Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to main content
Springer Nature Link
Log in

Auditing Inference Based Disclosures in Dynamic Databases

  • Conference paper
Secure Data Management (SDM 2008)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 5159))

Included in the following conference series:

Abstract

A privacy violation in an information system could take place either through explicit access or inference over already revealed facts using domain knowledge. In a post violation scenario, an auditing framework should consider both these aspects to determine exact set of minimal suspicious queries set. Update operations in database systems add more complexity in case of auditing, as inference rule applications on different data versions may generate erroneous information in addition to the valid information. In this paper, we formalize the problem of auditing inference based disclosures in dynamic databases, and present a sound and complete algorithm to determine a suspicious query set for a given domain knowledge, a database, an audit query, updates in the database. Each element of the output set is a minimal set of past user queries made to the database system such that data revealed to these queries combined with domain knowledge can infer the valid data specified by the audit query.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. AT & T privacy bird, http://www.privacybird.com/

  2. OASIS, eXtensible Access Control Markup Language (XACML) TC, http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml

  3. Ashley, P., Hada, S., Karjoth, G., Powers, C., Schunter, M.: Enterprise Privacy Authorization Language (EPAL 1.1), IBM Research Report (2003), http://www.zurich.ibm.com/security/enterprise-privacy/epal

  4. Bhattacharya, J., Gupta, S.K.: Privacy Broker for Enforcing Privacy Policies in Databases. In: Proceedings of Fifth international conference on knowledge based computer systems, Hyderabad, India (2004)

    Google Scholar 

  5. Rosencrance, L.: Toysrus.com faces online privacy inquiry, http://archives.cnn.com/2000/TECH/computing/12/14/toysrus.privacy.inquiry.idg/toysrus.privacy.inquiry.html

  6. Associated Press: Fliers File Suit Against Jetblue (2003), http://www.wired.com/politics/security/news/2003/09/60551

  7. Barse, E.L.: Logging For Intrusion And Fraud Detection. PhD Thesis, ISBN 91-7291-484-X Technical Report no.28D ISSN 1651-4971, School of Computer Science and Engineering, Chalmers University of Technology (2004)

    Google Scholar 

  8. Bruno, J.B.: Security Breach Could Expose 40M to Fraud (2005), http://www.freerepublic.com/focus/f-news/1425334/posts

  9. Teasley, B.: Does Your Privacy Policy Mean Anything (2005), http://www.clickz.com/experts/crm/analyze_data/article.php

  10. Broadsky, A., Farkas, C., Jajodia, S.: Secure Databases: Constraints, inference channels and monitoring disclosures. IEEE Transaction of Knowledge and Data Engineering 12(6), 900–919 (2000)

    Article  Google Scholar 

  11. Marks, D.: Inference in MLS database systems. IEEE Transactions on Knowledge and Data Engineering 8, 46–55 (1996)

    Article  Google Scholar 

  12. Dawson, S., de Capitani di Vimercati, S., Samarati, P.: Specification and enforcement of classification and inference constraints. In: Proceedings of the 1999 IEEE Symposium on Security and Privacy, pp. 181–195 (1999)

    Google Scholar 

  13. Farkas, C., Toland, T.S., Eastman, C.M.: The Inference Problem and Updates in Relational Databases. In: Das 2001: Proceedings of the fifteenth annual working conference on Database and application security, Norwell, MA, USA, pp. 181–194. Kluwer Academic Publishers, Dordrecht (2002)

    Google Scholar 

  14. Stachour, P., Thuraisingham, B.: Design of LDV: A Multilevel Secure Relational Database Management. IEEE Transactions on Knowledge and Data Engineering 02, 190–209 (1990)

    Article  Google Scholar 

  15. Agrawal, R., Bayardo, R., Faloutsos, C., Kiernan, J., Rantzau, R., Srikant, R.: Auditing compliance with a Hippocratic database. In: VLDB 2004: Proceedings of the Thirtieth international conference on Very large data bases, VLDB Endowment, pp. 516–527 (2004)

    Google Scholar 

  16. Gupta, S.K., Goyal, V., Gupta, A.: Malafide Intension Based Detection of Violation in Privacy. In: Bagchi, A., Atluri, V. (eds.) ICISS 2006. LNCS, vol. 4332, pp. 365–368. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  17. Böttcher, S., Steinmetz, R.: Detecting Privacy Violations in Sensitive XML Databases. In: Jonker, W., Petković, M. (eds.) SDM 2005. LNCS, vol. 3674, pp. 143–154. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  18. Motwani, R., Nabar, S., Thomas, D.: Auditing a Batch of SQL Queries. In: IEEE 23rd International Conference on Data Engineering Workshop, pp. 186–191 (2007)

    Google Scholar 

  19. Machanavajjhala, A., Gehrke, J.: On the Efficiency of Checking Perfect Privacy. In: PODS 2006: Proceedings of the twenty-fifth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems, pp. 163–172. ACM Press, New York (2006)

    Chapter  Google Scholar 

  20. Miklau, G., Suciu, D.: A Formal Analysis of Information Disclosure in Data Exchange. J. Comput. Syst. Sci. 73(3), 507–534 (2007)

    Article  MATH  MathSciNet  Google Scholar 

  21. Aho, A., Sagiv, Y., Ullman, J.D.: Equivalence of relational expressions. SIAM Journal of Computing 8(2), 218–246 (1979)

    Article  MATH  MathSciNet  Google Scholar 

  22. Chandra, A.K., Merlin, P.M.: Optimal implementation of conjunctive queries in relational databases. In: Proceedings of the Ninth Annual ACM Symposium on Theory of Computing, pp. 77–90 (1977)

    Google Scholar 

  23. Goyal, V., Gupta, S.K., Gupta, A.: A Unified Audit Expression Model for Auditing SQL Queries. In: DAS 2008, London, UK. LNCS, vol. 5094, pp. 33–47. Springer, Heidelberg (2008)

    Google Scholar 

  24. Ullman, J.D.: Principles of Database and Knowledge-Base Systems, vol. I and II. Computer Science Press (1988,1990)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, IIT Delhi, Hauz Khas, New Delhi-16

    Vikram Goyal, S. K. Gupta & Manish Singh

  2. Dept. of Comp. Sci. and Engg. N.S.I.T. Delhi, Sector-3, Dwarka, New Delhi

    Anand Gupta

Authors
  1. Vikram Goyal
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. S. K. Gupta
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Manish Singh
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Anand Gupta
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Willem Jonker Milan Petković

Rights and permissions

Reprints and permissions

Copyright information

© 2008 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Goyal, V., Gupta, S.K., Singh, M., Gupta, A. (2008). Auditing Inference Based Disclosures in Dynamic Databases. In: Jonker, W., Petković, M. (eds) Secure Data Management. SDM 2008. Lecture Notes in Computer Science, vol 5159. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-85259-9_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-85259-9_5

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-85258-2

  • Online ISBN: 978-3-540-85259-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation