Protecting privacy without misleading users, in the realm of XML
Abstract:
In many organizations, private data should be revealed to some people
while being concealed from others. In a hospital database system, for
instance, a physician should be allowed to see the medical history of
her patients; however, such medical data should not be available to the
public. To support research over medical data while protecting privacy,
only some of the data should be accessible to researchers. A common
approach for protecting privacy is to manipulate sensitive data so that
private information would not be revealed (e.g., by changing data
values or transforming its structure). But, such manipulations can
mislead users who are not aware of them and, thus, cause errors.
In my talk, I will present a novel access-control mechanism for XML
that protects privacy without misleading users. XML is a primary format
for exchanging and publishing data on the Internet, in which data is
presented in a hierarchical format. Our model uses the hierarchal
nature of XML but also guarantees that private information will not be
inferred because of the hierarchy, a challenge that is not required in
the relational model.
The mechanism employs rules for specifying the private data, and
queries are validated with respect to these rules. Only queries that do
not reveal private information are authorized and executed. I will talk
about the complexity of validating queries, the privacy protection
provided by our approach and how to test that a set of rules provides
the desired concealment.
No prior knowledge of XML or privacy is required.
This is a joint work with Alberto Mendelzon, Renee Miller and Zheng Zhang.