( k 1 ,k 2 ,k 1 ,k 2 ) i such that, for example, altering w 2 will result in enforcing

w 1 .

•

Multiple Data Sources: The paper also points out that the solution handles

recovering watermarks from data derived from multiple data sources. This

scenario is of particular interest for example in the case of an equiJOIN

performed between two data sets. Because watermarks rely on a bias in

the association between attributes, they can be naturally retrieved from

such JOIN result under certain reasonable assumptions.

•

Categorical and Numerical Data Types: Watermarking at the intersection

of categorical and numerical types is also explored. It is of interest to

provide a rights assessment mechanism that could not only prove rights

but also that the associated data sets were actually produced “together”;

this is relevant for example if the intrinsic value of the data lies in the

actual combination of the two data types. The authors introduce initial

ideas.

•

Bijective Attribute Re-mapping: To handle a scenario in which categor-

ical attributes are re-mapped through a bijective function to a new data

domain, the authors propose to discover the inverse mapping. This is pos-

sible if the initial data domain features distinguishing properties (e.g.,

value occurrence frequency histogram) that are likely to be preserved in

the mapped result.

5 Related Work

So far we have discussed a set of relational data types and associated wa-

termarking methods enabling future rights assessment proofs. We now sur-

vey a number of related research efforts that explore Information Hiding and

Watermarking for relational data in other security contexts such as privacy

enforcement and license violators tracing.

5.1 Privacy and Rights Protection

In [4] Bertino et. al. explore issues at the intersection of two important di-

mensions in data-centric assurance, namely rights assessment and privacy, in

the broader context of medical data. A unified framework is introduced that

combines binning and watermarking techniques for the purpose of achieving

both data privacy and the ability to assert rights.

The system design borrows components from existing work. More specifi-

cally, the binning method (for k -anonymity) is built upon an earlier approach

of generalization and suppression by allowing a broader concept of gener-

alization. Similar to the consumer-driven paradigm discussed earlier in this

chapter, to ensure data usefulness, binning is constrained by usage metrics

that define maximal allowable information loss. An initial binning stage is

followed then by watermarking. The framework then deploys a version of the