skip to main content
10.1145/1501434.1501468acmotherconferencesArticle/Chapter ViewAbstractPublication PagespstConference Proceedingsconference-collections
research-article

Query rewriting for detection of privacy violation through inferencing

Published: 30 October 2006 Publication History

Abstract

When a privacy violation is detected the intension behind the violation is revealed. We refer to this as a malafide intension and the information revealed as the target. The target can be expressed using an SQL-like syntax. In sophisticated privacy attacks the target of the attack may not have been directly accessed but inferred from other pieces of information by exploiting functional dependencies present in the application domain. In this paper we present an efficient algorithm to rewrite the malafide intension query attributes which will return the minimal set of attribute from which the target can be derived. The attribute sets returned by algorithm can derive the target using functional dependencies (algorithm is sound) and furthermore if any minimal set can derive the target using functional dependencies then it will be returned by the algorithm (algorithm is complete).

References

[1]
AT & T privacy bird. http://www.privacybird.com/.
[2]
IBM Tivoli Privacy Manager for e-business. http://www-306.ibm.com/software/info/ecatalog/en_TH/products/K106003J38182X80.html.
[3]
MalDViP: Malafide Intension Based Detection of Privacy Violation. www.cse.iitd.ernet.in/~vkgoyal.
[4]
OASIS, eXtensible Access Control Markup Language (XACML) Version 1.1. OASIS, 07 August 2003.
[5]
Toys R Us faces suit for alleged privacy violation. Associated Press, August 3, 2000.
[6]
Fliers File Suit Against Jetblue. Associated Press, Sep 23 2003.
[7]
R. Agrawal, R. Bayardo, C. Faloutsos, J. Kiernan, R. Rantzau, and R. Srikant. Auditing Compliance with a Hippocratic Database. In Proceedings of the 30th VLDB Conference, Toronto, Canada, 2004.
[8]
R. Agrawal, J. Kiernan, R. Srikant, and Y. Xu. Hippocratic Databases. In Proceedings of the 28th VLDB Conference, Hong Kong, China, 2002.
[9]
E. L. Barse. Logging For Intrusion And Fraud Detection. Thesis For The Degree of Doctor of Philosophy, ISBN 91-7291-484-X Technical Report no. 28D ISSN 1651--4971, School of Computer Science and Engineering, Chalmers University of Technology, 2004.
[10]
C. Beeri, R. Fagin, and J. H. Howard. A complete Axiomatization for Functional and Multivalued Dependencies in Database Relations. ACM SIGMOD, page 47, 1977.
[11]
J. Bhattacharya, R. Dass, V. Kapoor, and S. Gupta. Privacy Violation and Detection Using Pattern Mining Techniques. IIMA Working Papers 2005-07-01, 2005.
[12]
J. Bhattacharya and S. Gupta. Privacy Broker for Enforcing Privacy Policies in Databases. In KBCS, 2004.
[13]
A. Broadsky, C. Farkas, and S. Jajodia. Secure Databases: Constraints, inference channels and monitoring disclosures. IEEE Transaction of Knowledge and Data Engineering, 12(6):900--919, 2000.
[14]
J. B. Bruno. Security Breach Could Expose 40M to Fraud. Associated Press, June 18 2005.
[15]
S. Bttcher and R. Steinmetz. Detecting Privacy Violations in Sensitive XML Databases. In M. Jonker, Willem Petkovic, editor, Secure Data Management-SDM 2005, 2nd VLDB Workshop on Secure Data Management, Trondheim, Norway, 2005.
[16]
T. Corman, C. Leiserson, and R. Rivest. Introduction to algorithms, 1990.
[17]
S. M. et al. Enterprise Privacy Authorization Language (EPAL 1.1). http://www.zurich.ibm.com/security/enterpriseprivacy/epal. IBM Research Report.
[18]
V. Goyal, S. K. Gupta, and A. Gupta. MalDViP: Malafide Intension Based Detection of Violation in Privacy. In International Conference on Information Systems Security (ICISS), India, 2006.
[19]
T. Krekke. Privacy Violation Detection. Master's thesis, Norwegian University of Science and Technology (NTNU), 22nd June 2004. Master's Thesis.
[20]
K. LeFevre, R. Agrawal, V. Ercegovac, R. Ramakrishnan, Y. Xu, and D. DeWitt. Limiting disclosure in Hippocratic databases. In 30th Internaltional Conference on Very Large Data Bases, Toronto, Canada, August 2004.
[21]
D. Marks. Inference in MLS databases. IEEE Transaction of Knowledge and Data Engineering, 8(1):46--55, 1996.
[22]
A. Nanda and D. K. Burleson. Oracle Privacy Security Auditing, 2003, Rampant.
[23]
T. Su and G. Ozsoyoglu. Inference in MLS databases. IEEE Transaction of Knowledge and Data Engineering, 3(4):474--485, 1991.
[24]
B. Teasley. Does Your Privacy Policy Mean Anything? http://www.clickz.com/experts/crm/analyze_data/article.php, January 11 2005.

Cited By

View all
  • (2022)Strategyproof facility location mechanisms on discrete treesAutonomous Agents and Multi-Agent Systems10.1007/s10458-022-09592-437:1Online publication date: 8-Dec-2022
  • (2022)Changing criteria weights to achieve fair VIKOR ranking: a postprocessing reranking approachAutonomous Agents and Multi-Agent Systems10.1007/s10458-022-09591-537:1Online publication date: 5-Dec-2022
  • (2022)Accountability in multi-agent organizations: from conceptual design to agent programmingAutonomous Agents and Multi-Agent Systems10.1007/s10458-022-09590-637:1Online publication date: 28-Nov-2022
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences
PST '06: Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services
October 2006
389 pages
ISBN:1595936041
DOI:10.1145/1501434
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

In-Cooperation

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 30 October 2006

Permissions

Request permissions for this article.

Check for updates

Qualifiers

  • Research-article

Conference

PST06
PST06: International Conference on Privacy, Security and Trust
October 30 - November 1, 2006
Ontario, Markham, Canada

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)0
  • Downloads (Last 6 weeks)0
Reflects downloads up to 17 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2022)Strategyproof facility location mechanisms on discrete treesAutonomous Agents and Multi-Agent Systems10.1007/s10458-022-09592-437:1Online publication date: 8-Dec-2022
  • (2022)Changing criteria weights to achieve fair VIKOR ranking: a postprocessing reranking approachAutonomous Agents and Multi-Agent Systems10.1007/s10458-022-09591-537:1Online publication date: 5-Dec-2022
  • (2022)Accountability in multi-agent organizations: from conceptual design to agent programmingAutonomous Agents and Multi-Agent Systems10.1007/s10458-022-09590-637:1Online publication date: 28-Nov-2022
  • (2022)Equitability and welfare maximization for allocating indivisible itemsAutonomous Agents and Multi-Agent Systems10.1007/s10458-022-09587-137:1Online publication date: 2-Dec-2022
  • (2011)Disclosure detection over data streams in database publishingProceedings of the 2011 Joint EDBT/ICDT Ph.D. Workshop10.1145/1966874.1966876(8-13)Online publication date: 25-Mar-2011
  • (2008)Precomputation of privacy policy parameters for auditing SQL queriesProceedings of the 2nd international conference on Ubiquitous information management and communication10.1145/1352793.1352812(87-93)Online publication date: 31-Jan-2008
  • (2008)A Unified Audit Expression Model for Auditing SQL QueriesProceeedings of the 22nd annual IFIP WG 11.3 working conference on Data and Applications Security10.1007/978-3-540-70567-3_3(33-47)Online publication date: 13-Jul-2008
  • (2007)PRINDAData & Knowledge Engineering10.1016/j.datak.2007.03.00763:3(684-698)Online publication date: 1-Dec-2007
  • (2006)Malafide Intension and its mapping to Privacy Policy Purposes for MasqueradingProceedings of the 10th International Database Engineering and Applications Symposium10.1109/IDEAS.2006.30(311-312)Online publication date: 11-Dec-2006
  • (2006)Malafide intension based detection of privacy violation in information systemProceedings of the Second international conference on Information Systems Security10.1007/11961635_29(365-368)Online publication date: 19-Dec-2006

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media