Information Control by Policy-Based Relational Weakening Templates

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9879)


We conceptually design, formally verify and experimentally evaluate a sophisticated information control mechanism for a relational database instance. The mechanism reacts on access requests for data publishing or query answering with a granularity of either the whole instance or individual tuples. The reaction is based on a general read access permission for the instance combined with user-specific exceptions expressed as prohibitions regarding particular pieces of information declared in a confidentiality policy. These prohibitions are to be enforced in the sense that the user should neither be able to get those pieces directly nor by rational reasoning exploiting the interaction history and background knowledge about both the database and the control mechanism. In an initial off-line phase, the control mechanism basically determines instance-independent weakening templates for individual tuples and generates a policy-compliant weakened view on the stored instance. During the system-user interaction phase, each request to receive data of the database instance is fully accepted but redirected to the weakened view.


Distortion Confidentiality Background knowledge History-awareness Information control Read access Relational database Query access View generation Weakened information 


  1. 1.
    Aggarwal, G., Feder, T., Kenthapadi, K., Motwani, R., Panigrahy, R., Thomas, D., Zhu, A.: Anonymizing tables. In: Eiter, T., Libkin, L. (eds.) ICDT 2005. LNCS, vol. 3363, pp. 246–258. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  2. 2.
    Biskup, J.: Inference-usability confinement by maintaining inference-proof views of an information system. Int. J. Comput. Sci. Eng. 7(1), 17–37 (2012)CrossRefGoogle Scholar
  3. 3.
    Biskup, J., Bonatti, P.A.: Controlled query evaluation with open queries for a decidable relational submodel. Ann. Math. Artif. Intell. 50(1–2), 39–77 (2007)MathSciNetCrossRefzbMATHGoogle Scholar
  4. 4.
    Biskup, J., Preuß, M.: Database fragmentation with encryption: under which semantic constraints and a priori knowledge can two keep a secret? In: Wang, L., Shafiq, B. (eds.) DBSec 2013. LNCS, vol. 7964, pp. 17–32. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  5. 5.
    Biskup, J., Preuß, M.: Inference-proof data publishing by minimally weakening a database instance. In: Prakash, A., Shyamasundar, R. (eds.) ICISS 2014. LNCS, vol. 8880, pp. 30–49. Springer, Heidelberg (2014)Google Scholar
  6. 6.
    Biskup, J., Wiese, L.: A sound and complete model-generation procedure for consistent and confidentiality-preserving databases. Theoret. Comput. Sci. 412(31), 4044–4072 (2011)MathSciNetCrossRefzbMATHGoogle Scholar
  7. 7.
    Blocki, J., Williams, R.: Resolving the complexity of some data privacy problems. In: Abramsky, S., Gavoille, C., Kirchner, C., Meyer auf der Heide, F., Spirakis, P.G. (eds.) ICALP 2010. LNCS, vol. 6199, pp. 393–404. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  8. 8.
    Boost Graph Library: Maximum cardinality matching (2014).
  9. 9.
    Denning, D.E.: Cryptography and Data Security. Addison-Wesley, Reading (1982)zbMATHGoogle Scholar
  10. 10.
    De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Livraga, G., Paraboschi, S., Samarati, P.: Fragmentation in presence of data dependencies. IEEE Trans. Dependable Sec. Comput. 11(6), 510–523 (2014)Google Scholar
  11. 11.
    Fung, B.C.M., Wang, K., Fu, A.W.-C., Yu, P.S.: Introduction to Privacy-Preserving Data Publishing - Concepts and Techniques. Chapman & Hall/CRC, Boca Raton (2010)CrossRefGoogle Scholar
  12. 12.
    Halpern, J.Y., O’Neill, K.R.: Secrecy in multiagent systems. ACM Trans. Inf. Syst. Secur. 12(1), 5.1–5.47 (2008)CrossRefGoogle Scholar
  13. 13.
    Korte, B., Vygen, J.: Combinatorial Optimization: Theory and Algorithms. Algorithms and Combinatorics, 5th edn. Springer, Heidelberg (2012)CrossRefzbMATHGoogle Scholar
  14. 14.
    Machanavajjhala, A., Kifer, D., Gehrke, J., Venkitasubramaniam, M.: \(\ell \)-diversity: privacy beyond \(k\)-anonymity. ACM Trans. Knowl. Discov. Data 1(1) (2007)Google Scholar
  15. 15.
    Magun, J.: Greedy matching algorithms: an experimental study. ACM J. Exp. Algorithmics 3(6) (1998)Google Scholar
  16. 16.
    Mehlhorn, K., Näher, S.: LEDA: a platform for combinatorial and geometric computing. Cambridge University Press, Cambridge (1999)zbMATHGoogle Scholar
  17. 17.
    Sicherman, G.L., de Jonge, W., van de Riet, R.P.: Answering queries without revealing secrets. ACM Trans. Database Syst. 8(1), 41–59 (1983)CrossRefzbMATHGoogle Scholar
  18. 18.
    Sweeney, L.: \(k\)-anonymity: a model for protecting privacy. Int. J. Uncertainty Fuzziness Knowl. Based Syst. 10(5), 557–570 (2002)MathSciNetCrossRefzbMATHGoogle Scholar
  19. 19.
    Vazirani, V.V.: A theory of alternating paths and blossoms for proving correctness of the \(O(\sqrt{|V|} \cdot |E|)\) general graph maximum matching algorithm. Combinatorica 14(1), 71–109 (1994)MathSciNetCrossRefzbMATHGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  1. 1.Technische Universität DortmundDortmundGermany

Personalised recommendations