Precomputation of privacy policy parameters for auditing SQL queries

Authors:
S. K. Gupta;Vikram Goyal;Anand Gupta
Affiliations:
I.I.T. Delhi, Hauz Khas, New Delhi;I.I.T. Delhi, Hauz Khas, New Delhi;N.S.I.T. Delhi, Dwarka, New Delhi
Venue:
Proceedings of the 2nd international conference on Ubiquitous information management and communication
Year:
2008

Citing 13
Cited 0

Database security

Database security
Privacy of medical records: IT implications of HIPAA

ACM SIGCAS Computers and Society
Secure Databases: Constraints, Inference Channels, and Monitoring Disclosures

IEEE Transactions on Knowledge and Data Engineering
E-P3P privacy policies and privacy authorization

Proceedings of the 2002 ACM workshop on Privacy in the Electronic Society
Purpose based access control of complex data for privacy protection

Proceedings of the tenth ACM symposium on Access control models and technologies
A comparison of two privacy policy languages: EPAL and XACML

Proceedings of the 3rd ACM workshop on Secure web services
Hippocratic databases

VLDB '02 Proceedings of the 28th international conference on Very Large Data Bases
Privacy-preserving indexing of documents on the network

VLDB '03 Proceedings of the 29th international conference on Very large data bases - Volume 29
Limiting disclosure in hippocratic databases

VLDB '04 Proceedings of the Thirtieth international conference on Very large data bases - Volume 30
Auditing compliance with a Hippocratic database

VLDB '04 Proceedings of the Thirtieth international conference on Very large data bases - Volume 30
Query rewriting for detection of privacy violation through inferencing

Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services
A comparison of two privacy policy languages: EPAL and XACML

A comparison of two privacy policy languages: EPAL and XACML
Design and development of malafide intension based privacy violation detection system (an ongoing research report)

ICISS'06 Proceedings of the Second international conference on Information Systems Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

A privacy auditing framework for Hippocratic databases accepts an audit expression and returns all user queries stored in User Access Log (UAL) that satisfy the expression. The audit expression is formed by the audit officer. The expression specifies a target data (sensitive data subject to disclosure review), a time duration and privacy policy parameters related constraints. Determining privacy policy parameters for an audit expression is a tedious task in absence of any assistance to the audit officer, as privacy policy of an enterprise can be complex. We therefore propose and present a malafide intention based framework for their precomputation, which maps a target data description or a malafide intention of an attacker to privacy parameters and hence assists the auditing officer in formation of a precise and unambiguous audit expression. The framework also makes the task of target data specification easier by the use of defined malafide intentions for a domain.