Proceedings of the twenty-seventh ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems
An efficient online auditing approach to limit private data disclosure
Proceedings of the 12th International Conference on Extending Database Technology: Advances in Database Technology
Privacy-preserving genomic computation through program specialization
Proceedings of the 16th ACM conference on Computer and communications security
Requirements and protocols for inference-proof interactions in information systems
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
Privacy issues in scientific workflow provenance
Proceedings of the 1st International Workshop on Workflow Approaches to New Data-centric Science
Journal of the ACM (JACM)
PolicyReplay: misconfiguration-response queries for data breach reporting
Proceedings of the VLDB Endowment
Proceedings of the 14th International Conference on Database Theory
Provenance views for module privacy
Proceedings of the thirtieth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems
Efficient auditing for complex SQL queries
Proceedings of the 2011 ACM SIGMOD International Conference on Management of data
Explaining accesses to electronic health records
Proceedings of the 2011 workshop on Data mining for medicine and healthcare
Proceedings of the VLDB Endowment
Competitive privacy: secure analysis on integrated sequence data
DASFAA'10 Proceedings of the 15th international conference on Database Systems for Advanced Applications - Volume Part II
On scaling up sensitive data auditing
Proceedings of the VLDB Endowment
Dynamic policy adaptation for inference control of queries to a propositional information system
Journal of Computer Security - DBSec 2011
Hi-index | 0.00 |
We study the problem of auditing a batch of SQL queries: Given a forbidden view of a database that should have been kept confidential, a batch of queries that were posed over this database and answered, and a definition of suspiciousness, determine if the query batch is suspicious with respect to the forbidden view. We consider several notions of suspiciousness that span a spectrum both in terms of their disclosure detection guarantees and the tractability of auditing under them for different classes of queries. We identify a particular notion of suspiciousness, weak syntactic suspiciousness, that allows for an efficient auditor for a large class of conjunctive queries. The auditor can be used together with a specific set of forbidden views to detect disclosures of the association between individuals and their private attributes. Further it can also be used to prevent disclosures by auditing queries on the fly in an online setting. Finally, we tie in our work with recent research on query auditing and access control and relate the above definitions of suspiciousness to the notion of unconditional validity of a query introduced in database access control literature.