An OBDD approach to enforce confidentiality and visibility constraints in data publishing

With the growing needs for data sharing and dissemination, privacy-preserving data publishing is becoming an important issue that still requires further investigation. In this paper, we make a step towards private data publication by proposing a solution based on the release of vertical views fragments over a relational table that satisfy confidentiality and visibility constraints expressing requirements for information protection and release, respectively. We translate the problem of computing a fragmentation composed of the minimum number of fragments into the problem of computing a maximum weighted clique over a fragmentation graph. The fragmentation graph models fragments, efficiently computed using Ordered Binary Decision Diagrams OBDDs, that satisfy all the confidentiality constraints and a subset of the visibility constraints defined in the system. We then show an exact and a heuristic algorithm for computing a minimal and a locally minimal fragmentation, respectively. Finally, we provide experimental results comparing the execution time and the fragmentations returned by the exact and heuristic algorithms. The experiments show that the heuristic algorithm has low computation cost and computes a fragmentation close to optimum.

[1]  Shamkant B. Navathe,et al.  Vertical partitioning for database design: a graphical algorithm , 1989, SIGMOD '89.

[2]  Joachim Biskup,et al.  Reducing inference control to access control for normalized database schemas , 2008, Inf. Process. Lett..

[3]  Sabrina De Capitani di Vimercati,et al.  Data protection in outsourcing scenarios: issues and directions , 2010, ASIACCS '10.

[4]  Patric R. J. Östergård,et al.  A fast algorithm for the maximum clique problem , 2002, Discret. Appl. Math..

[5]  Fabio Somenzi,et al.  CUDD: CU Decision Diagram Package Release 2.2.0 , 1998 .

[6]  Sushil Jajodia,et al.  Keep a Few: Outsourcing Data While Maintaining Confidentiality , 2009, ESORICS.

[7]  Joachim Biskup,et al.  On the Inference-Proofness of Database Fragmentation Satisfying Confidentiality Constraints , 2011, ISC.

[8]  Sabrina De Capitani di Vimercati,et al.  Enforcing Confidentiality and Data Visibility Constraints: An OBDD Approach , 2011, DBSec.

[9]  Joachim Biskup,et al.  A sound and complete model-generation procedure for consistent and confidentiality-preserving databases , 2011, Theor. Comput. Sci..

[10]  Sushil Jajodia,et al.  Enforcing Confidentiality Constraints on Sensitive Databases with Lightweight Trusted Clients , 2009, DBSec.

[11]  Joachim Biskup,et al.  Combining Consistency and Confidentiality Requirements in First-Order Databases , 2009, ISC.

[12]  Joachim Biskup,et al.  Enforcing Confidentiality in Relational Databases by Reducing Inference Control to Access Control , 2007, ISC.

[13]  Lena Wiese Horizontal Fragmentation for Data Outsourcing with Formula-Based Confidentiality Constraints , 2010, IWSEC.

[14]  Tarik Hadzic,et al.  On Automata , MDDs and BDDs in Constraint Satisfaction , 2008 .

[15]  Shamkant B. Navathe,et al.  Vertical partitioning algorithms for database design , 1984, TODS.

[16]  Masahito Kurihara,et al.  Efficient BDD Encodings for Partial Order Constraints with Application to Expert Systems in Software Verification , 2004, IEA/AIE.

[17]  Peter J. Stuckey,et al.  Fast Set Bounds Propagation Using a BDD-SAT Hybrid , 2010, J. Artif. Intell. Res..

[18]  Stelvio Cimato,et al.  Privacy-Aware Biometrics: Design and Implementation of a Multimodal Verification System , 2008, 2008 Annual Computer Security Applications Conference (ACSAC).

[19]  Hakan Hacigümüs,et al.  Providing database as a service , 2002, Proceedings 18th International Conference on Data Engineering.

[20]  Sushil Jajodia,et al.  Fragmentation Design for Efficient Query Execution over Sensitive Distributed Databases , 2009, 2009 29th IEEE International Conference on Distributed Computing Systems.

[21]  Sushil Jajodia,et al.  Combining fragmentation and encryption to protect privacy in data storage , 2010, TSEC.

[22]  Donald Ervin Knuth,et al.  The Art of Computer Programming , 1968 .

[23]  Prof. Dr. Christoph Meinel,et al.  Algorithms and Data Structures in VLSI Design , 1998, Springer Berlin Heidelberg.

[24]  Donald E. Knuth,et al.  The Art of Computer Programming, Volume 4, Fascicle 2: Generating All Tuples and Permutations (Art of Computer Programming) , 2005 .

[25]  Keith B. Frikken,et al.  An Index Structure for Private Data Outsourcing , 2011, DBSec.

[26]  Randal E. Bryant,et al.  Graph-Based Algorithms for Boolean Function Manipulation , 1986, IEEE Transactions on Computers.

[27]  Patric R. J. Östergård,et al.  A New Algorithm for the Maximum-Weight Clique Problem , 1999, Electron. Notes Discret. Math..

[28]  Sushil Jajodia,et al.  Balancing confidentiality and efficiency in untrusted relational DBMSs , 2003, CCS '03.

[29]  Rajeev Motwani,et al.  Two Can Keep A Secret: A Distributed Architecture for Secure Database Services , 2005, CIDR.

[30]  Sushil Jajodia,et al.  Fragmentation and Encryption to Enforce Privacy in Data Storage , 2007, ESORICS.

[31]  Pierangela Samarati,et al.  Protecting Respondents' Identities in Microdata Release , 2001, IEEE Trans. Knowl. Data Eng..

[32]  Sushil Jajodia,et al.  Fragments and loose associations , 2010, Proc. VLDB Endow..