当前位置: X-MOL 学术Inf. Syst. Front. › 论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
Approaches to Enforce Privacy in Databases: Classical to Information Flow-Based Models
Information Systems Frontiers ( IF 6.9 ) Pub Date : 2021-08-13 , DOI: 10.1007/s10796-021-10178-w
R.K. Shyamasundar 1 , Pratiksha Chaudhary 1 , Arushi Jaiswal 1 , Aniket Kuiri 1
Affiliation  

Ever since databases became an ubiquitous part of enterprises or businesses, security and privacy became a requirement. Traditionally, privacy was realized through various methods of database access control and relied much on the use of statically defined views, which are essentially logical constructs imposed over database tables that can alter or restrict the data that can be viewed by an user. Privacy is about the responsible maintenance of private information. This responsibility is hard to define, which is why laws are necessary. With a vast accumulation of personal data in databases, there has been a heightened awareness and concern about the storage and use of private information leading to privacy-related guidelines, regulations and legislations, Compliance with these regulations has become one of the major concerns for organizations and companies. Traditionally, privacy in databases (DBs) have been addressed through access control techniques including multi-level security (MLS) based on mandatory access control (MAC), and restricted views to the users. As view definitions to comply with regulations became quite complex for accommodating all the restrictions in one view, explicit constructs for specifying privacy policies were introduced for complying with medical regulations like HIPAA (Health Insurance Portability and Accountability Act) from USA, in relational database systems. These enabled fine grained access control (FGAC) capable of enforcing disclosure control enunciated databases. Application of information flow control that is needed for multi-level security (MLS) databases to preserve privacy among multiple users but have their challenges like new abstractions for managing information flow in a relational database system, handling transactions and integrity constraints without introducing covert channels etc. As the DBs need to work alongside information flow controlled programming languages and operating systems for tracking flows, there is a need to enforce the security policy not only on the DBMS but also on the application platform. Due to the underlying requirement of decentralization, it calls for declassification/endorsement and santization requirements on the DB. In this paper, we shall first review some of the major privacy enhancing techniques used traditionally for DBs including MLS DBs, and then explore application of decentralized information flow control models for realizing information flow secure DBs in a robust manner. Towards the end, we shall also touch upon some of the roles of anonymization and psuedonymization including inference control and differential privacy in realizing privacy in practice.



中文翻译:

在数据库中实施隐私的方法:经典到基于信息流的模型

自从数据库成为企业或企业无处不在的一部分以来,安全和隐私就成为了一项要求。传统上,隐私是通过各种数据库访问控制方法来实现的,并且在很大程度上依赖于静态定义视图的使用,它们本质上是强加于数据库表的逻辑结构,可以更改或限制用户可以查看的数据。隐私是关于负责任地维护私人信息。这种责任很难界定,这就是为什么需要法律。随着数据库中大量个人数据的积累,人们对私人信息的存储和使用的意识和关注有所提高,导致隐私相关的指导方针、法规和立法,遵守这些法规已成为组织的主要关注点之一和公司。传统上,数据库 (DB) 中的隐私是通过访问控制技术解决的,包括基于强制访问控制 (MAC) 的多级安全性 (MLS) 和对用户的限制视图。由于要遵守法规的视图定义在一个视图中容纳所有限制变得非常复杂,因此在关系数据库系统中引入了用于指定隐私策略的显式结构,以遵守美国的 HIPAA(健康保险可移植性和责任法案)等医疗法规。这些启用了细粒度访问控制 (FGAC),能够强制执行公开控制阐明的数据库。应用多级安全 (MLS) 数据库所需的信息流控制以保护多个用户之间的隐私,但也面临挑战,例如在关系数据库系统中管理信息流的新抽象、处理事务和完整性约束而不引入隐蔽通道等. 由于 DB 需要与信息流控制的编程语言和操作系统一起工作以跟踪流,因此需要不仅在 DBMS 上而且在应用程序平台上执行安全策略。由于去中心化的基本要求,它要求对 DB 进行解密/认可和消毒要求。在本文中,我们将首先回顾传统上用于包括 MLS 数据库在内的数据库的一些主要隐私增强技术,然后探索分散信息流控制模型的应用,以稳健的方式实现信息流安全数据库。最后,我们还将涉及匿名化和假名化的一些作用,包括推理控制和差异隐私在实践中实现隐私。

更新日期:2021-08-19
down
wechat
bug