Limiting Disclosure in Hippocratic Databases

Abstract: We present a practical and efficient approach to incorporating privacy policy enforcement into an existing application and database environment, and we explore some of the semantic tradeoffs introduced by enforcing these privacy policy rules at cell-level granularity. Through a comprehensive set of performance experiments, we show that the cost of privacy enforcement is small, and scalable to large databases.

“…(2) Each organization is given complete sovereignty over all its data including information about its trading relationships. With technologies such as Hippocratic Database Active Enforcement [28], confidentiality requirements can be enforced on a query by query basis. Each incoming query is rewritten based upon preinstalled data sharing policies.…”

“…Increasing legal requirements to keep personally identifiable information private inspired the development of policy-based, privacy-preserving databases [20,2]. Similarly, confidentiality requirements can be expressed as a policy and technologies such as Hippocratic Database Active Enforcement [28] can ensure that based on the query issuer and the purpose of a query, information is only revealed in accordance with the confidentiality policy.…”

“…The global query is also translated to a query that can be executed on the organization's data. Policy enforcement [28] is used to limit data disclosure. This enforcement is done by further rewriting the query based on the query issuer and the purpose of the query.…”

Towards Traceability across Sovereign, Distributed RFID Databases

“…(2) Each organization is given complete sovereignty over all its data including information about its trading relationships. With technologies such as Hippocratic Database Active Enforcement [28], confidentiality requirements can be enforced on a query by query basis. Each incoming query is rewritten based upon preinstalled data sharing policies.…”

“…Increasing legal requirements to keep personally identifiable information private inspired the development of policy-based, privacy-preserving databases [20,2]. Similarly, confidentiality requirements can be expressed as a policy and technologies such as Hippocratic Database Active Enforcement [28] can ensure that based on the query issuer and the purpose of a query, information is only revealed in accordance with the confidentiality policy.…”

“…The global query is also translated to a query that can be executed on the organization's data. Policy enforcement [28] is used to limit data disclosure. This enforcement is done by further rewriting the query based on the query issuer and the purpose of the query.…”

Towards Traceability across Sovereign, Distributed RFID Databases

“…The purpose combined with the information in the privacy-authorization table is used to restrict access. LeFevre et al [100] enhanced Hippocratic databases for enforcing queries to respect privacy policies and user preferences. In essence, they proposed to enforce the minimal disclosure principle by providing mechanisms that control who can access their personal data and for which purpose.…”

Towards the development of privacy-aware systems

“…Hippocratic databases (HDB) [7] are designed to limit access to, and disclosure of, sensitive information in accordance with user privileges, purpose of access, and intended recipients [ 8 ]. HDBs enforce policies by transforming user queries such that they access only policy-compliant information in the database.…”

Policy-Based Management and Sharing of Sensitive Information Among Government Agencies