Skip to main content
SpringerLink
Log in
Book cover

Workshop on Secure Data Management

SDM 2006: Secure Data Management pp 160–174Cite as

Information Disclosure by XPath Queries

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 4165))

Abstract

Hospitals, organizations and companies are responsible keeping data and information about their customers private even if many internal employees have access to this data or information. When accused of an unauthorized disclosure of private information, it is important for the hospital to know which employees had the opportunity to disclose concrete private information. Our approach describes secret information in form of a secret query and performs two steps to detect which employees have used ‘suspicious’ queries, i.e., queries the result of which allows the user to derive secret information. First, we analyze the structure of queries and of the secret query to exclude nonsuspicious queries. Second, we derive a formula from user query, query result and secret query, which is satisfiable if and only if the query is non-suspicious.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Aggarwal, C.C.: On k-Anonymity and the Curse of Dimensionality. In: Böhm, K., Jensen, C.S., Haas, L.M., Kersten, M.L., Larson, P.-Å, Ooi, B.C. (eds.) Proceedings of the 31st International Conference on Very Large Data Bases. VLDB 2005, Trondheim, Norway (2005)

    Google Scholar 

  2. Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Hippocratic Databases. In: Bernstein, P.A., Loannidis, Y.E., Ramakrishnan, R. (eds.) Proceedings of 28th International Conference on Very Large Data Bases. VLDB 2002, Hong Kong (2002)

    Google Scholar 

  3. Agrawal, R., Bayardo Jr., R.J., Faloutsos, C., Kiernan, J., Rantzau, R., Srikant, R.: Auditing Compliance with a Hippocratic Database. In: Nascimento, M.A., Özsu, M.T., Kossmann, D., Miller, R.J., Blakeley, J.A., Schiefer, K.B. (eds.) Proceedings of the Thirteeth International Conference on Very Large Data Bases. VLDB 2004, Toronto, Canada (2004)

    Google Scholar 

  4. Amer-Yahia, S., Cho, S., Lakshmanan, L.V.S., Srivastava, D.: Minimization of Tree Pattern Queries. In: Sellis, T. (ed.) Proceedings of the 2001 ACM SIGMOD international conference on Management of data. SIGMOD Conference 2001, Santa Barbara, California, United States (2001)

    Google Scholar 

  5. Bertino, E., Castano, S., Ferrari, E.: On specifying security policies for web documents with an XML-based language. In: Proceedings of the 6th ACM Symposium on Access Control Models and Technologies. SACMAT 2001, Chantilly, Virginia, USA (2001)

    Google Scholar 

  6. Bertino, E., Ferrari, E.: Secure and selective dissemination of XML documents. ACM Transactions on Information and System Security. TISSEC 5(3), 290–331 (2002)

    Article  Google Scholar 

  7. Böttcher, S., Steinmetz, R.: Detecting Privacy Violations in Sensitive XML Databases. In: Jonker, W., Petković, M. (eds.) SDM 2005. LNCS, vol. 3674, pp. 143–154. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  8. Böttcher, S., Steinmetz, R.: Finding the Leak: A Privacy Audit System for Sensitive XML Databases. In: Second International Workshop on Privacy Data Management (PDM), Atlanta, USA (2006)

    Google Scholar 

  9. Thomas, H., Cormen, C.E., Leiserson, R.L.: Rivest, Clifford Stein: Introduction to Algorithms, 2nd edn. MIT-Press, Cambridge (2001)

    Google Scholar 

  10. Damiani, E., di Virmercati, S., Paraboschi, S., Samarati, P.: Securing XML Documents. In: Zaniolo, C., Grust, T., Scholl, M.H., Lockemann, P.C. (eds.) EDBT 2000. LNCS, vol. 1777, p. 121. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  11. Fan, W., Chan, C.Y., Garofalakis, M.: Secure XML Querying with Security Views. In: Weikum, G., König, A.C., Deßloch, S. (eds.) Proceedings of the ACM SIGMOD International Conference on Management of Data. SIGMOD Conference 2004, Paris, France (2004)

    Google Scholar 

  12. Gottlob, G., Koch, C., Pichler, R.: Efficient Algorithms for Processing XPath Queries. In: Bressan, S., Chaudhri, A.B., Li Lee, M., Yu, J.X., Lacroix, Z. (eds.) CAiSE 2002 and VLDB 2002. LNCS, vol. 2590, Springer, Heidelberg (2003)

    Google Scholar 

  13. Kudo, M., Hada, S.: XML document security based on provisional authorization. In: Jajodia, S., Samarati, P. (eds.) Proceedings of the 7th ACM Conference on Computer and Communications Security. CCS 2000, Athens, Greece (2000)

    Google Scholar 

  14. LeFevre, K., DeWitt, D.J., Ramakrishnan, R.: Incognito: Efficient Full-Domain K-Anonymity. In: Widom, J., Ozcan, F., Chirkova, R. (eds.) Proceedings of the ACM SIGMOD International Conference on Management of Data. SIGMOD Conference 2005, Maryland, USA (2005)

    Google Scholar 

  15. Meyerson, A., Williams, R.: On the Complexity of Optimal K-Anonymity. In: Deutsch, A. (ed.) Proceedings of the Twenty-third ACM SIGACT-SIGMOD-SIGART Symposium on Principles of Database Systems. PODS 2004, Paris, France (2004)

    Google Scholar 

  16. Miklau, G., Suciu, D.: Containment and Equivalence for an XPath Fragment. Journal of the ACM 51 (2004)

    Google Scholar 

  17. Olteanu, D., Meuss, H., Furche, T., Bry, F.: XPath: Looking Forward. In: Chaudhri, A.B., Unland, R., Djeraba, C., Lindner, W. (eds.) EDBT 2002. LNCS, vol. 2490, pp. 109–127. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  18. Samarati, P.: Protecting Respondents’ Identities in Microdata Release. IEEE Transactions on Knowledge and Data Engineering 13 (2001)

    Google Scholar 

  19. Stoffel, K., Studer, T.: Provable Data Privacy. In: Andersen, K.V., Debenham, J., Wagner, R. (eds.) DEXA 2005. LNCS, vol. 3588, pp. 324–332. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  20. Stonebraker, M.: Implementation of Integrity Constraints and Views by Query Modification. In: Frank King, W. (ed.) Proceedings of the 1975 ACM SIGMOD International Conference on Management of Data. SIGMOD Conference 1975, San Jose, California (1975)

    Google Scholar 

  21. Sweene, L.: Achieving k-Anonymity Privacy Protection Using Generalization and Suppression. International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems 10 (2002)

    Google Scholar 

  22. Sweene, L.: k-Anonymity: A Model for Protecting Privacy. International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems 10 (2002)

    Google Scholar 

  23. Yao, C., Wang, X.S., Jajodia, S.: Checking for k-Anonymity Violation by Views. In: Böhm, K., Jensen, C.S., Haas, L.M., Kersten, M.L., Larson, P-Å, Ooi, B.C., (eds.) Proceedings of the 31st International Conference on Very Large Data Bases. VLDB 2005, Trondheim, Norway (2005)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Computer Science, University of Paderborn, Fürstenallee 11, D-33102, Germany, Paderborn

    Stefan Böttcher & Rita Steinmetz

Authors
  1. Stefan Böttcher
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Rita Steinmetz
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Philips Research, The Netherlands

    Willem Jonker

  2. Philips Research, Information & System Security, High Tech Campus 37 (WY 71), 5656, Eindhoven, AE, The Netherlands

    Milan Petković

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Böttcher, S., Steinmetz, R. (2006). Information Disclosure by XPath Queries. In: Jonker, W., Petković, M. (eds) Secure Data Management. SDM 2006. Lecture Notes in Computer Science, vol 4165. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11844662_12

Download citation

  • DOI: https://doi.org/10.1007/11844662_12

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-38984-2

  • Online ISBN: 978-3-540-38987-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation