Don't reveal my intension: Protecting user privacy using declarative preferences during distributed query processing

Nicholas L. Farnan, Adam J. Lee, Panos K. Chrysanthis, Ting Yu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

11 Citations (Scopus)

Abstract

In a centralized setting, the declarative nature of SQL is a major strength: a user can simply describe what she wants to retrieve, and need not worry about how the resulting query plan is actually generated and executed. However, in a decentralized setting, two query plans that produce the same result might actually reveal vastly different information about the intensional description of a user's query to the servers participating its evaluation. In cases where a user considers portions of her query to be sensitive, this is clearly problematic. In this paper, we address the specification and enforcement of querier privacy constraints on the execution of distributed database queries. We formalize a notion of intensional query privacy called (I,A)-privacy, and extend the syntax of SQL to allow users to enforce strict (I,A)-privacy constraints or partially ordered privacy/performance preferences over the execution of their queries.

Original languageEnglish
Title of host publicationLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Pages628-647
Number of pages20
Volume6879 LNCS
DOIs
Publication statusPublished - 26 Sep 2011
Externally publishedYes
Event16th European Symposium on Research in Computer Security, ESORICS 2011 - Leuven, Belgium
Duration: 12 Sep 201114 Sep 2011

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume6879 LNCS
ISSN (Print)03029743
ISSN (Electronic)16113349

Other

Other16th European Symposium on Research in Computer Security, ESORICS 2011
CountryBelgium
CityLeuven
Period12/9/1114/9/11

Fingerprint

Distributed Processing
Query processing
Query Processing
Privacy
Servers
Query
Specifications
Distributed Databases
Decentralized
Server
Specification
Evaluation

ASJC Scopus subject areas

  • Computer Science(all)
  • Theoretical Computer Science

Cite this

Farnan, N. L., Lee, A. J., Chrysanthis, P. K., & Yu, T. (2011). Don't reveal my intension: Protecting user privacy using declarative preferences during distributed query processing. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 6879 LNCS, pp. 628-647). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 6879 LNCS). https://doi.org/10.1007/978-3-642-23822-2_34

Don't reveal my intension : Protecting user privacy using declarative preferences during distributed query processing. / Farnan, Nicholas L.; Lee, Adam J.; Chrysanthis, Panos K.; Yu, Ting.

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Vol. 6879 LNCS 2011. p. 628-647 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 6879 LNCS).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Farnan, NL, Lee, AJ, Chrysanthis, PK & Yu, T 2011, Don't reveal my intension: Protecting user privacy using declarative preferences during distributed query processing. in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). vol. 6879 LNCS, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 6879 LNCS, pp. 628-647, 16th European Symposium on Research in Computer Security, ESORICS 2011, Leuven, Belgium, 12/9/11. https://doi.org/10.1007/978-3-642-23822-2_34
Farnan NL, Lee AJ, Chrysanthis PK, Yu T. Don't reveal my intension: Protecting user privacy using declarative preferences during distributed query processing. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Vol. 6879 LNCS. 2011. p. 628-647. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-642-23822-2_34
Farnan, Nicholas L. ; Lee, Adam J. ; Chrysanthis, Panos K. ; Yu, Ting. / Don't reveal my intension : Protecting user privacy using declarative preferences during distributed query processing. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Vol. 6879 LNCS 2011. pp. 628-647 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{ece268da4da04cba8ced2c55133e2891,
title = "Don't reveal my intension: Protecting user privacy using declarative preferences during distributed query processing",
abstract = "In a centralized setting, the declarative nature of SQL is a major strength: a user can simply describe what she wants to retrieve, and need not worry about how the resulting query plan is actually generated and executed. However, in a decentralized setting, two query plans that produce the same result might actually reveal vastly different information about the intensional description of a user's query to the servers participating its evaluation. In cases where a user considers portions of her query to be sensitive, this is clearly problematic. In this paper, we address the specification and enforcement of querier privacy constraints on the execution of distributed database queries. We formalize a notion of intensional query privacy called (I,A)-privacy, and extend the syntax of SQL to allow users to enforce strict (I,A)-privacy constraints or partially ordered privacy/performance preferences over the execution of their queries.",
author = "Farnan, {Nicholas L.} and Lee, {Adam J.} and Chrysanthis, {Panos K.} and Ting Yu",
year = "2011",
month = "9",
day = "26",
doi = "10.1007/978-3-642-23822-2_34",
language = "English",
isbn = "9783642238215",
volume = "6879 LNCS",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
pages = "628--647",
booktitle = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

}

TY - GEN

T1 - Don't reveal my intension

T2 - Protecting user privacy using declarative preferences during distributed query processing

AU - Farnan, Nicholas L.

AU - Lee, Adam J.

AU - Chrysanthis, Panos K.

AU - Yu, Ting

PY - 2011/9/26

Y1 - 2011/9/26

N2 - In a centralized setting, the declarative nature of SQL is a major strength: a user can simply describe what she wants to retrieve, and need not worry about how the resulting query plan is actually generated and executed. However, in a decentralized setting, two query plans that produce the same result might actually reveal vastly different information about the intensional description of a user's query to the servers participating its evaluation. In cases where a user considers portions of her query to be sensitive, this is clearly problematic. In this paper, we address the specification and enforcement of querier privacy constraints on the execution of distributed database queries. We formalize a notion of intensional query privacy called (I,A)-privacy, and extend the syntax of SQL to allow users to enforce strict (I,A)-privacy constraints or partially ordered privacy/performance preferences over the execution of their queries.

AB - In a centralized setting, the declarative nature of SQL is a major strength: a user can simply describe what she wants to retrieve, and need not worry about how the resulting query plan is actually generated and executed. However, in a decentralized setting, two query plans that produce the same result might actually reveal vastly different information about the intensional description of a user's query to the servers participating its evaluation. In cases where a user considers portions of her query to be sensitive, this is clearly problematic. In this paper, we address the specification and enforcement of querier privacy constraints on the execution of distributed database queries. We formalize a notion of intensional query privacy called (I,A)-privacy, and extend the syntax of SQL to allow users to enforce strict (I,A)-privacy constraints or partially ordered privacy/performance preferences over the execution of their queries.

UR - http://www.scopus.com/inward/record.url?scp=80052990641&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=80052990641&partnerID=8YFLogxK

U2 - 10.1007/978-3-642-23822-2_34

DO - 10.1007/978-3-642-23822-2_34

M3 - Conference contribution

AN - SCOPUS:80052990641

SN - 9783642238215

VL - 6879 LNCS

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 628

EP - 647

BT - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

ER -