Abstract
In this paper, we attack the problem of querying personal data according to related purposes. Our approach allows for specifying, in a SQL manner, the purpose of use to personal data. We define a new access method operator introduced in query plans to automatically enforce the purposes of data involved in a SQL query. Experimental results show that our method outperforms a view-based approach competitor.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Agrawal, R., Bird, P., Grandison, T., Kiernan, J., Logan, S., Rjaibi, W.: Extending relational database systems to automatically enforce privacy policies. In: ICDE, pp. 1013–1022. IEEE Computer Society, Tokyo (2005)
Byun, J., Li, N.: Purpose based access control for privacy protection in relational database systems. VLDB J. 17(4), 603–619 (2008)
de Castro Machado, J., Amora, P.R.P.: How can DB systems be ready for privacy regulations. In: SBBD, pp. 235–240. SBC (2020)
CCPA: California Consumer Privacy Act. https://oag.ca.gov/privacy/ccpa (2018). Accessed 07 Oct 2021
Cohn-Gordon, K., et al.: DELF: safeguarding deletion correctness in online social networks. In: Capkun, S., Roesner, F. (eds.) 29th USENIX Security Symposium, USENIX Security 2020, 12–14 August 2020, pp. 1057–1074. USENIX Association (2020)
Deeds, K., Hentschel, B., Idreos, S.: Stacked filters: learning to filter by structure. Proc. VLDB Endow. 14(4), 600–612 (2021)
Deshpande, A.: Sypse: privacy-first data management through pseudonymization and partitioning. In: CIDR, pp. 1–8 (2021). https://www.cidrdb.org/
Difallah, D.E., Pavlo, A., Curino, C., Cudré-Mauroux, P.: Oltp-bench: an extensible testbed for benchmarking relational databases. PVLDB 7(4), 277–288 (2013). http://www.vldb.org/pvldb/vol7/p277-difallah.pdf
Elmasri, R., Navathe, S.B.: Fundamentals of Database Systems, 3rd edn. Addison-Wesley-Longman, Cambridge (2000)
Regulation, G.D.P.: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46. Off. J. Eur. Union 59, 1–88 (2016)
Graefe, G.: Volcano - an extensible and parallel query evaluation system. IEEE Trans. Knowl. Data Eng. 6(1), 120–135 (1994)
Kraska, T., Stonebraker, M., Brodie, M., Servan-Schreiber, S., Weitzner, D.: SchengenDB: a data protection database proposal. In: Gadepally, V., et al. (eds.) DMAH/Poly -2019. LNCS, vol. 11721, pp. 24–38. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-33752-0_2
Lehmann, A.: Scrambledb: oblivious (chameleon) pseudonymization-as-a-service. Proc. Priv. Enhancing Technol. 2019(3), 289–309 (2019)
LGPD: Lei Geral de Proteção de Dados (2018). http://www.planalto.gov.br/ccivil_03/_ato2015-2018/2018/lei/L13709compilado.htm. Accessed 07 Oct 2021
Pappachan, P., Yus, R., Mehrotra, S., Freytag, J.: Sieve: a middleware approach to scalable access control for database management systems. Proc. VLDB Endow. 13(11), 2424–2437 (2020)
Pun, S.: Prisql: a privacy preserving sql language (2010), https://prism.ucalgary.ca/handle/1880/104364
Rizvi, S., Mendelzon, A.O., Sudarshan, S., Roy, P.: Extending query rewriting techniques for fine-grained access control. In: SIGMOD Conference, pp. 551–562. ACM, France (2004)
Rogers, J., Bater, J., He, X., Machanavajjhala, A., Suresh, M., Wang, X.: Privacy changes everything. In: Gadepally, V., et al. (eds.) DMAH/Poly -2019. LNCS, vol. 11721, pp. 96–111. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-33752-0_7
Schwarzkopf, M., Kohler, E., Frans Kaashoek, M., Morris, R.: Position: GDPR compliance by construction. In: Gadepally, V., et al. (eds.) DMAH/Poly -2019. LNCS, vol. 11721, pp. 39–53. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-33752-0_3
Shastri, S., Banakar, V., Wasserman, M., Kumar, A., Chidambaram, V.: Understanding and benchmarking the impact of GDPR on database systems. Proc. VLDB Endow. 13(7), 1064–1077 (2020)
Spenger, J., Carbone, P., Haller, P.: Wip: pods: privacy compliant scalable decentralized data services. PVLDB 12921(1), 70–82 (2021)
Tsai, L., Schwarzkopf, M., Kohler, E.: Privacy heroes need data disguises. In: Proceedings of the Workshop on Hot Topics in Operating Systems, pp. 112–118. Association for Computing Machinery, Michigan (2021)
Wang, L., et al.: Data capsule: a new paradigm for automatic compliance with data privacy regulations, pp. 3–23. CoRR abs/1909.00077 (2019)
Acknowledgements
This research was partially supported by CAPES (grant 88887.609129/2021) and LSBD/UFC.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Praciano, F.D.B.S., Amora, P.R.P., Abreu, Í.C., Machado, J.C. (2022). Purpose Scan: A Purpose-Aware Access Method. In: Rezig, E.K., et al. Heterogeneous Data Management, Polystores, and Analytics for Healthcare. DMAH Poly 2022 2022. Lecture Notes in Computer Science, vol 13814. Springer, Cham. https://doi.org/10.1007/978-3-031-23905-2_3
Download citation
DOI: https://doi.org/10.1007/978-3-031-23905-2_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-23904-5
Online ISBN: 978-3-031-23905-2
eBook Packages: Computer ScienceComputer Science (R0)