• DocumentCode
    1803979
  • Title

    Finding the Leak: A Privacy Audit System for Sensitive XML Databases

  • Author

    Böttcher, Stefan ; Steinmetz, Rita

  • Author_Institution
    University of Paderborn, Germany
  • fYear
    2006
  • fDate
    2006
  • Firstpage
    100
  • Lastpage
    100
  • Abstract
    Whenever private information that is legally used by multiple employees of a company has been illegally exposed to a third party, it is of significant importance to the concerned company to find the information leak in its staff for a variety of reasons, e.g., to keep confidence of its customers. In this paper, we present a privacy audit system for XML databases and the XPath query language which uses the concept of an audit query to describe the secret information. For a given audit query, our system returns a set of suspicious user queries that may have used the secret information. Suspicious user queries are identified in a sequence of four steps: first, a static analysis based on the time constraints; second, a comparison of the nodename tests of the audit query and the user queries; third, an analysis of the associations of the node-name tests found in the audit query and in the user queries; and finally, a test on ’historic data’. Furthermore, we discuss privacy violation detection in case of an attacker who submits multiple queries and externally compares the results.
  • Keywords
    Access control; Data privacy; Data security; Database languages; Hospitals; Medical treatment; Testing; Time factors; US Department of Transportation; XML;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Data Engineering Workshops, 2006. Proceedings. 22nd International Conference on
  • Conference_Location
    Atlanta, GA, USA
  • Print_ISBN
    0-7695-2571-7
  • Type

    conf

  • DOI
    10.1109/ICDEW.2006.61
  • Filename
    1623895