Precomputation of privacy policy parameters for auditing SQL queries

A privacy auditing framework for Hippocratic databases accepts an audit expression and returns all user queries stored in User Access Log (UAL) that satisfy the expression. The audit expression is formed by the audit officer. The expression specifies a target data (sensitive data subject to disclosure review), a time duration and privacy policy parameters related constraints. Determining privacy policy parameters for an audit expression is a tedious task in absence of any assistance to the audit officer, as privacy policy of an enterprise can be complex. We therefore propose and present a malafide intention based framework for their precomputation, which maps a target data description or a malafide intention of an attacker to privacy parameters and hence assists the auditing officer in formation of a precise and unambiguous audit expression. The framework also makes the task of target data specification easier by the use of defined malafide intentions for a domain.

[1]  Donald K. Burleson,et al.  Oracle privacy secutiry auditing : includes Federal Law compliance with HIPAA, Sarbanes-Oxley & the Gramm-Leach-Bliley Act GLB , 2003 .

[2]  Ramakrishnan Srikant,et al.  Hippocratic Databases , 2002, VLDB.

[3]  Fay Cobb Payton,et al.  Privacy of medical records: IT implications of HIPAA , 2000, CSOC.

[4]  Rajanish Dass,et al.  Privacy Violation and Detection Using Pattern Mining Techniques , 2005 .

[5]  Andreas Matheus,et al.  How to Declare Access Control Policies for XML Structured Information Objects using OASIS' eXtensible Access Control Markup Language (XACML) , 2005, Proceedings of the 38th Annual Hawaii International Conference on System Sciences.

[6]  Elisa Bertino,et al.  Privacy Protection , 2022 .

[7]  Emilie Lundin Barse Logging for Intrusion and Fraud Detection , 2004 .

[8]  Silvana Castano,et al.  Database Security , 1997, IFIP Advances in Information and Communication Technology.

[9]  Holt Lh,et al.  Privacy of medical records. , 1980, The Record of the Association of the Bar of the City of New York.

[10]  Vikram Goyal,et al.  Query rewriting for detection of privacy violation through inferencing , 2006, PST.

[11]  David J. DeWitt,et al.  Limiting Disclosure in Hippocratic Databases , 2004, VLDB.

[12]  Sushil Jajodia,et al.  Secure Databases: Constraints, Inference Channels, and Monitoring Disclosures , 2000, IEEE Trans. Knowl. Data Eng..

[13]  Paul Ashley,et al.  E-P3P privacy policies and privacy authorization , 2002, WPES '02.

[14]  David J. Danelski,et al.  Privacy and Freedom , 1968 .

[15]  Christos Faloutsos,et al.  Auditing Compliance with a Hippocratic Database , 2004, VLDB.

[16]  Anne H. Anderson,et al.  A comparison of two privacy policy languages: EPAL and XACML , 2006, SWS '06.

[17]  Anand Gupta,et al.  Design and Development of Malafide Intension Based Privacy Violation Detection System (An Ongoing Research Report) , 2006, ICISS.

[18]  Sushil Jajodia,et al.  Secure databases: constraints and inference channels , 2000 .

[19]  Farzad Salim,et al.  Detecting and Resolving Redundancies in EP3P Policies , 2006 .

[20]  Jaideep Vaidya,et al.  Privacy-preserving indexing of documents on the network , 2003, The VLDB Journal.