DPA (1998)
Google Scholar
LeFevre, K., Agrawal, R., Ercegovac, V., Ramakrishnan, R., Xu, Y., DeWitt, D.: Limiting disclosure in hippocratic databases. In: 30th International Conference on Very Large Data Bases, Toronto, Canada (2004)
Google Scholar
OASIS Access Control TC. OASIS extensible access control markup language (xacml) version 2.0. Tech. rep., OASIS (February 2005)
Google Scholar
OECD: guidelines on the protection of privacy and transborder flows of personal data. Tech. rep., Organisation for Economic Co-operation and Development (1980)
Google Scholar
Pirahesh, H., Hellerstein, J.M., Hasan, W.: Extensible/rule based query rewrite optimization in starburst. In: SIGMOD Conference on the Management of Data, San Diego, California. ACM, New York (1992)
Google Scholar
Rosenthal, A., Sciore, E.: Extending SQL’s grant operation to limit privileges. In: Thuraisingham, B.M., van de Riet, R.P., Dittrich, K.R., Tari, Z. (eds.) Data and Application Security, Development and Directions, IFIP TC11/ WG11.3 Fourteenth Annual Working Conference on Database Security, pp. 209–220. Kluwer, Dordrecht (2000)
Google Scholar
van Staden, W.J., Olivier, M.S.: Purpose organisation. In: Proceedings of the Fifth Annual Information Security South Africa (ISSA) Conference, Sandton, Johannesburg, South Africa (June 2005)
Google Scholar

Download references

Author information

Authors and Affiliations

Information and Computer Security Architecture Research Group, University of Pretoria, Pretoria, South Africa
Wynand van Staden & Martin S. Olivier

Authors

Wynand van Staden
View author publications
You can also search for this author in PubMed Google Scholar
Martin S. Olivier
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Department of Computer Science, Karlstad University, Universitetsgatan 2, 651 88, Karlstad, Sweden
Simone Fischer-Hübner
School of Computing, Communications and Electronics, Network Research Group, University of Plymouth, PL4 8AA, Plymouth, UK
Stevel Furnell
Laboratory of Information and Communication Systems Security Department of Information and Communication Systems Engineering, University of the Aegean, GR-83200, Samos, Karlovassi, Greece
Costas Lambrinoudakis

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

van Staden, W., Olivier, M.S. (2006). Extending SQL to Allow the Active Usage of Purposes. In: Fischer-Hübner, S., Furnell, S., Lambrinoudakis, C. (eds) Trust and Privacy in Digital Business. TrustBus 2006. Lecture Notes in Computer Science, vol 4083. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11824633_13

Download citation

DOI: https://doi.org/10.1007/11824633_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-37750-4
Online ISBN: 978-3-540-37752-8
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics