Browse

Controlled Query Evaluation Enforcing Privacy-Policy for Safe and Efficient Data Sharing
안전하고 효율적인 데이터 공유를 위한 개인 보호 정책 기반의 질의 평가 및 제어

Cited 0 time in Web of Science Cited 0 time in Scopus
Authors
Jo, Insoon
Advisor
염헌영
Major
공과대학 컴퓨터공학과
Issue Date
2013-02
Publisher
서울대학교 대학원
Keywords
PrivacyFine-Grained Access ControlPolicy EnforcementQuery EvaluationDatabaseData Warehouse System for Hadoop
Description
학위논문 (박사)-- 서울대학교 대학원 : 컴퓨터공학부, 2013. 2. 염헌영.
Abstract
With the growth in information access, comes the challenge of maintaining privacy and security on sensitive data in shared data storage. For instance, the Information Technology for Economic and Clinical Health (HITECH) Acts provisions penalize organizations who do not take measures to protect privacy of patient data even if the organization was unaware of such a duty. Thus, an efficient mechanism of fine-grained access control (FGAC) on such data should be considered. However, current techniques suffer from the possibility of revealing too much information or giving incorrect answers to aggregate queries. This dissertation targets data warehouse systems using SQL and aims for a generic approach to safeguard sensitive information stored in them while providing reasonably accurate query answers. It proposes improvements by considering properties of good security and defining levels of information revelation, and then develops an algorithm to evaluate user queries against a privacy policy. We assume a policy contains at least one rule and both rules and queries are written in SQL. A user query is evaluated against rules in the policy one after another. If the algorithm meets any rule with which the query is compliant, it stops and accepts the query as it is. Otherwise, it either rejects or rewrites the query by the configuration. Given each rule in a policy, its attributes are classified into four categories, which represent different levels of information revelation to prevent inference attacks and used to decide a querys compliance with it. For a query to be compliant with a given rule, all attributes of the query should be allowed by the rule. Whether an attribute of the query is permitted by the rule or not is determined by the category which the attribute belongs to. If the algorithm fails to meet any rule with which the query is compliant (i.e. there is no rule in the policy to allow all attributes of the query), it either rejects or rewrites the query. For rewriting, it chooses a rule with which the query is more compliant than any other rule in the policy, and rewrites the query so as to be compliant with the chosen rule. We built prototypes of privacy-policy enforcement using two typical data warehouse systems: database management system (DBMS) and Hadoop-based query engine. Traditionally, DBMS has maintained a large amount of information and supported efficient data processing for it. However, the rapid growth of data sets being collected and analyzed has made it run into limitations on scalability and processing time. As a promising solution to efficiently process huge amount of data, cloud computing has come to the fore. Not only to provide a familiar programming model for existing users but to ease the programming burden for writing queries, data warehouse systems in the Cloud support SQL. Evaluation of prototype systems demonstrates that the overhead from our privacy-policy enforcement is small and scales well with typical query sizes.
Language
English
URI
https://hdl.handle.net/10371/119991
Files in This Item:
Appears in Collections:
College of Engineering/Engineering Practice School (공과대학/대학원)Dept. of Computer Science and Engineering (컴퓨터공학부)Theses (Ph.D. / Sc.D._컴퓨터공학부)
  • mendeley

Items in S-Space are protected by copyright, with all rights reserved, unless otherwise indicated.

Browse