Abstract
Hospitals, organizations and companies are responsible keeping data and information about their customers private even if many internal employees have access to this data or information. When accused of an unauthorized disclosure of private information, it is important for the hospital to know which employees had the opportunity to disclose concrete private information. Our approach describes secret information in form of a secret query and performs two steps to detect which employees have used ‘suspicious’ queries, i.e., queries the result of which allows the user to derive secret information. First, we analyze the structure of queries and of the secret query to exclude nonsuspicious queries. Second, we derive a formula from user query, query result and secret query, which is satisfiable if and only if the query is non-suspicious.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Aggarwal, C.C.: On k-Anonymity and the Curse of Dimensionality. In: Böhm, K., Jensen, C.S., Haas, L.M., Kersten, M.L., Larson, P.-Å, Ooi, B.C. (eds.) Proceedings of the 31st International Conference on Very Large Data Bases. VLDB 2005, Trondheim, Norway (2005)
Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Hippocratic Databases. In: Bernstein, P.A., Loannidis, Y.E., Ramakrishnan, R. (eds.) Proceedings of 28th International Conference on Very Large Data Bases. VLDB 2002, Hong Kong (2002)
Agrawal, R., Bayardo Jr., R.J., Faloutsos, C., Kiernan, J., Rantzau, R., Srikant, R.: Auditing Compliance with a Hippocratic Database. In: Nascimento, M.A., Özsu, M.T., Kossmann, D., Miller, R.J., Blakeley, J.A., Schiefer, K.B. (eds.) Proceedings of the Thirteeth International Conference on Very Large Data Bases. VLDB 2004, Toronto, Canada (2004)
Amer-Yahia, S., Cho, S., Lakshmanan, L.V.S., Srivastava, D.: Minimization of Tree Pattern Queries. In: Sellis, T. (ed.) Proceedings of the 2001 ACM SIGMOD international conference on Management of data. SIGMOD Conference 2001, Santa Barbara, California, United States (2001)
Bertino, E., Castano, S., Ferrari, E.: On specifying security policies for web documents with an XML-based language. In: Proceedings of the 6th ACM Symposium on Access Control Models and Technologies. SACMAT 2001, Chantilly, Virginia, USA (2001)
Bertino, E., Ferrari, E.: Secure and selective dissemination of XML documents. ACM Transactions on Information and System Security. TISSEC 5(3), 290–331 (2002)
Böttcher, S., Steinmetz, R.: Detecting Privacy Violations in Sensitive XML Databases. In: Jonker, W., Petković, M. (eds.) SDM 2005. LNCS, vol. 3674, pp. 143–154. Springer, Heidelberg (2005)
Böttcher, S., Steinmetz, R.: Finding the Leak: A Privacy Audit System for Sensitive XML Databases. In: Second International Workshop on Privacy Data Management (PDM), Atlanta, USA (2006)
Thomas, H., Cormen, C.E., Leiserson, R.L.: Rivest, Clifford Stein: Introduction to Algorithms, 2nd edn. MIT-Press, Cambridge (2001)
Damiani, E., di Virmercati, S., Paraboschi, S., Samarati, P.: Securing XML Documents. In: Zaniolo, C., Grust, T., Scholl, M.H., Lockemann, P.C. (eds.) EDBT 2000. LNCS, vol. 1777, p. 121. Springer, Heidelberg (2000)
Fan, W., Chan, C.Y., Garofalakis, M.: Secure XML Querying with Security Views. In: Weikum, G., König, A.C., Deßloch, S. (eds.) Proceedings of the ACM SIGMOD International Conference on Management of Data. SIGMOD Conference 2004, Paris, France (2004)
Gottlob, G., Koch, C., Pichler, R.: Efficient Algorithms for Processing XPath Queries. In: Bressan, S., Chaudhri, A.B., Li Lee, M., Yu, J.X., Lacroix, Z. (eds.) CAiSE 2002 and VLDB 2002. LNCS, vol. 2590, Springer, Heidelberg (2003)
Kudo, M., Hada, S.: XML document security based on provisional authorization. In: Jajodia, S., Samarati, P. (eds.) Proceedings of the 7th ACM Conference on Computer and Communications Security. CCS 2000, Athens, Greece (2000)
LeFevre, K., DeWitt, D.J., Ramakrishnan, R.: Incognito: Efficient Full-Domain K-Anonymity. In: Widom, J., Ozcan, F., Chirkova, R. (eds.) Proceedings of the ACM SIGMOD International Conference on Management of Data. SIGMOD Conference 2005, Maryland, USA (2005)
Meyerson, A., Williams, R.: On the Complexity of Optimal K-Anonymity. In: Deutsch, A. (ed.) Proceedings of the Twenty-third ACM SIGACT-SIGMOD-SIGART Symposium on Principles of Database Systems. PODS 2004, Paris, France (2004)
Miklau, G., Suciu, D.: Containment and Equivalence for an XPath Fragment. Journal of the ACM 51 (2004)
Olteanu, D., Meuss, H., Furche, T., Bry, F.: XPath: Looking Forward. In: Chaudhri, A.B., Unland, R., Djeraba, C., Lindner, W. (eds.) EDBT 2002. LNCS, vol. 2490, pp. 109–127. Springer, Heidelberg (2002)
Samarati, P.: Protecting Respondents’ Identities in Microdata Release. IEEE Transactions on Knowledge and Data Engineering 13 (2001)
Stoffel, K., Studer, T.: Provable Data Privacy. In: Andersen, K.V., Debenham, J., Wagner, R. (eds.) DEXA 2005. LNCS, vol. 3588, pp. 324–332. Springer, Heidelberg (2005)
Stonebraker, M.: Implementation of Integrity Constraints and Views by Query Modification. In: Frank King, W. (ed.) Proceedings of the 1975 ACM SIGMOD International Conference on Management of Data. SIGMOD Conference 1975, San Jose, California (1975)
Sweene, L.: Achieving k-Anonymity Privacy Protection Using Generalization and Suppression. International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems 10 (2002)
Sweene, L.: k-Anonymity: A Model for Protecting Privacy. International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems 10 (2002)
Yao, C., Wang, X.S., Jajodia, S.: Checking for k-Anonymity Violation by Views. In: Böhm, K., Jensen, C.S., Haas, L.M., Kersten, M.L., Larson, P-Å, Ooi, B.C., (eds.) Proceedings of the 31st International Conference on Very Large Data Bases. VLDB 2005, Trondheim, Norway (2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Böttcher, S., Steinmetz, R. (2006). Information Disclosure by XPath Queries. In: Jonker, W., Petković, M. (eds) Secure Data Management. SDM 2006. Lecture Notes in Computer Science, vol 4165. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11844662_12
Download citation
DOI: https://doi.org/10.1007/11844662_12
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-38984-2
Online ISBN: 978-3-540-38987-3
eBook Packages: Computer ScienceComputer Science (R0)