Achieving Data Privacy through Secrecy Views and Null-Based Virtual Updates

TL;DR

This paper introduces a method for protecting sensitive data in relational databases by applying minimal, virtual null-based updates to secrecy views, ensuring privacy without physically altering the database.

Contribution

It proposes a formal semantics and logic programming approach for virtual updates using null values to preserve privacy while maximizing informative query responses.

Findings

Defines semantics for secrecy views and virtual updates

Develops logic programming models for secret answer computation

Ensures privacy-preserving query answers without physical data changes

Abstract

There may be sensitive information in a relational database, and we might want to keep it hidden from a user or group thereof. In this work, sensitive data is characterized as the contents of a set of secrecy views. For a user without permission to access that sensitive data, the database instance he queries is updated to make the contents of the views empty or contain only tuples with null values. In particular, if this user poses a query about any of these views, no meaningful information is returned. Since the database is not expected to be physically changed to produce this result, the updates are only virtual. And also minimal in a precise way. These minimal updates are reflected in the secrecy view contents, and also in the fact that query answers, while being privacy preserving, are also maximally informative. Virtual updates are based on the use of null values as used in the SQL standard. We provide the semantics of secrecy views and the virtual updates. The different ways in which the underlying database is virtually updated are specified as the models of a logic program with stable model semantics. The program becomes the basis for the computation of the "secret answers" to queries, i.e. those that do not reveal the sensitive information.