A Unified Audit Expression Model for Auditing SQL Queries

Authors:
Vikram Goyal;S. K. Gupta;Anand Gupta
Affiliations:
Department of Computer Science and Engineering, IIT Delhi, Hauz Khas, New Delhi, 16;Department of Computer Science and Engineering, IIT Delhi, Hauz Khas, New Delhi, 16;Dept. of Comp. Sci. and Engg. N.S.I.T. Delhi, , New Delhi,
Venue:
Proceeedings of the 22nd annual IFIP WG 11.3 working conference on Data and Applications Security
Year:
2008

Citing 10
Cited 1

Security in Databases: A Combinatorial Study

Journal of the ACM (JACM)
On the efficiency of checking perfect privacy

Proceedings of the twenty-fifth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems
A formal analysis of information disclosure in data exchange

Journal of Computer and System Sciences
Hippocratic databases

VLDB '02 Proceedings of the 28th international conference on Very Large Data Bases
Auditing compliance with a Hippocratic database

VLDB '04 Proceedings of the Thirtieth international conference on Very large data bases - Volume 30
Query rewriting for detection of privacy violation through inferencing

Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services
Auditing a Batch of SQL Queries

ICDEW '07 Proceedings of the 2007 IEEE 23rd International Conference on Data Engineering Workshop
Detecting privacy violations in sensitive XML databases

SDM'05 Proceedings of the Second VDLB international conference on Secure Data Management
Malafide intension based detection of privacy violation in information system

ICISS'06 Proceedings of the Second international conference on Information Systems Security
Design and development of malafide intension based privacy violation detection system (an ongoing research report)

ICISS'06 Proceedings of the Second international conference on Information Systems Security

Auditing Inference Based Disclosures in Dynamic Databases

SDM '08 Proceedings of the 5th VLDB workshop on Secure Data Management

Quantified Score

Hi-index	0.00

Visualization

Abstract

A privacy auditing framework for Hippocratic databases accepts an administrator formulated audit expression and returns all suspicious user queries that satisfy the given constraints in that audit expression. Such an expression should be expressive, precise, unambiguous and flexible to describe various characteristics of a privacy violation such as target data (sensitive data subject to disclosure review), suspicion notion, authorized privacy policy parameters through which the violation is possible, and time duration of the privacy violation. Earlier proposed audit expression models for the auditing are not flexible and do not specify suspicion notion with in the audit expression for the auditing of past user accesses. We propose a unified model for an audit expression which can specify earlier proposed audit expressions along with different suspicion notions. The model includes (i) a suspicion notion model which unifies earlier proposed suspicion notions, and (ii) mechanisms to specify data versions.