Encyclopedia of Database Systems

2018 Edition
| Editors: Ling Liu, M. Tamer Özsu

Privacy-Preserving DBMSs

  • Tyrone GrandisonEmail author
Reference work entry
DOI: https://doi.org/10.1007/978-1-4614-8265-9_80753


The concept of a privacy-preserving database management system (PP-DBMS) is a relatively recent one – dating back to the 2000s [1, 8]. Such a system assumes that privacy is a fundamental property of the data in the DBMS and that the database management system automatically and seamlessly adheres to the privacy dictates of the data owners. As a first step, we must understand the notion of privacy.

Privacy Fundamentals

Privacy is a complex and multifaceted topic that is steeped in history and rich with subtleties. The task of understanding the fundamental underpinnings, semantics, and nuisances of the concept of privacy has been underway in the legal profession for many decades. In 1928, US Supreme Court Justice Louis Brandeis stated that privacy was “the right to be left alone” [31]. Brandeis postulated that privacy is one of the “conditions favorable to the pursuit of happiness” [31].

Over the years, other legal scholars have established that privacy is one of the...

This is a preview of subscription content, log in to check access.

Recommended Reading

  1. 1.
    Agrawal R, Kiernan J, Srikant R, Xu Y. Hippocratic databases. In: Proceedings of the 28th International Conference on Very Large Data Bases; 2002.Google Scholar
  2. 2.
    Agrawal R, Evfimievski A, Srikant R. Information sharing across private databases. In: Proceedings of the ACM SIGMOD International Conference on Management of Data; 2003.Google Scholar
  3. 3.
    Agrawal R, Bayardo R, Faloutsos C, Kiernan J, Rantzau R, Srikant R. Auditing compliance with a hippocratic database. In: Proceedings of the 30th International Conference on Very Large Data Bases Endowment; 2004. p. 516–27.Google Scholar
  4. 4.
    Agrawal R, Kiernan J, Srikant R, Xu Y. Order-preserving encryption for numeric data. In: Proceedings of the ACM SIGMOD International Conference on Management of Data; 2004.Google Scholar
  5. 5.
    Agrawal R, Bird P, Grandison T, Kiernan J, Logan S, Rjaibi W. Extending relational database systems to automatically enforce privacy policies. In: Proceedings of the 21st International Conference on Data Engineering; 2005. p. 1013–22.Google Scholar
  6. 6.
    Azemović J. Privacy aware eLearning environments based on hippocratic database principles. In: Proceedings of the 5th Balkan Conference in Informatics; 2012. p. 142–9.Google Scholar
  7. 7.
    Bayardo RJ, Agrawal R. Data privacy through optimal k-anonymization. In: Proceedings of the 21st International Conference on Data Engineering; 2005.Google Scholar
  8. 8.
    Bertino E, Byun JW, Li N. Privacy-preserving database systems. In: Foundations of security analysis and design III. Berlin/Heidelberg: Springer; 2005. p. 178–206.CrossRefGoogle Scholar
  9. 9.
    Bottcher S, Hartel R, Kirschner M. Detecting suspicious relational database queries. In: Proceedings of the 3rd International Conference on Availability, Reliability and Security; 2008. p. 71–778.Google Scholar
  10. 10.
    Cheng VS, Hung PC. Towards an integrated privacy framework for HIPAA-compliant web services. In: Proceedings of the 7th IEEE International Conference on E-commerce Technology; 2005. p. 480–3.Google Scholar
  11. 11.
    Goldberg I. Privacy-enhancing technologies for the Internet, II: five years later. Berlin/Heidelberg: Springer; 2003. p. 1–2.zbMATHCrossRefGoogle Scholar
  12. 12.
    Grandison T, Johnson C, Kiernan J. Hippocratic databases: current capabilities and future trends. In: Handbook of database security. New York: Springer; 2008. p. 409–29.CrossRefGoogle Scholar
  13. 13.
    Johnson CM, Grandison TWA. Compliance with data protection laws using hippocratic database active enforcement and auditing. IBM Syst J. 2007;46(2):255–64.CrossRefGoogle Scholar
  14. 14.
    Juels A. RFID security and privacy: a research survey. IEEE J Sel Areas Commun. 2006;24(2): 381–94.MathSciNetCrossRefGoogle Scholar
  15. 15.
    Kirchberg M, Link S. Hippocratic databases: extending current transaction processing approaches to satisfy the limited retention principle. In: Proceedings of the 43rd Annual Hawaii International Conference on System Sciences; 2010. p. 1–10.Google Scholar
  16. 16.
    Laura-Silva Y, Aref WG. Realizing privacy-preserving features in Hippocratic databases. In: Proceedings of the IEEE 23rd International Conference on Data Engineering Workshop; 2007. p. 198–206.CrossRefGoogle Scholar
  17. 17.
    Lee JG, Whang KY, Han W, Song I. Hippocratic XML databases: a model and an access control mechanism. Comput Syst Sci Eng. 2006;21(6)Google Scholar
  18. 18.
    LeFevre K, Agrawal R, Ercegovac V, Ramakrishnan R, Xu Y, DeWitt D. Limiting disclosure in hippocratic databases. In: Proceedings of the 30th International Conference on Very Large Data Bases Endowment; 2004. p. 108–19.CrossRefGoogle Scholar
  19. 19.
    Massacci F, Mylopoulos J, Zannone N. Hierarchical hippocratic databases with minimal disclosure for virtual organizations. VLDB J. 2006;15(4):370–87.CrossRefGoogle Scholar
  20. 20.
    Mohamed Sidek Z, Abdul Ghani N. Utilizing hippocratic database for personal information privacy protection. Jurnal Teknologi Maklumat. 2008;20(3):54–64.Google Scholar
  21. 21.
    Mokbel FM. Towards privacy-aware location-based database servers. In: Proceedings of the 22nd International Conference on Data Engineering Workshops; 2006.Google Scholar
  22. 22.
    OECD. Guidelines on the protection of privacy and transborder flows of personal data. 1980. http://www.oecd.org/internet/ieconomy/oecdguidelinesontheprotectionofprivacyandtransborde rflowsofpersonaldata.htm. Accessed 27 Aug 2014.
  23. 23.
    Office of the Privacy Commissioner of Canada. The personal information protection and electronic documents act (PIPEDA). 4 1, 2011. http://laws-lois.justice.gc.ca/PDF/P-8.6.pdf. Accessed 27 Aug 2014.
  24. 24.
    Padma J, Silva YN, Arshad MU, Aref WG. Hippocratic PostgreSQL. In: Proceedings of the 25th International Conference on Data Engineering; 2009. p. 1555–8.Google Scholar
  25. 25.
    Rutherford A, Botha R, Olivier M. Towards Hippocratic log files. In: Proceedings of the 4th Annual Information Security South Africa Conference; 2004. p. 1–10.Google Scholar
  26. 26.
    Solove DJ. Understanding privacy: Harvard University Press; 2010.Google Scholar
  27. 27.
    Solove DJ. Nothing to hide: the false tradeoff between privacy and security. J Value Inq. 2012;46(1):107–112.Google Scholar
  28. 28.
    Solove DJ, Schwartz PM. Privacy law fundamentals, Second Edition. Aspen Publishers, 2013.Google Scholar
  29. 29.
    Such JM, Espinosa A, García-Fornes A. A survey of privacy in multi-agent systems. Knowl Eng Rev. 2014;29(03):314–44.CrossRefGoogle Scholar
  30. 30.
    U.S. Department of Health and Human Services Office for Civil Rights. HIPAA Administrative Simplification. 3 26, 2013. http://www.hhs.gov/ocr/privacy/hipaa/administrative/combined/hipaa-simplification- 201303.pdf. Accessed 27 Aug 2014.
  31. 31.
    U.S. Supreme Court. Osmalt v. U.S. Government (1928). 1928. Accessed 27 Aug 2014.Google Scholar
  32. 32.
    Westin AF. Privacy and freedom. New York: Athenum; 1967.Google Scholar
  33. 33.
    Zhu H, Lü K. Fine-grained access control for database management systems. In: Richard C, Jessie K, editors. Data management. Data, data everywhere. Berlin/Heidelberg: Springer; 2007. p. 215–23.CrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media, LLC, part of Springer Nature 2018

Authors and Affiliations

  1. 1.Proficiency LabsAshlandUSA

Section editors and affiliations

  • Elena Ferrari
    • 1
  1. 1.DISTAUniversità degli Studi dell’InsubriaVareseItaly