Privacy-Preserving Database Systems

  • Elisa Bertino
  • Ji-Won Byun
  • Ninghui Li
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3655)


Privacy is today an important concern for both users and enterprises. Therefore, intense research is today being carried out on various aspects of privacy-preserving data management systems. In this paper, we focus on database management systems (DBMS) able to enforce privacy promises encoded in privacy languages such as P3P. In particular, in the paper, we first present an overview of the P3P language and outlines some of its critical aspects. We then outline the main requirements for a privacy-preserving DBMS and we discuss solutions related to the management of privacy-related meta-data, focusing on special category of meta-data information, that is, purpose information. Purpose information represents an important component of privacy statements and thus their effective management is crucial. We then discuss current solutions to to fine-grained access control in the context of relational database systems and identify relevant issues.


Access Control Data Item Privacy Policy Privacy Protection Intended Purpose 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Hippocratic databases. In: The 28th International Conference on Very Large Databases (VLDB) (2002)Google Scholar
  2. 2.
    Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: An XPath-based preference language for P3P. In: Proceedings of the Twelfth International World Wide Web Conference (WWW2003), pp. 629–639. ACM Press, New York (May 2003)Google Scholar
  3. 3.
    Anton, A.I., Bertino, E., Li, N., Yu, T.: A roadmap for comprehensive online privacy policy. Technical Report TR 2004-47. Purdue University (2004)Google Scholar
  4. 4.
    Bertino, E., Ferari, E., Squicciarini, A.: Trust negotation: Concepts, systems and languages. IEEE Computing in Science and Engineering 6(4), 27–34 (2004)Google Scholar
  5. 5.
    Byun, J., Bertino, E., Li, N.: Purpose based access control for privacy protection in relational database systems. Technical Report 2004-52. Purdue University (2004)Google Scholar
  6. 6.
    Byun, J., Bertino, E., Li, N.: Purpose based access control of complex data for privacy protection. In: Symposium on Access Control Model And Technologies (SACMAT) (2005) (to appear)Google Scholar
  7. 7.
    Clifton, C.: Using sample size to limit exposure to data mining. Journal of Computer Security 8(4), 281–308 (2000)Google Scholar
  8. 8.
    Clifton, C., Vaidya, J.: Privacy-preserving data mining: Why, how, and when. IEEE Security and Privacy 2(6), 19–27 (2004)CrossRefGoogle Scholar
  9. 9.
    Cranor, L.: P3P user agent guidlines. P3P User Agent Task Force Report 23 (May 2003)Google Scholar
  10. 10.
    Cranor, L.F.: Personal communicationGoogle Scholar
  11. 11.
    Cranor, L.F., Reidenberg, J.R.: Can user agents acurately represent privacy notices? Discussion draft 1.0 (August 2002)Google Scholar
  12. 12.
    Marchiori, M., et al.: The Platform for Privacy Preferences 1.0 (P3P1.0) Specification. W3C Recommendation (April 2002)Google Scholar
  13. 13.
    Hogben, G.: A technical analysis of problems with P3P v1.0 and possible solutions. Position paper for W3C Workshop on the Future of P3P (November 2002), Available at,
  14. 14.
    Hogben, G.: Suggestions for long term changes to P3P. Position paper for W3C Workshop on the Long Term Future of P3P (June 2003), Available at,
  15. 15.
    Hogben, G., Jackson, T., Wilikens, M.: A fully compliant research implementation of the P3P standard for privacy protection: Experiences and recommendations. In: Gollmann, D., Karjoth, G., Waidner, M. (eds.) ESORICS 2002. LNCS, vol. 2502, pp. 104–125. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  16. 16.
    Langheinrich, M.: A P3P Preference Exchange Language 1.0 (APPEL1.0). W3C Working Draft (April 2002)Google Scholar
  17. 17.
    LeFevre, K., Agrawal, R., Ercegovac, V., Ramakrishnan, R., Xu, Y., DeWitt, D.: Limiting disclosure in hippocratic databases. In: 30th International Conference on Very Large Data Bases (VLDB), Toronto, Canada (August 2004)Google Scholar
  18. 18.
    Li, N., Mitchell, J.C., Winsborough, W.H.: Design of a role-based trust management framework. In: Proceedings of the 2002 IEEE Symposium on Security and Privacy, pp. 114–130. IEEE Computer Society Press, Los Alamitos (May 2002)Google Scholar
  19. 19.
    Li, N., Yu, T., Antón, A.I.: A semantics-based approach to privacy languages. Technical Report TR 2003-28, CERIAS (November 2003)Google Scholar
  20. 20.
    McDonald, N., Stonbraker, M., Wong, E.: Preliminary specification of ingres. Technical Report 435-436. University of California, Berkeley (May 1974)Google Scholar
  21. 21.
    Motro, A.: An access authorization model for relational databases based on algebraic manipulation of view definitions. In: The Fifth International Conference on Data Engineering (ICDE), pp. 339–347 (February 1989)Google Scholar
  22. 22.
    Oracle Coperation. Oracle Database: Security Guide (December 2003), Available at,
  23. 23.
    Rizvi, S., Mendelzon, A., Sudarshan, S., Roy, P.: Extending query rewriting techniques for fine-grained access control. In: Proceedings of the 2004 ACM SIGMOD International Conference on Management of Data, Paris, France, pp. 551–562. ACM Press, New York (2004)CrossRefGoogle Scholar
  24. 24.
    Schunter, M., Herreweghen, E.V., Waidner, M.: Expressive privacy promises — how to improve the platform for privacy preferences (P3P). Position paper for W3C Workshop on the Future of P3P, Available at,
  25. 25.
    Schutzer, D.M.: Citigroup P3P position paper. Position paper for W3C Workshop on the Future of P3P, Available at,
  26. 26.
    Stonebraker, M., Wong, E.: Access control in a relational database management system by query modification. In: Proceedings of the 1974 Annual Conference (ACM/CSC-ER), pp. 180–186. ACM Press, New York (1974)CrossRefGoogle Scholar
  27. 27.
    Sweeney, L.: Achieving k-anonymity privacy protection using generalization and suppression. International Journal on Uncertainty, Fuzziness and Knowledge-based Systems (2002)Google Scholar
  28. 28.
    Sweeney, L.: K-anonymity: A model for protecting privacy. International Journal on Uncertainty, Fuzziness and Knowledge-based Systems (2002)Google Scholar
  29. 29.
    W3C. Platform for privacy preferences (P3P) project,
  30. 30.
    Wenning, R.: Minutes of the P3P 2.0 workshop (July 2003), Available at,

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Elisa Bertino
    • 1
  • Ji-Won Byun
    • 1
  • Ninghui Li
    • 1
  1. 1.Department of Computer Science and CeriasPurdue UniversityWest LafayetteUSA

Personalised recommendations