Don’t Reveal My Intension: Protecting User Privacy Using Declarative Preferences during Distributed Query Processing

  • Nicholas L. Farnan
  • Adam J. Lee
  • Panos K. Chrysanthis
  • Ting Yu
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6879)


In a centralized setting, the declarative nature of SQL is a major strength: a user can simply describe what she wants to retrieve, and need not worry about how the resulting query plan is actually generated and executed. However, in a decentralized setting, two query plans that produce the same result might actually reveal vastly different information about the intensional description of a user’s query to the servers participating its evaluation. In cases where a user considers portions of her query to be sensitive, this is clearly problematic. In this paper, we address the specification and enforcement of querier privacy constraints on the execution of distributed database queries. We formalize a notion of intensional query privacy called (I,A)-privacy, and extend the syntax of SQL to allow users to enforce strict (I,A)-privacy constraints or partially ordered privacy/performance preferences over the execution of their queries.


Query Processing Relational Algebra Query Evaluation Query Plan User Privacy 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bell, D.E., Lapadula, L.J.: Secure computer system: unified exposition and multics interpretation (March 1976)Google Scholar
  2. 2.
    Botha, R.A., Eloff, J.H.P.: Separation of duties for access control enforcement in workflow environments. IBM Syst. J. 40, 666–682 (2001)CrossRefGoogle Scholar
  3. 3.
    Chor, B., Goldreich, O., Kushilevitz, E., Sudan, M.: Private information retrieval. In: FOCS (1995)Google Scholar
  4. 4.
    Dierks, T., Rescorla, E.: Rfc 5246: The transport layer security (tls) protocol version 1.2 (August 2008)Google Scholar
  5. 5.
    Dwork, C., McSherry, F., Nissim, K., Smith, A.: Calibrating noise to sensitivity in private data analysis. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 265–284. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  6. 6.
    Elmasri, R., Navathe, S.B.: Fundamentals of Database Systems. Addison-Wesley, Reading (2007)zbMATHGoogle Scholar
  7. 7.
    Farnan, N.L., Lee, A.J., Chrysanthis, P.K., Yu, T.: Dont reveal my intension: Protecting user privacy using declarative preferences during distributed query processing. Technical Report TR-11-179, University of Pittsburgh, Dept. of Computer Science (2011)Google Scholar
  8. 8.
    Farnan, N.L., Lee, A.J., Yu, T.: Investigating privacy-aware distributed query evaluation. In: WPES (2010)Google Scholar
  9. 9.
    Ferraiolo, D., Kuhn, R.: Role-based access control. In: NIST-NCSC (1992)Google Scholar
  10. 10.
    Franklin, M.J., Jónsson, B.T., Kossmann, D.: Performance tradeoffs for client-server query processing. SIGMOD Rec. 25, 149–160 (1996)CrossRefGoogle Scholar
  11. 11.
    Information technology - database language sql (1992)Google Scholar
  12. 12.
    Kießling, W.: Foundations of preferences in database systems. In: VLDB (2002)Google Scholar
  13. 13.
    Kießling, W., Köstler, G.: Preference sql: design, implementation, experiences. In: VLDB (2002)Google Scholar
  14. 14.
    Kossmann, D.: The state of the art in distributed query processing. ACM Comput. Surv. 32(4), 422–469 (2000)CrossRefGoogle Scholar
  15. 15.
    Kushilevitz, E., Ostrovsky, R.: Replication is not needed: Single database, computationally-private information retrieval. In: FOCS (1997)Google Scholar
  16. 16.
    Li, N., Li, T., Venkatasubramanian, S.: t-closeness: Privacy beyond k-anonymity and l-diversity. In: ICDE (2007)Google Scholar
  17. 17.
    Machanavajjhala, A., Kifer, D., Gehrke, J., Venkitasubramaniam, M.: L-diversity: Privacy beyond k-anonymity. ACM TKDD 1(1), 3 (2007)CrossRefGoogle Scholar
  18. 18.
    Melchor, C.A., Crespin, B., Gaborit, P., Jolivet, V., Rousseau, P.: High-speed private information retrieval computation on gpu. In: SECURWARE (2008)Google Scholar
  19. 19.
    National Computer Security Center (NCSC). Glossary of Computer Security Terms (ncsc-tg-04) (October 1988),
  20. 20.
    Olumofin, F.G., Goldberg, I.: Privacy-preserving queries over relational databases. In: Atallah, M.J., Hopper, N.J. (eds.) PETS 2010. LNCS, vol. 6205, pp. 75–92. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  21. 21.
    Papadimos, V., Maier, D., Tufte, K.: Distributed query processing and catalogs for peer-to-peer systems. In: CIDR (2003)Google Scholar
  22. 22.
    Samarati, P.: Protecting respondents’ identities in microdata release. IEEE TKDE 13, 1010–1027 (2001)Google Scholar
  23. 23.
    Sion, R., Carbunar, B.: On the practicality of private information retrieval. In: NDSS (2007)Google Scholar
  24. 24.
    Tran, S., Mohan, M.: Security information management challenges and solutions (July 2006),
  25. 25.
    Wang, L., Wijesekera, D., Jajodia, S.: A logic-based framework for attribute based access control. In: FMSE (2004)Google Scholar
  26. 26.
    Williams, P., Sion, R.: Usable PIR. In: NDSS (2008)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Nicholas L. Farnan
    • 1
  • Adam J. Lee
    • 1
  • Panos K. Chrysanthis
    • 1
  • Ting Yu
    • 2
  1. 1.Department of Computer ScienceUniversity of PittsburghUSA
  2. 2.Department of Computer ScienceNorth Carolina State UniversityUSA

Personalised recommendations