Don't Reveal My Intension: Protecting User Privacy using Declarative Preferences during Distributed Query ProcessingDocUID: 2011-004 Full Text: PDF
Author: Nicholas L. Farnan, Adam J. Lee, Panos K. Chrysanthis, Ting Yu
Abstract: In a centralized setting, the declarative nature of SQL is a major strength: a user can simply describe what she wants to retrieve, and need not worry about how the resulting query plan is actually generated and executed. However, in a decentralized setting, two query plans that produce the same result might actually reveal vastly different information about the intensional description of a user's query to the servers participating its evaluation. In cases where a user considers portions of her query to be sensitive, this is clearly problematic. In this paper, we address the specification and enforcement of querier privacy constraints on the execution of distributed database queries. We formalize a notion of intensional query privacy called (I, A)-privacy, and extend the syntax of SQL to allow users to enforce strict (I, A)-privacy constraints or partially ordered privacy/performance preferences over the execution of their queries.
Published In: European Symposium on Research in Computer Security
Place Published: Leuven, Belgium
Year Published: 2011
Project: Others Subject Area: Data Privacy, Query Processing
Publication Type: Conference Paper