Abstract
Increasing concerns over Internet applications that violate user privacy by exploiting (back-end) database vulnerabilities must be addressed to protect both customer privacy and to ensure corporate strategic assets remain trustworthy. This chapter describes an extension onto database catalogues and Structured Query Language (SQL) for supporting privacy in Internet applications, such as in social networks, e-health, e-governmcnt, etc. The idea is to introduce new predicates to SQL commands to capture common privacy requirements, such as purpose, visibility, generalization, and retention for both mandatory and discretionary access control policies. The contribution is that corporations, when creating the underlying databases, will be able to define what their mandatory privacy policies arc with which all application users have to comply. Furthermore, each application user, when providing their own data, will be able to define their own privacy policies with which other users have to comply. The extension is supported with underlying catalogues and algorithms. The experiments demonstrate a very reasonable overhead for the extension. The result is a low-cost mechanism to create new systems that arc privacy aware and also to transform legacy databases to their privacy-preserving equivalents. Although the examples arc from social networks, one can apply the results to data security and user privacy of other enterprises as well.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
R. Agrawal, J. Kicrnan, R. Srikant and Y. Xu. “Hippocratic Databases”. Proceeding of the 28th International Conference, on Very Large Databases (VLDB 2002), Hong Kong, China, 2002. pp. 143–154.
R. Agrawal, P. M. Bird, T. W. A. Grandison, G. G. Kicrnan, S. I. Logan, and W. Rjaibi, “Extending Relational Database Systems to Automatically Enforce Privacy Policies”, Proceeding of 21st ICDE, Japan, 2005. pp. 1013–1023.
K. Barker, M. Askari, M. Banerjce, K. Ghazinour, B. Mackas, M. Majedi, S. Pun and A. Williams, “A Data Privacy Taxonomy”, Proceeding of BNCOD09, England, 2009. pp. 42–54.
S. Barker and A. Rosenthal, “Flexible security policies in SQL”, Proceeding of fifteenth Annual IFIP Working Conference on Database and Application Security, Canada, 2001, pp. 167–180.
L. F. Cranor, Web Privacy with P3P. O’Reilly Media, 2002.
S. Finestone, “Privacy: Where do we draw the line?”, Public Works and Government Services, Canada, 1997.
Grant privilege statement, ANSI/ISO/IEC International Standard (IS). Database Language SQL, Part 2: Foundation (SQL/Foundation). 1999. P. 588
A. Machanavajjhala, J. Gehrke, D. Kifer and M. Venkitasubramaniam, “1-divcrsity: Privacy beyond k-anonymity”, Proceeding of ICDE, USA, 2006, pp. 24–35.
S. Pun, A. H. Chinaei, and K. Barker, “Twins (1): Extending SQL to Support Corporation Privacy Policies in Social Networks”, Proceeding of Advances in Social Networks Analysis and Mining, Greece, 2009.
A. Rosenthal and E. Sciore, “Extending SQL’s grant and revoke operations, to limit and reactivate privileges”, IFIP Workshop on Database Security, The Netherlands, 2000, pp. 209–220.
L. Sweeney, “k-anonymity: A model for protecting privacy”, International Journal of Uncertainty Fuzziness and Knowledge Based Systems, 2002, pp. 557–570.
W. J. C. van Staden, and M. S. Olivier, “Extending SQL to allow the active usage of purposes.”, Lecture Notes in Computer Science, Volume 4083, Springer, 2006, pp. 123–131.
W. J. C. van Staden and M. S. Olivier, “SQL’s revoke with a view on privacy”, Proceeding of SAICSIT, South Africa, 2007, pp. 181–188.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag/Wien
About this chapter
Cite this chapter
Ghazinour, K., Pun, S., Majedi, M., Chinaci, A.H., Barker, K. (2010). Extending SQL to Support Privacy Policies. In: Memon, N., Alhajj, R. (eds) From Sociology to Computing in Social Networks. Springer, Vienna. https://doi.org/10.1007/978-3-7091-0294-7_20
Download citation
DOI: https://doi.org/10.1007/978-3-7091-0294-7_20
Publisher Name: Springer, Vienna
Print ISBN: 978-3-7091-0293-0
Online ISBN: 978-3-7091-0294-7
eBook Packages: Computer ScienceComputer Science (R0)