论文信息 - A Unified Audit Expression Model for Auditing SQL Queries

A Unified Audit Expression Model for Auditing SQL Queries

A privacy auditing framework for Hippocratic databases accepts an administrator formulated audit expression and returns all suspicious user queries that satisfy the given constraints in that audit expression. Such an expression should be expressive, precise, unambiguous and flexible to describe various characteristics of a privacy violation such as target data (sensitive data subject to disclosure review), suspicion notion, authorized privacy policy parameters through which the violation is possible, and time duration of the privacy violation. Earlier proposed audit expression models for the auditing are not flexible and do not specify suspicion notion with in the audit expression for the auditing of past user accesses. We propose a unified model for an audit expression which can specify earlier proposed audit expressions along with different suspicion notions. The model includes (i) a suspicion notion model which unifies earlier proposed suspicion notions, and (ii) mechanisms to specify data versions.

Anand Gupta | Vikram Goyal | Shyam K. Gupta

[1] Vikram Goyal,et al. Query rewriting for detection of privacy violation through inferencing , 2006, PST.

[2] Anand Gupta,et al. Malafide Intension Based Detection of Privacy Violation in Information System , 2006, ICISS.

[3] Rajeev Motwani,et al. Auditing a Batch of SQL Queries , 2007, 2007 IEEE 23rd International Conference on Data Engineering Workshop.

[4] Ramakrishnan Srikant,et al. Hippocratic Databases , 2002, VLDB.

[5] Dan Suciu,et al. A formal analysis of information disclosure in data exchange , 2007, J. Comput. Syst. Sci..

[6] Steven P. Reiss. Security in Databases: A Combinatorial Study , 1979, JACM.

[7] Setsuo Ohsuga,et al. INTERNATIONAL CONFERENCE ON VERY LARGE DATA BASES , 1977 .

[8] Christos Faloutsos,et al. Auditing Compliance with a Hippocratic Database , 2004, VLDB.

[9] Stefan Böttcher,et al. Detecting Privacy Violations in Sensitive XML Databases , 2005, Secure Data Management.

[10] Ashwin Machanavajjhala,et al. On the efficiency of checking perfect privacy , 2006, PODS '06.

[11] Emilie Lundin Barse. Logging for Intrusion and Fraud Detection , 2004 .

[12] Anand Gupta,et al. Design and Development of Malafide Intension Based Privacy Violation Detection System (An Ongoing Research Report) , 2006, ICISS.