Abstract
In this paper we discuss the problem of engineering privacy requirements for business intelligence applications, i.e., of eliciting, modeling, testing, and auditing privacy requirements imposed by the source data owner on the business intelligence applications that use these data to compute reports for analysts. We describe the peculiar challenges of this problem, propose and evaluate different solutions for eliciting and modeling such requirements, and make the case in particular for what we experienced as being the most promising and realistic approach: eliciting and modeling privacy requirements on the reports themselves, rather than on the source or as part of the data warehouse.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Vansummeren, S., Cheney, J.: Recording Provenance for SQL Queries and Updates. IEEE Data Eng. Bull 30(4), 29–37 (2007)
Agrawal, R., Grandison, T., Johnson, C., Kiernan, J.: Enabling the 21st century health care information technology revolution. Commun. ACM 50(2), 34–42 (2007)
Anderson, H.: A comparison of two privacy policy languages: EPAL and XACML. In: SWS 2006, pp. 53–60. ACM Press, New York (2006)
Antón, I., Bertino, E., Li, N., Yu, T.: A roadmap for comprehensive online privacy policy management. Commun. ACM 50(7), 109–116 (2007)
Bertino, E., Sandhu, R.: Database security-concepts, approaches, and challenges. IEEE Transactions on Dependable and Secure Computing 02(1), 2–19 (2005)
Bhowmick, S.S., Gruenwald, L., Iwaihara, M., Chatvichienchai, S.: PRIVATE-IYE: A framework for privacy preserving data integration. In: ICDEW 2006, p. 91. IEEE, Los Alamitos (2006)
Clifton, C., Kantarcioğlu, M., Doan, A., Schadow, G., Vaidya, J., Elmagarmid, A., Suciu, D.: Privacy-preserving data integration and sharing. In: DMKD 2004, pp. 19–26. ACM Press, New York (2004)
Cui, Y., Widom, J.: Lineage tracing for general data warehouse transformations. The VLDB Journal 12(1), 471–480 (2003)
Machanavajjhala, J., Gehrke, D.K., Venkitasubramaniam, M.: l-diversity: Privacy beyond k-anonymity. ACM Trans. Knowl. Discov. Data 1(1), 1556–4681 (2007)
Ni, Q., Trombetta, A., Bertino, E., Lobo, J.: Privacy-aware role based access control. In: SACMAT 2007, pp. 41–50. ACM Press, New York (2007)
Rizzi, S., Abelló, A., Lechtenbörger, J., Trujillo, J.: Research in data warehouse modeling and design: dead or alive? In: DOLAP 2006, pp. 3–10. ACM Press, New York (2006)
Sweeney, L.: Achieving k-anonymity privacy protection using generalization and suppression. Int. J. Uncertain. Fuzziness Knowl. -Based Syst. 10(5), 571–588 (2002)
Verykios, V.S., Bertino, E., Fovino, I.N., Provenza, L.P., Saygin, Y., Theodoridis, Y.: State-of-the-art in privacy preserving data mining. SIGMOD Rec. 33(1), 50–57 (2004)
Wang, L., Jajodia, S., Wijesekera, D.: Securing OLAP data cubes against privacy breaches. In: IEEE Symposium on Security and Privacy, pp. 161–175. IEEE, Los Alamitos (2004)
Widom, J.: Trio: A system for integrated management of data, accuracy, and lineage. In: CIDR 2005, pp. 262–276 (2005)
Wenning, R., Schunter, M. (eds.): The Platform for Privacy Preferences 1.1 (P3P1.1) Specification. W3C Working Group Note (November 2006), http://www.w3.org/TR/P3P11/
Tan, W.: Research Problems in Data Provenance. IEEE Data Engineering Bulletin 27(4), 45–52 (2004)
Dehousse, S., Liu, L., Faulkner, S., Kolp, M., Mouratidis, H.: Modeling Delegation through an i*-based Approach. In: IAT 2006, pp. 393–397 (2006)
Chiticariu, L., Tan, W.C., Vijayvargiya, G.: DBNotes: a post-it system for relational databases based on provenance. In: SIGMOD 2005, pp. 942–944 (2005)
Geerts, F., Kementsietsidis, A., Milano, D.: iMONDRIAN: A Visual Tool to Annotate and Query Scientific Databases. In: Ioannidis, Y., Scholl, M.H., Schmidt, J.W., Matthes, F., Hatzopoulos, M., Böhm, K., Kemper, A., Grust, T., Böhm, C. (eds.) EDBT 2006. LNCS, vol. 3896, pp. 1168–1171. Springer, Heidelberg (2006)
Srivastava, D., Velegrakis, Y.: Intensional associations between data and metadata. In: SIGMOD 2007, pp. 401–412 (2007)
Italian’s Data Protection Code, DL n. 196/30 (June 2003)
European Directive 1995/46/EC, OJ L 281, p. 31 of 23.11.1995
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Chiasera, A., Casati, F., Daniel, F., Velegrakis, Y. (2008). Engineering Privacy Requirements in Business Intelligence Applications. In: Jonker, W., Petković, M. (eds) Secure Data Management. SDM 2008. Lecture Notes in Computer Science, vol 5159. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-85259-9_15
Download citation
DOI: https://doi.org/10.1007/978-3-540-85259-9_15
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-85258-2
Online ISBN: 978-3-540-85259-9
eBook Packages: Computer ScienceComputer Science (R0)