A Unified Audit Expression Model for Auditing SQL Queries
Proceeedings of the 22nd annual IFIP WG 11.3 working conference on Data and Applications Security
Auditing Inference Based Disclosures in Dynamic Databases
SDM '08 Proceedings of the 5th VLDB workshop on Secure Data Management
Privacy-preserving genomic computation through program specialization
Proceedings of the 16th ACM conference on Computer and communications security
| Hi-index | 0.00 |
In this paper, we study the problem of auditing a batch of SQL queries: given a set of SQL queries that have been posed over a database, determine whether some subset of these queries have revealed private information about an individual or group of individuals. In [2], the authors studied the problem of determining whether any single SQL query in isolation revealed information forbidden by the database system's data disclosure policies. In this paper, we extend this work to the problem of auditing a batch of SQL queries. We define two different notions of auditing - semantic auditing and syntactic auditing - and show that while syntactic auditing seems more desirable, it is in fact NP-hard to achieve. The problem of semantic auditing of a batch of SQL queries is, however, tractable and we give a polynomial time algorithm for this purpose.