2. • Privacy is the right of individuals.
• Computer security is the prevention or
protection against
– access to information by unauthorized
recipients
– intentional but unauthorized destruction
or alteration of that information
Introduction
01/29/15 2
4. • Hippocratic databases require all the capabilities
provided by current database systems
• Different focus
• Need to rethink data definition and query
languages, query processing, indexing and
storage structures, and access control
mechanisms
Traditional Database
01/29/15 4
5. • Goal: Provide statistical information
• Query restriction
• Data perturbation
Statistical Databases
01/29/15 5
6. • Sensitive information is transmitted over a
secure channel and stored securely
• Access controls
• Encryption
• Multilevel secure databases
Secure Databases
01/29/15 6
7. • Purpose Specification
• Consent
• Limited Collection
• Limited Use
• Limited Disclosure
Principles of Hippocratic
01/29/15 7
14. • Data is inserted with the purpose for which it
may be used.
• Data Accuracy Analyzer addresses the Principle
of Accuracy
Data Collection
01/29/15 14
15. • Queries are tagged with a purpose
• Before query execution
• During query execution
• After query execution
Querying
01/29/15 15
16. • A data item should be retained for the maximum
retention period among all the purposes for which
it has been collected.
• After this period, it should be deleted.
Retention
01/29/15 16
17. • Data is fed into the database.
• It has to be retained till its purpose is solved.
• Data manager deletes all the data once
purpose is solved.
Applicable Restriction
01/29/15 17
18. • Fine grained access control (FGAC)
• In order to maintain the retention restriction along
with sustaining data consider a example
The Proposed Model
01/29/15 18
23. • Create restriction
<restriction_name>
On <table>
For <authorization>
(((to columns<column list>|to rows
[Where search_condition] |to cells
<column_list[where search_condition]+))
[for retension time time_interval])+ [restriction
access to commands>]
Syntax for creating the restriction
01/29/15 23
24. • Create restriction rest1 on table Customer_acc
For user manager To Columns(cust_bal) for
retension time12 Restricting access to select
Example
01/29/15 24
25. • If the clause for retention 12 is omitted
then the restriction is set for unspecified
period
Continue…….
01/29/15 25