On the implementation of security measures in information systems
Communications of the ACM
A note on the confinement problem
Communications of the ACM
HYDRA: the kernel of a multiprocessor operating system
Communications of the ACM
Programming with abstract data types
Proceedings of the ACM SIGPLAN symposium on Very high level languages
On interaction with data bases
SIGFIDET '74 Proceedings of the 1974 ACM SIGFIDET (now SIGMOD) workshop on Data description, access and control
ACM SIGMOD Record
A database encryption system with subkeys
ACM Transactions on Database Systems (TODS)
POPL '83 Proceedings of the 10th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
Features of a system for statistical databases
SSDBM'83 Proceedings of the 2nd international workshop on Proceedings of the Second International Workshop on Statistical Database Management
A software engineering view of data base systems
VLDB '78 Proceedings of the fourth international conference on Very Large Data Bases - Volume 4
Information protection by method base systems
VLDB '78 Proceedings of the fourth international conference on Very Large Data Bases - Volume 4
A security policy for a profile-oriented operating system
AFIPS '81 Proceedings of the May 4-7, 1981, national computer conference
Temporal privacy in wireless sensor networks: Theory and practice
ACM Transactions on Sensor Networks (TOSN)
Design techniques for a user controlled DB/DC system
IBM Systems Journal
An overview of recent data base research
ACM SIGMIS Database
Hi-index | 48.22 |
Traditionally, privacy protection in database systems is understood to be the control over what information a given user can get from a database. This paper is concerned with another, independent, dimension of privacy protection, the control over what a user is allowed to do with a piece of information supplied to him by the database. The ability to condition the supply of information on its intended use is called here “intentional resolution” of privacy protection.The practical importance of intentional resolution is demonstrated by several examples, and its realization is discussed. It is shown that intentional resolution can be achieved, but that it involves a radical change from the traditional approach to the process of user-database interaction. In particular, it appears to be necessary for the database to impose a certain amount of control over the internal behavior of users' programs which interact with it. A model for user-database interaction which admits such a control is developed.