Advertisement

Information Disclosure by XPath Queries

  • Stefan Böttcher
  • Rita Steinmetz
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4165)

Abstract

Hospitals, organizations and companies are responsible keeping data and information about their customers private even if many internal employees have access to this data or information. When accused of an unauthorized disclosure of private information, it is important for the hospital to know which employees had the opportunity to disclose concrete private information. Our approach describes secret information in form of a secret query and performs two steps to detect which employees have used ‘suspicious’ queries, i.e., queries the result of which allows the user to derive secret information. First, we analyze the structure of queries and of the secret query to exclude nonsuspicious queries. Second, we derive a formula from user query, query result and secret query, which is satisfiable if and only if the query is non-suspicious.

Keywords

Tree Pattern Information Disclosure User Query Database State Secret Information 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Aggarwal, C.C.: On k-Anonymity and the Curse of Dimensionality. In: Böhm, K., Jensen, C.S., Haas, L.M., Kersten, M.L., Larson, P.-Å, Ooi, B.C. (eds.) Proceedings of the 31st International Conference on Very Large Data Bases. VLDB 2005, Trondheim, Norway (2005)Google Scholar
  2. 2.
    Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Hippocratic Databases. In: Bernstein, P.A., Loannidis, Y.E., Ramakrishnan, R. (eds.) Proceedings of 28th International Conference on Very Large Data Bases. VLDB 2002, Hong Kong (2002) Google Scholar
  3. 3.
    Agrawal, R., Bayardo Jr., R.J., Faloutsos, C., Kiernan, J., Rantzau, R., Srikant, R.: Auditing Compliance with a Hippocratic Database. In: Nascimento, M.A., Özsu, M.T., Kossmann, D., Miller, R.J., Blakeley, J.A., Schiefer, K.B. (eds.) Proceedings of the Thirteeth International Conference on Very Large Data Bases. VLDB 2004, Toronto, Canada (2004)Google Scholar
  4. 4.
    Amer-Yahia, S., Cho, S., Lakshmanan, L.V.S., Srivastava, D.: Minimization of Tree Pattern Queries. In: Sellis, T. (ed.) Proceedings of the 2001 ACM SIGMOD international conference on Management of data. SIGMOD Conference 2001, Santa Barbara, California, United States (2001)Google Scholar
  5. 5.
    Bertino, E., Castano, S., Ferrari, E.: On specifying security policies for web documents with an XML-based language. In: Proceedings of the 6th ACM Symposium on Access Control Models and Technologies. SACMAT 2001, Chantilly, Virginia, USA (2001)Google Scholar
  6. 6.
    Bertino, E., Ferrari, E.: Secure and selective dissemination of XML documents. ACM Transactions on Information and System Security. TISSEC 5(3), 290–331 (2002)CrossRefGoogle Scholar
  7. 7.
    Böttcher, S., Steinmetz, R.: Detecting Privacy Violations in Sensitive XML Databases. In: Jonker, W., Petković, M. (eds.) SDM 2005. LNCS, vol. 3674, pp. 143–154. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  8. 8.
    Böttcher, S., Steinmetz, R.: Finding the Leak: A Privacy Audit System for Sensitive XML Databases. In: Second International Workshop on Privacy Data Management (PDM), Atlanta, USA (2006)Google Scholar
  9. 9.
    Thomas, H., Cormen, C.E., Leiserson, R.L.: Rivest, Clifford Stein: Introduction to Algorithms, 2nd edn. MIT-Press, Cambridge (2001)Google Scholar
  10. 10.
    Damiani, E., di Virmercati, S., Paraboschi, S., Samarati, P.: Securing XML Documents. In: Zaniolo, C., Grust, T., Scholl, M.H., Lockemann, P.C. (eds.) EDBT 2000. LNCS, vol. 1777, p. 121. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  11. 11.
    Fan, W., Chan, C.Y., Garofalakis, M.: Secure XML Querying with Security Views. In: Weikum, G., König, A.C., Deßloch, S. (eds.) Proceedings of the ACM SIGMOD International Conference on Management of Data. SIGMOD Conference 2004, Paris, France (2004)Google Scholar
  12. 12.
    Gottlob, G., Koch, C., Pichler, R.: Efficient Algorithms for Processing XPath Queries. In: Bressan, S., Chaudhri, A.B., Li Lee, M., Yu, J.X., Lacroix, Z. (eds.) CAiSE 2002 and VLDB 2002. LNCS, vol. 2590, Springer, Heidelberg (2003)Google Scholar
  13. 13.
    Kudo, M., Hada, S.: XML document security based on provisional authorization. In: Jajodia, S., Samarati, P. (eds.) Proceedings of the 7th ACM Conference on Computer and Communications Security. CCS 2000, Athens, Greece (2000)Google Scholar
  14. 14.
    LeFevre, K., DeWitt, D.J., Ramakrishnan, R.: Incognito: Efficient Full-Domain K-Anonymity. In: Widom, J., Ozcan, F., Chirkova, R. (eds.) Proceedings of the ACM SIGMOD International Conference on Management of Data. SIGMOD Conference 2005, Maryland, USA (2005)Google Scholar
  15. 15.
    Meyerson, A., Williams, R.: On the Complexity of Optimal K-Anonymity. In: Deutsch, A. (ed.) Proceedings of the Twenty-third ACM SIGACT-SIGMOD-SIGART Symposium on Principles of Database Systems. PODS 2004, Paris, France (2004)Google Scholar
  16. 16.
    Miklau, G., Suciu, D.: Containment and Equivalence for an XPath Fragment. Journal of the ACM 51 (2004)Google Scholar
  17. 17.
    Olteanu, D., Meuss, H., Furche, T., Bry, F.: XPath: Looking Forward. In: Chaudhri, A.B., Unland, R., Djeraba, C., Lindner, W. (eds.) EDBT 2002. LNCS, vol. 2490, pp. 109–127. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  18. 18.
    Samarati, P.: Protecting Respondents’ Identities in Microdata Release. IEEE Transactions on Knowledge and Data Engineering 13 (2001)Google Scholar
  19. 19.
    Stoffel, K., Studer, T.: Provable Data Privacy. In: Andersen, K.V., Debenham, J., Wagner, R. (eds.) DEXA 2005. LNCS, vol. 3588, pp. 324–332. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  20. 20.
    Stonebraker, M.: Implementation of Integrity Constraints and Views by Query Modification. In: Frank King, W. (ed.) Proceedings of the 1975 ACM SIGMOD International Conference on Management of Data. SIGMOD Conference 1975, San Jose, California (1975)Google Scholar
  21. 21.
    Sweene, L.: Achieving k-Anonymity Privacy Protection Using Generalization and Suppression. International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems 10 (2002)Google Scholar
  22. 22.
    Sweene, L.: k-Anonymity: A Model for Protecting Privacy. International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems 10 (2002)Google Scholar
  23. 23.
    Yao, C., Wang, X.S., Jajodia, S.: Checking for k-Anonymity Violation by Views. In: Böhm, K., Jensen, C.S., Haas, L.M., Kersten, M.L., Larson, P-Å, Ooi, B.C., (eds.) Proceedings of the 31st International Conference on Very Large Data Bases. VLDB 2005, Trondheim, Norway (2005)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Stefan Böttcher
    • 1
  • Rita Steinmetz
    • 1
  1. 1.Computer ScienceUniversity of PaderbornPaderbornGermany

Personalised recommendations