Skip to main content
SpringerLink
Log in

Privacy-Preserving Database Systems

  • Chapter
Foundations of Security Analysis and Design III (FOSAD 2005, FOSAD 2004)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 3655))

Abstract

Privacy is today an important concern for both users and enterprises. Therefore, intense research is today being carried out on various aspects of privacy-preserving data management systems. In this paper, we focus on database management systems (DBMS) able to enforce privacy promises encoded in privacy languages such as P3P. In particular, in the paper, we first present an overview of the P3P language and outlines some of its critical aspects. We then outline the main requirements for a privacy-preserving DBMS and we discuss solutions related to the management of privacy-related meta-data, focusing on special category of meta-data information, that is, purpose information. Purpose information represents an important component of privacy statements and thus their effective management is crucial. We then discuss current solutions to to fine-grained access control in the context of relational database systems and identify relevant issues.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 49.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Hippocratic databases. In: The 28th International Conference on Very Large Databases (VLDB) (2002)

    Google Scholar 

  2. Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: An XPath-based preference language for P3P. In: Proceedings of the Twelfth International World Wide Web Conference (WWW2003), pp. 629–639. ACM Press, New York (May 2003)

    Google Scholar 

  3. Anton, A.I., Bertino, E., Li, N., Yu, T.: A roadmap for comprehensive online privacy policy. Technical Report TR 2004-47. Purdue University (2004)

    Google Scholar 

  4. Bertino, E., Ferari, E., Squicciarini, A.: Trust negotation: Concepts, systems and languages. IEEE Computing in Science and Engineering 6(4), 27–34 (2004)

    Google Scholar 

  5. Byun, J., Bertino, E., Li, N.: Purpose based access control for privacy protection in relational database systems. Technical Report 2004-52. Purdue University (2004)

    Google Scholar 

  6. Byun, J., Bertino, E., Li, N.: Purpose based access control of complex data for privacy protection. In: Symposium on Access Control Model And Technologies (SACMAT) (2005) (to appear)

    Google Scholar 

  7. Clifton, C.: Using sample size to limit exposure to data mining. Journal of Computer Security 8(4), 281–308 (2000)

    Google Scholar 

  8. Clifton, C., Vaidya, J.: Privacy-preserving data mining: Why, how, and when. IEEE Security and Privacy 2(6), 19–27 (2004)

    Article  Google Scholar 

  9. Cranor, L.: P3P user agent guidlines. P3P User Agent Task Force Report 23 (May 2003)

    Google Scholar 

  10. Cranor, L.F.: Personal communication

    Google Scholar 

  11. Cranor, L.F., Reidenberg, J.R.: Can user agents acurately represent privacy notices? Discussion draft 1.0 (August 2002)

    Google Scholar 

  12. Marchiori, M., et al.: The Platform for Privacy Preferences 1.0 (P3P1.0) Specification. W3C Recommendation (April 2002)

    Google Scholar 

  13. Hogben, G.: A technical analysis of problems with P3P v1.0 and possible solutions. Position paper for W3C Workshop on the Future of P3P (November 2002), Available at, http://www.w3.org/2002/p3p-ws/pp/jrc.html

  14. Hogben, G.: Suggestions for long term changes to P3P. Position paper for W3C Workshop on the Long Term Future of P3P (June 2003), Available at, http://www.w3.org/2003/p3p-ws/pp/jrc.pdf

  15. Hogben, G., Jackson, T., Wilikens, M.: A fully compliant research implementation of the P3P standard for privacy protection: Experiences and recommendations. In: Gollmann, D., Karjoth, G., Waidner, M. (eds.) ESORICS 2002. LNCS, vol. 2502, pp. 104–125. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  16. Langheinrich, M.: A P3P Preference Exchange Language 1.0 (APPEL1.0). W3C Working Draft (April 2002)

    Google Scholar 

  17. LeFevre, K., Agrawal, R., Ercegovac, V., Ramakrishnan, R., Xu, Y., DeWitt, D.: Limiting disclosure in hippocratic databases. In: 30th International Conference on Very Large Data Bases (VLDB), Toronto, Canada (August 2004)

    Google Scholar 

  18. Li, N., Mitchell, J.C., Winsborough, W.H.: Design of a role-based trust management framework. In: Proceedings of the 2002 IEEE Symposium on Security and Privacy, pp. 114–130. IEEE Computer Society Press, Los Alamitos (May 2002)

    Google Scholar 

  19. Li, N., Yu, T., Antón, A.I.: A semantics-based approach to privacy languages. Technical Report TR 2003-28, CERIAS (November 2003)

    Google Scholar 

  20. McDonald, N., Stonbraker, M., Wong, E.: Preliminary specification of ingres. Technical Report 435-436. University of California, Berkeley (May 1974)

    Google Scholar 

  21. Motro, A.: An access authorization model for relational databases based on algebraic manipulation of view definitions. In: The Fifth International Conference on Data Engineering (ICDE), pp. 339–347 (February 1989)

    Google Scholar 

  22. Oracle Coperation. Oracle Database: Security Guide (December 2003), Available at, http://www.oracle.com

  23. Rizvi, S., Mendelzon, A., Sudarshan, S., Roy, P.: Extending query rewriting techniques for fine-grained access control. In: Proceedings of the 2004 ACM SIGMOD International Conference on Management of Data, Paris, France, pp. 551–562. ACM Press, New York (2004)

    Chapter  Google Scholar 

  24. Schunter, M., Herreweghen, E.V., Waidner, M.: Expressive privacy promises — how to improve the platform for privacy preferences (P3P). Position paper for W3C Workshop on the Future of P3P, Available at, http://www.w3.org/2002/p3p-ws/pp/ibm-zuerich.pdf

  25. Schutzer, D.M.: Citigroup P3P position paper. Position paper for W3C Workshop on the Future of P3P, Available at, http://www.w3.org/2002/p3p-ws/pp/ibm-zuerich.pdf

  26. Stonebraker, M., Wong, E.: Access control in a relational database management system by query modification. In: Proceedings of the 1974 Annual Conference (ACM/CSC-ER), pp. 180–186. ACM Press, New York (1974)

    Chapter  Google Scholar 

  27. Sweeney, L.: Achieving k-anonymity privacy protection using generalization and suppression. International Journal on Uncertainty, Fuzziness and Knowledge-based Systems (2002)

    Google Scholar 

  28. Sweeney, L.: K-anonymity: A model for protecting privacy. International Journal on Uncertainty, Fuzziness and Knowledge-based Systems (2002)

    Google Scholar 

  29. W3C. Platform for privacy preferences (P3P) project, http://www.w3.org/P3P/

  30. Wenning, R.: Minutes of the P3P 2.0 workshop (July 2003), Available at, http://www.w3.org/2003/p3p-ws/minutes.html

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Cerias, Purdue University, 656 Oval Drive, West Lafayette, IN, 47907, USA

    Elisa Bertino, Ji-Won Byun & Ninghui Li

Authors
  1. Elisa Bertino
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ji-Won Byun
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ninghui Li
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Istituto di Scienze e Tecnologie dell’Informazione, Università degli Studi di Urbino “Carlo Bo”, Piazza della Repubblica 13, 61029, Urbino, Italy

    Alessandro Aldini

  2. Dipartimento di Scienze dell’Informazione, Università di Bologna, Mura A. Zamboni, 7, 40127, Bologna, Italy

    Roberto Gorrieri

  3. IIT CNR, Pisa, via Moruzzi, 1, 56125, Pisa, Italy

    Fabio Martinelli

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this chapter

Cite this chapter

Bertino, E., Byun, JW., Li, N. (2005). Privacy-Preserving Database Systems. In: Aldini, A., Gorrieri, R., Martinelli, F. (eds) Foundations of Security Analysis and Design III. FOSAD FOSAD 2005 2004. Lecture Notes in Computer Science, vol 3655. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11554578_6

Download citation

  • DOI: https://doi.org/10.1007/11554578_6

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-28955-5

  • Online ISBN: 978-3-540-31936-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation