A System to Prevent Multi-users and Multi-sessions Attack to Breach Privacy Policies in a Trust-End Filter

Among the different technological solutions realized in order to preserve data privacy, the front end trust filter could be effectively applied in environments characterized by high dynamism and untrustworthiness. Unfortunately, a preliminary assessment of this approach suggested a possible weakness: by using different user's profiles the privacy policy can be eluded and sensitive information could be obtained by inference over legal data set. This paper proposes a solution that could be helpful for two purposes: it could be used in the design phase for identifying which use scenarios (i.e., sequences of legal queries) could threaten data privacy; additionally, it could be used for identifying users which could potentially exploit inference for disclosing confidential information.

[1]  Yehuda Lindell,et al.  Privacy Preserving Data Mining , 2000, Journal of Cryptology.

[2]  Rafael Accorsi,et al.  Personalization in privacy-aware highly dynamic systems , 2006, CACM.

[3]  Rathindra Sarathy,et al.  A General Additive Data Perturbation Method for Database Security , 1999 .

[4]  Dorothy E. Denning Commutative Filters for Reducing Inference Threats in Multilevel Database Systems , 1985, 1985 IEEE Symposium on Security and Privacy.

[5]  Marvin Schaefer,et al.  Secure Data Management System. , 1975 .

[6]  Leland L. Beck,et al.  A security machanism for statistical database , 1980, TODS.

[7]  Roberto J. Bayardo,et al.  Technological Solutions for Protecting Privacy , 2003, Computer.

[8]  Martin S. Olivier,et al.  Privacy Contracts as an Extension of Privacy Policies , 2005, 21st International Conference on Data Engineering Workshops (ICDEW'05).

[9]  Ueli Maurer The role of cryptography in database security , 2004, SIGMOD '04.

[10]  Gerardo Canfora,et al.  A Three Layered Model to Implement Data Privacy Policies , 2008, WOSIS.

[11]  Barbara Carminati,et al.  Trusted Privacy Manager: A System for Privacy Enforcement , 2005, 21st International Conference on Data Engineering Workshops (ICDEW'05).

[12]  Divyakant Agrawal,et al.  Privacy Preserving Query Processing Using Third Parties , 2006, 22nd International Conference on Data Engineering (ICDE'06).

[13]  Yongge Wang,et al.  Privacy aware data generation for testing database applications , 2005, 9th International Database Engineering & Application Symposium (IDEAS'05).

[14]  Ramakrishnan Srikant,et al.  Hippocratic Databases , 2002, VLDB.

[15]  Douglas C. Schmidt,et al.  Ultra-Large-Scale Systems: The Software Challenge of the Future , 2006 .

[16]  Ramakrishnan Srikant,et al.  Privacy-preserving data mining , 2000, SIGMOD '00.

[17]  Latanya Sweeney,et al.  k-Anonymity: A Model for Protecting Privacy , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[18]  Sourav S. Bhowmick,et al.  PRIVATE-IYE: A Framework for Privacy Preserving Data Integration , 2006, 22nd International Conference on Data Engineering Workshops (ICDEW'06).

[19]  Paul R. Ashley,et al.  Enterprise Privacy Authorization Language , 2003 .

[20]  Jeffrey O. Kephart,et al.  The Vision of Autonomic Computing , 2003, Computer.

[21]  Dorothy E. Denning,et al.  Secure statistical databases with random sample queries , 1980, TODS.

[22]  Philip S. Yu,et al.  Top-down specialization for information and privacy preservation , 2005, 21st International Conference on Data Engineering (ICDE'05).