Middleware Privacy Protection in Databases

Praveen Dangi, Meenu Vijarania, Sneha Satija

Abstract


In this paper, a solution has been developed for mitigating privacy violation in databases, as per legislatives requirements. The research work developed a modified P3P to use it as a privacy enforcement language while in parallel, the peer research community developed standard privacy enforcement languages like E-P3P and EPAL. The privacy policy enforcement layer, presented in this paper, is based on EPAL rather than the modified P3P that was originally developed in the absence of an acceptable privacy enforcement language. It further presents a modified SQL to cater to the privacy requirements for managing privacy constrained records. The privacy access layer presented demonstrates the equivalence of ECA and EPAL and therefore proposes a ECA based privacy access layer. However, since EPAL and E-P3P have evolved as a widely acceptable standard for privacy enforcement language. The Privacy Violation Detection and Monitoring layer termed as PRIVDAM is required since it is hypothesized that just as systems are breached despite implementation of information security control, similarly, privacy violations can happen despite privacy middleware being implemented. Such violation can happen due to hacking or due to compromise in the access to the privacy constrained records due to human error like password sharing.  

This also presents the findings of applying the solution in the health domain. The health domain was selected, as it is one of the most sensitive areas and has mature laws, such as HIPPA, governing the privacy of records in the medical domain. The overall effectiveness of the solution was found to be very good on the given data. The results showed that the solution provides excellent privacy protection, privacy violation detection with low false positives and acceptable privacy monitoring.


Full Text:

PDF

Refbacks

  • There are currently no refbacks.


Copyright (c)



Subscribe to Print Journals