Download Implementing P3P Using Database Technology Rakesh Agrawal

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
Document related concepts

Semantic Web wikipedia , lookup

Entity–attribute–value model wikipedia , lookup

Database wikipedia , lookup

SQL wikipedia , lookup

Robbins v. Lower Merion School District wikipedia , lookup

Business intelligence wikipedia , lookup

Versant Object Database wikipedia , lookup

PL/SQL wikipedia , lookup

Clusterpoint wikipedia , lookup

Relational model wikipedia , lookup

Database model wikipedia , lookup

Internet privacy wikipedia , lookup

Information privacy law wikipedia , lookup

Do Not Track legislation wikipedia , lookup

Privacy International wikipedia , lookup

Transcript 
Implementing P3P Using Database
Technology
Rakesh Agrawal Jerry Kiernan Ramakrishnan Srikant Yirong Xu
Presented by Yajie Zhu
03/24/2005
Outline
•
•
•
•
•
•
•
Introduction
Overview of P3P
Current P3P implementations
Server-centric implementation
Algorithms
Results of performance experiments
Conclusion and future work
Introduction
• Platform for Privacy Preferences(P3P)
– web users gain control over their private
information
– web site owners can express their privacy
policies in a standard format
– a user can programmatically check against
her privacy preferences to decide whether to
release her data to the web site
• P3P became a W3C Recommendation on
April 16, 2002
Overview of P3P
• Privacy Policies:
– An XML format in which a web site can
encode its data-collection and data-use
practices
• Privacy Preferences:
– A machine-readable specification of a user’s
preferences that can be programmatically
compared against a privacy policy
Detailed information: http://www.w3c.org/TR/P3P/
P3P Policy Description
• P3P policies are described as a sequence of
STATEMENT elements.
– CONSEQUENCE: the purpose for collecting
information in human-readable text
– PURPOSE: purposes for which information is
collected.
12 predefined values.
Ex: <current/>,<individual-decision/>, <contact/>
– RECIPIENT: the users of the collected information
6 predefined values.
Ex: <ours/>, <same/>, <unrelated/>
Opt-in or opt-out values can be assign to the required
attribute of PURPOSE and RECIPIENT elements
P3P Policy Description (Cont.)
– RETENTION: the duration for which the collected
information will be kept
5 predefined values
Ex: <stated-purpose/>, <business-practice/>,
<indefinitely/>
– DATA-GROUP and DATA: the list of individual data
items that are collected for stated purposes in the
statement.
predefined types of data items
DATA can contain related category information.
– CATEGORIES: provide hints to users as to the
intended uses of the data.
Ex: <physical/>, <online/>, <purchase/>
An Example Policy
Privacy Preferences
• Privacy preferences are expressed in
APPEL as a list of RULEs
– Rule behavior: specifies the action to be taken
if the rule fires.
request, block
– Rule body: Provides the pattern that is
matched against a policy.
Privacy Preferences (Cont.)
• Connective attribute: defines the logical
operators of the language.
– And (default): all of the contained expressions can be
found in the policy
– Or : one or more of the contained expressions can be
found in the policy
– And-exact
– Or-exact
– Non-and (negated and)
– Non-or (negated or)
Every element in an APPEL rule has a connective
associated with it.
An Example APPEL Preference
The Reference File
<META xmlns="http://www.w3.org/2002/01/P3Pv1">
• A site may have
<POLICY-REFERENCES>
multiple privacy policy
<EXPIRY max-age="172800"/>
for different web pages,
which may offer various
<POLICY-REF about="/P3P/Policies.xml#first">
<INCLUDE>/*</INCLUDE>
services.
<EXCLUDE>/catalog/*</EXCLUDE>
• A site’s reference file
<EXCLUDE>/cgi-bin/*</EXCLUDE>
assigns individual
<EXCLUDE>/servlet/*</EXCLUDE>
</POLICY-REF>
policies with subsets of
the URIs.
<POLICY-REF about="/P3P/Policies.xml#second">
• In the reference file,
<INCLUDE>/catalog/*</INCLUDE>
each policy has a set of
</POLICY-REF>
INCLUDE/EXCLUDE
<POLICY-REF about="/P3P/Policies.xml#third">
declarations of the
<INCLUDE>/cgi-bin/*</INCLUDE>
URIs.
<INCLUDE>/servlet/*</INCLUDE>
<EXCLUDE>/servlet/unknown</EXCLUDE>
</POLICY-REF>
</POLICY-REFERENCES>
</META>
Current P3P Implementation
• Client-Centric Architecture
– Web sites create and install policy files at their
sites.
• P3PEdit: a web-based privacy policy generator
• IBM Tivoli Privacy Wizard: a web-based GUI tool to
define privacy policies
– The users browse a web site, their preferences
are checked against a site’s policy before they
access the sit.
Client-Centric Architecture Implementation
• IE6 implementation of Compact P3P policies
– IE6 allows a user to specify her privacy preference for
handling cookies
• AT&T Privacy Bird
– It accepts user-defined APPEL privacy preference
– An APPEL engine compares a user’s APPEL
preference with a web site’s P3P policy
• Other Tools
– JRC APPEL Preference Editor: a Java-based editor
for preparing APPEL preferences.
– JRC P3P Proxy: a centralized proxy service that
conducts P3P privacy policy checking on behalf of
subscribed users
Server-Centric Architecture
• A website deploys P3P, and installs its privacy
policies in a database system
• Database querying at the server is used for
matching a user’s preferences against privacy
policies
– Convert privacy policies into relational tables and
convert an APPEL preference into an SQL query for
matching.
– Store privacy policies in relational tables, define an
XML view over them , and use an XQuery derived
from an APPEL preference for matching.
– Store privacy policies in a native XML store and use
an XQuery derived from an APPEL preference for
matching.
Server-Centric Architecture (Cont.)
• Advantages
– The preference checking at the server leads to lean
clients (mobile device)
– An upgrade in P3P specification only require an
upgrade in all the servers
– As new privacy-sensitive applications emerge, they
will reuse checking done at the server
– Site owner can refine their policies, when they know
that policies have a conflict with the users’ privacy
preferences
– Using databases for preference matching yields
additional advantages
• The privacy data tables can serve as meta data for ensuring
that polices are followed
• Can reuse the proven database technology for checking
preferences against policies.
• Versions of policies can be better managed
Server-Centric Architecture (Cont.)
• Disadvantages
– There needs to be a greater amount of trust
on the server
• The user has to trust the server
• The user has to trust the database software used
by the server
– By using Client-Centric to cache a reference
file, the client may avoid some checks, if a
user visits many pages that are governed by
the same policy
Algorithms for Server-Centric
Implementation
• Database Schema for
P3P policy
• Populate the tables
with the data
Algorithms for Server-Centric
Implementation (Cont.)
• Translating APPEL
Preferences into SQL
Queries
– The main() mirrors the structure
of the APPEL rule.
– The match() generates the SQL
code for matching an APPEL
expression
• Select elements in the P3P
policy from the table
• Ensure that the elements
belong to their parent elements
• Match any attributes specified
in the APPEL expression
• Recursively match any sub
expressions with the
appropriate connective.
Optimizations
• Reduce the number of tables in order to reduce
the number of joins in the generated SQL
queries
– Store P3P subelements in their parent table, not in
separate tables.
– Store the value of RETENTION in STATEMENT table,
since each STATEMENT can have only one
RETENTION element.
– Store the value of CONSEQUENCE in a nullable
column in STATEMENT table.
Translation Example
• Simplified First Rule
from Jane’s APPEL
preference
• SQL Translation
Algorithms for Server-Centric
Implementation (Cont.)
• Translating APPEL
Preferences into
XQuery
– The main() generates an
XQuery if statement
• Return the rule behavior if
the condition expressed
by the rule is met by the
application policy
– The match() translates
the body of the rule
Performance Experiments
• Measure the time to match a P3P policy with
an APPEL Preference
– Experimental Setup
• A native APPEL engine from the Joint Research
Center
• DB2 UDB 7.2 as a database engine
• Translating APPEL preference into XQuery, use
the XTABLE prototype
– Data Set
• 29 P3P policies (size from 1.6 to 11.9 Kbytes)
• 5 APPEL preference with 5 different levels of
sensitivity
Performance Results
Conclusion and Future work
• Contributions of the paper
– Identification of P3P as an important application area for database
systems.
– Investigation of alternative architectures for implementing P3P.
– Proposal for a server-centric architecture based on database
querying technology.
– Mapping of a P3P policy schema into a relational schema for storing
policy data.
– Algorithms for translating privacy preferences expressed in APPEL
into SQL as well as XQuery.
– Performance experiments showing that the proposed architecture
has adequate performance for it to be used in practical deployments
of P3P.
• Future work
• Explore the use of database query languages for directly expressing
and representing privacy preference
• Identify the minimal subset of SQL and XQuery
• Develop and implement database mechanisms for ensuring that the
privacy policies are indeed being followed
Questions and Discussions
Related documents
purpose - Rakesh Agrawal
purpose - Rakesh Agrawal
Merenje koncentracije i trzisne moci privrednih
Merenje koncentracije i trzisne moci privrednih
Computer Science 9616a, Fall 2011 Project Description Your project
Computer Science 9616a, Fall 2011 Project Description Your project
Computer Science 9616b, Fall 2016 Project Description Your project
Computer Science 9616b, Fall 2016 Project Description Your project
HIPPA Compliance Form
HIPPA Compliance Form
Donor Privacy Policy
Donor Privacy Policy
Innovative Applications of Artificial Intelligence Techniques in
Innovative Applications of Artificial Intelligence Techniques in
Mining Multiple Private Databases
Mining Multiple Private Databases
Privacy Policy This privacy policy discloses the privacy practices for
Privacy Policy This privacy policy discloses the privacy practices for
19-DS-05-2016_OZGUR
19-DS-05-2016_OZGUR
DIRECT MARKETING
DIRECT MARKETING
Mobiscopes for Human Spaces
Mobiscopes for Human Spaces
Presentazione di PowerPoint - Georgia Institute of Technology
Presentazione di PowerPoint - Georgia Institute of Technology
P3P Roadshow
P3P Roadshow