Skip to main content
SpringerLink
Log in
Book cover

International Conference on Trust, Privacy and Security in Digital Business

TrustBus 2006: Trust and Privacy in Digital Business pp 123–131Cite as

Extending SQL to Allow the Active Usage of Purposes

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 4083))

Abstract

The protection of private information revolves around the protection of data by making use of purposes. These purposes indicate why data is stored, and what the data will be used for (referred to as specification/verification phases).

In this article, the active specification of purposes during access requests is considered. In particular it is argued that the subject that wishes to get access to data should explicitly specify their reason for wanting the data; as opposed to verification taking place by implicit examination of the subject’s profile. To facilitate this active specification extensions to the SQL data manipulation language is considered.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Hippocratic databases. In: Proceedings of the 28th VLDB Conference, Hong Kong, China (2002)

    Google Scholar 

  2. Ashley, P., Hada, S., Karjoth, G.: E-p3p privacy policies and privacy authorisation. In: WPES 2002, Washington (November 2002)

    Google Scholar 

  3. Ashley, P., Hada, S., Karjoth, G., Powers, C., Schunter, M.: Enterprise privacy authorisation language (EPAL 1.1). Tech. rep., International Business Machines Corporation (2003)

    Google Scholar 

  4. Bertino, E.: Data security. Data and Knowledge Engineering 25(2), 199–216 (1998)

    Article  MATH  Google Scholar 

  5. Byun, J.-W., Bertino, E., Li, N.: Purpose based access control of complex data for privacy protection. In: SACMAT 2005, Stockholm, Sweden. ACM, New York (2005)

    Google Scholar 

  6. Cranor, L., Langheinrich, M., Marchiori, M., Presler-Marshall, M., Reagle, J.: The platform for privacy preferences (P3P1.0) specification. Tech. rep., W3C (2002), available at : http://www.w3.org/TR/P3P/

  7. Fischer-Hübner, S.: IT-Security and Privacy: Design and Use of Privacy-Enhancing Security Mechanisms. Springer, Heidelberg (2001)

    MATH  Google Scholar 

  8. Fischer-Hübner, S., Ott, A.: From a formal privacy model to its implementation. In: 21st National Information Systems Security Conference, Arlington, VA, USA (October 1998)

    Google Scholar 

  9. Griffiths, P.P., Wade, B.W.: An authorization mechanism for a relational database system. ACM Transactions on Database Systems (TODS) 1(3), 242–255 (1976)

    Article  Google Scholar 

  10. Hes, R., Borking, J. (eds.): Privacy Enhancing Technologies: The Road to Anonimity, revised ed., Dutch DPA (1998)

    Google Scholar 

  11. LeFevre, K., Agrawal, R., Ercegovac, V., Ramakrishnan, R., Xu, Y., DeWitt, D.: Limiting disclosure in hippocratic databases. In: 30th International Conference on Very Large Data Bases, Toronto, Canada (2004)

    Google Scholar 

  12. OASIS Access Control TC. OASIS extensible access control markup language (xacml) version 2.0. Tech. rep., OASIS (February 2005)

    Google Scholar 

  13. OECD: guidelines on the protection of privacy and transborder flows of personal data. Tech. rep., Organisation for Economic Co-operation and Development (1980)

    Google Scholar 

  14. Pirahesh, H., Hellerstein, J.M., Hasan, W.: Extensible/rule based query rewrite optimization in starburst. In: SIGMOD Conference on the Management of Data, San Diego, California. ACM, New York (1992)

    Google Scholar 

  15. Rosenthal, A., Sciore, E.: Extending SQL’s grant operation to limit privileges. In: Thuraisingham, B.M., van de Riet, R.P., Dittrich, K.R., Tari, Z. (eds.) Data and Application Security, Development and Directions, IFIP TC11/ WG11.3 Fourteenth Annual Working Conference on Database Security, pp. 209–220. Kluwer, Dordrecht (2000)

    Google Scholar 

  16. van Staden, W.J., Olivier, M.S.: Purpose organisation. In: Proceedings of the Fifth Annual Information Security South Africa (ISSA) Conference, Sandton, Johannesburg, South Africa (June 2005)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Information and Computer Security Architecture Research Group, University of Pretoria, Pretoria, South Africa

    Wynand van Staden & Martin S. Olivier

Authors
  1. Wynand van Staden
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Martin S. Olivier
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science, Karlstad University, Universitetsgatan 2, 651 88, Karlstad, Sweden

    Simone Fischer-Hübner

  2. School of Computing, Communications and Electronics, Network Research Group, University of Plymouth, PL4 8AA, Plymouth, UK

    Stevel Furnell

  3. Laboratory of Information and Communication Systems Security Department of Information and Communication Systems Engineering, University of the Aegean, GR-83200, Samos, Karlovassi, Greece

    Costas Lambrinoudakis

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

van Staden, W., Olivier, M.S. (2006). Extending SQL to Allow the Active Usage of Purposes. In: Fischer-Hübner, S., Furnell, S., Lambrinoudakis, C. (eds) Trust and Privacy in Digital Business. TrustBus 2006. Lecture Notes in Computer Science, vol 4083. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11824633_13

Download citation

  • DOI: https://doi.org/10.1007/11824633_13

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-37750-4

  • Online ISBN: 978-3-540-37752-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation