Skip to main content
SpringerLink
Log in

Optimal Privacy-Aware Path in Hippocratic Databases

  • Conference paper
Database Systems for Advanced Applications (DASFAA 2009)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 5463))

Included in the following conference series:

Abstract

Privacy becomes a major concern for both customers and enterprises in today’s corporate marketing strategies, many research efforts have been put into developing new privacy-aware technologies. Among them, Hippocratic databases are one of the important mechanisms to guarantee the respect of privacy principles in data management, which adopt purpose as a central concept associated with each piece of data stored in the databases. The proposed mechanism provides basic principles for future database systems protecting privacy of data as a founding tenet. However, Hippocratic databases do not allow to distinguish which particular method is used for fulfilling a purpose. Especially, the issues like purpose hierarchies, task delegations and minimal privacy cost are missing from the proposed mechanism.

In this paper, we extend these mechanisms in order to support inter-organizational business processes in Hippocratic databases. A comprehensive approach for negotiation of personal information between customers and enterprises based on user preferences is developed when enterprises offer their clients a number of ways to fulfill a service. We organize purposes into purpose directed graphs through AND/OR decomposition, which supports task delegations and distributed authorizations. Specially, customers have controls of deciding how to get a service fulfilled on the basis of their personal feeling of trust for any service customization. Quantitative analysis is performed to characterize privacy penalties dealing with privacy cost and customer’s trust. Finally, efficient algorithms are given to guarantee the minimal privacy cost and maximal customer’s trust involved in a business process.

This research is funded by an ARC Discovery Project DP0663414.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Hippocratic Databases. In: Proceedings of VLDB 2002, pp. 143–154. Morgan Kaufmann, San Francisco (2002)

    Google Scholar 

  2. Agrawal, R., Evfimievski, A., Srikant, R.: Information sharing across private databases. In: Proceedings of SIGMOD 2003, pp. 86–97. ACM Press, New York (2003)

    Google Scholar 

  3. Ashley, P., Powers, C.S., Schunter, M.: Privacy promises, access control, and privacy management. In: Third International Symposium on Electronic Commerce (2002)

    Google Scholar 

  4. Backes, M., Pfitzmann, B., Schunter, M.: A toolkit for managing enterprise privacy policies. In: Snekkenes, E., Gollmann, D. (eds.) ESORICS 2003. LNCS, vol. 2808, pp. 162–180. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  5. Bertino, E., Ferrari, E., Squicciarini, A.C.: Trust-X: A Peer-to-Peer Framework for Trust Establishment. IEEE Trans. Knowl. Data Eng. 16(7), 827–842 (2004)

    Article  Google Scholar 

  6. Blaze, M., Feigenbaum, J., Lacy, J.: Decentralized trust management. In: Proc. IEEE Symp. Security Privacy, pp. 164–173 (1996)

    Google Scholar 

  7. Bresciani, P., Giorgini, P., Giunchiglia, F., Mylopoulos, J., Perini, A.: TROPOS: An agent-oriented software development methodology. JAAMAS 8(3), 203–236 (2004)

    MATH  Google Scholar 

  8. Byun, J.W., Bertino, E., Li, N.: Purpose based access control of complex data for privacy protection. In: Proceedings of SACMAT 2005, pp. 102–110. ACM Press, New York (2005)

    Google Scholar 

  9. Byun, J.W., Bertino, E., Li, N.: Purpose based access control for privacy protection in relational database systems. Technical Report 2004-52, Purdue University

    Google Scholar 

  10. Cranor, L., Langheinrich, M., Marchiori, M., Reagle, J.: The platform for privacy preferences 1.0 (P3P1.0) specification. W3C recommendation (2002), http://www.w3.org/TR/P3P/

  11. Ferrari, E., Thuraisingham, B.: Security and privacy for web databases and services. In: Bertino, E., Christodoulakis, S., Plexousakis, D., Christophides, V., Koubarakis, M., Böhm, K., Ferrari, E. (eds.) EDBT 2004. LNCS, vol. 2992, pp. 17–28. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  12. Finin, T., Joshi, A.: Agents, trust, and information access on the semantic web. ACM SIGMODRec 31(4), 30–35 (2002)

    Article  Google Scholar 

  13. Giorgini, P., Massacci, F., Mylopoulos, J., Zannone, N.: Requirements engineering meets trust management. In: Jensen, C., Poslad, S., Dimitrakos, T. (eds.) iTrust 2004. LNCS, vol. 2995, pp. 176–190. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  14. Giorgini, P., Massacci, F., Mylopoulos, J., Zannone, N.: Modeling security requirements through ownership, permission and delegation. In: Proceedings of RE 2005, pp. 167–176. IEEE Press, Lausanne (2005)

    Google Scholar 

  15. Handy, C.: Trust and the virtual organization. Harv. Bus. Rev. 73, 40–50 (1995)

    Google Scholar 

  16. Karjoth, G., Schunter, M., Waidner, M.: Platform for enterprise privacy practices: Privacy-enabled management of customer data. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 69–84. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  17. Massacci, F., Zannone, N.: Privacy is linking permission to purpose. In: Proceedings of the 12th International Workshop on Sec. protocols (2004)

    Google Scholar 

  18. Nilsson, N.J.: Problem solving methods in AI. McGraw-Hill, New York (1971)

    Google Scholar 

  19. Nilsson, N.J.: Principles of Artificial Intelligence. Morgan Kaufmann, San Francisco (1994)

    MATH  Google Scholar 

  20. Seamons, K.E., Winslett, M., Yu, T., Yu, L., Jarvis, R.: Protecting privacy during on-line trust negotiation. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 129–143. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  21. Tumer, A., Dogac, A., Toroslu, H.: A Semantic based Privacy framework forweb services. In: Proceedings of ESSW 2003 (2003)

    Google Scholar 

  22. Yasuda, M., Tachikawa, T., Takizawa, M.: Information flow in a purpose-oriented access control model. In: Proceedings of ICPADS 1997, pp. 244–249. IEEE Press, Lausanne (1997)

    Google Scholar 

  23. World Wide Web Consortium (W3C). A P3P Preference Exchange Language 1.0 (APPEL 1.0), www.w3.org/TR/P3P-preferences

Download references

Author information

Authors and Affiliations

  1. Department of Mathematics & Computing, University of Southern Queensland, Australia

    Min Li, Xiaoxun Sun & Hua Wang

  2. School of Computer Science & Mathematics, Victoria University, Australia

    Yanchun Zhang

Authors
  1. Min Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Xiaoxun Sun
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Hua Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Yanchun Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Information Technology and Electrical Engineering, The University of Queensland, QLD 4072, Brisbane, Australia

    Xiaofang Zhou  & Ke Deng  & 

  2. Tokyo Institute of Technology, Graduate School of Information Science and Engineering, 2-12-1 Oh-Okayama Meguro-ku, 152-8552, Tokyo, Japan

    Haruo Yokota

  3. CSIRO, Castray Esplanade, TAS 7000, Hobart, Australia

    Qing Liu

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Li, M., Sun, X., Wang, H., Zhang, Y. (2009). Optimal Privacy-Aware Path in Hippocratic Databases. In: Zhou, X., Yokota, H., Deng, K., Liu, Q. (eds) Database Systems for Advanced Applications. DASFAA 2009. Lecture Notes in Computer Science, vol 5463. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-00887-0_39

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-00887-0_39

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-00886-3

  • Online ISBN: 978-3-642-00887-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation