DocumentCode
1803979
Title
Finding the Leak: A Privacy Audit System for Sensitive XML Databases
Author
Böttcher, Stefan ; Steinmetz, Rita
Author_Institution
University of Paderborn, Germany
fYear
2006
fDate
2006
Firstpage
100
Lastpage
100
Abstract
Whenever private information that is legally used by multiple employees of a company has been illegally exposed to a third party, it is of significant importance to the concerned company to find the information leak in its staff for a variety of reasons, e.g., to keep confidence of its customers. In this paper, we present a privacy audit system for XML databases and the XPath query language which uses the concept of an audit query to describe the secret information. For a given audit query, our system returns a set of suspicious user queries that may have used the secret information. Suspicious user queries are identified in a sequence of four steps: first, a static analysis based on the time constraints; second, a comparison of the nodename tests of the audit query and the user queries; third, an analysis of the associations of the node-name tests found in the audit query and in the user queries; and finally, a test on ’historic data’. Furthermore, we discuss privacy violation detection in case of an attacker who submits multiple queries and externally compares the results.
Keywords
Access control; Data privacy; Data security; Database languages; Hospitals; Medical treatment; Testing; Time factors; US Department of Transportation; XML;
fLanguage
English
Publisher
ieee
Conference_Titel
Data Engineering Workshops, 2006. Proceedings. 22nd International Conference on
Conference_Location
Atlanta, GA, USA
Print_ISBN
0-7695-2571-7
Type
conf
DOI
10.1109/ICDEW.2006.61
Filename
1623895
Link To Document