论文信息 - A Test Framework for Assessing Effectiveness of the Data Privacy Policy's Implementation into Relational Databases

A Test Framework for Assessing Effectiveness of the Data Privacy Policy's Implementation into Relational Databases

The growing migration of business transactions toward the web made data privacy a critical issue to cope with. Many technologies have been proposed in order to preserve sensitive data from illegal disclosure, also known as Privacy Enhancing Technology (PET). Unfortunately, under certain conditions, sensitive data could be obtained by leveraging different malicious mechanisms which exploit actions permitted to the user. Thus, it is needed to face the problem also at the system design level, and not only by integrating a specific PET into the final system.We propose a framework for testing the software system’s capability of respecting established data privacy policy. Our test framework aims at detecting the sequence of legal actions which could allow a user to breach the mechanisms for preserving data privacy. The test output helps designers to properly modify those usage scenarios which could compromise data privacy. Experimentation has been carried out in order to make a preliminary assessment of the method

[1] Wenliang Du,et al. Comparisons of K-Anonymization and Randomization Schemes under Linking Attacks , 2006, Sixth International Conference on Data Mining (ICDM'06).

[2] Marc Langheinrich,et al. Personal Privacy in Ubiquitous Computing , 2005 .

[3] Mare Langheinrich,et al. Personal privacy in ubiquitous computing: Tools and system support , 2005 .

[4] Sushil Jajodia,et al. Aggregation in Relational Databases: Controlled Disclosure of Sensitive Information , 1994, ESORICS.

[5] Ge Yu,et al. XGuard: a system for publishing XML documents without information leakage in the presence of data inference , 2005, 21st International Conference on Data Engineering (ICDE'05).

[6] Katina Michael,et al. Control, trust, privacy, and security: evaluating location-based services , 2007, IEEE Technology and Society Magazine.

[7] Roberto J. Bayardo,et al. Technological Solutions for Protecting Privacy , 2003, Computer.

[8] Ran Wolff,et al. Privacy-preserving data mining on data grids in the presence of malicious participants , 2004, Proceedings. 13th IEEE International Symposium on High performance Distributed Computing, 2004..

[9] Rafael Accorsi,et al. Personalization in privacy-aware highly dynamic systems , 2006, CACM.

[10] Gerardo Canfora,et al. A Three Layered Model to Implement Data Privacy Policies , 2008, WOSIS.

[11] David S. Rosenblum,et al. What Anyone Can Know: The Privacy Risks of Social Networking Sites , 2007, IEEE Security & Privacy.