Don't reveal my intension: Protecting user privacy using declarative preferences during distributed query processing

Nicholas L. Farnan; Adam J. Lee; Panos K. Chrysanthis; Ting Yu

doi:10.1007/978-3-642-23822-2_34

Don't reveal my intension: Protecting user privacy using declarative preferences during distributed query processing

Nicholas L. Farnan^*, Adam J. Lee, Panos K. Chrysanthis, Ting Yu

^*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

13 Citations (Scopus)

Abstract

In a centralized setting, the declarative nature of SQL is a major strength: a user can simply describe what she wants to retrieve, and need not worry about how the resulting query plan is actually generated and executed. However, in a decentralized setting, two query plans that produce the same result might actually reveal vastly different information about the intensional description of a user's query to the servers participating its evaluation. In cases where a user considers portions of her query to be sensitive, this is clearly problematic. In this paper, we address the specification and enforcement of querier privacy constraints on the execution of distributed database queries. We formalize a notion of intensional query privacy called (I,A)-privacy, and extend the syntax of SQL to allow users to enforce strict (I,A)-privacy constraints or partially ordered privacy/performance preferences over the execution of their queries.

Original language	English
Title of host publication	Computer Security, ESORICS 2011 - 16th European Symposium on Research in Computer Security, Proceedings
Publisher	Springer Verlag
Pages	628-647
Number of pages	20
ISBN (Print)	9783642238215
DOIs	https://doi.org/10.1007/978-3-642-23822-2_34
Publication status	Published - 2011
Externally published	Yes
Event	16th European Symposium on Research in Computer Security, ESORICS 2011 - Leuven, Belgium Duration: 12 Sept 2011 → 14 Sept 2011

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	6879 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	16th European Symposium on Research in Computer Security, ESORICS 2011
Country/Territory	Belgium
City	Leuven
Period	12/09/11 → 14/09/11

Access to Document

10.1007/978-3-642-23822-2_34

Cite this

Farnan, N. L., Lee, A. J., Chrysanthis, P. K., & Yu, T. (2011). Don't reveal my intension: Protecting user privacy using declarative preferences during distributed query processing. In Computer Security, ESORICS 2011 - 16th European Symposium on Research in Computer Security, Proceedings (pp. 628-647). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 6879 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-642-23822-2_34

Farnan, Nicholas L. ; Lee, Adam J. ; Chrysanthis, Panos K. et al. / Don't reveal my intension : Protecting user privacy using declarative preferences during distributed query processing. Computer Security, ESORICS 2011 - 16th European Symposium on Research in Computer Security, Proceedings. Springer Verlag, 2011. pp. 628-647 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{598f053b6723432c9100ba15cf185fa1,

title = "Don't reveal my intension: Protecting user privacy using declarative preferences during distributed query processing",

abstract = "In a centralized setting, the declarative nature of SQL is a major strength: a user can simply describe what she wants to retrieve, and need not worry about how the resulting query plan is actually generated and executed. However, in a decentralized setting, two query plans that produce the same result might actually reveal vastly different information about the intensional description of a user's query to the servers participating its evaluation. In cases where a user considers portions of her query to be sensitive, this is clearly problematic. In this paper, we address the specification and enforcement of querier privacy constraints on the execution of distributed database queries. We formalize a notion of intensional query privacy called (I,A)-privacy, and extend the syntax of SQL to allow users to enforce strict (I,A)-privacy constraints or partially ordered privacy/performance preferences over the execution of their queries.",

author = "Farnan, {Nicholas L.} and Lee, {Adam J.} and Chrysanthis, {Panos K.} and Ting Yu",

year = "2011",

doi = "10.1007/978-3-642-23822-2_34",

language = "English",

isbn = "9783642238215",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "628--647",

booktitle = "Computer Security, ESORICS 2011 - 16th European Symposium on Research in Computer Security, Proceedings",

address = "Germany",

note = "16th European Symposium on Research in Computer Security, ESORICS 2011 ; Conference date: 12-09-2011 Through 14-09-2011",

}

Farnan, NL, Lee, AJ, Chrysanthis, PK & Yu, T 2011, Don't reveal my intension: Protecting user privacy using declarative preferences during distributed query processing. in Computer Security, ESORICS 2011 - 16th European Symposium on Research in Computer Security, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 6879 LNCS, Springer Verlag, pp. 628-647, 16th European Symposium on Research in Computer Security, ESORICS 2011, Leuven, Belgium, 12/09/11. https://doi.org/10.1007/978-3-642-23822-2_34

Don't reveal my intension: Protecting user privacy using declarative preferences during distributed query processing. / Farnan, Nicholas L.; Lee, Adam J.; Chrysanthis, Panos K. et al.
Computer Security, ESORICS 2011 - 16th European Symposium on Research in Computer Security, Proceedings. Springer Verlag, 2011. p. 628-647 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 6879 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Don't reveal my intension

T2 - 16th European Symposium on Research in Computer Security, ESORICS 2011

AU - Farnan, Nicholas L.

AU - Lee, Adam J.

AU - Chrysanthis, Panos K.

AU - Yu, Ting

PY - 2011

Y1 - 2011

N2 - In a centralized setting, the declarative nature of SQL is a major strength: a user can simply describe what she wants to retrieve, and need not worry about how the resulting query plan is actually generated and executed. However, in a decentralized setting, two query plans that produce the same result might actually reveal vastly different information about the intensional description of a user's query to the servers participating its evaluation. In cases where a user considers portions of her query to be sensitive, this is clearly problematic. In this paper, we address the specification and enforcement of querier privacy constraints on the execution of distributed database queries. We formalize a notion of intensional query privacy called (I,A)-privacy, and extend the syntax of SQL to allow users to enforce strict (I,A)-privacy constraints or partially ordered privacy/performance preferences over the execution of their queries.

AB - In a centralized setting, the declarative nature of SQL is a major strength: a user can simply describe what she wants to retrieve, and need not worry about how the resulting query plan is actually generated and executed. However, in a decentralized setting, two query plans that produce the same result might actually reveal vastly different information about the intensional description of a user's query to the servers participating its evaluation. In cases where a user considers portions of her query to be sensitive, this is clearly problematic. In this paper, we address the specification and enforcement of querier privacy constraints on the execution of distributed database queries. We formalize a notion of intensional query privacy called (I,A)-privacy, and extend the syntax of SQL to allow users to enforce strict (I,A)-privacy constraints or partially ordered privacy/performance preferences over the execution of their queries.

UR - http://www.scopus.com/inward/record.url?scp=80052990641&partnerID=8YFLogxK

U2 - 10.1007/978-3-642-23822-2_34

DO - 10.1007/978-3-642-23822-2_34

M3 - Conference contribution

AN - SCOPUS:80052990641

SN - 9783642238215

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 628

EP - 647

BT - Computer Security, ESORICS 2011 - 16th European Symposium on Research in Computer Security, Proceedings

PB - Springer Verlag

Y2 - 12 September 2011 through 14 September 2011

ER -

Farnan NL, Lee AJ, Chrysanthis PK, Yu T. Don't reveal my intension: Protecting user privacy using declarative preferences during distributed query processing. In Computer Security, ESORICS 2011 - 16th European Symposium on Research in Computer Security, Proceedings. Springer Verlag. 2011. p. 628-647. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-642-23822-2_34

Don't reveal my intension: Protecting user privacy using declarative preferences during distributed query processing

Abstract

Publication series

Conference

Access to Document

Other files and links

Fingerprint

Cite this