SQL’s Revoke with a View on Privacy

Wynand JC van Staden and Martin S Olivier

2007

[Citation information] [Abstract] [Keywords] [BibTeX entry] [Full text]
[Return to publications]

Citation information

WJC van Staden and MS Olivier, "SQL’s Revoke with a View on Privacy," in Proceedings of SAICSIT 2007 Annual Research Conference of the South African Institute of Computer Scientists and Information Technologists, L Barnard and RA Botha (eds), 181-188, Fish River, South Africa, October 2007

Abstract

Protecting access to data that can be linked to an individual (or personal identifiable information (PII)), thereby seeking to protect the individual’s privacy can be accomplished through legislation, organisational safeguards, and technology. Of particular interest and the focus of this paper is the technological means by which data is protected, in particular we are considering the mechanisms of purpose binding and limitation which facilitate the organisational safeguards. Purpose binding allows an enterprise to specify their purpose with collected data, and purpose limitation controls access to information based on these purpose bindings.

Technologies that implement the aforementioned safeguards of PII forms a subset of a set of technologies commonly referred to as Privacy Enhancing Technologies (PETs). Many legacy systems do not employ these safeguards, even though it can be accomplished by providing "wrapper" technologies which reside on top of these legacy systems.

This article continues work done by the authors in which extensions to SQL was proposed in order to integrate PETs with structured databases. The extensions showed that access to data through SQL can be controlled non-intrusively, and that the general discretionary access control model provided by many database management systems can still be enforced. In our previous work the extensions were limited to the SQL grant and select statements.

In this article we propose a model for revoking privileges from database users, and thus consider the SQL revoke statement. We also show that the general principles of revoking privileges remain true for our proposed model. We also briefly consider extensions to the commands from the Data Manipulation Language (DML) that was not considered, being insert, delete, and update.

Keywords

Access Control, Compound Purposes, Privacy, Purpose Binding, SQL

BibTeX entry

@INPROCEEDINGS(sqlrevoke,
  AUTHOR={van Staden, Wynand and Martin S Olivier},
  TITLE={{SQL}'s Revoke with a View on Privacy},
  BOOKTITLE={Proceedings of SAICSIT 2007
             Annual Research Conference of the South African Institute of
             Computer Scientists and Information Technologists},
  EDITOR={Lynette Barnard and Reinhardt A Botha},
  ADDRESS={Fish River, South Africa},
  MONTH={October},
  YEAR={2007},
  PAGES={181--188},
  NOTE={(Published electronically)} )

Full text

The full text may be downloaded from http://mo.co.za/open/sqlrevoke.pdf (PDF, 139K).

The original paper is also available from the ACM's Digital Library site.

[Publications] [Home]
Page maintained by Martin Olivier
Last update: 10 November 2007