Database security
Privacy of medical records: IT implications of HIPAA
ACM SIGCAS Computers and Society
Secure Databases: Constraints, Inference Channels, and Monitoring Disclosures
IEEE Transactions on Knowledge and Data Engineering
E-P3P privacy policies and privacy authorization
Proceedings of the 2002 ACM workshop on Privacy in the Electronic Society
Purpose based access control of complex data for privacy protection
Proceedings of the tenth ACM symposium on Access control models and technologies
A comparison of two privacy policy languages: EPAL and XACML
Proceedings of the 3rd ACM workshop on Secure web services
VLDB '02 Proceedings of the 28th international conference on Very Large Data Bases
Privacy-preserving indexing of documents on the network
VLDB '03 Proceedings of the 29th international conference on Very large data bases - Volume 29
Limiting disclosure in hippocratic databases
VLDB '04 Proceedings of the Thirtieth international conference on Very large data bases - Volume 30
Auditing compliance with a Hippocratic database
VLDB '04 Proceedings of the Thirtieth international conference on Very large data bases - Volume 30
Query rewriting for detection of privacy violation through inferencing
Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services
A comparison of two privacy policy languages: EPAL and XACML
A comparison of two privacy policy languages: EPAL and XACML
ICISS'06 Proceedings of the Second international conference on Information Systems Security
Hi-index | 0.00 |
A privacy auditing framework for Hippocratic databases accepts an audit expression and returns all user queries stored in User Access Log (UAL) that satisfy the expression. The audit expression is formed by the audit officer. The expression specifies a target data (sensitive data subject to disclosure review), a time duration and privacy policy parameters related constraints. Determining privacy policy parameters for an audit expression is a tedious task in absence of any assistance to the audit officer, as privacy policy of an enterprise can be complex. We therefore propose and present a malafide intention based framework for their precomputation, which maps a target data description or a malafide intention of an attacker to privacy parameters and hence assists the auditing officer in formation of a precise and unambiguous audit expression. The framework also makes the task of target data specification easier by the use of defined malafide intentions for a domain.