hippocratic database

7/29/2019 hippocratic database

1/25


2/25

A database is an organized collection of data heldin a computer especially one that is accessible invarious ways.

What is a Database ManagementSystem?

A DBMS is a collection of programs which

provide management of databases control access to data contain a query language to retrieve information

easily

2


3/25

Fundamental to a database system is1. Ability to manage persistent data.2. Ability to access a large amount of data efficiently.

Universal capabilities of a database system1. Support for at least one data model.2. Support for certain high-level languages that allow the user to

define the structure of data, access data, and manipulate data.3. Transaction management, the capability to provide correct,

concurrent access to the database by many users at once.4.

Access control, the ability to deny access to data byunauthorized users and the ability to check the validity of thedata.

5. Resiliency, the ability to recover from system failures withoutlosing data.

3


4/25

A collection of tools for describing:

Data Data relationships Data semantics Data constraints

Object-based logical models Entity-relationship model Object-oriented model Semantic model

Functional modelRecord-based logical models

Relational model (e.g., SQL/DS, DB2) Network model Hierarchical model (e.g., IMS)

4


5/25

Entity --> What is this table about? students

Attribute (Field) --> What items of informationare necessary to keep concerning this entity?

ID, name, department, year, advisor

Record --> A set of values for each attribute forone item

20027654 Ali Kaya CAA 2 AhmetDurukal

5


6/25

Key --> The attribute used to define a requireditem

Types of keys: * Super Key: Key used to uniquely identify a record

* Foreign Key: A field in this table which is the Primarykey of another table

Relationship --> Definitions linking two or moretables

6


7/257

Example of entity-relationship model

customer accountdeposit

social-security customer-street

customer-name

account-number

balancecustomer-city


8/25

PRIVACY + DATABASE=

HIPPOCRATIC DATABASE

8


9/25

Privacy is the right of individuals to determine when personal

information can be collected and how it should be used based on

individual consent.

Unlike security, which revolves around the authorization of users,

privacy addresses data management issues related to users who

have already been given access to the system

At the present time, there is no competing technology for privacy

policy enforcement that is efficient and comprehensive.

The Hippocratic database is built upon ten principles to protect and

manage private information that reside in the database.

9


10/25

1. Purpose Specification. For personal information stored in the

database, the purposes for which the information has been collectedshall be associated with that information.

2. Consent. The purposes associated with personal information shall

have consent of the donor of the personal information.

3. Limited Collection. The personal information collected shall belimited to the minimum necessary for accomplishing the specifiedpurposes.

4. Limited Use. The database shall run only those queries that areconsistent with the purposes for which the information has beencollected.

5. Limited Disclosure. The personal information stored in thedatabase shall not be communicated outside the database forpurposes other than those for which there is consent from the donor

of the information.10


11/25

6. Limited Retention. Personal information shall be retainedonly as long as necessary for the fulfillment of the purposesfor which it has been collected.

7. Accuracy. Personal information stored in the database shallbe accurate and up-to-date.

8. Safety. Personal information shall be protected by securitysafeguards against theft and other misappropriations.

9. Openness. A donor shall be able to access all informationabout the donor stored in the database.

10. Compliance.A donor shall be able to verify compliance withthe above principles. Similarly, the database shall be able toaddress a challenge concerning compliance

11


12/25

To address the problem of privacy, we propose adatabase architecture that supports the automaticenforcement of privacy policies. Our architectureinvolves three main components. First, we allow a

company to specify its privacy policy using aprivacy language called EPAL.

Second, we allow users to define their specificpreferences for information access and usage.

Finally, we provide secure querying capabilitiesthat enforce corporate privacy policies and users'preferences.

12


13/25

13

Name: Alice

Privacy fundamentalist

Does not want Chapters to

retain any information once

her purchase transaction iscomplete.


14/25

14

Name: Bob

Privacy pragmatist

Likes the convenience of

providing his email andshipping address only

once by registering at

Chapters. He also likes

recommendations but he

does not want his

transactions used for

purchase circles.


15/25

15

Name: Mallory

Chapters employee with

questionable ethics

The database and privacyofficer must ensure that

she is not able to obtain

more information that she

is supposed to.


16/25

16

Privacy Metadata Schema

Database Schema

Privacy-Policies Table


17/25


18/25

This design may be too restrictive or may

not fit in some situations.

May create a new table with the columns User

Table

Attribute

Purpose External recipient

18


19/25

19


20/25

20

Privacy Constraint Validator checks whetherthe businesss privacy policy is acceptable tothe user

Example: If Alice required a 2 week retention

period, the database would reject thetransaction

Data is inserted with the purpose for which itmay be used

Data Accuracy Analyzer addresses thePrinciple of Accuracy. For example, verify thatthe postal code corresponds to the streetaddress.


21/25

21

Before query execution: Attribute AccessControl checks privacy-authorizations tablefor a match on purpose, attribute and user.

During query execution: Record AccessControl ensures that only records whosepurpose attribute includes the queryspurpose will be visible to the query.


22/25

22

After query execution: Query Intrusion Detectoris run on the query results to spot queries whoseaccess pattern is different from the usual accesspattern for queries with that purpose and by thatuser.

Detector uses the Query Intrusion Model built byanalyzing past queries for each purpose andeach authorized user.

An audit trail of all queries is maintained forexternal privacy audits, as well as addressingchallenges regarding compliance.


23/25

23

Platform for Privacy Preferences(emerging standard developed by theWWW Consortium)

P3P provides a way for a web site toencode its data-collection practices in anXML P3P policy

The sites policy is programmatically

compared to a users privacy preferencesHow to enforce? Integrate with Hippocratic databases


24/25

24

Limited Collection Limited Disclosure Limited Retention Openness Safety


25/25

THANK YOU

25

hippocratic database

Documents