Abstract
Ever since databases became an ubiquitous part of enterprises or businesses, security and privacy became a requirement. Traditionally, privacy was realized through various methods of database access control and relied much on the use of statically defined views, which are essentially logical constructs imposed over database tables that can alter or restrict the data that can be viewed by an user. Privacy is about the responsible maintenance of private information. This responsibility is hard to define, which is why laws are necessary. With a vast accumulation of personal data in databases, there has been a heightened awareness and concern about the storage and use of private information leading to privacy-related guidelines, regulations and legislations, Compliance with these regulations has become one of the major concerns for organizations and companies. Traditionally, privacy in databases (DBs) have been addressed through access control techniques including multi-level security (MLS) based on mandatory access control (MAC), and restricted views to the users. As view definitions to comply with regulations became quite complex for accommodating all the restrictions in one view, explicit constructs for specifying privacy policies were introduced for complying with medical regulations like HIPAA (Health Insurance Portability and Accountability Act) from USA, in relational database systems. These enabled fine grained access control (FGAC) capable of enforcing disclosure control enunciated databases. Application of information flow control that is needed for multi-level security (MLS) databases to preserve privacy among multiple users but have their challenges like new abstractions for managing information flow in a relational database system, handling transactions and integrity constraints without introducing covert channels etc. As the DBs need to work alongside information flow controlled programming languages and operating systems for tracking flows, there is a need to enforce the security policy not only on the DBMS but also on the application platform. Due to the underlying requirement of decentralization, it calls for declassification/endorsement and santization requirements on the DB. In this paper, we shall first review some of the major privacy enhancing techniques used traditionally for DBs including MLS DBs, and then explore application of decentralized information flow control models for realizing information flow secure DBs in a robust manner. Towards the end, we shall also touch upon some of the roles of anonymization and psuedonymization including inference control and differential privacy in realizing privacy in practice.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Notes
“The Right to Privacy” (4 Harvard L.R. 193 (Dec. 15, 1890)) is a law review article written by Samuel Warren and Louis Brandeis, and published in the 1890 Harvard Law Review.
Alan F. Westin, Privacy And Freedom, 25 Wash. & Lee L. Rev. 166 (1968),
For notions like inversion privacy, the reader is referred to Gurevich et al. (2016).
Note that it also has to use the tranquility principle (Denning, 1976).
References
Acquisti, A., Dinev, T., & Keil, M. (eds.) (2019). Cyber security, privacy and ethics of information systems, information system frontiers, special issue. Vol. 21 6. Springer: Berlin.
Aniket, K. (2018). Security analysis in multi-level databases. IIT Bombay: M.Tech, Dissertation, Department of Computer Science and Engg.
Arushi, J. (2016). Database security using Reader Writer Flow Model. IIT Bombay: Department of Computer Science and Engg.
Chaudhary, P. (2017). SecpostgreSQL: A system for flow-secure view, transaction, sanitization and declassification on mls database. IIT Bombay: M.Tech. Thesis, Department of Computer Science and Engineering.
Cuervo, E., & Shakimov, A. (2016). Privacy and Networks, CPS96, private presentation (ppt).
Denning, D.E (1976). A lattice model of secure information ow. Communications of the ACM, 19(5), 236–243.
Denning, D.E. (1982). Cryptography and data security. Reading MA: Addison-wesley.
Denning, D.E., Lunt, T.F., Schell, R.R., Shockley, W.R., & Heckman, M. (1988). The SeaView security model. In Proceedings, 1988 IEEE symposium on security and privacy, Oakland, CA, USA, pp. 218–233.
Denning, D.E., Akl, S.G., Heckman, M., Lunt, T.F., Morgenstern, M., Neumann, P.G., & Roger, R.S. (1987). Views for multilevel database security. IEEE Trans. on Software Engineering.
Dwork, C., & Naor, M. (2010). On the difficulties of disclosure prevention in statistical databases or the case for differential privacy. Journal of Privacy and Confidentiality, 2(1), 93–107.
Dwork, C., & Roth, A. (2014). The algorithmic foundations of differential privacy. Foundations and Trends in Theoretical Computer Science, 9(3–4), 211–407.
Farkas, C., & Jajodia, S. (2002). The inference problem: a survey. SIGKDD Explorations, 4(2), 6–11.
Ghosal, S, Shyamasundar, R.K., & Narendra Kumar, N.V. (2019). Compile-time security certification of imperative programming languages. In E-business and telecommunications, revised selected papers of 15th int. joint conference ICETE’18, pp 159–182, Springer CCIS vol., 1118.
Gurevich, Y., Hudis, E., & Wing, J.M. (2016). Inverse privacy. Communications of the ACM, 59(7), 38–42.
Jajodia, S., & Sandhu, R. (1991). Toward a multilevel secure relational data model. In Proceedings of the 1991 ACM SIGMOD international conference on management of data (SIGMOD 1991), Association for computing machinery, New york, NY, USA, pp 50–59.
Keil, M., Culnan, M., Dinev, T., & et al. (2019). Data governance, consumer privacy, and project status reporting: Remembering h. Jeff smith. Information Systems Frontiers, 21, 1207–1212. https://doi.org/10.1007/s10796-019-09964-4.
Myers, A., & Barbara, L. (1997). A decentralized model for information flow control. In Proc. of the 16th ACM symposium on operating systems principles (SOSP 1997), pp 129–142 Saint Malo France.
Narendrakumar, N.V., & Shyamasundar, R.K. (2014). Realizing purpose-based privacy policies succinctly via information-flow labels. In IEEE int. conf. on big data and cloud computing (BdCloud), Sydney 3-5.
Narendrakumar, N.V., & Shyamasundar, R.K. (2017). A complete generative label model for lattice-based access control models. In Software engineering and formal methods, Trento, Italy, September 4-8, 2017, LNCS 10469, Springer International Publishing, pp. 35–53.
Narendra Kumar, N.V., & RKS. (2016). A decentralized information flow security model for multilevel security and privacy domains, US Patent 9,507,929.
Patil, V.T., & Shyamasundar, R.K. (2017). Privacy as a currency: un-regulated?. In Proc. of the 14th Int. Jt. conf.on e-business and telecommunications, Vol. 4: SECRYPT, pp.586-595, SciTePress, INSTICC, ISBN 978-989-758-259-2.
Radhika, B.S., Kumar, N.V.N., Shyamasundar, R.K., & Vyas, P. (2020). Consistency analysis and flow secure enforcement of selinux policies. Computer Security, 94, 101816.
Rakesh, A., Kiernan, J., Srikant, R., & Yirong, X. (2002). Hippocratic databases. In Proceedings of the 28th international conference on very large data bases (VLDB 2002), VLDB Endowment, pp. 143–154.
Ray, D. (2019). Privacy patient and ownership of electronic health records on a blockchain, ICBC 2019, LNCS, 11521, pp. 95–111.
Rizvi, S., Mendelzon, A., Sudarshan, S., & Prasan, R. (2004). Extending query rewriting techniques for fine grained access control. ACM SIGMOD.
Schoepe, D. (2014). Information flow in databases for free. Sweden: Masters Thesis, Chalmers University of Technology, Gothenburg.
Schultz, D. (2013). Barbara Liskov IFDB: decentralized information flow control for databases. In Proceeding EuroSys ’13, proceedings of the 8th ACM european conference on computer systems, p. 43.
Schultz, D. (2012). Decentralized information flow control for databases, Doctoral Dissertation, v.
Shyamasundar, R.K., Narendra Kumar, N.V., Taware, A., & Vyas, P. (2018). An Experimental Flow Secure File System. In 17th IEEE international conference on trust, security and privacy in computing and communications, 1-3 pp. 790–799.
Shyamasundar, R.K., Satheesan, S., Mittal, D., & Chaudhary, A. (2019). Sechadoop: A privacy preserving hadoop. In Proceedings of the 12th IEEE/ACM international conference on utility and cloud computing (UCC 2019), association for computing machinery, New York, NY, USA, pp. 111–121.
Silberschatz, A., Korth, H.F., & Sudarshan, S. (2013). Database system concepts. 6th Edition, McGraw Hill.
Smith, K., & Winslett, M. (1992). Entity modeling in the MLS relational model. VLDB.
Smith, K., Jajodia, S., Swarup, V., Hoyt, J., & Hamilton, G. (2004). Enabling the sharing of neuroimaging data through well-defined intermediate levels of visibility. NeuroImage, 22, 1646–1656.
Vamshi, C., Nihita, G., Naren, N., & Shyamasundar, R.K. (2017). Secure document management through information-flow control, 7th secure knowledge management workshop (SKM 2017), Oct. 6-7 2017, St Pet. Florida.
Vishwas, P., & Shyamasundar, R.K. (2018). Efficacy of the right-to-be-forgotten on facebook, ICISS 2018, LNCS, 11281, pp. 364–385.
Vyas, P., Shyamasundar, R.K., Patil, B., Borse, S., & Sen, S. (2021). SPLinux: A information flow secure Linux, 15th IEEE SpaCCS, Oct 2021, NY, USA.
Acknowledgements
The work was done under the Information Security Research and Development Center at IIT Bombay sponsored by Ministry of Information Technology and Electronics, Government of India, New Delhi. The author thanks the anonymous referees for their helpful comments. It is a pleasure thank Prof. H.R. Rao for the invitation to deliver a keynote address at SKM 2019, Goa and his patience in getting the final manuscript, Dr. Vishwas Patil for his critical comments and the conference TPC chairs and organizers of SKM 2019 for the hospitality in Goa.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher’s Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Shyamasundar, R., Chaudhary, P., Jaiswal, A. et al. Approaches to Enforce Privacy in Databases: Classical to Information Flow-Based Models. Inf Syst Front 23, 811–833 (2021). https://doi.org/10.1007/s10796-021-10178-w
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10796-021-10178-w