Yirong Xu

Order preserving encryption for numeric data

Encryption is a well established technology for protecting sensitive data. However, once encrypted, data can no longer be easily queried aside from exact matches. We present an order-preserving encryption scheme for numeric data that allows any comparison operation to be directly applied on encrypted data. Query results produced are sound (no false hits) and complete (no false drops). Our scheme handles updates gracefully and new values can be added without requiring changes in the encryption of other values. It allows standard databse indexes to be built over encrypted tables and can easily be integrated with existing database systems. The proposed scheme has been designed to be deployed in application environments in which the intruder can get access to the encrypted database, but does not have prior domain information such as the distribution of values and annot encrypt or decrypt arbitrary values of his choice. The encryption is robust against estimation of the true value in such environments.

Chapter 14 – Hippocratic Databases

Publisher Summary The Hippocratic Oath has guided the conduct of physicians for centuries. Inspired by its tenet of preserving privacy, it has been argued that future database systems must include responsibility for the privacy of data that they manage as a founding tenet. The explosive progress in networking, storage, and processor technologies is resulting in an unprecedented amount of digitization of information. It is estimated that the amount of information in the world is doubling every 20 months, and the size and number of databases are increasing even faster. In concert with this dramatic and escalating increase in digital data, concerns about the privacy of personal information have emerged globally. Privacy issues have been further exacerbated, now that the Internet makes it easy for new data to be automatically collected and added to databases. Privacy is the fight of individuals to determine for themselves when, how, and to what extent information about them is communicated to others. Privacy concerns are being fueled by an ever-increasing list of privacy violations, ranging from privacy accidents to illegal actions. Lax security for sensitive data is of equal concern.

Limiting disclosure in hippocratic databases

We present a practical and efficient approach to incorporating privacy policy enforcement into an existing application and database environment, and we explore some of the semantic tradeoffs introduced by enforcing these privacy policy rules at cell-level granularity. Through a comprehensive set of performance experiments, we show that the cost of privacy enforcement is small, and scalable to large databases.

An XPath-based preference language for P3P

The Platform for Privacy Preferences (P3P) is the most significant effort currently underway to enable web users to gain control over their private information. The designers of P3P simultaneously designed a preference language called APPEL to allow users to express their privacy preferences, thus enabling automatic matching of privacy preferences against P3P policies. Unfortunately subtle interactions between P3P and APPEL result in serious problems when using APPEL: Users can only directly specify what is unacceptable in a policy, not what is acceptable; simple preferences are hard to express; and writing APPEL preferences is error prone. We show that these problems follow from a fundamental design choice made by APPEL, and cannot be solved without completely redesigning the language. Therefore we explore alternatives to APPEL that can overcome these problems. In particular, we show that XPath serves quite nicely as a preference language and solves all the above problems. We identify the minimal subset of XPath that is needed, thus allowing matching programs to potentially use a smaller memory footprint. We also give an APPEL to XPath translator that shows that XPath is as expressive as APPEL.

Implementing P3P using database technology

Platform for privacy preferences (P3P) is the most significant effort currently underway to enable Web users to gain control over their private information. P3P provides mechanisms for Web site owners to express their privacy policies in a standard format that a user can programmatically check against her privacy preferences to decide whether to release her data to the Web site. We discuss architectural alternatives for implementing P3P and present a server-centric implementation that reuses database querying technology, as opposed to the prevailing client-centric implementations based on specialized engines. Not only does the proposed implementation have qualitative advantages, our experiments indicate that it performs significantly better than the sole public-domain client-centric implementation and that the latency introduced by preference matching is small enough for real-world deployments of P3P.

XPref: a preference language for P3P

The Platform for Privacy Preferences (P3P) is the most significant effort currently underway to enable web users to gain control over their private information. The designers of P3P simultaneously designed a preference language called APPEL to allow users to express their privacy preferences, thus enabling automatic matching of privacy preferences against P3P policies. Unfortunately, subtle interactions between P3P and APPEL result in serious problems when using APPEL: users can only directly specify what is unacceptable in a policy, not what is acceptable; simple preferences are hard to express; and writing APPEL preferences is error prone. We show that these problems follow from a fundamental design choice made by APPEL and cannot be solved without completely redesigning the language. Therefore, we explore alternatives to APPEL that can overcome these problems. In particular, we show that XPath serves quite nicely as a preference language and solves all the above problems. We identify the minimal subset of XPath that is needed, thus allowing matching programs to potentially use a smaller memory footprint. We also give an APPEL to XPath translator that shows that XPath is as expressive as APPEL.

An implementation of P3P using database technology

The privacy of personal information on the Internet has become a major concern for governments, businesses, media, and the public. Platform for Privacy Preferences (P3P), developed by the World Wide Web Consortium (W3C), is the most significant effort underway to enable web users to gain more control over their private information. P3P provides mechanisms for a web site to encode its data-collection and data-use practices in a standard XML format, known as a P3P policy [3], which can be programmatically checked against a user’s privacy preferences.

Database technologies for electronic commerce

Publisher Summary Electronic commerce applications have posed new challenges for database systems. Electronic commerce applications such as portals, marketplaces, and online stores (Amazon.com, eBay.com), are often faced with the problem of quickly integrating new catalogs from different sources into their existing catalog (the “master” catalog). Electronic commerce applications have made it imperative for databases to support direct querying of database content from the web. However, the most popular Web interface is the Google-style search box, and queries submitted from such an interface may include neither attribute names nor units.