hippocratic database
TRANSCRIPT
-
7/29/2019 hippocratic database
1/25
-
7/29/2019 hippocratic database
2/25
A database is an organized collection of data heldin a computer especially one that is accessible invarious ways.
What is a Database ManagementSystem?
A DBMS is a collection of programs which
provide management of databases control access to data contain a query language to retrieve information
easily
2
-
7/29/2019 hippocratic database
3/25
Fundamental to a database system is1. Ability to manage persistent data.2. Ability to access a large amount of data efficiently.
Universal capabilities of a database system1. Support for at least one data model.2. Support for certain high-level languages that allow the user to
define the structure of data, access data, and manipulate data.3. Transaction management, the capability to provide correct,
concurrent access to the database by many users at once.4.
Access control, the ability to deny access to data byunauthorized users and the ability to check the validity of thedata.
5. Resiliency, the ability to recover from system failures withoutlosing data.
3
-
7/29/2019 hippocratic database
4/25
A collection of tools for describing:
Data Data relationships Data semantics Data constraints
Object-based logical models Entity-relationship model Object-oriented model Semantic model
Functional modelRecord-based logical models
Relational model (e.g., SQL/DS, DB2) Network model Hierarchical model (e.g., IMS)
4
-
7/29/2019 hippocratic database
5/25
Entity --> What is this table about? students
Attribute (Field) --> What items of informationare necessary to keep concerning this entity?
ID, name, department, year, advisor
Record --> A set of values for each attribute forone item
20027654 Ali Kaya CAA 2 AhmetDurukal
5
-
7/29/2019 hippocratic database
6/25
Key --> The attribute used to define a requireditem
Types of keys: * Super Key: Key used to uniquely identify a record
* Foreign Key: A field in this table which is the Primarykey of another table
Relationship --> Definitions linking two or moretables
6
-
7/29/2019 hippocratic database
7/257
Example of entity-relationship model
customer accountdeposit
social-security customer-street
customer-name
account-number
balancecustomer-city
-
7/29/2019 hippocratic database
8/25
PRIVACY + DATABASE=
HIPPOCRATIC DATABASE
8
-
7/29/2019 hippocratic database
9/25
Privacy is the right of individuals to determine when personal
information can be collected and how it should be used based on
individual consent.
Unlike security, which revolves around the authorization of users,
privacy addresses data management issues related to users who
have already been given access to the system
At the present time, there is no competing technology for privacy
policy enforcement that is efficient and comprehensive.
The Hippocratic database is built upon ten principles to protect and
manage private information that reside in the database.
9
-
7/29/2019 hippocratic database
10/25
1. Purpose Specification. For personal information stored in the
database, the purposes for which the information has been collectedshall be associated with that information.
2. Consent. The purposes associated with personal information shall
have consent of the donor of the personal information.
3. Limited Collection. The personal information collected shall belimited to the minimum necessary for accomplishing the specifiedpurposes.
4. Limited Use. The database shall run only those queries that areconsistent with the purposes for which the information has beencollected.
5. Limited Disclosure. The personal information stored in thedatabase shall not be communicated outside the database forpurposes other than those for which there is consent from the donor
of the information.10
-
7/29/2019 hippocratic database
11/25
6. Limited Retention. Personal information shall be retainedonly as long as necessary for the fulfillment of the purposesfor which it has been collected.
7. Accuracy. Personal information stored in the database shallbe accurate and up-to-date.
8. Safety. Personal information shall be protected by securitysafeguards against theft and other misappropriations.
9. Openness. A donor shall be able to access all informationabout the donor stored in the database.
10. Compliance.A donor shall be able to verify compliance withthe above principles. Similarly, the database shall be able toaddress a challenge concerning compliance
11
-
7/29/2019 hippocratic database
12/25
To address the problem of privacy, we propose adatabase architecture that supports the automaticenforcement of privacy policies. Our architectureinvolves three main components. First, we allow a
company to specify its privacy policy using aprivacy language called EPAL.
Second, we allow users to define their specificpreferences for information access and usage.
Finally, we provide secure querying capabilitiesthat enforce corporate privacy policies and users'preferences.
12
-
7/29/2019 hippocratic database
13/25
13
Name: Alice
Privacy fundamentalist
Does not want Chapters to
retain any information once
her purchase transaction iscomplete.
-
7/29/2019 hippocratic database
14/25
14
Name: Bob
Privacy pragmatist
Likes the convenience of
providing his email andshipping address only
once by registering at
Chapters. He also likes
recommendations but he
does not want his
transactions used for
purchase circles.
-
7/29/2019 hippocratic database
15/25
15
Name: Mallory
Chapters employee with
questionable ethics
The database and privacyofficer must ensure that
she is not able to obtain
more information that she
is supposed to.
-
7/29/2019 hippocratic database
16/25
16
Privacy Metadata Schema
Database Schema
Privacy-Policies Table
-
7/29/2019 hippocratic database
17/25
-
7/29/2019 hippocratic database
18/25
This design may be too restrictive or may
not fit in some situations.
May create a new table with the columns User
Table
Attribute
Purpose External recipient
18
-
7/29/2019 hippocratic database
19/25
19
-
7/29/2019 hippocratic database
20/25
20
Privacy Constraint Validator checks whetherthe businesss privacy policy is acceptable tothe user
Example: If Alice required a 2 week retention
period, the database would reject thetransaction
Data is inserted with the purpose for which itmay be used
Data Accuracy Analyzer addresses thePrinciple of Accuracy. For example, verify thatthe postal code corresponds to the streetaddress.
-
7/29/2019 hippocratic database
21/25
21
Before query execution: Attribute AccessControl checks privacy-authorizations tablefor a match on purpose, attribute and user.
During query execution: Record AccessControl ensures that only records whosepurpose attribute includes the queryspurpose will be visible to the query.
-
7/29/2019 hippocratic database
22/25
22
After query execution: Query Intrusion Detectoris run on the query results to spot queries whoseaccess pattern is different from the usual accesspattern for queries with that purpose and by thatuser.
Detector uses the Query Intrusion Model built byanalyzing past queries for each purpose andeach authorized user.
An audit trail of all queries is maintained forexternal privacy audits, as well as addressingchallenges regarding compliance.
-
7/29/2019 hippocratic database
23/25
23
Platform for Privacy Preferences(emerging standard developed by theWWW Consortium)
P3P provides a way for a web site toencode its data-collection practices in anXML P3P policy
The sites policy is programmatically
compared to a users privacy preferencesHow to enforce? Integrate with Hippocratic databases
-
7/29/2019 hippocratic database
24/25
24
Limited Collection Limited Disclosure Limited Retention Openness Safety
-
7/29/2019 hippocratic database
25/25
THANK YOU
25