2008 Third International Conference on Availability, Reliability and Security (2008)
Mar. 4, 2008 to Mar. 7, 2008
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/ARES.2008.125
Whenever secret information has been shared among multiple partners and has been illegally leaked to a third party, it is important for the trust among the partners to identify the information leak. We present a forensic approach to privacy violation control that after information has been leaked identifies those partners that had access to the leaked information. Our approach represents secret information as a boolean formula and compares it with the queries and the relational database state to which the queries were applied. We use this technique to identify suspicious queries, i.e., queries that have got sufficient information to infer secret information that has been leaked. Furthermore, we prove that checking where a select-project query is suspicious with respect to a given secret information is NP-complete, but a polynomial time solution exists for interesting subclasses.
Privacy, relational Database, Auditing Compliance
R. Hartel, S. B?ttcher and M. Kirschner, "Detecting Suspicious Relational Database Queries," 2008 Third International Conference on Availability, Reliability and Security(ARES), vol. 00, no. , pp. 771-778, 2008.