Security in Databases: A Combinatorial Study
Journal of the ACM (JACM)
On the efficiency of checking perfect privacy
Proceedings of the twenty-fifth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems
A formal analysis of information disclosure in data exchange
Journal of Computer and System Sciences
VLDB '02 Proceedings of the 28th international conference on Very Large Data Bases
Auditing compliance with a Hippocratic database
VLDB '04 Proceedings of the Thirtieth international conference on Very large data bases - Volume 30
Query rewriting for detection of privacy violation through inferencing
Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services
Auditing a Batch of SQL Queries
ICDEW '07 Proceedings of the 2007 IEEE 23rd International Conference on Data Engineering Workshop
Detecting privacy violations in sensitive XML databases
SDM'05 Proceedings of the Second VDLB international conference on Secure Data Management
Malafide intension based detection of privacy violation in information system
ICISS'06 Proceedings of the Second international conference on Information Systems Security
ICISS'06 Proceedings of the Second international conference on Information Systems Security
Auditing Inference Based Disclosures in Dynamic Databases
SDM '08 Proceedings of the 5th VLDB workshop on Secure Data Management
Hi-index | 0.00 |
A privacy auditing framework for Hippocratic databases accepts an administrator formulated audit expression and returns all suspicious user queries that satisfy the given constraints in that audit expression. Such an expression should be expressive, precise, unambiguous and flexible to describe various characteristics of a privacy violation such as target data (sensitive data subject to disclosure review), suspicion notion, authorized privacy policy parameters through which the violation is possible, and time duration of the privacy violation. Earlier proposed audit expression models for the auditing are not flexible and do not specify suspicion notion with in the audit expression for the auditing of past user accesses. We propose a unified model for an audit expression which can specify earlier proposed audit expressions along with different suspicion notions. The model includes (i) a suspicion notion model which unifies earlier proposed suspicion notions, and (ii) mechanisms to specify data versions.