Traditionally, privacy protection in database systems is understood to be the control over what information a given user can get from a database. This paper is concerned with another, independent, dimension of privacy protection, the control over what a user is allowed to do with a piece of information supplied to him by the database. The ability to condition the supply of information on its intended use is called here “intentional resolution” of privacy protection.
The practical importance of intentional resolution is demonstrated by several examples, and its realization is discussed. It is shown that intentional resolution can be achieved, but that it involves a radical change from the traditional approach to the process of user-database interaction. In particular, it appears to be necessary for the database to impose a certain amount of control over the internal behavior of users' programs which interact with it. A model for user-database interaction which admits such a control is developed.
[1]
William L. Maxwell,et al.
On the implementation of security measures in information systems
,
1972,
CACM.
[2]
William A. Wulf,et al.
HYDRA
,
1974,
Commun. ACM.
[3]
E. F. Codd,et al.
Relational Completeness of Data Base Sublanguages
,
1972,
Research Report / RJ / IBM / San Jose, California.
[4]
Naftaly H. Minsky,et al.
Another look at data-bases
,
1974,
SGMD.
[5]
Stephen N. Zilles,et al.
Programming with abstract data types
,
1974,
SIGPLAN Symposium on Very High Level Languages.
[6]
Naftaly H. Minsky.
On interaction with data bases
,
1974,
SIGFIDET '74.
[7]
Butler W. Lampson,et al.
A note on the confinement problem
,
1973,
CACM.