Abstract:

In many organizations, private data should be revealed to some people
while being concealed from others. In a hospital database system, for
instance, a physician should be allowed to see the medical history of 
her patients; however, such medical data should not be available to the
public. Thus, to support research over medical data while protecting
privacy, only some of the data should be accessible to researchers. A
common approach for protecting privacy is to manipulate sensitive data 
so that private information would not be revealed (e.g., by changing 
data values or transforming its structure). But, such manipulations can
mislead users who are not aware of them and, thus, cause errors.

In my talk, I will present a novel access-control mechanism for XML 
that protects privacy without misleading users. XML is a primary format 
for exchanging and publishing data on the Internet, in which data is 
presented in a hierarchical format. Our model uses the hierarchal nature 
of XML but also guarantees that private information will not be inferred 
because of the hierarchy, a challenge that is not required in the 
relational model.
The mechanism employs rules for specifying the private data, and 
queries are validated with respect to these rules. Only queries that do 
not reveal private information are authorized and executed. I will talk 
about the complexity of validating queries, the privacy protection 
provided by our approach and how to test that a set of rules provides the 
desired concealment.

No prior knowledge of XML or privacy is required.

This is a joint work with Alberto Mendelzon, Renee Miller and Zheng 
Zhang.