Title :
Auditing a Batch of SQL Queries
Author :
Motwani, Rajeev ; Nabar, Shubha U. ; Thomas, Dilys
Author_Institution :
Stanford Univ., Stanford
Abstract :
In this paper, we study the problem of auditing a batch of SQL queries: given a set of SQL queries that have been posed over a database, determine whether some subset of these queries have revealed private information about an individual or group of individuals. In (Agrawal et al., 2004), the authors studied the problem of determining whether any single SQL query in isolation revealed information forbidden by the database system´s data disclosure policies. In this paper, we extend this work to the problem of auditing a batch of SQL queries. We define two different notions of auditing-semantic auditing and syntactic auditing -and show that while syntactic auditing seems more desirable, it is in fact NP-hard to achieve. The problem of semantic auditing of a batch of SQL queries is, however, tractable and we give a polynomial time algorithm for this purpose.
Keywords :
SQL; computational complexity; optimisation; polynomials; query processing; semantic networks; NP-hard problem; SQL queries; database system data disclosure policies; polynomial time algorithm; private information; semantic auditing; syntactic auditing; Aggregates; Blood pressure; Computer science; Data privacy; Database systems; Diabetes; Diseases; Hospitals; Image databases; Polynomials;
Conference_Titel :
Data Engineering Workshop, 2007 IEEE 23rd International Conference on
Conference_Location :
Istanbul
Print_ISBN :
978-1-4244-0832-0
Electronic_ISBN :
978-1-4244-0832-0
DOI :
10.1109/ICDEW.2007.4400990
